{ "Event": { "published": true, "date": "2023-10-05", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-10-05", "timestamp": 1696550582, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "ed4f5df5-2800-4974-87fa-4599addaea16", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ba7a8f0-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496794, "uuid": "e582f605-a0a4-48e4-83a7-78dd281c5e1f", "comment": "Malware payload", "value": "d431753cdc11d1f4bad58c8bd55d33c0", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496794, "uuid": "e54c8759-f2ca-4654-b9f8-c32090419326", "comment": "Malware payload", "value": "009a7145591fd0ac714033c597e7af988e803375ce66b5f466098e72b8b73c39", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496794, "uuid": "3f2f76f0-f01e-4a0d-9d1e-3d3201120c51", "comment": "Malware payload", "value": "e37f9d4c9d75dd8a43b746ff455ab4517cf42ac7", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496794, "uuid": "1a47b3e1-55ed-477a-a453-2d981a790132", "comment": "Malware payload", "value": "8371149f399b977615c316781337be559ac37ecdc1791ba4ba520d484923216d0f8308210fa352ff0f65615316ca2fbf", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496794, "uuid": "7ce6897a-7827-4867-9f46-5339540dcb53", "value": "T1AA22295DECAC53CDE88C72AB2B4C7B7A118EABFD9144523C95142CD44C36C8ECA74267", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496794, "uuid": "1d8fc3c5-d42a-41cc-a176-f619d826808c", "value": "192:kfUhycM7cvW4VMfrsH7PKKIQZ5j/OrolfPHksHbsHksGsHF:OGy/EWIMfrsHzKKyaPHksHbsHksGsHF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496794, "uuid": "d1757e36-1dbd-4ab5-aaf3-903a0ddb91d4", "value": 9934, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496794, "uuid": "6535225c-e7da-4adb-971a-a1f1b80cc3a4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496794, "uuid": "81ed8b17-9ada-4392-879b-bcdeadbe6ae9", "value": "PO#SWASA2200157.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47b4772f-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495848, "uuid": "d30e304c-c5d3-4292-8d82-d9066d0800de", "comment": "Malware payload (AgentTesla)", "value": "34be916b9631511bd711f4208e0e384b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495848, "uuid": "0ba18385-b2dc-4299-82e9-24d86d364bc4", "comment": "Malware payload (AgentTesla)", "value": "00a3e059f36dfb52443c5745cb2259126996b98d0b248d4a7220fdc5b1a2ed52", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495848, "uuid": "beca17e4-fb8d-47d6-a5d7-2d495cdc596a", "comment": "Malware payload (AgentTesla)", "value": "d917263cd0d8d011919fe619ea8f28b3d880fd00", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495848, "uuid": "510eda5a-313d-4c79-ba33-b66af1c216a4", "comment": "Malware payload (AgentTesla)", "value": "d5c353acadebaced0e0ad96556ad99a5048f7f3e2afb8f6b0b5cdee5ca3c1853df59911ea9a1b960c6b4750068e038ff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495848, "uuid": "307ce9ac-3f20-4eaa-b15b-65323a5bb65e", "value": "T15955E00F94209F96C00D83F8AE2339D90E0E7F15A7D569DB14573B8B3E316A219CA6DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495848, "uuid": "293a9023-9d31-4d44-bde4-37db5d4908fe", "value": "24576:gWQmmav30x9ZyJw6VueiAXZS9XZyyw6VwGOAXZShL/OAhbxkovEJTNy3vwIx:1QmmQ301h6VDE7+6V5EZxrv0Ny/X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495848, "uuid": "0416975f-8175-44ff-857d-55e8e020f75e", "value": 1375744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495848, "uuid": "57eb9d93-6d8c-464d-9472-161e956b258a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495848, "uuid": "29c2744a-dfab-40a6-adaf-e32d90b5b553", "value": "Seabulk PO 5303649.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3c592e2-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1696510310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510310, "uuid": "14c0f018-e256-4895-adf9-2aa181eb8ef6", "comment": "Malware payload (QuasarRAT)", "value": "66f2cd749924ebcd3cd4e8e6882b50de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510310, "uuid": "902e6ba0-b3d1-4abf-9e82-c0dbdadbfc6c", "comment": "Malware payload (QuasarRAT)", "value": "017154018a7290c534578cdbb64110339cff0d69f1e40f89db8176681b47981d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510310, "uuid": "ac160e9a-30e6-4d19-b84c-408f63db03d0", "comment": "Malware payload (QuasarRAT)", "value": "9a188abd5c98c3fec2da7b9dd5fed1927a191164", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510310, "uuid": "f5cc5cf7-fcc2-4cdb-97a8-a5267118ec67", "comment": "Malware payload (QuasarRAT)", "value": "9d3d5f7395128a75cc8fc72065e62e5575df80a6d274fcdaf0378d10038636054a4d0c0e4ec88b177487b0e0fc6ad2c0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510310, "uuid": "473c3bd7-a252-456c-af85-b79ab8c8607f", "value": "T1B9E55A0477F85E62E1AAD3B3D5F0541363F0F82AF3A3EB0B5191677A1D93B4098426A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510310, "uuid": "421b1a74-0cb8-4d9c-9945-8d9edbb61aaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510310, "uuid": "5eb817d6-63c7-4e9b-bc45-8494816a492c", "value": "49152:Hv3hBYjCO4Dt2d5aKCuVPzlEmVQL0wvwka3mhEmzfSoGdOTHHB72eh2NT:Hvnt2d5aKCuVPzlEmVQ0wvwf3mhs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510310, "uuid": "f68c02fe-cd37-428c-ba00-b4b71a3e6663", "value": 3266048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510310, "uuid": "781a7311-99b5-42ec-a0e1-30bf4f933368", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510310, "uuid": "77d06073-1427-48b6-820d-0dfc4a2b418d", "value": "ShellExperienceHost.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4ee6bd7-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696499977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499977, "uuid": "db07af3a-4518-4fa8-8d29-9f44c081ded6", "comment": "Malware payload (Loki)", "value": "2859276f385f3f77c1ba960783d955a4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499977, "uuid": "5d63a396-d24a-47bd-9474-1e1600a013fa", "comment": "Malware payload (Loki)", "value": "018a59ff49679407b77310491276baf1ac3aacdbeecc0cd3e90040287449d944", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499977, "uuid": "71df73f9-b9a6-4ad7-9e29-0a8777c1a1f1", "comment": "Malware payload (Loki)", "value": "5a35ea9e92c9d222a7a2487fcf57fceaeba41df7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499977, "uuid": "183962d1-b43c-49a3-b6c6-e132a87d8383", "comment": "Malware payload (Loki)", "value": "4b066e0d89850e7a82c8c24bbd4d4a9472d5c1210cd736933c9c544a1bd54fff51ac74acd76ce6e8d545f393c3b12bf5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499977, "uuid": "5fbfdee8-21e8-4cc2-851d-c658d8de7316", "value": "T1D414CF2179F1C072D5AB4635C830DB606AFBB8636B78857F33501B6E6E306D28B66317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499977, "uuid": "ededac34-bd74-4be4-92f8-e8f58999fc07", "value": "881c8bbf2c7a75bb8a09e79bbc8dfe29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499977, "uuid": "d5df79e4-564e-4c1e-ab34-15f7808bacf0", "value": "3072:YR15hGip6Yb8t8O8IhWxWbGRct63YYiuwXQWRE5D/Vr:0hJtSZZhgWbx63QQwwV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499977, "uuid": "7ec6aaa9-0944-4426-a5fe-a853541cb4b4", "value": 205824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499977, "uuid": "189a26a0-06dd-4af5-8a4d-f86f7c3e0f4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499977, "uuid": "4e4b9260-2015-4320-8f02-67874fd6fa76", "value": "2859276f385f3f77c1ba960783d955a4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41f4f274-6358-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696494120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494120, "uuid": "e4ecf2c8-c830-436b-b484-debc894348f3", "comment": "Malware payload (Mirai)", "value": "f566b310d803ee39a7d8731c29024f14", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494120, "uuid": "1e530946-f4c4-46ca-b371-f42b2139e7b4", "comment": "Malware payload (Mirai)", "value": "01cadfeec99eb35ab72bf1ea2d2d446b65f4f784c363e6db5a84627d0c10f671", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494120, "uuid": "f1936d92-8563-48df-af3b-4a44824837a4", "comment": "Malware payload (Mirai)", "value": "efd893dd716d97b5f2a9b8f444716848bbd5d22f", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494120, "uuid": "33fe791e-2c37-4cc2-b47b-e83115511c7d", "comment": "Malware payload (Mirai)", "value": "28be841eb855668e2fba1080d2c114c8bb6c4292419bae0bf1fc3a0f88e2612b452704a4f03e421f0de4cde897aa4f83", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494120, "uuid": "81ea9e47-15eb-4f79-a718-f8f1508c1646", "value": "T1EB534AC8A5C3E5F5EC001D79307AABA1A973F53F2035EE9BE79A25739903603E10169D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494120, "uuid": "68a65e0a-4068-4e8d-871b-40b43b815cef", "value": "1536:V5Vn4pXoqVExGxRP3MFnKipjGKO18HKaPW1seUnD9oAG92:7R4pxuxGxB3MFnK2GHCHKZj+VK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494120, "uuid": "59c85ec6-c6b6-4791-bb17-f35e4b84a7e2", "value": 63696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494120, "uuid": "b791e4f6-d790-42df-a67f-45caab81f650", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494120, "uuid": "b2c42958-ead8-4ae8-93e9-728f8a47ffd0", "value": "f566b310d803ee39a7d8731c29024f14", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b49be5da-63a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696527384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527384, "uuid": "677a2dde-03b4-44d6-a620-d22799482fce", "comment": "Malware payload", "value": "885ba5415c750ef70716db0552c940e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527384, "uuid": "71d53e2b-b4c4-49d3-982e-2db26dc11a9b", "comment": "Malware payload", "value": "024db228c94bec2c384afd23fcfeffa69ad0b5fff40fd71c31e994f9f8f0450c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527384, "uuid": "42f0e799-cfff-42c7-87c1-a1be564633db", "comment": "Malware payload", "value": "12c71d7434f9456b8ca706cba02c708abcb21cf5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527384, "uuid": "b0525ca6-6528-4701-b121-37386f17883a", "comment": "Malware payload", "value": "db5af84ca9c7cc1ac701cac2bca51389158e91836c06bb230f3721d0be76046c40a5ddb9eab54cea9cc41c39d83c7e09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527384, "uuid": "0402af6e-8e06-4efb-9714-2145a0d4f0bb", "value": "T18514D0317A93C072C05795349820CBA1BE7EAB718797858B37642AFEAF30791936F315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527384, "uuid": "3e0b02c7-2452-4d17-b755-61e6eea2844b", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527384, "uuid": "16ab9b3e-c7f9-4a58-b9aa-590df30dd0e1", "value": "3072:DheaUphP3KfFzQivkOKkriIP2CDI9G37Xu3Osr5jXI6G:wakKfVQivklkPP2uISjs546", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696527384, "uuid": "907384bd-ef9c-42c8-963f-2ef877b3addf", "value": 196608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696527384, "uuid": "12065368-1eb1-4496-a487-774791846c36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527384, "uuid": "95aee317-ce7a-4551-b785-4997eb772502", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92a24a6f-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696510147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510147, "uuid": "116a5f74-a0d2-4a00-88c6-8cc2b7241f67", "comment": "Malware payload (AgentTesla)", "value": "33a047ae678c28ae1bdcc1c77b22fb29", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510147, "uuid": "1e92d905-5628-49e4-afa3-5c031e57cbef", "comment": "Malware payload (AgentTesla)", "value": "02b8f16f6c30c9f18c88d3305fc2b97c9b4e55110a782d509fbc5f07793bb7e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510147, "uuid": "add5b234-c578-4207-a263-b1477679703c", "comment": "Malware payload (AgentTesla)", "value": "aa82703b68b870ab8f6990990e0bb4c54f422905", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510147, "uuid": "b18141dd-09f2-40c3-a94d-46beadc40848", "comment": "Malware payload (AgentTesla)", "value": "b6033971048847e104ed25fde23b8bd08cd2aef0d9c0e27afbd570f2afe577e4c9cc0ba5471b6feccad21a6eb8aeef04", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510147, "uuid": "b31bd6bf-4d21-4fe2-8113-bb14e86db8f8", "value": "T131E433C001C3856EF9EB8677C656FE0EC121F1535189E0A69432C3A8A67F3ED2D917DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510147, "uuid": "8e346500-0668-4cb4-8162-0007797e0cd9", "value": "12288:4ZjzMs8UpkflctUCQeBNb6pMQyD20044B/UNaTZkf+hFV6PqM4v0bZut1:4ZjzDpo4NdQ9/UNSZkf+zVfM4vouH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510147, "uuid": "f5a316a8-82d6-4713-89e1-4e0d0b9a421c", "value": 712563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510147, "uuid": "beb82cdc-4540-4099-a130-40dbe00e156e", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510147, "uuid": "cd940afa-b457-499e-9957-44da0d2b8985", "value": "Quote.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19130c94-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1696510373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510373, "uuid": "00587c22-568a-4928-ae4c-82d760319a9c", "comment": "Malware payload (XWorm)", "value": "64aa45857bbf819ca0516126748ddfdb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510373, "uuid": "ee9e8615-d57b-42f8-ab60-314b62766ff0", "comment": "Malware payload (XWorm)", "value": "02cda252627b911029c6123d83e211312a5bba40b4afcc06d3eb40595f0baee8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510373, "uuid": "790958c2-7b94-4247-bcd2-5aa4b522d300", "comment": "Malware payload (XWorm)", "value": "7b57da0f3115410b67456983b72df35c0f168ba8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510373, "uuid": "2a3b5414-345d-46aa-a4a4-cbeb06c39495", "comment": "Malware payload (XWorm)", "value": "75860f5c80469abd59e5ba18b477de76e4434974114c82f41e030a1aeb5d4b3b96a873c37f16c846b258088d1c104666", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510373, "uuid": "0f048c43-96de-41e4-95ef-89786772617a", "value": "T1CB032CCEB7942114C9BEA6B45AB3D28102B0E5935637CB1E9CE811AA777F7C484E05F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510373, "uuid": "b33555d2-5e5e-4e2f-80fe-e48aaf636354", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510373, "uuid": "6b231d12-39f4-4cdd-b212-59f308861a68", "value": "768:k1/imAZfCL6p0nMskv+JUBkquxKdVC7kadRzdq2:k9imNPnMtTCTbq2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510373, "uuid": "063c6411-72c3-4d47-abb4-d8f2da5972ef", "value": 40960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510373, "uuid": "f6d83714-dd4f-4d9d-baa2-e2320c613209", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510373, "uuid": "70cffdd1-7bb6-434a-b47b-54c616400c1e", "value": "winlogin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dac95ac-6339-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696480879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480879, "uuid": "ca258342-c36d-4492-96eb-0061d848138b", "comment": "Malware payload (AgentTesla)", "value": "289e55682a143b7520cf82f16305a54f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480879, "uuid": "11844e20-acd2-4130-b8e8-5a090017834e", "comment": "Malware payload (AgentTesla)", "value": "02e565314622beca0b16e1c731549262b2b22e4bf3bef691d23991cebf94bfab", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480879, "uuid": "62386524-8a3b-473d-88d6-76e00f015cac", "comment": "Malware payload (AgentTesla)", "value": "2cda815c055ebdda4d4dd812176f89acad5d6300", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480879, "uuid": "dae4ee93-c377-4caa-a580-3121c8f2cc7d", "comment": "Malware payload (AgentTesla)", "value": "a5f58222e627486f69cda46f5c65f808f9fc4f752a0f840a7bce88d25eb35515d0801b1575d5f45fbd44488d1e0dc056", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480879, "uuid": "018443a5-f651-4124-bb3c-6931b1083700", "value": "T199257C047F7A4623DD4EC73680E6195096B3CC196BD9AB0A6C8473B85B7337DEB07286", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480879, "uuid": "cf559cba-8430-4485-b803-729d753c5f6b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480879, "uuid": "4605f3d9-5502-4f38-a19e-762110641aca", "value": "12288:VM+ZDpsy8NLgmHCViuUxIZb/iPLq/rjI4rGbz9/b:Vsy8WWCEIZb/iD23I4rGV/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696480879, "uuid": "d1cc8366-bd7b-46e5-a1d4-a932c2e78676", "value": 980992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696480879, "uuid": "a6f89caa-1242-4470-9203-7d7f86a170a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480879, "uuid": "e0ac252f-c90c-4564-a848-1922bdb9c4cd", "value": "ORDER LIST_OCT7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d9528f4-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LunaLogger)", "timestamp": 1696498381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498381, "uuid": "ce6f9159-679f-40be-be7a-f3fa7643f540", "comment": "Malware payload (LunaLogger)", "value": "b2f672ba870514436a3b4dbe1c976380", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498381, "uuid": "2c3eae69-92ed-425e-81bf-0d1622a0a147", "comment": "Malware payload (LunaLogger)", "value": "03270d94c1b3efd05df433bb6737de275f300cf3d4836be6f1c9868d4942b28e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498381, "uuid": "2c599ecb-9cec-47b4-a7c4-9323ccce8580", "comment": "Malware payload (LunaLogger)", "value": "031c491d7ab3267e90efe6d67d8ec1f525a97f22", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498381, "uuid": "9b7f1266-4f09-4eaf-ba45-467bbfd3b3d1", "comment": "Malware payload (LunaLogger)", "value": "2f35da0b59a81f6575136b3078b82fea878774af69b7c690f53a157e7d0d512b5afb268787d8e1d23a2ee3a0190eca2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498381, "uuid": "8db98e21-64bb-4ef4-971f-5216585cf194", "value": "T15A473357AD3205F3E5F46339A40BC8645231F83183B4EB8683A9961E0FE7671AD76F90", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498381, "uuid": "cba983ef-9533-4e70-88a4-6d12f0d2346c", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498381, "uuid": "23537b74-7532-4238-b846-fe97c9ee6da3", "value": "393216:Sh3nJWQDaLOPhIBRpnlPSa7QvS26Yz4zdChd872:Sh3EQMuhqpnlxMqWsJ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498381, "uuid": "4ba88a00-1fb7-41fe-ad2b-5e4d59ab80a8", "value": 24844981, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498381, "uuid": "f2ff1d6f-2462-4156-a5d6-7a0e85207f7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498381, "uuid": "ca2d1a1c-2d22-4595-80ef-17303355dc49", "value": "SecuriteInfo.com.Win64.Evo-gen.5112.7686", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "877fd0c4-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1696495096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495096, "uuid": "ff838542-9076-430b-ac83-7d930ce112e2", "comment": "Malware payload (SnakeKeylogger)", "value": "a3f30742d129cec41cc7855cbd20403d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495096, "uuid": "1211b198-aa10-4baf-8df3-6a7b40556fab", "comment": "Malware payload (SnakeKeylogger)", "value": "041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495096, "uuid": "3aba8afa-33e3-40fc-9cab-284370b60a2f", "comment": "Malware payload (SnakeKeylogger)", "value": "110cbb3899289b0f480a6bc641af892afb2568e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495096, "uuid": "d266b625-6b42-4fff-a55e-bc203e74a681", "comment": "Malware payload (SnakeKeylogger)", "value": "d0e0eb552bcd0e26591c8142c0b2d3ab91d10864a29db5d813c95230b08e5acf4316a60ab52e0a8abe2fad1491a26e91", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495096, "uuid": "417f2a3d-f80f-4f44-94b3-17d84f7a35e7", "value": "T14F6402037960952AECD53BF449B056A716762CE20064934FABF87F1AF973543EC8B28D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495096, "uuid": "d2ad1199-55ff-4163-b539-fa27f8989aec", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495096, "uuid": "7c5b65ee-90e2-4ea7-a2a2-73ddf1c4e448", "value": "6144:UnPdudwD/EVDiex5+9CbK7ARtOEhmz13Nr2aRzSPa+YwIAWILW7:UnPdLbej+Qe7DSc13NKaoY97", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495096, "uuid": "d39b208d-da61-408c-87dc-403b27cbb190", "value": 334639, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495096, "uuid": "b7b36d1d-b931-4400-8dde-6e942a988d96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495096, "uuid": "6c8a7cae-0b63-4430-b8ac-de742303d2de", "value": "SALESINVOICE0989-98656890.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75d32454-633e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696483041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483041, "uuid": "0ae997ac-7d79-4315-99ba-f770404a163c", "comment": "Malware payload (RedLineStealer)", "value": "12bef84a156a11ef212b2381d914d282", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483041, "uuid": "76d1434a-b007-4726-a4a7-0cfcf00f22c8", "comment": "Malware payload (RedLineStealer)", "value": "046e5ea8d69fbd60bf3a7345fca09bb3896de531c94a330669f79fa64df5116f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483041, "uuid": "a7239f5e-e2be-4ea6-9c50-4438f7900f8f", "comment": "Malware payload (RedLineStealer)", "value": "0536e811af33b0bdfca3000ec7b925a19fd80d69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483041, "uuid": "7dddee38-968f-4daf-94b3-aeb6f9bca207", "comment": "Malware payload (RedLineStealer)", "value": "c5cbbb84eda027a013fc0c5058babe8106cd19b50298339fa82f2a5b42f7f93751b7b13adcbaf6b06051123594c7b6b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483041, "uuid": "0bfc6bf3-d581-4442-9d8c-8b8a06f430c6", "value": "T1E8953366B2C92467D9B127304CF606DB0F34BCB39E79DE8B235655461DF26C0E83632A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483041, "uuid": "9d668a2c-9bde-41b2-b461-764f591f27a9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483041, "uuid": "fda49ba1-e078-4eec-b628-a41b3325f443", "value": "49152:jNsq+wI9gVa9ksWq+3S1Ipbcntap9PgoGa4:V+wI9QSkVP3S1ObctL9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696483041, "uuid": "1a573b51-2876-4d2d-bc02-55f564111b0d", "value": 1971200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696483041, "uuid": "967af936-3808-4d72-93d9-5ff96147c9ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483041, "uuid": "9d683139-5131-40c4-8c8b-d55da010f009", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "379ed21d-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496680, "uuid": "963fb0b0-c727-4e5c-b779-5a75fc6e741f", "comment": "Malware payload (AgentTesla)", "value": "8fa1f9e46e207fdfa4c0e8d7003077e8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496680, "uuid": "acddb04e-2464-44f7-84c3-7087a2806bce", "comment": "Malware payload (AgentTesla)", "value": "05043fcca50e25b160798b41a6443526b76f7c8501995f5ca59bbf39ce9b3d4d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496680, "uuid": "5b845798-e125-4502-9c32-7cbfd93811bd", "comment": "Malware payload (AgentTesla)", "value": "a741123623a834ed92409865a7d5bf1eb1ec648d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496680, "uuid": "023a9f69-3074-4b23-a8bc-5208292a69af", "comment": "Malware payload (AgentTesla)", "value": "f371724f1e4cc6ff1b1f6fe3fe403c532f5da36fdd42fa9adf315b967bd1dacd6f6fd12c9cbef500121ff41cdc14e6d3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496680, "uuid": "1f1a27c9-52bd-4114-be6e-bcfa77d9bbde", "value": "T196F4234A7C743471C79F38B3FAAA6D1D0639BE48CB82D9122C33696484489FCD13B697", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496680, "uuid": "ab2e8c3e-c760-4038-a947-c929782c65a7", "value": "12288:GWMnWY3ikHSNKk0Z548w175UD6kWJJb15zFHtam1W2AySB61uulhrSbGYx2QZyoO:nMLCg+KuRJJb7BAyJ1xl1SbGmyEUsRK/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496680, "uuid": "1ef68372-261e-4367-9285-0d9ccb5036a5", "value": 754496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496680, "uuid": "1e532e53-7be0-4d5b-8213-025817a01a1c", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496680, "uuid": "87bc5fa7-dbd8-4c3d-988f-8eee0ba9ad34", "value": "INV-AWB 4400008465 - BS.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0524767b-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498313, "uuid": "7b715bea-94c2-4063-bc91-0598da25d5a0", "comment": "Malware payload (AgentTesla)", "value": "06bcb717c82592e19696fd5f2a17ef9f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498313, "uuid": "a818d33e-2f0b-43d3-a5f1-dcb27e0cfbeb", "comment": "Malware payload (AgentTesla)", "value": "066ba5b7cf97baedc26dac3ee41b2ccf76e50784629b4b4952022ae0bba39e95", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498313, "uuid": "b42c5465-8c95-4120-9684-bfe81b672115", "comment": "Malware payload (AgentTesla)", "value": "758b6d9dffee2f6dfbfcb013c5488598b798c2d9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498313, "uuid": "97d28c77-9e12-4129-b995-0023b1be017d", "comment": "Malware payload (AgentTesla)", "value": "72f689538fa53bd2af40ea92b38c6e3b12a9440c9d105dbcb78fe492d704135f32fab748f7f1702f3cc7aede6a92b759", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498313, "uuid": "d1fa68f1-e70a-4894-a6ec-48d3162adfa7", "value": "T1A605CF81E59466A1DD2D9BB16936CD3187233DBE6834E41C2CDE3EAB3BFB7925021413", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498313, "uuid": "874a16f6-efa6-4ec6-8dd8-27d712d50f7b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498313, "uuid": "4b225e7b-cae6-4f99-9cd8-0de16aca0b72", "value": "12288:Rt8zS55mFzAAWFzPXpcadjHMACLW+9aahJw7Xvw/t2aCDXTds9lfyqsKcFVP7r9W:Rtf55qMffcajULv9GTi27jM9M/1qX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498313, "uuid": "8bed0a13-12ec-4a2f-a0ef-7708bc92f899", "value": 870912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498313, "uuid": "9856893f-9242-40a9-a607-3b9ae8638a68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498313, "uuid": "dca58b5f-64d9-4cef-b2f8-1cbc8087fb69", "value": "Halkbank_Ekstre_20231002_073809_405251-PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9de6cbc-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510696, "uuid": "36abd751-71d7-4b30-9cc3-5cc47a3a246b", "comment": "Malware payload", "value": "9cea6e1aeb5ea35d7f5ea00126acde36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510696, "uuid": "e37953d8-8f7a-4544-aa54-858e0c4353de", "comment": "Malware payload", "value": "067187c05e6f7ad6eb2ec52e3e223082d3a13f8bded9dd3b91fa00716353dcaa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510696, "uuid": "7f1bb8a4-75e5-454a-b484-5f0383510f5d", "comment": "Malware payload", "value": "3d8e86f33a8a05afda3207a0bc63dd039dd5d0bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510696, "uuid": "c70ed783-484b-4b8e-8bd2-f701ad6faf81", "comment": "Malware payload", "value": "8bbff1c5250649975a577d9a60ca48b653b694e0696fb5bdb74cbf3ae233d396a4ef55201d868e3674e3d10db482ac6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510696, "uuid": "bb32100f-c6f3-4609-9770-730794e893b6", "value": "T174B412F03AD0C132C85B45705822DA96AB7D7C62A996464FF3541ABF7E3C3C2DB67206", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510696, "uuid": "92be1668-9cfd-4489-94e1-326a346f2cfc", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510696, "uuid": "6c73ff32-e29b-4e15-bc3f-d983b29ae8f3", "value": "12288:qcbOXmX36h2vsK9mirsgq1mV6JiMm8kUfZ:5OXITvsz+A1mV63m8bf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510696, "uuid": "f639468b-68e2-4987-9690-095a34e2bbf1", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510696, "uuid": "34710f89-bcb1-47cf-a7e2-8c8ca621abfa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510696, "uuid": "372edef7-8203-438c-bc7d-89a1b4b92e74", "value": "9cea6e1aeb5ea35d7f5ea00126acde36.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20d94c92-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696495353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495353, "uuid": "7b3f8df2-640c-4863-b392-625c79160407", "comment": "Malware payload (Mirai)", "value": "e1f5f151e94a6de32622950c7b8fef8e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495353, "uuid": "62a7f334-b777-45f9-8784-35911d5d09b4", "comment": "Malware payload (Mirai)", "value": "06ff4101f1328b13be7d9fc671a15fd8d755a6135a738c80fbe50258db134f62", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495353, "uuid": "ea2cca82-75da-44d0-a179-feac85eb2949", "comment": "Malware payload (Mirai)", "value": "32bc7bc74800d763421ccef5531dfcc1958a286a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495353, "uuid": "586d008a-6485-46a4-a017-abde2ea5943f", "comment": "Malware payload (Mirai)", "value": "b3fed7c907e6b32d9672a7e3a7af1970c3087057f1a78666eeb6d890074f3205a19461ec37d4c14b786d4f344e637dd8", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495353, "uuid": "e15c481d-dfd8-4c85-9a12-95a8ac8a7d3c", "value": "T1FBC2F2793BB7A9F3CB046F356FAE57434111C67352F8A6091303C197762B01BA9A0D8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495353, "uuid": "5e6a0029-8b74-4c3e-8172-70264675dcb3", "value": "768:94A6w9obVEPSxz5jw0drFCG1log0EC4M3w:u5eobVEqxz5s0dpCGDC4x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495353, "uuid": "724029fe-b7eb-463e-9571-462ef1e02aca", "value": 28096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495353, "uuid": "16a4d24a-2471-4a94-bc1a-70f6a2ad7f05", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495353, "uuid": "a46f97da-6555-48a6-a6d5-0f149ce2b834", "value": "e1f5f151e94a6de32622950c7b8fef8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69d44481-634b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696488604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488604, "uuid": "1c81d3fc-ec21-4f31-85f4-b539e42fdf96", "comment": "Malware payload (Mirai)", "value": "619cbb6302be1eaf064a4b5c5d0d88f6", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488604, "uuid": "a1b3ea29-7a7c-4799-afb5-f28237394d0d", "comment": "Malware payload (Mirai)", "value": "07a4b34295f340803b89b1e1deb9e48c8f4e25ee5f8a750ac8c41ff32b111f71", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488604, "uuid": "63415827-4291-465b-a1dc-181ed42596a9", "comment": "Malware payload (Mirai)", "value": "63256f0ea8f567ea8ea30168b08fe3a152bd3278", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488604, "uuid": "418182c5-0662-4ab1-a6b4-ff3a34a6dbda", "comment": "Malware payload (Mirai)", "value": "1220c6eba53d6f691f1bcac84a46fe287e97aca1a38ac8b04405e8e078155044eba2a79b24820a453c41aa515585bec5", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488604, "uuid": "33fad013-2b50-4f87-a84f-e8f7aeb87d7a", "value": "T1B933F2B6D77B78D240806BB6EC30EC013BB86ABC756E312074B46559ABDB416C9B17C3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488604, "uuid": "e8af48f1-d826-4a30-9cf1-6e27651d7493", "value": "768:LBwqkrmTJaLf/gGet7r28XfO/kO771RpYd209q3UELzQEkkBF+MauMBexo46hpK7:L9O/gGetRvC19LcPqF1aBexo4opKZbV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488604, "uuid": "53244b22-2d25-4e2b-9e68-ee9978e527f6", "value": 52512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488604, "uuid": "cc9e8642-fb26-4279-b192-bf95c6896a09", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488604, "uuid": "96e3759d-2d1f-4df8-94eb-588542a2b80c", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70eff4d3-63aa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696529418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529418, "uuid": "55752817-5d64-431f-bf28-b4aac293b417", "comment": "Malware payload (RedLineStealer)", "value": "cf29afeb66805aec8ef7166eb65f7d13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529418, "uuid": "d4c9bb45-5e3d-4002-9eb0-a507f43c2962", "comment": "Malware payload (RedLineStealer)", "value": "07f26271c08648f752fab7e4703d0339c50992659ecc5ead5f23c89d74cdc9b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529418, "uuid": "59ce5b03-d4ac-46f6-a995-e67803c3816f", "comment": "Malware payload (RedLineStealer)", "value": "5d88b82cb16fd6562ac78dadfe78e2b636cf2b8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529418, "uuid": "c33f9b8f-7a44-465e-a014-c29c1fd2e6d9", "comment": "Malware payload (RedLineStealer)", "value": "ca95fb673bae02ded10c33d483d21f871ce0243ba94f8ce13571c881f8d3d8b0826c9f1f2a303da9cb43235cf6e9d181", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529418, "uuid": "a1cc0ff9-0ebc-4328-a6cf-95980bf3073f", "value": "T142953346E6D89110DEB693301DF4039B0B37BDF14924DA871A85B6AE4EB35B0F93173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529418, "uuid": "527a2ad2-717f-4965-b14d-10a7992267bd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529418, "uuid": "141a1ea3-f002-48b0-8fff-64d018868024", "value": "24576:MyG7ZX8n0eMz1fgMyveJ7fg8Orp5it9xnk8v5TVbgoyrOi2EGNQq03RuCinHKBUc:7G7O0eMz1SveW8y2jh4OPEVb3RwHx8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696529418, "uuid": "b0c9eeb9-6758-4978-a092-60398c647200", "value": 1931264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696529418, "uuid": "c1eab0bf-e854-4b16-93ac-8aad6397dd13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529418, "uuid": "cbc43a35-cfde-47d0-88d4-7fb6fd10c9bb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82323462-6369-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696501530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501530, "uuid": "244a3e6e-db9b-445f-98d1-d7af04e3de47", "comment": "Malware payload (GCleaner)", "value": "43920eda8f18118b4ffa198ceddab6fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501530, "uuid": "84e8be8b-9cb4-4467-ad99-b9940e1b8281", "comment": "Malware payload (GCleaner)", "value": "081312cf1c09e5a743ce3d72e3d656be5be621d810163f829394821c2aedddc6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501530, "uuid": "38893c2e-a6bb-46b6-b756-e5527dbdf60e", "comment": "Malware payload (GCleaner)", "value": "e43af8272ae197e10a81a556e2ab7866400bcf9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501530, "uuid": "eb655d3c-6224-438e-ba42-36fddf7fd2fb", "comment": "Malware payload (GCleaner)", "value": "c901403d109333b30d8ad8db3ccc8f385c2b677657dd99e34a5c3b1ec38b9979412a3536b71d1d13f68d4199ea5319d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501530, "uuid": "cc58d83f-e5e3-484e-a0a4-e0624d8ae4a4", "value": "T1B744F1223A50D472CF5747704824CBA4AA7EB47296D5867733982ABF6F30FF0972A345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501530, "uuid": "b0dcb7fa-adc3-4b72-b57e-7e2240eb938e", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501530, "uuid": "72b35b27-61b3-43a2-9c58-b935862e9482", "value": "3072:hWrYrl9b+dmXJXoI9TrCyqUhE/hVEFsQJSXiQP1wJDTUq458T0:YrYrLHXoI9ayXG/XEFsQJSXBdwJUqC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501530, "uuid": "c91f3cf9-5220-4a04-ab0b-eecd8bbfd95c", "value": 261120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501530, "uuid": "bd586e80-9188-468c-89b1-f155051a4578", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501530, "uuid": "afe2c103-26e3-4c51-9d5a-d22eab7892a1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2307c3a-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696535192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535192, "uuid": "af879892-89b5-45db-a4b7-5f002291ce00", "comment": "Malware payload (AgentTesla)", "value": "ba6ebc423ec450850a0003570e6e53c7", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535192, "uuid": "d3b7ab76-12df-427b-84c2-92a6d4f3f3df", "comment": "Malware payload (AgentTesla)", "value": "0828689925ecabda99bd3939a58b034387e6cd4c153c7652a0450d93010ccae3", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535192, "uuid": "e99982cc-3ddb-4b04-8fd6-5ba90c691061", "comment": "Malware payload (AgentTesla)", "value": "5c434968bcdd0867078d6257e6faa916dc3b5d99", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535192, "uuid": "2d363a5c-8880-4508-a801-25d3b8bd894f", "comment": "Malware payload (AgentTesla)", "value": "22876733f802271e0fe8963c0380d4bfcba0266e55668b01debf6d8c631e1abf363ec8342c9e78f7f60f2c43544b636b", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535192, "uuid": "2d12d0c1-f661-4429-8059-f325f85faf12", "value": "T12DD40120B7EE8B36D9B507F15235A10013B27D6F7938DA9C6CD670DE0964F824AA1F63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535192, "uuid": "15624690-5182-427c-b49e-71ea5d1d0d3d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535192, "uuid": "3f22b673-6c5d-4f14-8c38-6a24fcb84c40", "value": "12288:niMT/jQv0XtsKcoPhZn3Lv4LzRdEGhoUXfRlWIJbH:BLnaKcoPH3z4nRyGhoU5f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535192, "uuid": "1c48b467-6e39-41bd-96d0-14b080325c37", "value": 604160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535192, "uuid": "400f9ccc-bb4b-47cb-804a-cae0455d1dcb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535192, "uuid": "745d4824-c0bf-4de4-9034-9ef783bf9542", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "051cd573-6357-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696493589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493589, "uuid": "49f94601-4983-49de-9292-1210eef8c1d5", "comment": "Malware payload (Mirai)", "value": "3d7c2d04ba920a35b4344c37a0517084", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493589, "uuid": "33fe4a8e-1e88-4377-8179-33b8bb527b65", "comment": "Malware payload (Mirai)", "value": "08f802fdd30da5cf350505be0fe767e2b36f95437e1997da49e04be6e608070c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493589, "uuid": "fa128a87-348f-40a7-a869-be49edf9cb2a", "comment": "Malware payload (Mirai)", "value": "e4f6a9ef9dd20dd884cd3838eab126a2233fcde8", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493589, "uuid": "dfeb8b11-af0f-4732-a70e-23a001a8e145", "comment": "Malware payload (Mirai)", "value": "73112baf819be9e4a28c47500685c8e6e9ce3ce85cf7d6196d1ced12d9fa912470fb7acc295864998d3a26c41bf5863b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493589, "uuid": "fd13c9e8-1e1b-4b3c-bf82-25b9d63dce1d", "value": "T1B223F1B2C1AEB654C2C550B41C4FB600D954B31DD6B8EFB02E6C20A58597E60BF6D2EB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493589, "uuid": "d8b83c32-caf1-490f-a5b1-a3ab245d7686", "value": "768:3qyFhqijG7bE4c+Okt7rMciULh6wtUFQdN7Z4TCdQRurRinbcuyD7UVyq3:XhqijOE+Okt7rM6kkjcbRiRinouy8sq3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493589, "uuid": "75aa1863-2298-4396-a787-52078fd7a79d", "value": 46132, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493589, "uuid": "587a6faa-ff39-4f41-81b8-09e51dd268df", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493589, "uuid": "d044f8b9-f8b7-43d2-985b-e5c06c6e5ed3", "value": "3d7c2d04ba920a35b4344c37a0517084", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c06a9fd1-63d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696547161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547161, "uuid": "fb4312ba-bfc5-4d6c-ad22-fc4a358dc00d", "comment": "Malware payload (GCleaner)", "value": "31fa32c15a4c25da7ad9234cac460045", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547161, "uuid": "7cc5b0e8-a20d-41b6-ae0c-7171ce66e026", "comment": "Malware payload (GCleaner)", "value": "095a2bb6539c034a60a7a07f4d507764adde59588e22952b387af48801f042f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547161, "uuid": "89d9eade-33c8-4d57-8ecd-a93c8d8c60f2", "comment": "Malware payload (GCleaner)", "value": "fa41cacc5cb2762f7f4ebdc099732955efe6d603", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547161, "uuid": "4bc78420-f268-43b3-8e2c-7812865666ac", "comment": "Malware payload (GCleaner)", "value": "5dbe1d475dcbb564dde341189172e723173f0ea603de274a4568e490b0ac7e75e84016de12adfa1c8206992dedd5c3c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547161, "uuid": "c6dd8549-36f2-4f40-bdb1-f10a5880a4d0", "value": "T14E44F12276D0C8B2C85B8D398425CB64AB37647166AA468BF39417FF5E303D2973B34D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547161, "uuid": "6ff13964-2ce3-4c90-bb06-11f2af7e22fc", "value": "f7870f247b6310288a9657f261d28969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547161, "uuid": "bdf02aac-90b1-45d9-b774-5d1dda9d21da", "value": "6144:Rb49KN6SjSAEMRVW/nAOclm6KkzwTrpt:Z49d8V+An/k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696547161, "uuid": "ac8f541c-a0b5-4634-b18f-e6dc9cd4b5db", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696547161, "uuid": "b9a191b8-8c1c-46b0-8549-0c83b921052b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547161, "uuid": "0b257b34-c661-4f7a-a500-8b2c4d802c63", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33f003d8-6334-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696478635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696478635, "uuid": "a7ec48d9-3512-47ed-888b-aa2518f0d841", "comment": "Malware payload (Stealc)", "value": "186a82f19c9d8f48b18f8bc85bd21a6a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696478635, "uuid": "81f75133-4475-48f6-b1e0-8795929465ca", "comment": "Malware payload (Stealc)", "value": "09d8461f2d7a58c2c46dd22ff5027f3a21721c5bd3ed4b10c4c6ba88759cfa80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696478635, "uuid": "0a2bb439-a35c-41b2-9033-f46d935550e9", "comment": "Malware payload (Stealc)", "value": "a55c532b0781415113c20bf7c6b12e91209afc7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696478635, "uuid": "8c6a0ca4-6137-4036-8ced-0d77dcbe905a", "comment": "Malware payload (Stealc)", "value": "0c429c8554c8deca97636f3ab1f6fcaf0f9a903adff345698dae528dd75327413331dbce8ec3827fd9fd6c504715d70c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696478635, "uuid": "55b78382-2df8-4f1f-b7e6-b442c3a50140", "value": "T1F114BF3179E0D072C3AB46358430DB646A7BBC2F6BB485BF33541A6E6E306D18B66317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696478635, "uuid": "3260b45e-9936-40c4-88f1-faab3fe97741", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696478635, "uuid": "e2afd12e-17aa-4c39-83d0-b4a2ab066d9a", "value": "3072:BRPJCKJKdGXk6JJkg7w7rGc0haGf3hLlZt75S/Vr:VCpQXk6obPGXnf3Jt6V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696478635, "uuid": "fc874bc0-ae26-4320-aa67-0c7d4192b547", "value": 206848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696478635, "uuid": "7e14fe4b-f039-4d4d-a779-006f301adcb4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696478635, "uuid": "3ff15bd4-4158-4724-8a4f-ab59ba16d512", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2358a9d2-635f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696497076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497076, "uuid": "84f86995-9945-47fd-946d-f989e50d0daa", "comment": "Malware payload (RedLineStealer)", "value": "32c1d6cecd02d15e7655481e1a7947ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497076, "uuid": "0fd36c81-94b3-43cd-a715-621229fac3bf", "comment": "Malware payload (RedLineStealer)", "value": "0a1b811214acd6f5d74cf8439427a23f9a90018a83d8d54e2c5527d2ce0e0292", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497076, "uuid": "5491b136-2cac-4190-b035-35d03701713e", "comment": "Malware payload (RedLineStealer)", "value": "547deeec403123ba9466cdb0fdeaf18c26128a6d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497076, "uuid": "e596c945-2403-45a5-b4fe-14ddb92b9caa", "comment": "Malware payload (RedLineStealer)", "value": "a294c8572297110bedad1f204d73f658a81e061089fabe9880fb1cab09f3d86c3586b7b720648890f668d2efbe040bf0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497076, "uuid": "b8470f9a-cac1-4b04-96fc-5dc75987617f", "value": "T15B9523466BF8A233D67517B06CB713130B397D225DB0A26E3742FF8259B2254B8B1367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497076, "uuid": "30538a39-ee25-4a32-94c8-387b3120ebc9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497076, "uuid": "e1233a66-b352-40fe-913c-1a92ba65c2e6", "value": "49152:fZLGNrpEQX+Ln5bomlIt19OC0FM7o5jI+o6:BCNriQXQbomlEOC0F95jI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497076, "uuid": "41dfb6fa-7c20-432d-8361-c67043497437", "value": 1897472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497076, "uuid": "7e7cf3be-e658-4ee1-8434-65ec8286e640", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497076, "uuid": "f1bdf95d-5eb5-40b0-bdce-f2e40fadc23e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bafe3d9c-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498189, "uuid": "aedf93a3-a2fa-4a04-9d3b-76e4d9f2653c", "comment": "Malware payload (AgentTesla)", "value": "287a30aad331a64bafbdeedabe3c0d5b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498189, "uuid": "0ead509c-c166-4d58-a3e3-2bcfc9b708df", "comment": "Malware payload (AgentTesla)", "value": "0a1dcba0bacf1df52c396bb63052e7e867e567067be6785ab057fc9ffe35f2f8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498189, "uuid": "3be54ed0-2c64-408d-b2a1-e5397a2bbadd", "comment": "Malware payload (AgentTesla)", "value": "c14382a56e771c6c9e7cda257c47aed2c2dcabca", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498189, "uuid": "c8bab4ad-7fb8-4e3a-8ca0-18d335cdc76e", "comment": "Malware payload (AgentTesla)", "value": "308cf3f71bc15afa70817d39bc37cb17be89a9f765df935a35d73b634b6a36af0dae90235939a59a88d1f0a902c5c899", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498189, "uuid": "333c0843-1ec2-4f7b-b772-66db21243846", "value": "T12B7502ACD1BDBCDBD81780F99C76F6E5585BEB5884685D26392A311318723833CA2C1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498189, "uuid": "9b6b869b-440a-44b7-a744-56c276a9ddae", "value": "e74c8ae3503a17604f2a2d84ae3389c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498189, "uuid": "aa287eff-6a89-4929-9a1f-7817e6de06ac", "value": "49152:NUauBRl6w3WeK95jyNrPsiz8M8GSqvQNEm7wndm:GRl6w3fs6VSW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498189, "uuid": "f35cb0dc-dc5d-46be-aebd-4462decb65ca", "value": 1574400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498189, "uuid": "7660f5ae-2eb7-4c64-b0d8-72179f7933cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498189, "uuid": "617144d9-9e68-4401-a685-11f61281e21f", "value": "ORDER_QUOTATION_GO-CHARTER_5774658_2U5YBATSeL0bf\ufeffd\ufeffp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21421924-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510816, "uuid": "ff1e42cb-0c4d-4012-9543-734227ab7942", "comment": "Malware payload", "value": "cf45025f4545d02a57a155e186be6870", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510816, "uuid": "8185ae41-cb92-4209-8900-a6807db0f231", "comment": "Malware payload", "value": "0a28b42d86dcb53bd70ec3b328a8f40d8e052da8612136a40fec429bdf5434ac", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510816, "uuid": "d984c3ca-d785-4af3-845b-93bfb93f353d", "comment": "Malware payload", "value": "28c2bb02a9b9d7b62190c39ddcf4040daff8a78f", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510816, "uuid": "e5f657d1-383e-4d70-8d1f-acca660e8f7c", "comment": "Malware payload", "value": "e8b5dd5ce9b05514e1703ef4d5b66bc1fcedd70fc2e4d7e8a15c90c7b1a17a093a4dbd9da5326a5c7ee47c592b3063e1", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510816, "uuid": "c821c91e-952a-4422-8cc6-a097f83bcbb5", "value": "T14B351201E7819537FC059570F961A197A2689C2EB805DA8B22CB732F2337F768D76C4D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510816, "uuid": "dc3070c4-3fb3-471f-9125-54eb97c91c76", "value": "24576:fP8DK69PFoheNZ+zNyGZ+zN2yWdV1ueOhnt5Chk2t5l:gL9NohMZusGZuEyUVcRhnXChk2t5l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510816, "uuid": "18541d8a-f728-46d3-8528-b479b3a9ee6f", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510816, "uuid": "17987cfc-c5a1-4876-8e6d-bc0b22b43011", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510816, "uuid": "3f470429-832c-4479-8412-9964ee4a3fcb", "value": "New Revised Order.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2349735d-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696510819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510819, "uuid": "5d7f269b-7a77-4e01-90cd-066d0ba01225", "comment": "Malware payload (AgentTesla)", "value": "2e23100c5aec0677e59c67a91a65f866", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510819, "uuid": "c28919a1-46c9-4d74-b9cd-3a3bc9948dbb", "comment": "Malware payload (AgentTesla)", "value": "0b6fb77ce47570600e62ff20a47b545ea4a43c24b68960d23e654fbd78eb3354", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510819, "uuid": "544afbb8-d140-4b49-a992-9eba530e6db7", "comment": "Malware payload (AgentTesla)", "value": "44a6b4bd21d112323e09d34377a4d4da790678ee", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510819, "uuid": "dd30a931-ef00-430a-996f-e9519da01739", "comment": "Malware payload (AgentTesla)", "value": "a3ef4623a9a3f3c72438c195d9b4f348b3d7590c743d351fb924cae676ddbbb7f3d92f237e8d57835d4121cd890fb686", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510819, "uuid": "9ebe79a7-9127-48d7-b502-1a211a3680e2", "value": "T16445EF039904DB93D41D83F87E1339D90E0E7F29E5D56ADB14A37F8B3A30BA24A4A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510819, "uuid": "2d390adf-1018-42f0-b6d5-b39cf1c9af1e", "value": "24576:AWQmmav30x6Zy7w6VZmIUDUZyfw6VukJUKokM9n8UIfExsdeI5jPwUx:VQmmQ30qf6VRL6V/e8rfxdeI5Tf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510819, "uuid": "7ecf73af-e541-47de-a1fd-a22cd0de4fe9", "value": 1177088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510819, "uuid": "1cd03858-98b3-4dd6-9bfe-f2411b0c4011", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510819, "uuid": "2a561b24-93f5-4396-a15f-edc0e2c6b302", "value": "BL384046.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5749a4bd-637a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508759, "uuid": "01e462ff-2fc6-44aa-b332-86580efd1256", "comment": "Malware payload (Mirai)", "value": "0af057421c8457dc7acac4ac5a390c66", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508759, "uuid": "e8a7d47f-7976-43d2-b2ec-94bd412af4ba", "comment": "Malware payload (Mirai)", "value": "0bbc2dcbc72b3e6d9775107e9e5a2ada2a4f96bcb6e11d09265f2b95d986c4e4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508759, "uuid": "1bfcfb1b-ec4d-4aa1-8d95-63aa6342d00e", "comment": "Malware payload (Mirai)", "value": "f36eacfd9f5f25f585bce448ef00607c3281d77c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508759, "uuid": "0cd1b99c-6761-4b9b-a9e7-9526035d9e21", "comment": "Malware payload (Mirai)", "value": "0488f6a9d876dcc0d0c187107368108bd506f1327c6da50eb51ae5fed9bb6dec33cfabd5216ff370476c3ff876e2f566", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508759, "uuid": "7dd92f77-20dd-4f57-ad81-70f86bbc85be", "value": "T123432921B63A1F13D0E0A47D21FB4B59B1A15ADE26A4C64E7D720F4FFF11680A943DB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508759, "uuid": "77d3bc4d-3b2a-4a88-88eb-39fa1296cb96", "value": "768:RqowmZPu9wtnfbltWgC6BSJsBcfDSTFIuQKqgESnmC/xO+KpAwT:RqtmZPuutfbltZFBSJsBcfDSTFI+BET", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508759, "uuid": "1b2c0800-2e40-4c7f-af9c-c43deffb546c", "value": 58376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508759, "uuid": "04d06193-2a3f-4c1b-946e-7120a13868e5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508759, "uuid": "5cad868b-8b32-4a66-be24-1b2610f864f5", "value": "0af057421c8457dc7acac4ac5a390c66", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "307bc4d1-639b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696522867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522867, "uuid": "3dd4e239-5b29-4c6a-bfa4-ea60280a8d9e", "comment": "Malware payload", "value": "1518712587d55b56e9d787bd88a439d7", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522867, "uuid": "5aea3118-6f35-49f6-ab46-c984e338b70d", "comment": "Malware payload", "value": "0c49dcaba11bdcb8eb0ccf91e7c7e7ec748a49dfe1ee7c0b9f150a87626c46a7", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522867, "uuid": "f321ec15-70ee-42d4-87e4-53148e14e0cc", "comment": "Malware payload", "value": "5dbed0fffc3447862afcccd5247ab3a6f29c2642", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522867, "uuid": "fa0e2521-5fa6-4e4e-ba56-494e887070d9", "comment": "Malware payload", "value": "c5ecd471ccdbbed55cb6ec2ce307c1872948f573b97be04db87c5950412d068b4cfe7181bf875ac1c6c7f0f2cd4d37bc", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522867, "uuid": "531f7b6b-abfb-442b-a979-1b272f8359ce", "value": "T1E945A72A287A510DF661AD3C9BBCB172925EF7F216361CB70DF7044A11129F0CBAD627", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522867, "uuid": "9ea1e693-82f9-4942-998a-d80ce674af46", "value": "3072:4KXhPtd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+1U8jG7QwF:4KXhBjkbNNhNHG+96+1U8m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522867, "uuid": "4ff66cc0-58e0-4013-94b2-c791eafcf1a5", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522867, "uuid": "5b6e5826-3dc6-4087-9c1f-e55956f71ae4", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522867, "uuid": "d2f4bd8d-e2f4-4c31-99d6-96ffcf6568aa", "value": "Fact_023_1201.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0220c1f-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1696510304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510304, "uuid": "bae84489-617a-48d6-a34e-52ffe04600ab", "comment": "Malware payload (AsyncRAT)", "value": "0b530ea3e0289423468f807b87988c9b", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510304, "uuid": "7063b350-4abf-4840-bc9b-2502a405de70", "comment": "Malware payload (AsyncRAT)", "value": "0c632f02f1425550215ea5fdbe96cd91c037841013276deaffd2e4d7e273e9e2", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510304, "uuid": "14c356a6-959c-47bb-ba78-c355813a40d2", "comment": "Malware payload (AsyncRAT)", "value": "f9378d6cf8f44481060c41165efa9ecead2159f8", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510304, "uuid": "4b7615e0-bc80-4f36-ac07-c8104b44fab8", "comment": "Malware payload (AsyncRAT)", "value": "6ada8ee10af508262a90e1d77251eb1850c0cc13ab77d656e40d8803fc9de5e8a74d4971b201ea2d3c26b22f0df1ad2e", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510304, "uuid": "8435ad8b-69fa-4fd6-9eb3-7d2a4a60c809", "value": "T147232B003BE9812AF3BE4F74A9F22145867AF6673603D54A2CC451D75B13FC29642AFE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510304, "uuid": "8124b225-7fad-4aca-a87b-465d62a42151", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510304, "uuid": "513740c8-10c2-4976-b312-9214e9f67023", "value": "768:2u439TskvpDWUPANxmo2qb1wsd6Cp6+ORpgtPItwl0bsJVmDHlGo6nPTQSlmOfeq:2u439TswI2KwsdvZOvgKtwSbs7mr85PJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510304, "uuid": "cc5b912e-2791-4577-b5f9-3a6829d6ebc1", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510304, "uuid": "5a178019-584f-49cd-b164-8184ee5704cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510304, "uuid": "420d7759-0a71-4976-8b07-8117f1ba8b0d", "value": "Runtimebroker.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0814a6ef-6357-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696493594, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493594, "uuid": "81918b29-d989-4ff1-b1c1-c5ff3c788944", "comment": "Malware payload (AgentTesla)", "value": "7d4a752740200a6957d485ab59d33e6e", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493594, "uuid": "a0e5a55c-607e-4151-90ae-961ed10d74d1", "comment": "Malware payload (AgentTesla)", "value": "0ca96af64628e925826797d44d674d3af12b35b703aa495b12db7f907991f4ee", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493594, "uuid": "a3ab9dd3-aee9-4ab1-80d0-ca412c3e5d82", "comment": "Malware payload (AgentTesla)", "value": "03364bddaba34dd196c67bfd7c1f47d60b1faaa2", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493594, "uuid": "ded4fdae-5480-4263-aebb-210982373145", "comment": "Malware payload (AgentTesla)", "value": "45fb19c94b2ac8d504af6b437e211dc95470880e863c69aff22f8e7dbddcc75fc71e9f38dd1c7bd5083a5864460bad88", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493594, "uuid": "802e9fdd-b2a7-4b85-a635-c568c7acdfb6", "value": "T10594235F533B8B5C1E1BEC3A1A499F8883C801A54094B9D7E0FA375C2E87D1A364E367", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493594, "uuid": "437bed0c-99be-4f15-bc8e-f4439540f5ed", "value": "6144:6zfDKhjLULPA7zyb1yp0eTx4zj8GfW9YAJPJ/+V5/ykFk1Sml4I463Li5DVmED:mWoPA7zyxDeOzUo7Xa9OZ6b0DVTD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493594, "uuid": "6406d1f5-1ee1-4bb6-a685-6abaa1456c5f", "value": 415343, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493594, "uuid": "88831f7c-8025-46b4-a10d-8695af06188c", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493594, "uuid": "5d6696f3-26f2-45f3-891b-aec5fc600601", "value": "2023 Customer Information Export(1).doc.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7285b52b-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496779, "uuid": "81c8402f-bd72-48cc-933a-82e58c90d989", "comment": "Malware payload", "value": "c5b74d6eb548247a96a691cb9846aecd", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496779, "uuid": "0ec6c521-454d-4ffa-aec3-1ec330a5764c", "comment": "Malware payload", "value": "0d0839414d5a61a6673f663e03e904ed99cf4b6176f01d6c8ab288f5d74b30d3", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496779, "uuid": "34486a67-02b4-41fb-b658-4614d7480f8b", "comment": "Malware payload", "value": "c34cdb53b7e781cbf99b50f186ebdf0f1fc71b90", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496779, "uuid": "6f223da6-1919-45df-808a-dc72c4cdd86d", "comment": "Malware payload", "value": "3520ef51b5d6e5dfd0409c15b9366487790b3e12df41a3564275fc3384de4870c463a81e41cf598ee1c56270f4f794c6", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496779, "uuid": "ddbbb4a7-3346-44ef-9a49-3e7b512c5c33", "value": "T164E4E0E3FEE4973CE30372394D019D67AA8D2CFAACC6C26615B72445C861A4937C5BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496779, "uuid": "6b86f3ac-76d2-42f4-ae7b-227ad4da973f", "value": "12288:cW+nbtX598tvB/QubsEKYqh4+kjJtrVVWgS0m/wHkSXoFFx7mOBKCvU:cxRX5mdB/QuAEdqujJhVVWl0mIHkyoFa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496779, "uuid": "91d95711-0ca5-41ea-ae76-7d14e8d6cb62", "value": 685288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496779, "uuid": "f9f09fe9-0ffc-4bd3-b66f-1e127f4570b7", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496779, "uuid": "0955471d-e970-4bcc-b384-46b6d673e17c", "value": "20230927115820553.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "577a520b-6354-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696492439, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492439, "uuid": "39950ab7-8435-4266-8bbf-c41169d43a02", "comment": "Malware payload (Formbook)", "value": "d996b078e1d0d20f86e2b5f7ce09fdb3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492439, "uuid": "dfc7b1eb-19f9-49ed-aec9-2488bba54407", "comment": "Malware payload (Formbook)", "value": "0dd9f991b5122b16cb56164428b0665fee18ec5e5b56d9dab27125edc08b11e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492439, "uuid": "c2db4a71-433f-492f-b8f6-6da422fe7df8", "comment": "Malware payload (Formbook)", "value": "66483e53611f00fbade1a0ea62e6e572165e135b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492439, "uuid": "05fec8cb-5253-4cd0-9ef4-e5f339c07e82", "comment": "Malware payload (Formbook)", "value": "6d0a6119082033d410abeac13176034d7ae46dbeae4cd7f3e47dafa7cc7811e22888dbe275ea76e5dbd4e5ab21cf407f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492439, "uuid": "acb35bd8-669d-435d-9ee3-547f1d0330b0", "value": "T10C64132672E0C4F3C62357700D7DA2E6C7FA481495A42B6B4B90AFA9FC714C1D60EB5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492439, "uuid": "21ebcc45-b54b-46a9-8088-873f2e2fa916", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492439, "uuid": "a55a8f67-47b3-407c-ad5f-dfdccc745d78", "value": "6144:BnPdudwDsr6NFQVimSgXV6tiGqNmFgUnJ/lq9Wtu2gJOY9b3xCKYjVSPQEOD:BnPdwr6NF8SgKWNTUnJ49WM2mDb3gKYb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492439, "uuid": "4989ca0f-2cbc-49f7-8e41-e2437396f029", "value": 312288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492439, "uuid": "ca40a438-72bc-4ffa-9667-5056cef4582d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492439, "uuid": "e1a376ef-a366-42c1-a3a6-dc7fefa17aa4", "value": "quotation - 0070086.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be8204d4-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1696495188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495188, "uuid": "ee0902d7-a97d-46e8-901e-7e2f3503d754", "comment": "Malware payload (AveMariaRAT)", "value": "0b12cd33afdb24c60e2a6cccdd1a508e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495188, "uuid": "b4a4d7be-b4b2-4157-a369-8ea487c3246b", "comment": "Malware payload (AveMariaRAT)", "value": "0ee560598acfc546632e9f4aaece6b45db4926a766cb4d5cc1235d226fd1145b", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495188, "uuid": "4ba1abf2-3dbe-490e-b2b1-98b7af30bda4", "comment": "Malware payload (AveMariaRAT)", "value": "c4aa8318cdca6e6829657862e0752c02c4cee336", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495188, "uuid": "44e3da3c-7aca-463c-b422-1c82368a666f", "comment": "Malware payload (AveMariaRAT)", "value": "92bb3295da39adf683a9693342476df41c81074975232ccfe3365f3897b25f65c2f46d728169554f9b757bdb5118cebe", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495188, "uuid": "97ab8ae0-5f41-4ac8-8c0e-9c7a5e3b7f5d", "value": "T11434239D041E1B6C9E5879234580743BAFCD183DBAC692043E42DD60DE34B295F3F6BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495188, "uuid": "0e9b0732-29b4-4cba-b8e0-341229ffa4de", "value": "6144:eXbi8SnPX0ejtvLVR8GGs5H3nFQ95Y/+weA3q7V8zHX:eXbZSJKst3nqKeQQoHX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495188, "uuid": "1cab840f-18b6-46dd-8322-ab7869ddae4a", "value": 248348, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495188, "uuid": "84a9cee7-fb80-4e47-9c66-474a433b3f48", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495188, "uuid": "01987168-dcc8-4585-b7b3-d039c0ceeb90", "value": "Order specification details & P.O.xls.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f12891a-6395-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696520369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520369, "uuid": "c95a8fec-5272-4415-ba5e-617b11adc012", "comment": "Malware payload (RedLineStealer)", "value": "4a0d5ea01fd2b834991f808de5e23f92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520369, "uuid": "9d52f4ae-6f01-4a26-98c6-e7a7219c96f7", "comment": "Malware payload (RedLineStealer)", "value": "0f5884c0c2d53649643b343219d81521fa72ec1cc72ffc8f9707e58e500bb850", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520369, "uuid": "78b41440-c655-4c15-b9ac-77c8c018766d", "comment": "Malware payload (RedLineStealer)", "value": "f606ac6e9abd00b7831de5474024985d57e42a37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520369, "uuid": "59a5c529-3720-472a-8bdc-4cdbb27379a7", "comment": "Malware payload (RedLineStealer)", "value": "d83062e18b1b55fc9794e83f79e8ddaab7c680260ef62e9ae6fb0fc9d39fa7abbf13c9d3a3eca4a68c4a94bdf048d432", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520369, "uuid": "92563a9b-b69d-49f4-90db-c0883d8e772d", "value": "T14F850A1176F94B59F5F70BB85ABAA612087ABC6ACF11CFDF1251904E0870BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520369, "uuid": "7a7883d5-3135-4ef4-8b32-dedb5cdd2da3", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520369, "uuid": "a0c3467a-8587-43fa-8792-feb9231edfcf", "value": "24576:Z87xY5QUfimILM/cV5z6gHPA2Ze6a9DhvhIlTc8GVzf:ZEUfimILM/4F6CAue6a3vl9zf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696520369, "uuid": "143837e9-15b4-4ecc-ad05-2641ad494097", "value": 1833984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696520369, "uuid": "ef44aa3d-7617-40d0-8358-c6ece012a313", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520369, "uuid": "162c6f78-95a5-4e1d-974b-61c54fdba604", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d006b88-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495830, "uuid": "a8392492-ad74-44b9-bf7a-79c523136e64", "comment": "Malware payload", "value": "8c6b59d433a8a6265fa800bcbae83620", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495830, "uuid": "b10dd272-d8b0-468b-a029-2cbf187913c2", "comment": "Malware payload", "value": "0fbc381b838763a383ccd7dec380caf9db4325cca826ce2cb49d245c140ff926", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495830, "uuid": "51332cf7-fe30-4925-8698-8f44850065d3", "comment": "Malware payload", "value": "ad0b0b81dd1f05eb262757d81b0dbf28a3388845", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495830, "uuid": "fadf64dc-1cae-4b6e-9897-ec5787e055a1", "comment": "Malware payload", "value": "ef4c9463c1d2362c7339a1ed36629f16ebc4531b83ea3bcf163092699098b378cfdb9a762b489f0a90cb6127cb981889", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495830, "uuid": "10a36b0a-bd81-4838-971e-a1aab5fc3ffd", "value": "T1AA45EF039944CB97D40E83F87E133A991E0D7F29E5D569EB04A77B8B3A30BB20D4A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495830, "uuid": "dd5c3644-8c3c-41dc-bce4-ef9e9768a0ac", "value": "24576:lWQmmav30xwZyFw6ViAk6THZy2w6VDA2BtLvjCSSb+8YfnhxZBlaPJwXx:kQmmQ30gR6Vby6VdOD+jfHZBlaBc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495830, "uuid": "9fd742f5-28ba-44ef-a2e0-67ac5dc7d9f7", "value": 1208320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495830, "uuid": "b3ae71a6-bdd4-484a-b247-4965821c003c", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495830, "uuid": "d023e5d5-f725-41f6-ba93-321893c35741", "value": "arrival notice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5719b52-6350-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1696490878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490878, "uuid": "6fe86866-c0b3-4fa0-a8fc-3e5c9c2b0fa9", "comment": "Malware payload (DBatLoader)", "value": "c7fcb915a272045036e5d8e0de23fd5a", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490878, "uuid": "25355922-4736-45e1-b521-f066b1ac9c2d", "comment": "Malware payload (DBatLoader)", "value": "0fcbcb5c98c97d26b4df12fc4b1f18c926df5e943b6cad241836985f5da0290e", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490878, "uuid": "a01ecbf4-18f9-43dc-aa77-c00d0c8cd302", "comment": "Malware payload (DBatLoader)", "value": "19df745007c4edbb727851db3c65290620389a20", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490878, "uuid": "92047787-ac92-4e67-b186-09dda4055987", "comment": "Malware payload (DBatLoader)", "value": "e1ead8e5f41efcff171e3ff644339729ad2dd3a40a78c3a679cd813425c6f5053815d890fdfeba20542ce185c5e47ff4", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490878, "uuid": "d0c52e21-64c1-4faa-a13a-526a6124c585", "value": "T1CE75BFF4A350BC74E0562A34AC45ABD5C57738C53A4D588DD2ECBBFA39B23A12A1C05F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490878, "uuid": "d2b0bad7-161e-4af7-92bd-c3075754a00c", "value": "0d86e42911c69e10a0bac6a25141540c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490878, "uuid": "ed7d98fb-ff1c-4de7-a43f-e20bcc4b7272", "value": "24576:PQYmRM7kYk7XW+LLkxodkG16Be0jsb/ipPUVRWn6MgnVyZk1J3Hu9kQ9:PQwuBkxcGk1JrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696490878, "uuid": "9a763b90-f97c-4476-adfd-910b51aa2aa7", "value": 1612800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696490878, "uuid": "10e96c38-16d4-4931-8dcb-888d1663d408", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490878, "uuid": "6752fd3b-92ea-419f-b509-88b6e8fdeffe", "value": "Wblxhuaksujvhq.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9456af5-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491851, "uuid": "3ef594fa-324a-4c0e-9276-cd633f542849", "comment": "Malware payload (Mirai)", "value": "91c5f88a9263f19addd6c7247dc6c065", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491851, "uuid": "f8d08be8-04e5-4a43-b11e-f16b542d451e", "comment": "Malware payload (Mirai)", "value": "1043bd65f82b242edb0c7214d5cf31736492f25fc0d46252b5253ff162f5a584", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491851, "uuid": "c4f8ad8d-613b-440c-82b2-09786951c059", "comment": "Malware payload (Mirai)", "value": "a9bb0e22502a46971c43b085e8af87db2e771579", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491851, "uuid": "97e8c2c5-936e-48dc-81f1-b6722d16ea11", "comment": "Malware payload (Mirai)", "value": "23466a0ec275e1886c16e82f9bf9ef726d6c5a11f5c79568cae2cb2fb10ab2537096edc78d7c255f7912c4f447ed272a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491851, "uuid": "12b2e676-d236-41e7-b7c3-76acb838a1e5", "value": "T100E2F1096258C492BF30B5B5F96A04C021FF2FFDE57690B1401476B86BE39CB8B561C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491851, "uuid": "41170b59-e919-4749-940a-2851525f6f3d", "value": "768:3oiWiO031viMKfXl8lHwMaaQyXwWaalrUwoLZJ9q3UEL5Ih:3orm1vrKew2FMyaLZ8LG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491851, "uuid": "b1f2dd69-82b3-41ea-bc4a-5a4499b38d5c", "value": 33028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491851, "uuid": "9fbfddfd-7f07-46e1-baa0-49e20103ad5c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491851, "uuid": "5d1f1b99-1298-4b29-ae25-dcb9d294492d", "value": "91c5f88a9263f19addd6c7247dc6c065", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15bedec6-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1696510797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510797, "uuid": "9926d542-259f-4a4e-a371-f8acafa26709", "comment": "Malware payload (GuLoader)", "value": "f729602cd7a6407e53ca13819b864b3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510797, "uuid": "7022f3cd-d9ac-436a-89e0-920d677b9e6f", "comment": "Malware payload (GuLoader)", "value": "12028f36ac1d3cd2cfae4ed0d5d1bd20ccbd550f87d62dc1a91e6f5ca21d87d7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510797, "uuid": "4a1b8e68-65ba-43ac-8792-e88baae0d5b2", "comment": "Malware payload (GuLoader)", "value": "04df3cc814d3624077226f66e709fd9fcd0c8283", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510797, "uuid": "a21935aa-cf23-4fae-aa9a-bb01a59bac25", "comment": "Malware payload (GuLoader)", "value": "bc2d6061d1d932b739609228641d3cc8caee1b066c2484b948b1facb6d1d313e4cc1713ddfefd445b1265062f64d7955", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510797, "uuid": "eed766e3-478c-4ca5-9657-d6603195f344", "value": "T18BF401106F88F936E796D0F1E191FB0AC5A7BE251F478411E5BE32ADD03EB6B6816103", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510797, "uuid": "4031adc2-1d3d-4ab7-b392-365677e72e50", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510797, "uuid": "5f62fd2e-8daf-495f-af7a-aec0c94c5ec6", "value": "12288:c/f/WU4Dw3UUOIHbEZQ2SIuKpgtSUOs4xw9JrsvV6Nd1lSsgF/Y7n:c/nkDcUQiQpKpg/Osay6v+1FD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510797, "uuid": "662e9cac-facb-4fbf-a947-b246e8857507", "value": 729067, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510797, "uuid": "45a46348-a731-4d97-a62c-0d48961800f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510797, "uuid": "fce42ad2-4f83-41c0-b8a6-b7a63943de0d", "value": "Tender ENQ.NO 6-59512.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f64362c7-6397-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696521481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521481, "uuid": "bc8d7c66-4ed2-4a31-b49d-d5d84a0fb679", "comment": "Malware payload", "value": "1f4795e3a6a434601ec37a38ffc99ff5", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521481, "uuid": "9733d32a-4f71-4197-a088-3258cf15faec", "comment": "Malware payload", "value": "12c1f48673e38233f91d74753162a49909d0e6af2f1410438580cf254273a683", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521481, "uuid": "9e47ae5e-248c-4049-871e-bbc1ad0067fa", "comment": "Malware payload", "value": "7033dceebfac006176e0a96de2454d3a64b9fdb8", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521481, "uuid": "55760992-eb57-488e-8dd9-7c745e6e8238", "comment": "Malware payload", "value": "336df6bbdbbb6fd1eb2c9be36588a091faf1a2340e8df12a06bd98a6f400b9a4058c7f06ad922d61efa884b7d04f5133", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521481, "uuid": "aed86b0f-2feb-489e-b677-fd62ff1fdc68", "value": "T10705B503BE4B86FAF64D1736D69B1C04DB68D983732BD71AF88F235619133AA9C0550B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521481, "uuid": "0e6ae037-1c7e-43b3-9b59-029c5c664305", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521481, "uuid": "eb915ca7-8479-4108-901e-c613319266c3", "value": "12288:jb/6dUcSlJZJxOtk1bpM5E66p9JfSwK3ZJf/AHPFoNgtJXfZRhmFOCP/rtFGg7K:jb/BlJrwk1bpYx6pDKK9HhwOCP/fGg7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696521481, "uuid": "6debcd7f-5694-4a8f-b4e2-b59582bbfd4b", "value": 795648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696521481, "uuid": "92a71b40-c32f-47b3-95cc-f92060334608", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521481, "uuid": "4a882d36-b0dd-4cde-a972-6d40d6032ee1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f81d0d59-636d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696503446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503446, "uuid": "59df90a6-ed79-422d-b1de-627edf1c7701", "comment": "Malware payload (RedLineStealer)", "value": "ded66d45b46d5e864d50e2cda54a0c19", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503446, "uuid": "2fac3270-1b58-4afc-823d-596e9b303b12", "comment": "Malware payload (RedLineStealer)", "value": "132563330b03b6c91c94e816b2182fae18d727711f115d8361780c35fc32b086", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503446, "uuid": "86b53460-f1b9-4366-8514-fa5a50a831f0", "comment": "Malware payload (RedLineStealer)", "value": "328191cbf5b3738fad66b8ecfc3454bcd3ec03b0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503446, "uuid": "8e85f72e-fb6f-4e3e-b27d-a76b51072fe2", "comment": "Malware payload (RedLineStealer)", "value": "7db3500f2c627f09fe0e4b27ecb349675c95e8607d74a890b08678e12fa9a684a2fdc2cfae79b1e2f63cc46bd8403a24", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503446, "uuid": "c0bcce2e-d95d-4f74-884f-c25b99b9cc8b", "value": "T16695335A6BD9C023DAF013B498BB17470F36FC127CA4D65F2686FA436862A8164B1377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503446, "uuid": "1ad2da34-2c30-4dbc-80ed-02758ea0312f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503446, "uuid": "f2bea82f-4877-4eef-99c8-e225e3fc977c", "value": "49152:aA9tL6xCc/Bszi/gR1UmIA/EL90b+n+Rg:59Gsz51UmLEoR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696503446, "uuid": "7553fbbc-193d-4d29-819a-8df22ddba812", "value": 1897472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696503446, "uuid": "fc5dd300-dd7a-4a20-a30a-3249a448d0b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503446, "uuid": "9c389a44-a0fd-4747-973c-526e69145fe6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22ad20ac-6335-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696479036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479036, "uuid": "36459a0e-b72c-48f3-ab43-cd5f1ad8d4d5", "comment": "Malware payload (Stealc)", "value": "f719b1c225f52b0a9cf81c4cd3a10769", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479036, "uuid": "1c1e04dd-ce03-45a5-8a44-f0c30191deed", "comment": "Malware payload (Stealc)", "value": "134a9c039c8bd677ce4cb6cab52ee0a1d52a4fe3ff21600871ee38b9a629789b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479036, "uuid": "1c2030fc-5a89-4e26-a948-c09d8efbba0a", "comment": "Malware payload (Stealc)", "value": "bbda71f2beb24bdcfadf1cebe5319ab499f39d66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479036, "uuid": "352545b2-8671-4ffc-8b61-485b3187b290", "comment": "Malware payload (Stealc)", "value": "dca9b746796a6ff703af67f049c89df57dd086cd0087921a9a19c1719e37302a942d999510ff9c9996fffb680b5207f3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479036, "uuid": "0ad69dce-7364-434c-a649-e071bb92b194", "value": "T1B344E02135F1C872E66B85394934DA5CBB7FB8E22570868F3754126E5E306C2CB7A723", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479036, "uuid": "3b173869-b674-455d-b024-caba3e0cb47c", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479036, "uuid": "b2a2254e-aa55-4ab9-a11d-b973f130ece3", "value": "6144:UsizlRjNeecu1/YXOl+8etceLIgCe4kRxU3V:/i5RJee1B+5tcO9N4AeF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696479036, "uuid": "e79cc8d5-a51d-4f32-87bd-f9f318cee21e", "value": 269312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696479036, "uuid": "0a78685e-1a45-4334-904b-9b0e46ee1b29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479036, "uuid": "8dc9ad1a-5301-4968-b7ae-d9e2326ecfd4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cd17b4d-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496769, "uuid": "23bb4e89-eaa2-4f17-ad05-2cf230694ab3", "comment": "Malware payload", "value": "ba22f07d1a59bb740fe86362baa986c1", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496769, "uuid": "adb7fc10-0a58-4b5c-90b0-c2c1285b6df2", "comment": "Malware payload", "value": "135bcd80c85d4210f341a7c6788e1fb80a00857a2dc924fbfa47031189cdaaf2", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496769, "uuid": "cb4d17ee-43ff-4aa3-b945-ccead145adf3", "comment": "Malware payload", "value": "eb077633fed33c4250c26ff962bf8706a7f5023e", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496769, "uuid": "8a8de286-f6bb-4363-90a0-539d756bb5eb", "comment": "Malware payload", "value": "ed69a606275d4674ce524e8f1add615a1500d8381311da0824ff8cc1e36df6d9cd1df94a562161c0bba1348771e05cf7", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496769, "uuid": "6069e1a1-edb3-435c-81b9-218c8fd46d84", "value": "T1C1E4F0E7FEC883BCD35B33360D110D33994E6CBA9CD9D52606B72941C4669886BC9BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496769, "uuid": "57b4b1cd-0bd0-4ebe-b207-8fb3f178908f", "value": "12288:qHvbTXIOxY4wpa8VoF0NC7FHy47zZ7APkF+keAnMVhezy5BCxZbq6z:mv/YOqRpafFHv/uPkFRe0MqeuxZbqi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496769, "uuid": "758152c3-b43d-4970-bb3d-9fb31c2be1ca", "value": 685001, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496769, "uuid": "49e58743-7217-4856-8e41-d773813f11d8", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496769, "uuid": "7f916788-1ca7-4cc0-9aeb-bd691a1f7a9b", "value": "20230927105744471.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "858f7106-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696496381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496381, "uuid": "77a3a63d-7417-4d21-9b05-a847e7b75260", "comment": "Malware payload (Smoke Loader)", "value": "1c77e0babb94d272fd99823d526e8921", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496381, "uuid": "96aaf08f-68c2-4ed3-a960-9a82ccb948a9", "comment": "Malware payload (Smoke Loader)", "value": "13f0797738f385a0330c1790cbdf50b0b245aae08345827936582b9369485b15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496381, "uuid": "c2236367-9093-4146-bd2c-83affeb083f3", "comment": "Malware payload (Smoke Loader)", "value": "5b2f7942edee45907972082adc31424f72af8570", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496381, "uuid": "4e048851-ae6e-444a-8da5-3f445e47f9c1", "comment": "Malware payload (Smoke Loader)", "value": "e172d3cf46a1ff0ff0ec212e1f891d826bb8a4215d9313f039945b9ea5a6e364f2f303dc5530417abaaad3414f33a1aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496381, "uuid": "4b0b1d5f-5131-44d7-9503-c93392979b1f", "value": "T19424CE2176F2C072D6B755788874DB906EBF78733B74848F27540AAE5E20EC19EA6343", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496381, "uuid": "9b86a4cf-6a3a-4fb2-92d8-c14092d2ba64", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496381, "uuid": "e964438b-76c4-4d7f-8664-9518fd6b4eea", "value": "3072:aRwXzISfARqWjcQTlxf1YKBucOSWRo7D+ETP6Kz60NQpTLX5XKKt87hX9:aWvIqecQTlPYk2Sgo7aEP6w6GQpTMK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496381, "uuid": "fc11d9ac-1eca-4029-be10-9aa8941d576c", "value": 223744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496381, "uuid": "9fc21636-23d5-49ed-854c-3378a995ad50", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496381, "uuid": "742d5062-999c-41a0-b59e-ece6d46ad218", "value": "1c77e0babb94d272fd99823d526e8921.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "356575e0-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pikabot)", "timestamp": 1696510850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510850, "uuid": "57d43bdb-b57c-4ade-9a86-58cdc9e94af0", "comment": "Malware payload (Pikabot)", "value": "3d8b1b6c5cdb12de4515afd1a4763865", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510850, "uuid": "68370ec7-241e-4c2a-9712-b20bf66030cd", "comment": "Malware payload (Pikabot)", "value": "14158b01bd923506175ac3398625464ce2ad91d2a7924237621280e27b49f116", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510850, "uuid": "61f4ca0c-ae5a-424e-ab1e-6e4c9bd6f79e", "comment": "Malware payload (Pikabot)", "value": "c322fdb6ea3889f11d4758ff15785f391c7a28da", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510850, "uuid": "0d1e7386-9224-4a48-be24-4c08da031e99", "comment": "Malware payload (Pikabot)", "value": "1dc2fc7091d53a7e53fd7b4f712d7fab6ccb366907981e61a90925a9f127754eaf55d354c7edc2547087bd07af9c372f", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510850, "uuid": "5ed25bed-ef48-4e8d-9074-69c37c6cc2a6", "value": "T1355633168E2C8E2F86BC6278247F0E4F6AE44E404044FDF663E5BC9E9E4EF25145F169", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510850, "uuid": "70e59696-81a1-4b58-ab5c-b3d2f9f2e834", "value": "49152:wBfKcex9+TCXNrY9gQN0HdGuY01MNR0jASDmYUqYtIpQoeyz0RHcFFHTpf0z7u5a:A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510850, "uuid": "92ad0def-17d6-491e-9f96-d39ef66a28a6", "value": 6344730, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510850, "uuid": "20a0e044-daa0-401b-b1e1-981943feaa02", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510850, "uuid": "0808ea90-1b75-4f03-92c8-46a755e04696", "value": "PO_17227.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0919e2dc-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495314, "uuid": "d0c750cd-7cfb-4fe9-9b70-c4c42a31cf6d", "comment": "Malware payload (AgentTesla)", "value": "49f92cdb1a0eae12db6b37af5f348a59", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495314, "uuid": "761b9ee5-e640-4667-8d38-a31125f56f10", "comment": "Malware payload (AgentTesla)", "value": "141a0b6086569cdb42b2c6016fa20bdb507ee3f5b6e42dba9f53a07dfea4bd7d", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495314, "uuid": "0d3a09b1-0244-49bb-a4af-bd7804b25e27", "comment": "Malware payload (AgentTesla)", "value": "0d038760dd26249ade30d167fe6052e593fff2bf", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495314, "uuid": "e8cadc9b-864d-4c76-bc66-dc14fc9504bf", "comment": "Malware payload (AgentTesla)", "value": "b13290016cda5bc2ccdab5a59e815f83d8f882685dccc9c2272ea1166e432005d7dc01de37dbd92a94fe93f721222d79", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495314, "uuid": "8d04a56a-c252-4cc9-a544-82117c4ec942", "value": "T1758423F5B5A49F9EA2180C582CDD0A1D2EC736E86F5491685160C930FF587A331B8D6F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495314, "uuid": "99bfa32b-2e6a-4fdb-a710-f860ccb719af", "value": "6144:JT8c/b+KsSYss0Rf36mo/nOkNUCzRdLZFDvCevEoDmtKbhBUTs:yy+Ktimo/OkeORdN1vfMwsKbd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495314, "uuid": "e8f3fd43-4376-47fd-9cac-e084604bdee9", "value": 405643, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495314, "uuid": "3435c6f4-f912-4136-a7b1-1a09c039d315", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495314, "uuid": "17acb8db-486c-422e-aeac-228ffe310d46", "value": "Import Permit.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "375b9433-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696496250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496250, "uuid": "dc0e81d9-e4f7-425f-86c0-069f646dd46e", "comment": "Malware payload (Smoke Loader)", "value": "a12a7a8edd7fee2ec3b2b47e0a33830f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496250, "uuid": "a675aba3-09f5-4bd1-80a2-473305d4e595", "comment": "Malware payload (Smoke Loader)", "value": "143310670009099214b1b1a812e98a485db3e2879ab35dca8ba63005a62a610c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496250, "uuid": "f0d6e087-b294-4c25-83fc-f507dd58334d", "comment": "Malware payload (Smoke Loader)", "value": "08f7effe8228bfca384c8eaa3cba606a2342eb0b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496250, "uuid": "58bf0c21-7f5f-4208-83c6-d2531154e429", "comment": "Malware payload (Smoke Loader)", "value": "947811c65886643bb1a42c36b8109a0d415186f0bab7fe2de0e9b7c254ca6420f8fa3115a79cb7ea25a1ba7edea74fb0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496250, "uuid": "0ce88264-0c41-4b8f-a4b2-65ce36ffd9ac", "value": "T103647E13B2A0BC71E4220A325E29C6E5371EFD61DE1967A7335C7F2F1AB01E1D662712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496250, "uuid": "6fad5c46-4226-4691-9de2-b1870e02539e", "value": "5396cb3c2c0a90a20f01488724a0b793", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496250, "uuid": "4c364ae1-326d-4464-bc8d-1b8343233f12", "value": "3072:rxUd2CrCcMqappyoBiZVSazEt0MfTXnjxMVr8CzoY:FUd2GC5qappyoB2Sawt3LnjaVp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496250, "uuid": "087f87b9-b363-42e8-95b6-b00f935f423c", "value": 315904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496250, "uuid": "0ad1f164-bba0-49b6-bb84-fc74a5086b07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496250, "uuid": "9984489e-0aaf-4b3e-bdea-3b1693ee8bc8", "value": "a12a7a8edd7fee2ec3b2b47e0a33830f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "244d48f4-6396-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696520700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520700, "uuid": "5a8dc5b0-1506-498e-ad6f-5bc6ae1366c2", "comment": "Malware payload", "value": "1f1061767472bf174cb693beb74cfb56", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520700, "uuid": "84e997bc-f5b8-4a84-ba02-5451fc7e4c72", "comment": "Malware payload", "value": "1435af294e1f747ef8c8ec07338c82afcca9559916a53125d503a51b3075a168", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520700, "uuid": "3fb14a09-b17c-474d-a7b8-e498bc29291f", "comment": "Malware payload", "value": "090957a78fb22295299d59c38ed8801b1d885c47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520700, "uuid": "12f6a8ed-5e31-4d06-8a85-4c98ea900269", "comment": "Malware payload", "value": "9e458da1874b791cd65d8b4deb662acc6178e938ca7eeef59fd5ba4d7107cc3c6cbfe264b74b84c4320210cbb543a459", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520700, "uuid": "db8b2109-a747-4e17-ab9b-b4e7a55164d1", "value": "T184C3BE03D9E0A2FCF062ED756F39D0D58A377E222E71A54E358C7E990FB7060548936A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520700, "uuid": "10d55275-a5bf-4177-b958-0521eaf1d88a", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520700, "uuid": "7d2d675a-7de5-4e0f-8a85-4afe4aa1cd90", "value": "1536:83qRLK2Q0BmWERGpU4qTtkUJ7J7GQFPxzfEdLhFZj64+OX+TcjwgCF9RHsU:FLPT1kGa4kC6GQF5LIZOrwFjwN9D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696520700, "uuid": "30e8cbf7-b81c-4146-95e8-2381b4b7f897", "value": 129694, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696520700, "uuid": "16c8349a-0b61-4eea-b0ca-258791e2b1ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520700, "uuid": "48c10134-d2ab-4751-aa10-e8a0d4419818", "value": "SecuriteInfo.com.Adware.004eef211.22567.5749", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23cd7352-6312-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696464005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464005, "uuid": "6089f3e6-b75d-4a46-a97f-05556146195d", "comment": "Malware payload (Mirai)", "value": "1cceb19b71aec10838c98372b4cf93f5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464005, "uuid": "1a8e920c-2b52-474f-a838-9fe25d230144", "comment": "Malware payload (Mirai)", "value": "14622c96d19d0bb5e95c59acc228820c6d9084f497bfea5648cb18719cb549cc", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464005, "uuid": "deec64f0-c2a6-4b23-aaee-878bafbf5304", "comment": "Malware payload (Mirai)", "value": "19864ffa76e9bd81d9bdb8443f4d29ce45298487", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464005, "uuid": "73f3301c-c59d-47da-b128-304551cf5876", "comment": "Malware payload (Mirai)", "value": "2c06ca934a3f68d9a4d07522e69f18bbb68d119ef6bc14baeb35ecf9d61ad59f8e4cd549bfcba048356cb36bfd20e49e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464005, "uuid": "b5ecf878-44cd-4651-b72b-19aaa6b79f2f", "value": "T1324329C8E6D7E9F4EC090A313137EF32D6B6E13F252CD993D7986967AD41602D4022AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464005, "uuid": "f9ff76d5-75ab-4744-91a6-d67259cfe334", "value": "1536:CVKFOD7prJkaNup1COy7O/HgesD4B7agf1i7EjVP8xh:XFOXprOfPTy7yHgesD4B7aa13NQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696464005, "uuid": "b3e892be-bb94-4383-aaee-04f8139e4b5c", "value": 58128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696464005, "uuid": "74d5e040-fe34-405c-8fa6-4c0f74851fcc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464005, "uuid": "cc7ebb29-e97c-4bb2-90c2-35a55ed3bdd8", "value": "0xh0roxxnavebusyoo.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de582e03-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495242, "uuid": "ed6d1598-50ce-46af-bcb7-f3490ba23f10", "comment": "Malware payload (AgentTesla)", "value": "a98108f853d463f53cbf9d387939a355", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495242, "uuid": "4aee0d2a-865e-4ccf-9eca-e2a4de26907e", "comment": "Malware payload (AgentTesla)", "value": "15721ae2d04e5e9d1b9d49821e87cf5007bee2ba0b4306f5e6d0d190f2591759", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495242, "uuid": "38932d76-f872-4f4f-8906-fa8880d57984", "comment": "Malware payload (AgentTesla)", "value": "3a247e03235c86730326f68319248d38b1a83531", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495242, "uuid": "0c1a1ab3-317f-400d-8a44-dcf1648aca32", "comment": "Malware payload (AgentTesla)", "value": "2438da40406c4cc88ed05a91160e9dc127f835a2791a164d03d6226860f4c9fdf7e5e1e70b313d073f366b34f12ca3ae", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495242, "uuid": "8428c18b-bc5a-41f0-b008-f028b6fc6352", "value": "T119D49D2175EF1E93F376F7BEC3A41A46C6BDF2F1695BBA1B204007A59412D81EB02934", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495242, "uuid": "1cb8b317-1dc5-44a4-829b-bc6a7bb94dc1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495242, "uuid": "9e7b0cef-eae1-4c06-b780-fe2fbbedb689", "value": "12288:tawpe2SdqfYdxy1KhF5wZKvg7qNZfK3Gwwfe/7rM4VWjbH:tawpe2Sdqgm1AmFMZksf03kjbH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495242, "uuid": "87d35f7c-2d6f-4b27-8c03-4c8648b1fcd1", "value": 602112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495242, "uuid": "d5c0cf86-c733-4d59-9b79-759f81ef6307", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495242, "uuid": "10e58066-13df-4a92-8361-02f080fda1a3", "value": "PO2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77431c33-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496787, "uuid": "ee335045-4cb7-4040-9858-a7d6abed58a7", "comment": "Malware payload", "value": "940fec258b3251245d90b961a2238a36", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496787, "uuid": "305c46a0-68d4-439e-b5f6-39dad9a00875", "comment": "Malware payload", "value": "1601c44603b2cab7da61deda900ecb529a2ea505eed7cdb9baf795309a954c44", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496787, "uuid": "352c8b88-c48d-47c2-b2e4-34da5722932f", "comment": "Malware payload", "value": "368a9feee946c3fe437006f971e91324ed0600ca", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496787, "uuid": "94b246b7-1372-420b-85b2-644b169009b2", "comment": "Malware payload", "value": "a3e90d99cc34e8f5fbccfc3af67d738722d4c756ef0e5533d9e6d87a030bddff8eed65e0870a4ab8e4007f95309fc213", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496787, "uuid": "2d2a085e-65b8-40d3-aae0-56900dda912b", "value": "T170E4E0E7FED0873DEB13B6781C129D33AA4E5CF69CC0D05A04B72856C46188967C9BDA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496787, "uuid": "724ee2be-18cb-47ee-9aa3-d6e75a6e16d1", "value": "12288:HjKzMO7QMqhHL9vTsW4jBPFJQ17Iw+BKlIDoBhuYRGTRim8W:HjcPkMq3R4hFJQ9iBKlhXG6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496787, "uuid": "4126e7e1-8a15-4a59-92e4-d0b8bb2c1c4c", "value": 684750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496787, "uuid": "59de9231-1601-4f2d-8028-38a6377a72b8", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496787, "uuid": "411bb53f-217a-471f-97fb-7006a9c0c1cb", "value": "ivc_23762.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4230c837-63a7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696528051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528051, "uuid": "af87018f-9c61-4035-8be1-fd8ab9871045", "comment": "Malware payload", "value": "65ef2eef1ccf3146b44010406a235cb7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528051, "uuid": "b476f859-1963-4e83-9fb9-9f29f16094f6", "comment": "Malware payload", "value": "169b23f45787a0213143bdbb4125658b4bee18e74cb9899c09c29233807bcd21", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528051, "uuid": "58aea1f5-b371-41b2-83a3-5f6e4c24f108", "comment": "Malware payload", "value": "6bfb70d4265675a09eb2d980b4a10c3bbc077004", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528051, "uuid": "3881aa5a-bd24-4d1e-87b5-d789f6db9f48", "comment": "Malware payload", "value": "ff40dd709d494d75dd7f8363631134642db70e2e2a4b3a24ce1cfbdc2c75a4598300b63f716c5b5f04d55e473ed997f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528051, "uuid": "161ad944-0c9d-4218-812f-8a00ffad49c4", "value": "T11D063311BAC4902AFCE82F7060FE22E70A3E7DBA195562870655586C9FF36C057743BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528051, "uuid": "0dd492f5-aa10-4c3d-aa07-994499fbfe51", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528051, "uuid": "8bab5fa0-9287-44c1-b706-558abdef5d8b", "value": "98304:7bnvZYMmLfTUUzZbxksBk5ahKmZLcRp+VGQIjguwnf+z:XvZN0TUIZFHBk5hkIr+VVIjv9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696528051, "uuid": "f4d2c0cf-5e3b-4813-8e64-0eac0a506ccb", "value": 3979440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696528051, "uuid": "1880d855-a1b0-4b70-a6d7-4ffeb161a471", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528051, "uuid": "5e0fe30e-6cf7-425c-a38e-03b7b6751f52", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45e23b81-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696495845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495845, "uuid": "0cfb849d-f85a-47fb-ba10-ca299ea5fb09", "comment": "Malware payload (Loki)", "value": "e832554f197bfc6fcec7d8195f8c3112", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495845, "uuid": "0922862e-0b39-49e2-8903-17eb675f4a12", "comment": "Malware payload (Loki)", "value": "17e578ad9ef52a063254504a6a320489129763da453ffa6d658add78c9b4f144", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495845, "uuid": "b14f624b-63fa-4c6b-8684-161671f46b1a", "comment": "Malware payload (Loki)", "value": "e46c41618c5b4e725f4f9809480f088dc7e3c2bf", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495845, "uuid": "04e5cedc-4891-4b15-b4d6-430e418dc4f8", "comment": "Malware payload (Loki)", "value": "e13f620d902ac15464ea05bec55c3ef00f39b0f15d644345a0a2458e299350c97686ac060ff4e88f6076549f8baf79c0", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495845, "uuid": "99d5adee-4e4e-4153-8764-ed5eee619bb8", "value": "T17645E0039904DB97D00D83F87E1329D90F0E7F29E4D5AEDB14A27F8B3A35BA2095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495845, "uuid": "6384fcca-5b68-4e8c-b826-d54caf945fe5", "value": "24576:IWQmmav30xLZyfw6VzAXZSCmI1ZyXw6VfAXZSdYZhXANZbaUwXEhSp5iaPnwDx:dQmmQ30jD6VwEy76V8EaQbaLXnqafw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495845, "uuid": "801fc613-b98a-427a-b6b6-57188abf573d", "value": 1253888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495845, "uuid": "0a58bd7f-4df8-4601-a00b-ac083a892b8a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495845, "uuid": "723b7096-9b3e-4b04-9f7d-53d64b032be4", "value": "Arrival Notice _BL 209530072.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad479fb2-63b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696534244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534244, "uuid": "67bd736a-37ca-40b0-921c-8c73cb03f7be", "comment": "Malware payload", "value": "b682a9cc1be460b433b561a788c8b694", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534244, "uuid": "5a7b6ce6-1d64-467f-92fa-410a60cfbb46", "comment": "Malware payload", "value": "189a7276cb91be51cb6338d5117e7862a89fff4060eecce6b3e6f5a62f4fe77f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534244, "uuid": "1ada42e8-c0fa-4a69-bdb0-a17bfdbc79db", "comment": "Malware payload", "value": "3fc040d32ad9352447db937ec7832dcf216a32a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534244, "uuid": "add23c47-ec81-4fe9-abb6-403254ff1087", "comment": "Malware payload", "value": "06c96eba9517b9a95ff953948a1ce8b703a5c9383a1c83c225f4487bfc0c25c4ee79b12e96707bb0ad920d32f5735fdf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534244, "uuid": "4943872a-5783-4599-aef1-00ddc114c26a", "value": "T1F0A48D05FB9448E9D077C4348A178642D932789A0F75EADF1398927D2F3B6E85F39B20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534244, "uuid": "d67b3ae4-fe8a-4324-90d5-d0be8767884f", "value": "ad93bccd3325bb814d5a573c3780f75f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534244, "uuid": "885d1642-5510-4b12-a367-8819db9902ad", "value": "6144:k2vYg/KfSIBMDgW0L4FWa1yYMOgWQO5+071y6rpz0V:wgGSIu8OshYMUQOk6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696534244, "uuid": "902fca9a-ad50-4705-963c-14b2db0eea42", "value": 449024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696534244, "uuid": "e99d5244-b146-40cc-b3fc-99cf9059725a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534244, "uuid": "4ecfc1eb-fabd-474f-9cca-3bd30ef1e073", "value": "SecuriteInfo.com.Trojan.Inject4.61380.9647.14040", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bf839bb-63b2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696532711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532711, "uuid": "4000738c-9bd0-447f-9382-9db9627fa655", "comment": "Malware payload (RedLineStealer)", "value": "bf655282f4d0128d1fab583ab6c1e1d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532711, "uuid": "ebaaff5d-e52c-43f1-8cc0-172718f20534", "comment": "Malware payload (RedLineStealer)", "value": "1987fa932269167c15f0f0026cc65c68e3163362164d8440cba2c889586d2cdb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532711, "uuid": "6dc349ab-df5c-4c8f-8df2-a1cbfcd880ca", "comment": "Malware payload (RedLineStealer)", "value": "0cdacc9ad57184f96370853875f872eafbbaa937", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532711, "uuid": "9998fcc9-cbb1-4c32-ae6b-a93c483e3336", "comment": "Malware payload (RedLineStealer)", "value": "636789a189724d65d63c06358894bc2ce8a77820017a5fa1de992038135dcbdb48686301b97f44e6abf15922de1548a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532711, "uuid": "77d35c0b-326d-46a2-a122-953806d9d54a", "value": "T1CB953306BAEC8032F9FAA7B0A8F602130735FD715E7453AB23E668661D735485439F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532711, "uuid": "65ba0cc0-fc6f-4b5b-9109-d7fa9a8576ba", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532711, "uuid": "3f9c8786-2652-4daf-8244-0e3a0f357054", "value": "49152:qZZuH5+5ukDnHMx6uFVKSIl4pwXoYZlvlK:v+EeM0uFVKpZ/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696532711, "uuid": "8ceb4016-8306-4e4e-a995-15b853308c46", "value": 1925120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696532711, "uuid": "4c70547e-0ff5-4935-9e63-3e045227d787", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532711, "uuid": "52e46618-a014-4a15-9c2c-2b7017c0c805", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b857d40-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491586, "uuid": "f633f5f6-34c8-4828-a8e4-557afef6c3f4", "comment": "Malware payload", "value": "b07d9eca8af870722939fd87e928e603", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491586, "uuid": "87e65dde-8c42-4a68-af93-20397c660794", "comment": "Malware payload", "value": "19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491586, "uuid": "ff946b7d-dfb2-488e-8c00-43ca94644f17", "comment": "Malware payload", "value": "a80c650cd1a486e077b2e1867f36f553cb682a41", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491586, "uuid": "79ecfeb8-1bcc-4aa3-a9c4-95ec4ae6f474", "comment": "Malware payload", "value": "a7f80bc5dbcd6ea26dad107f3c82fd661cd531e16cc4d3171bbcfcf26f89ef811482e8866c3f0671d0a208f02cfba7ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491586, "uuid": "e9a38435-5b0e-4bdf-93d1-d3738a9b8166", "value": "T1B3269E56AA6480F5C1A6C1B9C9F7CAD7F7B274450B309BDB02A4826A0F739E05E7F311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491586, "uuid": "58a02a8a-e38e-4411-8f38-900128bcd271", "value": "9d7285465b02ea32e9b68a7ea325aea3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491586, "uuid": "7993cfb4-0c38-4915-96ce-f4ae65459e95", "value": "49152:ftVwASOnGtlqzTkzu2TpDtbou2HmP317X4GyYGf10MlmJ3aMysM/PNwDge5XF2bE:PssYGt0ME65/Plc3846dRxO+aUjO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491586, "uuid": "59d03f58-ed31-4678-a8c0-973a672323b5", "value": 4784128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491586, "uuid": "7056da66-27ec-4a2d-855a-00b8d6e30512", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491586, "uuid": "cb115383-360f-4a35-9651-94861eeb0074", "value": "19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0e07522-6390-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696518412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518412, "uuid": "4178e3fb-5d46-4f58-bac9-056fe93f6a8d", "comment": "Malware payload (Formbook)", "value": "a91f49c8ed37e92b18b4d729ff9a6965", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518412, "uuid": "cf1fd7d2-d9fe-45fb-9038-d2a1f2f6e9d4", "comment": "Malware payload (Formbook)", "value": "19ed64f1815cac8c156ba7dc1a25e67860c3d8f73ef0989d864ffad98ea2dfdd", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518412, "uuid": "65d66e92-c177-45d8-84a9-741cbecf9210", "comment": "Malware payload (Formbook)", "value": "59e7fe404d5e64cdfecd3e862a92c93fd4be19ea", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518412, "uuid": "b15c9da6-221f-471a-ad05-e7a5a257a1e9", "comment": "Malware payload (Formbook)", "value": "614cf4a8dddc6670847be6c403dbb1f4949cf7ba474982ccef8b590650dd236c1968c7b1ae98e9c851a9564bc19e199e", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518412, "uuid": "f7e5ef8b-3d6e-47b1-b7ee-55c2f7818f45", "value": "T1515423B402B1F8ED2D00B1C41D5D0AE4E076FD557BE476BB55AA7EB9A21F87124013EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518412, "uuid": "ac4d9f16-c3ab-4402-a06e-711eeddf14a2", "value": "6144:4iRJvh8eirSzmYS5ofP4EAy85sr+JKwu8MBs3Bgr4pxmub:DJJ8eirm/S5oH4EAr5lIwuVt4Hfb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696518412, "uuid": "9c4ffa91-ee84-4f4a-8661-53efadbdf215", "value": 291299, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696518412, "uuid": "09a33379-7101-472e-b4d9-1d0c13a50c3a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518412, "uuid": "a279b48f-d149-49ed-b68b-abcf99031288", "value": "Transaction .rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7571f21e-6316-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696465860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465860, "uuid": "fd504bc5-1bb5-48f1-a34b-11e44fd2293b", "comment": "Malware payload (Mirai)", "value": "c91a53acd111c7e39ec0ee2ec97c9426", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465860, "uuid": "b3e6bdd5-c1a1-46d4-84f7-947b821826bd", "comment": "Malware payload (Mirai)", "value": "1a5acfbd8486b2ea3355ddaee653f3844e7d82bd338fcd993fb7fd1ba4a93ad5", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465860, "uuid": "98829543-3bff-4649-9e62-59b88ca35949", "comment": "Malware payload (Mirai)", "value": "6552d84b3d26aa276ed800c618933c1d99d1aaf6", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465860, "uuid": "bf96245a-01b9-4e8c-80b7-d2059c1a17cd", "comment": "Malware payload (Mirai)", "value": "e4008183d1dd708a1f02a5fd905c63ffbfb12488ade509e487c1caebae8b4bf4a1eeea5f8e0f6ee05336ffb721cb46cf", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465860, "uuid": "4737a56b-aa60-4ead-a364-bf5b5ce3175e", "value": "T186D2E185DB74CF1BC8BBB232281976128621B72E70D5C9A57CE4391B55BB93053EC3A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465860, "uuid": "363bde9f-dcb1-4379-ba46-02400669e7da", "value": "768:kZW56tNDAFiY4FGG1Nn8MPDEzg6cHoC5IsCnbcuyD7U0/2w:RMtmij8wyVcj5Enouy8jw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696465860, "uuid": "0bc15400-bdae-4c80-b82d-c95632726663", "value": 29740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696465860, "uuid": "0152664d-8841-463c-bd14-a9de08d6ec76", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465860, "uuid": "0fde95c5-ada9-4671-9544-bc6590b1e0d9", "value": "SecuriteInfo.com.Linux.Siggen.2368.17337.5552", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48bac966-6399-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696522049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522049, "uuid": "21d629a4-1694-4e5c-849e-c2e4ba194b9b", "comment": "Malware payload", "value": "f1c9c05e648e58b6bef8dada7654a88e", "object_relation": "md5", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522049, "uuid": "edd49031-51dd-4daf-8d52-cba9f280d2d3", "comment": "Malware payload", "value": "1a99ac759fcd881729b76c2904476b4201e794df2d0547c954ea37be7c153131", "object_relation": "sha256", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522049, "uuid": "3f2426a6-b270-46d5-9548-fd8b77e6bc95", "comment": "Malware payload", "value": "51e14be2940ae38c6428bf33bb8a9a08ae36ec69", "object_relation": "sha1", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522049, "uuid": "9b8394f7-d45c-4ad8-930d-b2c9870cd34c", "comment": "Malware payload", "value": "f90c5b50067043a0b0f4cf21a3d395da2d0c33229c19bb9e7f4e6630e1451d1b98c05628bdb6bff7ef91df8da8a05b13", "object_relation": "sha3-384", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522049, "uuid": "a3cca93c-0d1a-427e-b151-965a0f6c24c4", "value": "T100E5F143E7E680F1E94665B5117BB33B9A30A305433ED6D3A3A43E46D8313E15A393DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522049, "uuid": "523984d9-4682-422b-ba6a-e23e19b7b011", "value": "9e604fa03f90625680ac2f8bef162aff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522049, "uuid": "18897aa3-aa8b-46aa-ba3e-895440b5d24b", "value": "49152:JVHFXSFEmqiDqCbS1gickV9/Txt17kLz5P3mucJZCliSAbFXHrZy0HCxgdjmyZ3H:JVHFXSCmqsSgfkV99jkLlP2bClDC9Fjd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522049, "uuid": "e8d4a495-6a43-4953-a855-aa3263bd56b2", "value": 3154848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522049, "uuid": "32a86b89-3118-4d6b-b7fd-e599a239aac4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522049, "uuid": "0a4afae5-6806-43cc-8f5a-681f9ac84c91", "value": "Setup_win64_5.49.1031-release.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61a7c405-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696535405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535405, "uuid": "ebd822da-fb56-4e59-bb17-6481208290a3", "comment": "Malware payload (Mirai)", "value": "f2a56b3b580de1c55ba936961ea6614e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535405, "uuid": "e36e2fbf-f791-4c56-af81-27483412e1be", "comment": "Malware payload (Mirai)", "value": "1af0d4568563e62b76fec3040e6e4a0c51ed1509d8a81a066e86f18fe07ca534", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535405, "uuid": "94e7237a-205c-4937-87bd-94628d1281ab", "comment": "Malware payload (Mirai)", "value": "54d1d6f9f7f458101d6ed1c27832766e7279fa80", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535405, "uuid": "9d60ab8c-9a00-4b3e-9db2-d79f395122b8", "comment": "Malware payload (Mirai)", "value": "5dcf61aae8a4d7061c49ba5dfc165b453cf1f9537c03350a498146f6056603f3eb0d4b0dd39bccdf64fba01742f2583e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535405, "uuid": "c25cbcbf-48f3-4f18-b10f-e9064a26c736", "value": "T13FE33C86FA408B13C5C61B76FAAF42493312DB55E3DB73068D185FF43F86A5E4E22606", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535405, "uuid": "a47fe76a-5478-4a4c-830a-9803bfaa9d4c", "value": "3072:dYbSBJRwtnTshL3lYqNA9IYTouy3FpzUHjYazWZSM/9X/r:ibCRunTsTjYTouy3rUUazZM/9X/r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535405, "uuid": "a86987a2-4988-409f-9eb4-b39fbae288c8", "value": 144095, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535405, "uuid": "a8091ec9-e68c-4c9b-9751-65139533eff8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535405, "uuid": "4aa53d75-fe98-46fc-bbb4-f42eecf4fdd7", "value": "Mddos.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd82a65c-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696535237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "604b9ca2-a7b0-4801-b076-c79dacd05f13", "comment": "Malware payload (RedLineStealer)", "value": "3139028b9c5e4491f1f16365eafe9440", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "ca63518d-fcb1-4be2-b877-098ad5c675fa", "comment": "Malware payload (RedLineStealer)", "value": "1affc29ed8eb44e7f67b63eeba9ac387770e311f5fcc7fb869436841a8712af1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "204b0c85-b70a-466a-a5e7-b84ca823cdff", "comment": "Malware payload (RedLineStealer)", "value": "72a42afa84735ac2cb22c9ab2ce66cb8f854beda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "8511bdc7-bdf5-4ade-aaf7-530ce3d74b0f", "comment": "Malware payload (RedLineStealer)", "value": "0308bd7ff1a44723636f33ebdcb86a3733ac2c8efb6d581a034635f54beefc277cf8d013d6edbfc2b4d883819574586f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "10f254e5-bf47-4d55-8b9c-f90687c8728f", "value": "T10215222276C1C3B9C57B213588D6DBB54E6931350F6A85D3F2AC276E6E013E1A3362CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "49922cc0-e9aa-4c55-93d3-ecbc3f07cb0e", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "072f2f48-f719-490c-a47e-95c526e9bfa4", "value": "24576:9k70TrccNOyTWTE+Rzty0YwWW0E5zvTgugHgf:9kQTAc49E+zWRKvTHyg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535237, "uuid": "f382d36d-caa6-40f0-b65d-8cc24d37077a", "value": 950784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535237, "uuid": "225345ea-e894-43b8-b256-0a3b86d181fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "aa2f86c9-bf16-4c45-9243-f50a67c433fc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9954615-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696495637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495637, "uuid": "3ff570ce-d357-4502-b18e-7da09643954a", "comment": "Malware payload (Loki)", "value": "f12b04777a2d481cb6cac05fba2bf6b0", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495637, "uuid": "30c08851-a5bc-4052-9a83-a3db65f3bf3e", "comment": "Malware payload (Loki)", "value": "1b10158267c865398a43869316cfb092c75198b39aa1e673b8d31a0eac2e3452", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495637, "uuid": "2cfc7338-67ee-4365-ad4d-f69192c1f85c", "comment": "Malware payload (Loki)", "value": "6e9a321bc5530ca5cbbd74b3ae0e0ea287c513fc", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495637, "uuid": "d7b8c344-7ded-47bb-98db-c022d65b9750", "comment": "Malware payload (Loki)", "value": "940b8bca55571a40df9615016fa8df974596fd915246127bd855037fb269d28e5b97c47286981c800efed8ebe94c9050", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495637, "uuid": "f34efe59-5abf-476e-8b25-1233e9efd46c", "value": "T13345EF039904DB83D00D83F87E132D991F0E7F29E9D56ADB15A37F8B3A31BA2095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495637, "uuid": "14f9977c-8333-4244-bcce-6222317fffb8", "value": "24576:lWQmmav30xwZyQw6ViAF+g8Zy2w6VmAuogDTtcbe0I3hBfvAAsqfVwbxc:kQmmQ30gM6VCy6VFez33mqdE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495637, "uuid": "0bcb8622-dd2d-4d08-9efe-76fc6b7e55bb", "value": 1208320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495637, "uuid": "1847beb9-0a96-4128-b2f5-5edfbde6c22d", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495637, "uuid": "85cb001f-921e-499a-abcf-83c9b1a12741", "value": "64550135 INV, PL, SI, MBL.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1e6fe5e-63a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1696525769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525769, "uuid": "920d8fd2-d725-4a4f-9e51-a71ba34fa7a0", "comment": "Malware payload (NetSupport)", "value": "d4ed200afe9a8b330085db84c1a5be99", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525769, "uuid": "bd3dc7df-2b21-414c-a4a6-2e428be1b5c0", "comment": "Malware payload (NetSupport)", "value": "1d32d667b7040040dd68612ec38811e6bda6c91c7897219e4025a3ec87d0ef8a", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525769, "uuid": "a29b665a-5d78-4ad3-a43f-e19411d1caa4", "comment": "Malware payload (NetSupport)", "value": "0d903bade2ede068682e316a24ba80000a0869f5", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525769, "uuid": "b74a7432-3f35-45e6-9fd8-a1ad764f1225", "comment": "Malware payload (NetSupport)", "value": "189662f52842e81a01215e491410fd8772deb90f17b608b786ec20c6ce8c30ffc6f347879e205d972bd3602bcba1c1aa", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525769, "uuid": "dc7248b3-fe74-49ed-85cf-e08d0ab7c001", "value": "T10AF533162693FBB6C0E1F67BE0ACA8154A6D747CE4F7B476586EA153E93E431D82F000", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525769, "uuid": "ab278917-ff97-492a-a570-afe66754322e", "value": "98304:t12FXamhRFY89YYc9jh23redpmQRiXuYESBZFR02jZPl7c:r2HxYoY59V0redpmQRiNfZN7c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696525769, "uuid": "868aa9ac-0ac2-4b23-8050-de2a96512b78", "value": 3429376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696525769, "uuid": "7135694e-24c5-49a4-a302-fdadefbc85f2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525769, "uuid": "7203a9e0-0bf0-476e-80b7-89f2d802e5df", "value": "p.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "635ed3bd-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535408, "uuid": "63a91c03-40be-4046-9d7b-32e4842dcfe0", "comment": "Malware payload", "value": "cae0226ecc7b4f7eca1ada0ec7347fdc", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535408, "uuid": "6a6e202b-6048-4296-9259-a92d904d95e0", "comment": "Malware payload", "value": "1d3a1d733e419679b61da6059bccc93b431266c65ed6870d2933056669c34a57", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535408, "uuid": "23d82cb7-4d84-4c77-b316-8ba380a2bb72", "comment": "Malware payload", "value": "109336f7fbfa42156a61dd350e9677bb03bb819d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535408, "uuid": "a4fccd9a-0608-428c-876a-216ca784914a", "comment": "Malware payload", "value": "3edce0d4e7d897ea492fcf8a8adac79b78350fa247012d10736aa57ff556f7e929478f4e662484075f4b8add55326b62", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535408, "uuid": "e17bb3c9-f413-4c0a-95a9-177f11570486", "value": "T1EA534AC8A5C3E5F5EC001D79307AABB1A973F53F2035EE9BE79A25639903603E10169D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535408, "uuid": "e83977f3-f176-47e1-8056-04b24effb081", "value": "1536:V5Vn4pXoqVExGxRP3MFnKi9jGKO18HKaPWVKSUnD9oAG9u:7R4pxuxGxB3MFnKqGHCHK5d+VK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535408, "uuid": "0e662674-399c-440b-a3cb-bbd4e944b008", "value": 63696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535408, "uuid": "7efa0c22-e7fd-4a8f-a45d-b79716478224", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535408, "uuid": "6aea6c91-0ee7-41c3-8ffc-c31d75139375", "value": "Mddos.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b42e7679-635f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696497319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497319, "uuid": "1db7d474-0168-427f-83dc-a677d79c5252", "comment": "Malware payload (Mirai)", "value": "7498d555d44a3bccffc015580a7d8639", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497319, "uuid": "3edc805f-3853-4b81-a0b9-4fffd2d93fed", "comment": "Malware payload (Mirai)", "value": "1d9b9118ee31913246ec69cbb6a0ef3c3d128f5db9c6a7c9e3624d8bc31529a3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497319, "uuid": "4d624d92-a040-494f-9e86-1cde7eaa750f", "comment": "Malware payload (Mirai)", "value": "8be94b2ed8bc4b1380387f2357cfbb718ed76572", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497319, "uuid": "f54d147b-5281-4ef1-a6ab-b0771fcd9575", "comment": "Malware payload (Mirai)", "value": "30d4f584c648962f6738a5faba50c8c1e80c8bd38c9a7b010f5144abb69abe605f3cd425c4dc0b4dc35c187774e1e6f8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497319, "uuid": "40dca0a2-2bbb-450f-80de-f90d317eff9c", "value": "T1F5735D24A97D2E26C0D4A17B61FB8361F2F6230E2570965D7C760F8FFF2464468162B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497319, "uuid": "02e11785-db0b-4598-bd43-bf81a9bd4a85", "value": "1536:5ms+geQfvznpCR8ee84cNkAUiAvFI7IlNnws8W:YwfdNu4c+ZvFqI3w7W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497319, "uuid": "84c78511-3105-4535-ba69-1bd2b718f273", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497319, "uuid": "9ffa3a98-31a8-49ef-969a-5258efb56be1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497319, "uuid": "7f98058f-cab5-4f3f-a8cb-98b44e5c6fd0", "value": "7498d555d44a3bccffc015580a7d8639", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68e5a692-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510507, "uuid": "16ec1999-aa04-4b4d-8309-9b54ba5780db", "comment": "Malware payload", "value": "4d4779c73f014956b5faf9c58effe399", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510507, "uuid": "f6f7014a-4d64-4359-8c8f-dd05a58caeab", "comment": "Malware payload", "value": "1f48d284e8739c445c3bd3c673e486e186f32352d07fb93f472b13d9761be4da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510507, "uuid": "b1fed86e-7162-48eb-a4d9-29d080ccefeb", "comment": "Malware payload", "value": "dabb7ecadc71ee3c16fd08e1a4bb3db0f4edbbc7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510507, "uuid": "053cfd24-e0d7-4f87-a830-506cdec2c475", "comment": "Malware payload", "value": "1aadaff29a5a3f333f815a222a4718c7204c095262ab1068ea3d0b61a9f447df72d7d1c47952edc7f0d509987126e4b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510507, "uuid": "de9fc506-b877-4174-b415-63fa8ec3d2a6", "value": "T170F1A611EFD90525E8B74B756CD393035A78B620993B8BDE45C4B20DAC617344F717A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510507, "uuid": "9b4f4b5c-3c30-42aa-b122-bcf3810934cc", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510507, "uuid": "78e6ed77-5830-4a3c-afc2-05716f7273d7", "value": "96:+81+JLKKHNF6yQ5Svgn9I6bNKIKWh9msljTgil:+fEyQ5S0IGZKkjTgs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510507, "uuid": "b6e3f2ea-ff5b-47f2-85b0-0f911e9bf910", "value": 7680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510507, "uuid": "c80d13e4-35e1-40ae-920f-7af7aca685c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510507, "uuid": "8ba1f69e-b8ba-45a3-9a14-badfa24e7bbb", "value": "bak.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48b4536f-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535363, "uuid": "f862c886-d976-4b1f-9af4-99b1c10bccda", "comment": "Malware payload", "value": "815148aa02f3fa11d693fee3aeb9ad63", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535363, "uuid": "9f8fa3d5-9daa-4c71-965f-d84d0e043e3c", "comment": "Malware payload", "value": "1ffc28f69e005dea603b22ea39679b1b883bd8f9a6acd60bb32d267a263c307a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535363, "uuid": "a49cf6c3-d1cb-425c-bc8b-317d3f8fc9f4", "comment": "Malware payload", "value": "1dbef70f14f545cbba6fa126db0e6be249d76ac4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535363, "uuid": "aafd92de-ca17-43c9-9c81-26b5af1d21dc", "comment": "Malware payload", "value": "b3bb5e71232e247a1901efafb6de490e18394c152f9421edcd32fb5d91e0302efb09c77f3d7e2c362d41406a510af961", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535363, "uuid": "719af67e-528c-4a54-a65e-b86133a1d674", "value": "T12314D0227950C0B2C44B45B48421CA65BE7DBC725FA685CB739C37BE6F313D293AA358", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535363, "uuid": "fa475170-a6b6-4911-bb0a-23dec58cc454", "value": "f7870f247b6310288a9657f261d28969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535363, "uuid": "41c3fd1b-9927-4bcd-8665-a1004879961b", "value": "3072:cH18e7vz89Z8QgD9d+zUnH+R3LGp547cKA5NMP:Q898QY+wH8bw479sM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535363, "uuid": "ebd6f269-9aa6-4ae6-ad6d-f86bd22cfe00", "value": 196096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535363, "uuid": "4a778ee7-b9b9-411c-886e-8c80ea5924af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535363, "uuid": "a15bf008-8129-4f0f-a635-185d3249fc59", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85c979ab-6346-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696486503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696486503, "uuid": "6a3a3852-993c-4e41-94b8-d1c4b507a394", "comment": "Malware payload", "value": "4d05d4b28f54a4f407f50a4fa3297c3f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696486503, "uuid": "8d8a3e45-3233-48ab-9c34-3759ea7bd6de", "comment": "Malware payload", "value": "206e71939ac01a149d2fcec629758524a2597bd7d07e6bb3fb01d0f4e28f5b8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696486503, "uuid": "2478680b-07ca-41b0-a8e5-273524271667", "comment": "Malware payload", "value": "7454320ce32651de0d268389709d6cc03efd7ebb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696486503, "uuid": "aac4d2e6-ff28-447a-b3a3-7693a2724edd", "comment": "Malware payload", "value": "4e4a94aac9f62c2648586b400691eec0d6c5bbd6c17cb9ea89f5b781834c1629f1d1b542fcc887962206a6e0871d3d38", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696486503, "uuid": "b34d4ae7-cef1-4fd2-a3ac-59648c914198", "value": "T1C633AD9807501226E23F0B3E10B29290D671A313ED59BA5BB4FC5CAD6F932D8C347EE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696486503, "uuid": "03312924-ec77-48be-93be-b9c2b5316c10", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696486503, "uuid": "5addbe60-d40a-4d7a-8e99-7611c7dd2a9e", "value": "768:XyqQm0gJponj6q+QLce8RdFhp513WAK5YFspBsEWUY070AUHZZaF4GlINb6oYfKl:XlJanWq4eOh9PuHWK0AVNeNb6vmwVcl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696486503, "uuid": "9ff8cc6a-2bb6-481c-b8e2-ebb4400ef94a", "value": 53760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696486503, "uuid": "edf0b883-f249-446b-8f98-ed300db0e0ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696486503, "uuid": "676f5abb-ba84-427d-a448-fb70b6ddd276", "value": "Mcqqic24UJyU40JKdja0A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e777dd93-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491821, "uuid": "99b8f086-b383-4d58-bc1c-7cd917ac4363", "comment": "Malware payload (Mirai)", "value": "bcb08637cc2a72e1088b5acdcc11f709", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491821, "uuid": "167722af-c210-4b9e-af55-68b8512ff1d2", "comment": "Malware payload (Mirai)", "value": "20b33dc69ef9e7de0af9c532f8c06768690f3e4083ee48d51b5f551739c0194d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491821, "uuid": "0cd20e00-1cd7-4962-9859-d54289277f30", "comment": "Malware payload (Mirai)", "value": "830091453c6710755ec86eb29541a7bdd5c1ef45", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491821, "uuid": "73532b6e-80c5-4a5f-b518-b45780524969", "comment": "Malware payload (Mirai)", "value": "ad53a4ff379f1229856166ebc6a9227cce8979cf5be1f8dcae359c73640ffb1be23105fa9905ea58fb5d696baa9978a7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491821, "uuid": "b3dc2077-058f-4b5d-a49c-e0eca114fab2", "value": "T1F7D2E18872D3A3EA8C8DC77EB65F4036309D74E9A6B29363F305D553076A180F651E8D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491821, "uuid": "fa2bfc16-d7d1-48cc-a7c2-22eea6381b5b", "value": "768:blxKd2FLPxEGspd6IHE4RlY990pqBz/9R:+d2FTwplHEw0aYd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491821, "uuid": "532ce23e-8c66-4719-84db-f41234ff8b1e", "value": 29456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491821, "uuid": "9516ae2a-ccca-43e4-8030-0a28d363c8d4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491821, "uuid": "b3a661b7-03dc-4544-bd08-d911e50c6900", "value": "bcb08637cc2a72e1088b5acdcc11f709", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cac94dc4-6368-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696501222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501222, "uuid": "63047f3d-77ba-45a0-92f9-a1fccfe8c253", "comment": "Malware payload (RedLineStealer)", "value": "1ff9e5687e4124a5ad01355fb1ddb6b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501222, "uuid": "f9bb2c9a-01c2-4a58-a119-6058ebff2837", "comment": "Malware payload (RedLineStealer)", "value": "23b218e595cc1407a8bf940048ae120061ef7dafb7240d5d313a2c22a3548d0e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501222, "uuid": "2f58710f-bc5e-4782-8684-dd1739a7d8d5", "comment": "Malware payload (RedLineStealer)", "value": "23a23557185c5e4fb9bdb66374cfa1deeab088f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501222, "uuid": "5bd1f9a7-9a92-4a2c-89c6-d8a5ddec4fea", "comment": "Malware payload (RedLineStealer)", "value": "afab527efa47a1d2f11e190bb2c15e98ff373591a875cb6dc140dcdc19c2c6e6efe4d8bc720ee5d8d307a669e5dee7f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501222, "uuid": "2a9c1691-99bc-447b-8873-7ea7baccbf78", "value": "T14195AD713A934672EFD213764EDCB0E6825FA4B807270DDB12C446FBF251ED22A3558A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501222, "uuid": "b7cf00ae-cf32-417b-a201-04371ad06399", "value": "bcb1724c5759c241360ff43b3a5eb6aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501222, "uuid": "99a537a0-329b-414b-ab82-260e2a74f067", "value": "24576:k2UoLXLG8ssksvYQn6U3exFUTdpyTl+XbH7j/ZRJoYFBOo:k2UaCsksvYBzmB8ErU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501222, "uuid": "4f6bc208-a34d-4012-bcb9-dd85ef280c81", "value": 1879552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501222, "uuid": "75676471-7d22-4917-b8be-3b0330ca9f92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501222, "uuid": "57e80b82-a350-4225-b3ea-586a76baf912", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "738458c4-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495492, "uuid": "db2db1b2-f3ab-4ee9-a056-adea59556ce7", "comment": "Malware payload (AgentTesla)", "value": "403e3cf4ec78e8420f38d2c2a13e69c2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495492, "uuid": "50987c88-f44f-4e8e-a3b2-2841fa0835cb", "comment": "Malware payload (AgentTesla)", "value": "24749864e5250a32692cf13c37d9cf04b7c20a2237bbc3491ba3185bd4d87e90", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495492, "uuid": "ead8f46f-3776-4772-986d-0cabbd3820e4", "comment": "Malware payload (AgentTesla)", "value": "1cf8db9b6715f51ab788607d6906d01601da9cf5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495492, "uuid": "5c91ef00-c289-472c-9fbd-789bd2ae4f90", "comment": "Malware payload (AgentTesla)", "value": "b7839d6667d45bb132ad8dcabbdec0c5638a1da76ec72346d3144490353f3f82856e86b98f022901161e2873e8082116", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495492, "uuid": "002b5b07-f269-4828-b5a3-a649ed6f3dff", "value": "T1BFD412D5735077FFC97382B6C6942D506321356AA72BD247A85320AECD4EA8BCF106B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495492, "uuid": "c409fdf0-cd99-4072-80ac-f5243191c8e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495492, "uuid": "e49eab2b-8141-46e4-afe6-6e3592ee7afc", "value": "12288:Cq/jv854bHLLDgqCNkUUJrXz1slMHnc4UdLFd4B88J8XqjkEsXajpdWIAo:RLmOrLDvWmrXzK28fdFd4m28Xs8X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495492, "uuid": "2e2353dc-b01f-43a4-bd6a-73ef9d961cb5", "value": 654336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495492, "uuid": "6ec3ce99-bc2b-4568-bba4-ec6ac7aab868", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495492, "uuid": "9fc4b977-e0cb-4fc4-b18e-d47c7c0a00df", "value": "PSUMtSYplIrFnts.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0639ec08-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501751, "uuid": "7bf872b9-aba8-45d6-afc5-7d2e6bb068fb", "comment": "Malware payload (Mirai)", "value": "a6aaa67f7d6026c0fa88dfe9f97ff253", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501751, "uuid": "28478eb8-bfe4-4c25-9022-1018b3f1b392", "comment": "Malware payload (Mirai)", "value": "24ddc889d852d1841a94d4f989fc0aac378d590ca638113e00de86314488c5ac", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501751, "uuid": "0bbee715-a1b3-448f-8c32-f1821c0a60b2", "comment": "Malware payload (Mirai)", "value": "c7f5d46879a5bf2709373f3df1d463dfde16e0b6", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501751, "uuid": "d17d364f-7506-4232-a74e-ba2c42c27664", "comment": "Malware payload (Mirai)", "value": "710b770feb4b6a5c9deeb15bcf1d868953f764e11aee62bef317f0a77b5bcf4a7de20227f9ed644789db09d0d1fe89aa", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501751, "uuid": "637f8f90-76c8-4f95-85fd-d69e113a4ee0", "value": "T1E3042A46EB404B13C0D727B6F6DF424533239BA497EB73069528ABB43F8779A4F22506", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501751, "uuid": "5480e756-397b-48f2-8d3e-441baad1622a", "value": "3072:rEJSoWTK7PqDJ3IVaGylBnDC04mlxB3qKa2whKo/RM/RTyJq:rEUoXPql4VaGylBnDx1BFa2arpM/R2o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501751, "uuid": "a96d62a7-3547-4af4-8f06-2b8423f8ee56", "value": 189347, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501751, "uuid": "a8bfdc6f-1ffb-4e91-b052-7fb6bbd00b70", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501751, "uuid": "cec1b9b1-0488-4b44-81ce-8925833cb5b0", "value": "arm7-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6aba6de1-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491612, "uuid": "839fbdb8-0661-4a47-8c8a-f5afdddcbcec", "comment": "Malware payload", "value": "c0ed3dd41dbdfb96ef653f46f609f223", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491612, "uuid": "4d02d985-b735-446a-a1f7-36c1f07abf95", "comment": "Malware payload", "value": "24f3d26954f22eded46dc8d05ef9c2974801b06f96b66694817322b739d63d97", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491612, "uuid": "29f40d85-b4f7-48a7-806d-c4a5527a24bf", "comment": "Malware payload", "value": "f267451a4b3cd8864f0d44f60e2a7ce1fcf60d5a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491612, "uuid": "4c1ed1f5-1142-4f74-a414-e8f8cd6dd99b", "comment": "Malware payload", "value": "df565771019e2d8b3c8392209e20363e3826d2ca5dc33d7aa9a5a356c4910d541f07e08003bc86dacffed152b092b07f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491612, "uuid": "0189a27a-4daf-4f75-819a-e3f873d419a5", "value": "T115D60803AA5AEFE9C8C5B8F4057B7A84F4A8FD9AC8583C8DF745C5206AF2F04552DB14", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491612, "uuid": "9b1c4be8-7e87-44e7-b83b-a78c3fd01565", "value": "98304:ba29YDIaVPnpkwN0imTB+6GQMzgDPNKKpyDEFK2ks+AHWEHaTxia2irnU6D2sgoJ:CbpVaB+6GlIPgzEbdHWTKk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491612, "uuid": "b8ae8510-9b95-4363-87eb-373cfcf646f3", "value": 13700680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491612, "uuid": "029b470c-2e1f-437e-914a-659f6efe6db7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491612, "uuid": "4bfaa891-8d28-4272-8157-5d5b2c846423", "value": "24f3d26954f22eded46dc8d05ef9c2974801b06f96b66694817322b739d63d97", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0e91797-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495139, "uuid": "d1ef6799-2ebd-4f96-a57c-f05033e5c9ea", "comment": "Malware payload", "value": "b6190c8473b56c7568f8aa47916ed98c", "object_relation": "md5", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495139, "uuid": "58f9c028-617b-47f2-8e34-902373625df6", "comment": "Malware payload", "value": "25411bc6c873825961ac4e396e78330170d5a0c431a37b06101052be4e8eecf0", "object_relation": "sha256", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495139, "uuid": "7902d643-8d22-4906-9c26-305ec9d601ac", "comment": "Malware payload", "value": "f8d782b6b02415fc88c058d8f15e60a7de6e8226", "object_relation": "sha1", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495139, "uuid": "f1ba1d8b-0ef9-4375-9814-06799653d1bb", "comment": "Malware payload", "value": "fd29d3066f8fa938337c3cd1b243f5de2f50ccaf29e70b5f4776d6980608aac7069f6b660dffb3196dc5dabb97703c50", "object_relation": "sha3-384", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495139, "uuid": "1851b0e9-3de4-4241-aa20-e4ec90971f45", "value": "T1CCF1072989F22D78D3599237604032A3577DF4FD0A4766133EB1D7B91EA6AE22B0C258", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495139, "uuid": "be7db298-c9ff-4240-bdcf-caeb293ba3dd", "value": "192:IMgm1TRkOV8vdQjmIKw8JZUYvWrgBYLMYuJv0Pj0:IMgm1TH8qmIKXZrqgBWuJv0I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495139, "uuid": "c4e53f72-71d4-4881-aeda-ab45c5ce2054", "value": 8175, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495139, "uuid": "e6b69008-fa1d-401b-96aa-5568e173b0ca", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495139, "uuid": "5957e6bf-7c75-4b1b-b6c1-f131e0a8dd28", "value": "REQUEST FOR APPROVAL AWB NO 537-35615860.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "937fee26-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1696495116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495116, "uuid": "84cdeed6-8b81-4542-9b52-e10eba93c49f", "comment": "Malware payload (GuLoader)", "value": "d78abceda453a2745f6bd69e1153eb65", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495116, "uuid": "d7fd884e-b238-4e45-8b21-104c2417fcd0", "comment": "Malware payload (GuLoader)", "value": "2564281f309d27d55d806ca3b48f3f9090f6a6968f52120c4db10deb7e0f23f0", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495116, "uuid": "b8466a1a-e1b3-48bd-829a-fa15c50fb75c", "comment": "Malware payload (GuLoader)", "value": "4de213896f8c3021748f66028702ae96e4ac3e3e", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495116, "uuid": "bc84e701-4ffb-40c6-a88b-53583a618449", "comment": "Malware payload (GuLoader)", "value": "e1633213ee48777717dcf92e13f2dc6c755c35736472d83bf8aed4c948092246e6136e2a5550b03e4cd165385f873936", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495116, "uuid": "f35f246f-02f4-4a93-888e-5ae886024085", "value": "T13565331446BA1982E16002D8B7D2AE3FBC67BFD6EDDC35911CBABBF3553A0067490D06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495116, "uuid": "6b8e6e9b-ebc2-45b0-8b9a-e8022300e8eb", "value": "24576:I7OT+q8HS7AcNndpG9cTJgbSKKkkzKB3VCuEC4u6AZWL/AZ0lBvp:I7OT+qD7AcV3gbSvzE3VC0ggKIZ0lZp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495116, "uuid": "aaf53670-c49d-4509-bf4b-6ec4779db8d7", "value": 1470168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495116, "uuid": "1b42082b-8771-41f2-8958-71229db213b9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495116, "uuid": "2e5d3011-4c46-4ea1-b744-cd1c73aeabb6", "value": "HGD0086568000.pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dbaeda5-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696510810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510810, "uuid": "bde8173e-23d5-4365-86f0-13e8d89ba969", "comment": "Malware payload (AgentTesla)", "value": "72d6f3545a807e21ecc1787743d0e15c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510810, "uuid": "8b5cca13-a56a-40c2-a33c-2f322db37781", "comment": "Malware payload (AgentTesla)", "value": "25bf7d4ce0e7ef9956bdcfe5925ab436ca60f476f500d4692b4e9564410dc20f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510810, "uuid": "8aecbec2-68c1-42b1-b5fa-cf91f26a2c19", "comment": "Malware payload (AgentTesla)", "value": "7f8865ed14d71edf60003d691ad60f8e410a1835", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510810, "uuid": "ee5d49c3-1fab-4434-9687-ef0990acbc9e", "comment": "Malware payload (AgentTesla)", "value": "60d28f33ea5bed14eaebf286cf61b1bd47ea7ab31d9165a99599777dc85d3c08f4178e42642cca3d605f5370d9c82840", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510810, "uuid": "871bc019-ae44-460f-8049-cbd4246733dc", "value": "T1EA45EF039904DB97D01D83F87E132AD90E0E7F29E5D579DB14A37F8B3A30BA2498A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510810, "uuid": "0bed8ebb-813b-48ea-b17d-157e2351fe41", "value": "24576:BWQmmav30x6Zysw6VZ0lUruZyfw6V/aeU5Z61P0cg3EhpXjPwyx:QQmmQ30qc6VKL6VUg0z3mXTZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510810, "uuid": "61d823ed-1124-4286-b33b-d35ee69e3594", "value": 1177088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510810, "uuid": "162a9a52-7ff3-44e4-8cb9-e096e13a1be5", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510810, "uuid": "cad082c8-3a98-4c16-b7eb-76700bcd493c", "value": "Enquiry-280.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99ef7129-63a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696525621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525621, "uuid": "59d31425-952f-4daf-a1b7-cd412b54e365", "comment": "Malware payload (Mirai)", "value": "045f0ee1d04f763f83641433b6101ab1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525621, "uuid": "25411865-f161-4861-8e1c-006d53337ea2", "comment": "Malware payload (Mirai)", "value": "26659931f1e6d64b605eb2b07d4133ccf221134491216583e85b85e7ef038cf3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525621, "uuid": "36fa7e3c-b98b-4dfc-8e1a-06c4c033b285", "comment": "Malware payload (Mirai)", "value": "d4c628fdea8e253a22b62306043a773189ac647d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525621, "uuid": "12f7a29d-9b1b-4318-9744-428c25e37261", "comment": "Malware payload (Mirai)", "value": "2b1da616a30e06816c23446cc846a17a547aae6503878e281651f1d457566b904dba99c891da4901340444bee30e6c29", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525621, "uuid": "363e271a-4534-47cf-9615-4c30e7028bd1", "value": "T10ED32A06B30C0A47D2632EB03A3F67D093EFDAC121E4F641356FAA899172E365585EDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525621, "uuid": "9a7ffa46-9d12-49f3-964b-fa141192112c", "value": "1536:cP0nwryWv+n/qZIxMST98z+xpnvTnNIkH5Afg57PMfgvAtI20jDWB/qHs0kBB/zB:ccWv+HMG8z+x57np0gVPM9t9BBbBn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696525621, "uuid": "51a56e53-770d-4983-a682-afaa0d2117f2", "value": 132344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696525621, "uuid": "e9b04f85-ed23-4ed1-b6a1-b2d2458b17fe", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525621, "uuid": "e65d4a83-5ba6-4a9f-a7cb-c5f39a7596fe", "value": "045f0ee1d04f763f83641433b6101ab1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25b28dbb-6396-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696520702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520702, "uuid": "a34a7b3b-7209-4a5b-92fc-3a4ddadb2ebd", "comment": "Malware payload (MysticStealer)", "value": "ad3e49d139a9d4c842a5a4815dd61a3f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520702, "uuid": "5ef77c33-37bf-4a52-9a7a-0e2f978bb40c", "comment": "Malware payload (MysticStealer)", "value": "272d89286c2cf4964728149a2224662c3cf701d8e6510dc66c9e9adb96f970cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520702, "uuid": "b7880e26-65aa-48cb-8729-40016a0ad758", "comment": "Malware payload (MysticStealer)", "value": "8ab87649c35badc3cca60dd91e464753200d089d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520702, "uuid": "c1b7b3dd-dfa2-4192-a95c-00d4754090b6", "comment": "Malware payload (MysticStealer)", "value": "b23da24eec4328c2ede5e9dfaf129f4c864daec151535d70094faa7016bf995736d185dc7bf660894821975c06aaa426", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520702, "uuid": "cf3e7426-425c-4c81-8348-81f54fae8458", "value": "T108851A1176F95B59F6F30FB85ABAA611487BFC6A8F11C2DF1251908E0C21BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520702, "uuid": "29c5baf6-80cb-4094-a524-0544151fd7b0", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520702, "uuid": "c6ca5de4-ce61-49f3-8262-ebf2dc53ceeb", "value": "24576:6/xY5A0vimILMPcVJT6gH/A2Z46a9DhvhFbe9nwAf:6F0vimILMP4V6SAO46a3v/eNRf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696520702, "uuid": "7a6cafbf-314c-4c20-bb3a-7bbe98fb5496", "value": 1827328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696520702, "uuid": "113e6418-622c-44fd-86e0-4adf01691ca3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520702, "uuid": "3c675813-183f-4736-ab70-8f89c797f120", "value": "SecuriteInfo.com.Win32.PWSX-gen.27486.23882", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d0e0e57-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495320, "uuid": "1e3098aa-6b56-4e26-90a2-bbe206caaea5", "comment": "Malware payload (AgentTesla)", "value": "35b6b59c21fd86b4db84f8b88bd92053", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495320, "uuid": "613f9228-012a-4895-8db9-3fb2ca31f19a", "comment": "Malware payload (AgentTesla)", "value": "2909eec674cd7e9bc38e581262b2054af96d5177cf2208334eb79d6622eb1f56", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495320, "uuid": "867e734d-8e3f-4a45-9ec3-eb8ce0e9e62a", "comment": "Malware payload (AgentTesla)", "value": "c5001899f1b2d0d1b5bc548c625cee5a825663b7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495320, "uuid": "dd9f974a-fea2-4868-a20c-3b8a13371325", "comment": "Malware payload (AgentTesla)", "value": "434032f0453e21df06c9381fed01cdcc63148c880ed414f252f6e83e3f1034b9d900f0349ea0c4e887885d9f0496b618", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495320, "uuid": "5698d8bc-a141-43c7-a763-4b1abdb2fc33", "value": "T1C8B49D3131DE2FD2D03AE7B903981944D7E6F8329B1AF95D3DA98386A531DC19B33612", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495320, "uuid": "60ee9983-a34b-4a12-92ed-489a8fdc69b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495320, "uuid": "25d3bba8-8fa2-4127-beb1-6d7f8c85c5b9", "value": "6144:DYSaNW4uMVVrz+01Rn36mo/BOkfUCzRdLZdDv0yvEoDwtKbh7UwFhpgdf:faNF9VVrKGqmo/oksORdN9vvMw6Kbid", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495320, "uuid": "7ebb510a-f8c6-49ee-8a38-6309d4473432", "value": 537600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495320, "uuid": "f624abf6-cb26-45d8-9486-5466da1e54ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495320, "uuid": "5d810139-d4f3-423d-ae32-519271b9f408", "value": "mgtOHJHXlrKDIio.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26103d71-6315-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1696465297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465297, "uuid": "e1114086-5bab-49c0-868e-4832b0c791c1", "comment": "Malware payload (NetSupport)", "value": "2eafc95bff5f6af3373886d231d222f6", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465297, "uuid": "08dabe63-3edc-44a7-8b5d-072a1d004cb3", "comment": "Malware payload (NetSupport)", "value": "298a2349409ab5ae9fccc71795825de0aac0bdef4463cd83f6e6456678b13566", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465297, "uuid": "83cdc46f-2044-44ef-aae9-8f116f4d2c44", "comment": "Malware payload (NetSupport)", "value": "58d973c74136c5a06a387dd7e095d446424b237b", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465297, "uuid": "f958a18b-70cb-4023-9567-8b5f25c55534", "comment": "Malware payload (NetSupport)", "value": "e136659310164f214028f8a0c9c932addf83c86d97be0663511b6d8390e95dd9ddfb4f6366e4fd32f911a057b2616569", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465297, "uuid": "6f7483b6-a501-402e-b17b-b7c7e9b8451c", "value": "T162F533162693FBB6C0E1F67BE0ACA8154A6D747CE4F7B477586EA153E93E431982F000", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465297, "uuid": "066d2bbf-0458-4b0d-a868-53d4948185b7", "value": "98304:t1wFXamhRFY89YYc9jh23redpmQRiXuYESBZFR02jZPl7f:rwHxYoY59V0redpmQRiNfZN7f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696465297, "uuid": "e2818c77-bb03-47c8-8526-c58da11da23d", "value": 3429374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696465297, "uuid": "ee4d1faf-9c5e-4280-9a1f-784883c04256", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465297, "uuid": "230f5a2e-46ad-4115-b039-eb656518b028", "value": "p.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebe9e994-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1696510297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510297, "uuid": "31bae27e-ec84-4a82-904f-ad4032352d90", "comment": "Malware payload (QuasarRAT)", "value": "3aaaf4be968f7846cc3697959a6ba5ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510297, "uuid": "aebad738-9556-4ef9-a500-30273f5269d6", "comment": "Malware payload (QuasarRAT)", "value": "29f9003753e24d20e597b7c71661dadd221b011c9f14531e25e0bf1c55145123", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510297, "uuid": "b7cbec2e-6a55-424b-9c02-ac356056bd0f", "comment": "Malware payload (QuasarRAT)", "value": "66c6de49521762033bc0f08d2fc2a18c2c678197", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510297, "uuid": "b23d3d5e-6502-4c54-9a9a-e852d9c6c05d", "comment": "Malware payload (QuasarRAT)", "value": "dcd51412b916f3d2d982b3f4feac49bd22dd19a983bd522d01df0e432c131360091a7b142a8f1b58f710d6f90dc80bac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510297, "uuid": "cc8c3814-a842-4ee5-a52e-762ad72954c5", "value": "T145E56B0437F85E33E56BD2B3D5B05022A3F1F82AF363EB1B519167BA1C53B5488426A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510297, "uuid": "c3b5b6ad-8a35-4e16-9dae-b0c4b7c64223", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510297, "uuid": "92317617-9131-4920-9b1e-f1119ab77e21", "value": "49152:fvve821/aQWl8P0lSk3aKA3Z+new/6BxyLoGd0qQTHHB72eh2NT:fvm821/aQWl8P0lSk3DA3Z+n5/5E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510297, "uuid": "4a9cacb5-815c-407a-ba76-8287667a444a", "value": 3266048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510297, "uuid": "f84ae7b0-2781-407c-b586-cdbe5cc93922", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510297, "uuid": "29ff0922-cff5-4090-a5e5-f52e65fdbc94", "value": "fontdrvhost.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec6f7392-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Spambot.Kelihos)", "timestamp": 1696535209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535209, "uuid": "eb462b4d-ee49-4d6f-88fe-34fb75149504", "comment": "Malware payload (Spambot.Kelihos)", "value": "4f2d4b2e1de4a5b2bf4570bc4fdb5d99", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535209, "uuid": "6f26a7d0-49e6-4140-88c8-4c3321985981", "comment": "Malware payload (Spambot.Kelihos)", "value": "2a551466afe3b8ee2c53c1c55edee43ed789ce59c296b90a9db6682b16971758", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535209, "uuid": "9f11fc44-b571-46e0-983b-96088d28de62", "comment": "Malware payload (Spambot.Kelihos)", "value": "80f993d5483c75e654db701b846a18b19384d2c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535209, "uuid": "96bebc7e-f7ed-4db4-bee4-9d74ad90bdb8", "comment": "Malware payload (Spambot.Kelihos)", "value": "821f686bb498d43dfac7905802b549feab2983a0c6bec81a7562eb73a3228c16f5df846dbb57906a161de30cd7610483", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535209, "uuid": "d73f2b5d-672c-4d4d-8da2-2a29bf0f73b5", "value": "T1AF952C1173F95B59FAF30BB866BAA621087ABC698F15F2DF1251604E0831BD08971F37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535209, "uuid": "a7a94395-5880-4cc9-8286-dfa158f64117", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535209, "uuid": "6a179122-e551-46c2-8bf0-45d4308d8d13", "value": "12288:ZrhFxXfu3LO7VzpavNcfu+wGHd3f+QcFKeEHokyu5ag9X6a9DhvhN6TsBeMrvZtw:nfu3LaVzpavNcbtd31UW6a9Dhvh2WvV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535209, "uuid": "bbe79800-db94-4a4b-a7be-1cb0c0e8559d", "value": 1940480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535209, "uuid": "481e4fa9-31a8-4b1d-9492-9a934009ce4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535209, "uuid": "24ced3d3-c7b6-40f0-845c-954f37f80963", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccd6f946-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496930, "uuid": "4d2bf493-2244-48ea-9e13-ab35b6c89596", "comment": "Malware payload (AgentTesla)", "value": "de4c1c27dbfcbf6fbd2d337283df4bdb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496930, "uuid": "fb5508b7-1944-4229-88ed-d68200e5069b", "comment": "Malware payload (AgentTesla)", "value": "2a59d6f16ee8881b94e633cc53e0bc73054a8361c5aca22d17d4ca35488e1d58", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496930, "uuid": "8cdf65f7-b1d3-48f4-9849-2a92784b87cf", "comment": "Malware payload (AgentTesla)", "value": "97db08dd36e2e27dd814dd81961378f2b152b905", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496930, "uuid": "497b92fc-81c4-430c-8567-19e16bb14ea5", "comment": "Malware payload (AgentTesla)", "value": "665421c8b894ca9c189f2199d017842cea30b2ab5abfee48a7dd8d5bd50ce28bd898dc03790c34202c950855a1a614dd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496930, "uuid": "6bae43c4-1850-45a5-9c73-070a0dabb507", "value": "T162748C2032EB945CB2737F531BE8BAE94F5FFBB1161A50AD3500430B9B66E94CE56231", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496930, "uuid": "f9009d16-e814-4318-be66-a5dc90b65639", "value": "3072:D17eTRjXK2Qy7pGrn0grMURRRRRpRRRRRIRRRRR+XbRRRRR1RRRRRFr114FvRRRI:paTRTKZy76X7r114Fa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496930, "uuid": "7127014f-3ced-4910-81e3-7df5009bef40", "value": 353836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496930, "uuid": "7926a6f8-f737-416f-a59d-e33bc92f74ea", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496930, "uuid": "b6013f01-76c7-45a7-9403-812496c0b288", "value": "Nuevos pedidos.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cd77736-6380-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696511211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511211, "uuid": "ff0360af-4981-4873-a3d8-6fec9f35ab57", "comment": "Malware payload (Amadey)", "value": "6d474574af5c8ae12fc25d3a098b17f9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511211, "uuid": "96dc8144-4506-4f8e-8f15-383bb7ede702", "comment": "Malware payload (Amadey)", "value": "2b0f279b86a6a69f395e2570b50690bc46ad4c7521b6351b89fbd7b35a0da019", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511211, "uuid": "0464a1c5-d7fb-4dd5-ae25-fcba4fd201fe", "comment": "Malware payload (Amadey)", "value": "f3f19f0975c4f63fdbfdd27b49e3865b41f27dd5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511211, "uuid": "35279b38-234b-4a03-9a37-1de04dead90c", "comment": "Malware payload (Amadey)", "value": "2ece2e9c4de2ab16cfcef26003a40810286ddca8885f4e7a148086314d111e1875d71d6b634ae5dd64d4a38cee710234", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511211, "uuid": "e8451647-d3ce-48eb-a69a-2e6e64f39391", "value": "T1F075FA1176F95B59FAF34FB85ABAA611087AFC6ACF11C2DF1251904E0D21BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511211, "uuid": "66df914b-ee48-4004-b070-d0b2b0448d2b", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511211, "uuid": "2114efb2-0c8e-4ce8-8f8f-fb88deae9665", "value": "24576:jfxY5+whimILMd8VNT6gHBA2FQ6a9DhvhBm5vof:jnwhimILMdYZ6IAaQ6a3v2dof", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696511211, "uuid": "3be41079-614d-4d02-a9ce-e04207616d6b", "value": 1692160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696511211, "uuid": "ad15c340-8608-4e09-a886-831320cf4dc0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511211, "uuid": "e9310936-ad3f-4a57-977e-2602efe30c6a", "value": "6d474574af5c8ae12fc25d3a098b17f9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b07b5502-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510627, "uuid": "48a60d21-8d62-4457-bea6-c0e16496ce94", "comment": "Malware payload", "value": "73a2eb84fb6fcbecfc6eb5f9ca080d59", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510627, "uuid": "c44932f3-9a68-4238-83dc-5da5a79a5c7d", "comment": "Malware payload", "value": "2b78b298bfd6d70f861901d95b38cf84c650be64b8c7cad1c91252eada7fcc4c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510627, "uuid": "954f5780-e2f8-46ae-91eb-af07ee181a89", "comment": "Malware payload", "value": "02dbca5fc8b7073a0ed6e9594b5193240fce7ec4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510627, "uuid": "1f6da650-40ac-42ec-852b-7b35aca2c34b", "comment": "Malware payload", "value": "036122523a6f9c7dfa5fb931d93d3d0400f34726b8e0ed38d4465bb116d227b0a49d86e7efb17a572d7fd9e71aa00484", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510627, "uuid": "20291636-cfef-4f8e-8710-0daa5d98bded", "value": "T14313F8EDEC11B7E1901A19CDD3DB79407EEC02331AAAAAC9FDDD31A5533323585429A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510627, "uuid": "67297796-e87e-44ba-bad6-244211a645a8", "value": "384:DP9E8ZKD0Xi6KrqP1j23Zi4R/tjcKUdxncLraZ29MYGLRivaMMekuj6yxv3Tli5:5E4K5luh2lRVgJoSfhLypc5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510627, "uuid": "d68d03af-ad38-4862-9b8c-62af992038ce", "value": 42932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510627, "uuid": "46224fb2-99c3-45ee-a6a9-fbc619d520fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510627, "uuid": "29d75ade-e6ff-4565-8cc9-01431b4d0af6", "value": "AnyDesk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18cef9b0-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494481, "uuid": "0cebc287-4bd2-4c85-97fb-b52ee319ece3", "comment": "Malware payload (AgentTesla)", "value": "2577aac1507e269325b75863245be938", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494481, "uuid": "64b625d3-ae09-49b9-9420-f8edf560afa6", "comment": "Malware payload (AgentTesla)", "value": "2b8172f51acd81794ecb8e7f69f07316d7c0b0b6c21750bbe8888db892fb7f8f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494481, "uuid": "934c513a-bd26-4576-b0b7-b79fb2963a4d", "comment": "Malware payload (AgentTesla)", "value": "cc342170863dfdb888c3635f731956a9028e770a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494481, "uuid": "77946db0-5a3e-46bc-9fe8-ad9129e2b099", "comment": "Malware payload (AgentTesla)", "value": "77406a39906344532f3666496d031ce993e44c98d60846f615cac7a7bb3f6c61b2702d81a3f225d984d10a45421fd24f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494481, "uuid": "01a1a819-3402-4866-9ed7-9786d10c5771", "value": "T10DD42305112C9B84DB7D87321C3F4EE20B715F67F18EF6A62EACE79A459D8148240F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494481, "uuid": "e0fcc18d-d57c-4468-bfe8-e505191b37bb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494481, "uuid": "5521b56e-adec-4ba1-86b2-60c5fa388d97", "value": "12288:R8zS55mFzKi6PkU1AYPPuKQvDxLX/sMwsrtKfntEWmOYcoac3Ta24hA:Rf55qWi6PkU1tPDkBwsrYfGWVxohm24W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494481, "uuid": "8fc8252f-8e2d-4e9d-8e7d-e5a9dfea257b", "value": 616448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494481, "uuid": "7195fd62-2178-47a0-8430-efa8a2d50541", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494481, "uuid": "d7400c97-a15d-41ac-9004-75597e3041e9", "value": "PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0019add-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497768, "uuid": "935fc842-fe74-46fd-9400-8fca50757c8a", "comment": "Malware payload (AgentTesla)", "value": "6ca0066116d680498536e8e74ba59fc1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497768, "uuid": "1903bff0-2d4f-4ee2-a4b9-6515ad7b6805", "comment": "Malware payload (AgentTesla)", "value": "2bb773e136439075cac3a339b5699b0036a0896c1f2689162d816d673fa72d95", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497768, "uuid": "64d9a3b0-2620-4272-adda-17a3ac4f5d5d", "comment": "Malware payload (AgentTesla)", "value": "541656028161a5e9888784f823d024c63b331c1a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497768, "uuid": "e975f4e9-2668-4fd1-bd8b-95dede51f941", "comment": "Malware payload (AgentTesla)", "value": "8d0e21871a5e025b5f2947ca550ca680d0adfa1946a3bc4ab6891edfc49638739827771e1ca6a16bc6f5836a8fc9ee0a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497768, "uuid": "ad8c5c08-2d53-4cec-8584-93f0f0e75798", "value": "T1C4A4120078548163ECA20F709932A8652996EE2928FD974F6345BF5C3B373636D1FB53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497768, "uuid": "486684a3-50e9-42b7-9690-02b44a0b36d7", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497768, "uuid": "ce3f6222-9719-477d-b738-ea3126bfffe2", "value": "12288:JY0aDT2TABtH/2mU+EsOCjs2MxBwscmBz9q+A3QD:JYxyTABteL+ci7Mx9Tz9ZR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497768, "uuid": "269081eb-dede-4df9-bbda-22f694961a34", "value": 449585, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497768, "uuid": "f7da94a7-03ab-4182-ac95-2a0f669dcbaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497768, "uuid": "93e19629-3a2e-42b2-b9da-ae26ddfe1df1", "value": "6ca0066116d680498536e8e74ba59fc1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c4d3859-6337-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696479857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479857, "uuid": "7827e0c7-2898-42c1-a08b-36722d2673cb", "comment": "Malware payload (RedLineStealer)", "value": "2efdda89d5ae8c0512fb0dfab4cff22a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479857, "uuid": "4548f0af-0263-45dc-8110-8255d213575a", "comment": "Malware payload (RedLineStealer)", "value": "2bc88b3ac4eda3e8aa3bc28902ce5c19db45ec574c170c623473bb2e4801efd6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479857, "uuid": "c594a84d-e328-4172-8a39-746f841b0fa6", "comment": "Malware payload (RedLineStealer)", "value": "e96d87fd13c2eac22f07ef4885fb86fc691c1d04", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696479857, "uuid": "3d5bd467-9c1d-4eb4-8278-cd32051179b0", "comment": "Malware payload (RedLineStealer)", "value": "46d1732f3cdcf58cb3ae613a105f5c7b8a7d43676be66b0e44775b9d5fe894357bab8bf1589596bafb98d3386174002a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479857, "uuid": "49fbc0e3-71d1-43c2-8699-0d319bcbd99b", "value": "T1C5857DB0F9809535EDED22B7469C7594417ED0B14B110EC7C2C896FAB7239D2EE32AD2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479857, "uuid": "c7b4eb2f-80be-4e30-8a1f-00cb2292f8b5", "value": "b77966559e48caa7890a2432200a2b65", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479857, "uuid": "67bd7fd1-a769-4d71-8716-99382c5894d8", "value": "24576:/L9DJXz9Dz+Hg0tIUnygszebhW5MuOExqgik9v5B3:/H9Dz+Hh1nM4W5P5XV5B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696479857, "uuid": "cace1a76-e64c-4d78-afcd-f60b6374f3c2", "value": 1732608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696479857, "uuid": "86bc7d9d-7f03-40d7-9754-f22c916b86f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696479857, "uuid": "ff8d8b92-508a-41fc-bfb3-ca2c0cc577f4", "value": "2efdda89d5ae8c0512fb0dfab4cff22a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fe2403e-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522437, "uuid": "183a72b5-4136-410e-b013-4e36b0b5de7a", "comment": "Malware payload (Mirai)", "value": "57e2b6062192e93646cd64d6c0b774b8", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522437, "uuid": "b0ab214f-7b14-4038-88a7-c1e52431bf33", "comment": "Malware payload (Mirai)", "value": "2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522437, "uuid": "3f07705d-2480-4fb5-bdbd-311318edfc3a", "comment": "Malware payload (Mirai)", "value": "7fe6d7c8794a77a162b81bc15f10da7191013f72", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522437, "uuid": "7ed9c008-d147-42f3-8857-b32af7478368", "comment": "Malware payload (Mirai)", "value": "53f539e879a4ab2a7236da71d38903fa005796c46f8e3d48e46bb17729b6332d04e44d0fa1e1ea14a97310cbc81c8895", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522437, "uuid": "01ead889-f456-4811-9653-9eec95772240", "value": "T1FB042A46EB404B13C0D627B5F6DF42453333AB9497EB73069628ABF43F8679A4F22905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522437, "uuid": "6a6221b4-d8c6-460e-96fc-8edef95736d3", "value": "3072:nS/NsChjlvbAmfkIaboVSyckpj/HS0Bpxi/hJjogM/RXC/Ht6:nS/7lvlcIaboVS7kVdBHi/XMgM/RXC/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522437, "uuid": "ef782e6b-d1bd-4de8-a0fa-b2a241b31b3a", "value": 179797, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522437, "uuid": "42dbef45-265c-448d-a7b9-13d41c714b23", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522437, "uuid": "db2b47c2-f5ab-4d50-9756-5cad08093709", "value": "top1hbt.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a769d0a-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491477, "uuid": "f50c63a6-721d-4f05-8a04-3f51fd62a671", "comment": "Malware payload", "value": "50bcbbf6c420186d0b7ccfe28bf4419e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491477, "uuid": "7e6f6528-e4a9-4789-b57b-970f0a924ae1", "comment": "Malware payload", "value": "2d2a19fc267eecc1b30c493734ce70e0b3b5e8d0e25d514c01eac0922d6a8597", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491477, "uuid": "cf9bb19c-4b8d-4148-a7eb-fddae7b125ce", "comment": "Malware payload", "value": "72db37d895383f4da7b0e164e01df9c2d75c79d4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491477, "uuid": "a636e9e8-c3d1-4df1-9c75-935392349e1d", "comment": "Malware payload", "value": "ad7263f0778068bb917b49821ce728ff11eb49c7d720eb5035c9a9792af2035c7b4032f2b4f411e571089fa17ba9b5c5", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491477, "uuid": "d78f685c-0659-4541-9cc2-58c180e69942", "value": "T144B61A029A1AEFF1DCC278F40537BB94E49CEE26C8496CCDFB4ACA50A5F1B05991DB14", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491477, "uuid": "a84d2fe2-864d-4426-8ca5-83a895340de3", "value": "196608:Euc/WKSf9shKF1BU3oVp1dgsasaNuN8ybKEL3V4VE00:EuCWKi9V1BUK/dgjsaNuiy+EL3VwE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491477, "uuid": "279d3dde-d8b1-4d38-afed-8b66dafacd9c", "value": 11300496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491477, "uuid": "dab8d5ea-4d7c-4073-b632-13d405677d57", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491477, "uuid": "caf5976c-98bf-44d4-82e9-c5ddcf1233f3", "value": "2d2a19fc267eecc1b30c493734ce70e0b3b5e8d0e25d514c01eac0922d6a8597", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a982afa1-633b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696481839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696481839, "uuid": "fafeb6eb-0fa6-4e79-a7bf-e226cd5fa445", "comment": "Malware payload", "value": "f6f569c5e0c066d350ca6a34bd795a16", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696481839, "uuid": "c9fb97ff-a36a-4d7f-b226-70fabaed20df", "comment": "Malware payload", "value": "2de29b9b74c440d5e6d1dd5ca31fa091dc74a2e30ce22b7640f7156cfbcb299f", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696481839, "uuid": "2146ecce-44c2-44b0-82dc-166f83559fdf", "comment": "Malware payload", "value": "e6d0bfc6d96697a31558a76981a297a08ad74735", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696481839, "uuid": "033f08c7-dbb9-457d-91dd-cf57659e66df", "comment": "Malware payload", "value": "465c8358cccb88449d80b4cc778be879a05e7df7f9cbac3d000d68bd312922b73f422c3b92f26e9e11485a8f455d8638", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696481839, "uuid": "d4f2be15-5a9e-462b-b7d4-d9e3c0f1a64e", "value": "T1CEE733E3617622E452DC9FD4131B0F38D2263143A198D97AE23F594EAED7856F8B0C6C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696481839, "uuid": "81da75b2-bc76-4d80-86d9-7272ab095833", "value": "1572864:J/jIo6yBxeRVb+QbpfjG2Lfwr6/fSkt8pJcrgL0LipUsO:JLIofP6tjGW4r63SktecrgTy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696481839, "uuid": "7595d882-102f-4a81-9aab-5d04439b3151", "value": 64147592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696481839, "uuid": "e4b48dd8-7031-492f-892b-cc9efcf73882", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696481839, "uuid": "2c275a33-e19b-428c-a45a-9558e0b1bb9c", "value": "BlazeStealer.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7d93fb8-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495634, "uuid": "7b425d2e-1c66-403e-90ef-22d93a4bface", "comment": "Malware payload (AgentTesla)", "value": "0d104f29f3d27befd72de9f01d6188a3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495634, "uuid": "a8582047-b316-43dc-baaa-1d50935419a5", "comment": "Malware payload (AgentTesla)", "value": "2e7a06a4214bc84d2e389ccdbfc27399813f0ec00951f8982f8559459edd8489", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495634, "uuid": "c987ee61-c004-4017-8b94-f07aef4f12eb", "comment": "Malware payload (AgentTesla)", "value": "8dde865bc57acd32ec344922787f9c811300066a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495634, "uuid": "e1789a8e-b7b3-467b-87f4-8798afe57678", "comment": "Malware payload (AgentTesla)", "value": "33d2a5cd22d54ce895c22a35f9aefee5c2863604a0b80033a1a546918dd2086f5665f7b5471b6f4e00083b31feaac2fd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495634, "uuid": "a9d12953-cd24-45bc-a73d-783ad98b511b", "value": "T10C351204FB91DA7BE8165835A442A4DB911C9C7A3909DB8B23CB7B0F5332F724E76C49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495634, "uuid": "0b6f15e6-e714-4859-ba9b-998dc71ed9af", "value": "24576:cX8DK69PFoheagF6Fh/fiHkXhxq5V13KsXxTeHut:bL9NohaQYs0VNKsXxiut", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495634, "uuid": "2937cc1b-d386-4534-8486-363980fd9758", "value": 1095168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495634, "uuid": "1a3ff9d7-84dd-433b-b140-2de7ffbca788", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495634, "uuid": "5da4d2f5-4f7d-4d80-9a99-22ca81f8fdeb", "value": "Part number 91875-11400 x 6.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64593006-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535410, "uuid": "f03e3753-4cba-457d-8d7f-288cbd8e2347", "comment": "Malware payload", "value": "82ec08490cd29238b5f5387fad0dd853", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535410, "uuid": "961885b8-7c9b-4640-9d6b-f8332f7e70f7", "comment": "Malware payload", "value": "2e7ab4f67a2bb8f68c7dc65e7447d18c23de10f5b2dda47c15aeb63fc4bceb20", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535410, "uuid": "99a1b9de-6fed-4eda-903b-6a9bcde802ba", "comment": "Malware payload", "value": "e88f5bd0bcbb1704aed31640ff6600e6462e1a80", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535410, "uuid": "4b9b82ac-e4db-4c84-b53b-09e7845a2814", "comment": "Malware payload", "value": "f0870d5a87f6c5d1b41b20a8d1e94e6660e3986882291f6b132d3fe4aec6a8fd0d3e4749dae6a47ee179aaf8f3b6fc08", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535410, "uuid": "99068237-7bc7-4b5a-8ddf-b886eee540b0", "value": "T1A363F682BC80E616C7C01677FA6F509E331567D9E1EA33429D251BA07ACFC1B0D6B786", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535410, "uuid": "365a9ff4-3649-49d3-a80d-8f9556bbe868", "value": "1536:BBnoU1QAu0Ud66g279lx0lB8t46uxtaXJLog:BBoU1QL0384BxtQJU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535410, "uuid": "67a0a792-20bc-4283-9a23-8165174ea96c", "value": 70652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535410, "uuid": "29fbe1f6-e0f6-4746-87e8-a06105592681", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535410, "uuid": "3fb3dee3-5389-4f44-8046-24a375e0a342", "value": "Mddos.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e891554a-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (OrcusRAT)", "timestamp": 1696510291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510291, "uuid": "66aff9f0-fe90-4926-b730-532970938f1d", "comment": "Malware payload (OrcusRAT)", "value": "baae678f196efc6e9a1aa87d274cbb2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510291, "uuid": "3f86255b-c34f-4a3c-b1df-967cb0c9a39f", "comment": "Malware payload (OrcusRAT)", "value": "30a2a674d55d7898d304713dd2f69a043d875230ea7ebee22596ba4c640768db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510291, "uuid": "248c2595-b5cc-4b91-9227-1efe628f21c2", "comment": "Malware payload (OrcusRAT)", "value": "dc6586f49689d75670d7b93eb2fd443b0fb85eab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510291, "uuid": "0d6b695a-c0cd-4d30-a838-891581a266cf", "comment": "Malware payload (OrcusRAT)", "value": "9836c740884f02d32f7f9be8e6d96e9b5bed7c5c076ea36eca79ee4c8d516e1d94ee754437d3cc06e7a82facebf62a4a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510291, "uuid": "87abe578-7351-4c5b-8e98-5e65b038e468", "value": "T19D25BF013FACAD9AC1BE267AB6B31ACD07B4EC4A5442FA4E0855B19D1CBB701BD11377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510291, "uuid": "a2ef6c97-b6f5-4a44-b5fa-a397f7f14d8c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510291, "uuid": "9a110afa-53f9-476c-9b79-414e44f05c68", "value": "24576:zCC4MROxnFH3pRM4/rrcI0AilFEvxHPAHzoo4d:zKMihpl/rrcI0AilFEvxHPf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510291, "uuid": "51ffc4d6-5933-4d5f-8314-8b05ef97ede4", "value": 995328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510291, "uuid": "76aa669d-7f33-41eb-b299-34146b4245e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510291, "uuid": "5baf460b-7456-4d1f-945b-0ed16f356084", "value": "explorer_orcus.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7682cd92-6316-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696465862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465862, "uuid": "e555ab55-b2e3-4aa7-8d3a-16418a6434e7", "comment": "Malware payload (Mirai)", "value": "30f9ef3dd1ab91e2dcf64e247104132d", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465862, "uuid": "709e9a7c-ae34-4aa2-bc09-db0155137a34", "comment": "Malware payload (Mirai)", "value": "3185c4ac64642c3724af2ad88a4ca32c12af19a1bf40246eb6b88ec2179a7fa9", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465862, "uuid": "8798996b-bcc1-4fcd-ba5d-16d6fc149948", "comment": "Malware payload (Mirai)", "value": "9b8d9cc5b032bc7b6837a7cd1dc4392a72865776", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465862, "uuid": "15241539-44b8-4289-8899-2f96407dcc59", "comment": "Malware payload (Mirai)", "value": "45ec0d9bd8192751a2a04d2807624a29573d0720bb150829aa3e4d74403cb13fc1bdbb7b62af3cc37ff1dde9ef5261e2", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465862, "uuid": "456ed53e-28b4-48b4-87af-b711694673b1", "value": "T118530214596DC601C5B06C755A2A995C3A6F6FA081BC37EF3642C714EA98E32CF8C5F3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465862, "uuid": "06553fdc-3216-43fc-ba35-d41a292e0f5a", "value": "1536:BeIqfnocUDwSSrDez+0qFRighAjkWnPX0CyG2:BeIen5UD3owqFB2RnPkCyG2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696465862, "uuid": "386cfb26-b6e9-4564-847b-b5a40f5236cc", "value": 63304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696465862, "uuid": "1283415e-30b2-47e0-a06e-6dd3ae5aa84e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465862, "uuid": "437843eb-1afe-4ddb-8f8e-a06f2e009b3f", "value": "SecuriteInfo.com.Linux.Siggen.9999.20138.25818", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69a2bc58-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496764, "uuid": "f6a84f3b-7c13-4bc3-a141-7d48d5d4101d", "comment": "Malware payload (AgentTesla)", "value": "c4299323b25e15b75436b2d3b97a0377", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496764, "uuid": "f2f3d482-02a4-431d-a2ca-35200adf80dd", "comment": "Malware payload (AgentTesla)", "value": "319763c4253199fa108de1ced515b462bcf13fab283c69ad3bf5b62332fd3608", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496764, "uuid": "a05a03e8-74b2-4d07-b695-f91df7104315", "comment": "Malware payload (AgentTesla)", "value": "b218643f49cdd92d34df9d92c5325c6bd4ee888c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496764, "uuid": "12238735-74dd-42d9-8d6c-f9b099e93f80", "comment": "Malware payload (AgentTesla)", "value": "2dc6ab9660a2474c7e302e7c4a4bbc961c8b436fb6e22d5016730ea77d471fac97a88b6e567f8ca468fe5052560cda4b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496764, "uuid": "288d5f25-5622-4bac-916a-2bf92fd653e2", "value": "T11FD4233F95372A43DBFAFD1508D593A8D9398CAAA44D51CE6632ED6CD0A10F8E0E7C14", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496764, "uuid": "0d486a05-bf56-410a-bb3c-f85fc305ef82", "value": "12288:DvKt/+eOwUrhO7yvqsWdwdhGvPyT6pAmXbdeA07njtRoGdb+F5cgl2Ifc2:D0+eOwUSC7BfG2mrYA07j7JCF5cgl2I3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496764, "uuid": "99aa02a1-534e-495b-8aa6-1fd9b99c7aa4", "value": 620091, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496764, "uuid": "4548ce4b-b940-4866-b0b5-cdb6af3dd7d5", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496764, "uuid": "1c6e48ec-8307-465e-b425-de867f6cbf06", "value": "2023084 .xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16a984d9-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510798, "uuid": "051dc53d-ff17-4fd9-a8d9-b65fd5789d56", "comment": "Malware payload", "value": "e27d68231e4701e9329f57d4a20ccbcb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510798, "uuid": "f920a501-7b9f-47e3-980d-d359326fbcdf", "comment": "Malware payload", "value": "3226e937d6561b376384af62c9c2d014fa33d458984c14b84ea085870437ea1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510798, "uuid": "3ac75c18-8366-481f-85c4-8b45566704b3", "comment": "Malware payload", "value": "a56b4891ab5cf1407cae95476a975770d79bc157", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510798, "uuid": "87aff753-9392-427e-94b4-f5fe65f9b6b8", "comment": "Malware payload", "value": "0056f0c7d22b6974a694eb830cdc17eb9a79d64276edb5181b5356fd5cd98590cc9049c7619af17bcc64ad6730e10f61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510798, "uuid": "b77357ec-c364-4350-aa18-84274bcc84c8", "value": "T10BF4A203BA4786A2F26D17B2E59B1C04C361D983732BD70B798E23B655233A79DC950F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510798, "uuid": "f1beb012-0575-4ea2-a41c-7acfcde358d9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510798, "uuid": "3f9e6b32-f244-409c-814d-6204a57adc3c", "value": "12288:AKJGjC87V1draTVlL11Dn9Wa8Lw38UDJm/X79MZmol7:AKaVn2TVlzDn9WpXmJm/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510798, "uuid": "525bee0b-eccd-4327-9fb3-e5b042d9f32f", "value": 788992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510798, "uuid": "46a7088d-7f99-4a85-ade5-39794b0faa31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510798, "uuid": "a5b0ea11-cee9-48a0-8ad4-cfa3df82163c", "value": "Bfgjjenmr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87df6d38-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696496385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496385, "uuid": "6422d0d0-f55c-4ad3-b32c-35a8c9195c98", "comment": "Malware payload (Smoke Loader)", "value": "cc29e60db6704a33bb5f5bd1236e1cdd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496385, "uuid": "c3924f51-3ab7-4919-a6cc-11f20f98c23f", "comment": "Malware payload (Smoke Loader)", "value": "323dee953ea1ec421938b76d4ac4750309fae76965585f91bf8098e8c74e3850", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496385, "uuid": "671e7680-f57f-4208-9f09-c15aea1d638e", "comment": "Malware payload (Smoke Loader)", "value": "a228278f41c45be10cc16be914a569abc81fa24f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496385, "uuid": "19aeb7c5-0bdd-44f8-aac2-9e023f923579", "comment": "Malware payload (Smoke Loader)", "value": "4afc040969ad50fc489ab663232217f15692c1b60000fb2ac8c071a6900bf468bf44c8c8c59f4c87e8c9fc56cca8b6df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496385, "uuid": "4f282b1a-6490-4839-9df8-d98af7d3b414", "value": "T1F724CF2135E2C0B2E6B745749474EB907EBFB87367B4884B2714065E6F623D1AEA3343", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496385, "uuid": "5f5e2113-1b51-44d7-990b-1b162818e7e7", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496385, "uuid": "12ca1473-ed9e-41f6-b8b2-e1ed09fd6241", "value": "3072:ywXz1/fAu0sLuaKveXCTyAnguCRE+UAw1AUX0ux5enGb56cX53KMvt87hX9:HFt0sSaKveAymguCRnYZfxddZv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496385, "uuid": "11d5f292-f1dd-4b14-bcfd-4d4f1e956623", "value": 222208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496385, "uuid": "e3731af6-ebcb-41ea-9169-f551a08cdd34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496385, "uuid": "26245263-93bd-4cf3-aabe-d9a9da26dfee", "value": "cc29e60db6704a33bb5f5bd1236e1cdd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08dcdfd5-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501756, "uuid": "9c7d7d62-98ad-4080-9c3f-594533695708", "comment": "Malware payload (Mirai)", "value": "fd3e3885cbdc780ac1b30f7e894c6604", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501756, "uuid": "8c6b93d2-b64f-4158-8b04-7fe44cf939fc", "comment": "Malware payload (Mirai)", "value": "327d16e9f3241bff7f5d7e34414afb7cbc9225b2f49cbe664bf769cc0327aabc", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501756, "uuid": "15440ca6-bdf6-429e-ab7d-5fdad2d1d77d", "comment": "Malware payload (Mirai)", "value": "d376ac2bd840963f88772ed868b81763bd24b8d7", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501756, "uuid": "b0d3c627-8d20-424f-94fb-04893e9f42da", "comment": "Malware payload (Mirai)", "value": "cbb4254bfb4820a0d41e36c22fa1be4a2cea1f001988d6d765bd519a1ef44d206a954d2850ec1a2d6ec9d601042c7736", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501756, "uuid": "0fa0d3d7-fb64-4228-ac41-d306e1dfca06", "value": "T134E30A56F8819B12D1D311BAFE1E124E37231B78E3DE72025D246B753B8A97B0E3B905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501756, "uuid": "700ce334-a9c2-469e-9f3d-e71d1d70758b", "value": "3072:97JLhl+yUnpI8zXvwfcY3aD2K5Ho9CAGKyR3qK/Z6:97Zh38xzXIfcKaBotGKyRp/Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501756, "uuid": "a4cabeb5-cd57-4e8f-b61c-cbe3a679e9b7", "value": 152380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501756, "uuid": "2a4c9bfa-197d-4c21-b334-1377dcc2a69a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501756, "uuid": "0ae4e5f7-c736-4c45-84a8-9eef11b4f05e", "value": "arm6-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "025cfc23-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1696510335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510335, "uuid": "15d7fb82-fb4e-44a1-8afa-bba31fce58b0", "comment": "Malware payload (XWorm)", "value": "445ad015cfea0fd3c111cd6536341bf5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510335, "uuid": "933fd036-6f9f-4c9b-a40e-a061b68781e6", "comment": "Malware payload (XWorm)", "value": "33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510335, "uuid": "59719b40-85c9-4c70-99ca-2cc5c80a7fbf", "comment": "Malware payload (XWorm)", "value": "b4b9f4f6c65436f55fafcbcf52ebf02a676a1b9d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510335, "uuid": "64efb8c4-3789-4eaa-8916-3cfb352fde00", "comment": "Malware payload (XWorm)", "value": "a4ae50a8e973171a3c6d50d3af3634243d77f6570976099d343a1115b56fdfe28babb57b87ba690d0826e200f7f82d27", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510335, "uuid": "e118fe37-76e1-4d61-a414-aefda07e972e", "value": "T186A36BA9BB9C6235C46EA1345673C24DC2F0BC631536D22E7CD4365A17BFAC0A9B05E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510335, "uuid": "be684514-86bf-4ba5-9536-46a17904c011", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510335, "uuid": "e4a27573-b22e-4c2d-b56a-e200e8884c41", "value": "1536:K9imNPnMKTCUbq4jTTa/2w8wiV7TXxfQtnUiApKq:KoMM8CeqNcVPXxYtnSJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510335, "uuid": "75574f79-4a2b-4d9d-bdab-f75468ebf472", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510335, "uuid": "b365e24f-82ef-4528-b2cd-4918fb89c697", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510335, "uuid": "b2b9d430-3da6-49bb-823a-5f76677ecda2", "value": "Windows AntiVirus Security Defender.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ef88b4f-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WhiteSnakeStealer)", "timestamp": 1696522516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522516, "uuid": "2c07665c-386b-4401-8bb4-ba2fa5ccea73", "comment": "Malware payload (WhiteSnakeStealer)", "value": "0a32e2ec770c67261df3f3971d517bea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522516, "uuid": "1be6690b-00c0-45ef-bf75-7bd0a2c5c81b", "comment": "Malware payload (WhiteSnakeStealer)", "value": "34e5bd67fbd9a7040dca9cae90e36013aaeda1940bb39e7fcd5d5fa9c85cadc8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522516, "uuid": "6fe5badc-7510-4b5b-8a67-ef4968c65c03", "comment": "Malware payload (WhiteSnakeStealer)", "value": "4dfbe7f3faa5b30b9f93085572496f055b02c5e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522516, "uuid": "2b14a5a9-fc72-4db7-8c10-ca0066e5d421", "comment": "Malware payload (WhiteSnakeStealer)", "value": "01afec4ef0222dd8ef2894078629aaa7acebb8e9fd490b601358acd976fa74323be1f0a75c58ad560e84ea55fb30854a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522516, "uuid": "ecbebf5b-fc86-4f73-a1f7-111490b776a7", "value": "T15C44CF0CBBC5FB5AE29E05B491A06365433492036142F78B3EDED4956FE23D05A898FF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522516, "uuid": "b772b382-0479-4727-abd9-25798aefe62b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522516, "uuid": "5d3f037e-0f3b-404a-b7d3-558f83830c52", "value": "6144:/GpIP+Oqum37ZUr6dgZTlp3j9bpf3X/ZZ+W0:GIPvqR7I6dgZTvfnfP0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522516, "uuid": "b1b5dfb2-b848-42af-9251-bf4115cfc449", "value": 262144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522516, "uuid": "4c348190-05b3-4134-9a9f-d6aac8ecc03b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522516, "uuid": "400921c0-2aee-45cd-ab45-8386c1fa157b", "value": "0a32e2ec770c67261df3f3971d517bea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28920967-6344-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RevengeRAT)", "timestamp": 1696485488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485488, "uuid": "582d6f98-dab7-45fe-aff3-8f5ed573f922", "comment": "Malware payload (RevengeRAT)", "value": "b0b33b5e5ee9cf229260602bf7eeeb51", "object_relation": "md5", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485488, "uuid": "064957c8-cb70-401c-99d8-52b606d6d4e9", "comment": "Malware payload (RevengeRAT)", "value": "3529b4f24984447fd6e5c67ed3c92ad4df89304c55504c3b944f63a8340f3148", "object_relation": "sha256", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485488, "uuid": "200f7ed1-5b71-4c5a-a37c-2118cebd7df7", "comment": "Malware payload (RevengeRAT)", "value": "6fc24326f7cde649385de22607025ee0dd796e76", "object_relation": "sha1", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485488, "uuid": "e95935e6-0e72-4b96-b0db-cf0991cee94f", "comment": "Malware payload (RevengeRAT)", "value": "61485593fbca8bb397879f274244e3752694bb83c5ea654afdbbf0a23b91d4e74aa730b96505541d6eb05ce3e04fe0ec", "object_relation": "sha3-384", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696485488, "uuid": "e98e9a12-d7ed-4176-83b0-198f49c115fc", "value": "T1E302AFF665C33ACACBD5CDE047A527D2EE00909145BA6901B3DCCBA56FEC1E56F4C910", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696485488, "uuid": "9389be96-147e-46e8-a5b7-37b5a85767a6", "value": "192:+OtAqbuUWLRMks+MB3+ZdJIrP/NGP1hYNbQPMKQrU78gmU3OO:tt1hneJG3EP1cbQPp1iUeO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696485488, "uuid": "c80cacf0-f173-4be1-899b-8c24775c41d8", "value": 8283, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696485488, "uuid": "a1fd7541-cfce-439c-9937-f31271e92f62", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696485488, "uuid": "a2ad97a0-c06a-4027-adae-05e73809abff", "value": "dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ab936b4-6338-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696480445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480445, "uuid": "56656d64-c51a-4a46-8096-a8c5ff505de4", "comment": "Malware payload (Amadey)", "value": "e2229861ce687373fa610beccd0abf1f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480445, "uuid": "299ffb30-4d2a-45ed-8518-599ac62dbfe7", "comment": "Malware payload (Amadey)", "value": "3665a7b2ca7868ba7618451a4e6ceaaba4b6587154140ef439ff82daf56aa4d7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480445, "uuid": "6fb09d60-a189-4040-adbc-7044ccb3d416", "comment": "Malware payload (Amadey)", "value": "022430e1c2b279d54ea3f7d92087578b00157da2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480445, "uuid": "03464f08-a6de-4ccb-90ba-1ae014e21497", "comment": "Malware payload (Amadey)", "value": "a6689565a74a0c08dc0119ff074789250b363af79402838354fc80eabef5e11dc3d3becad20f9afe2ef44e0c34deb2b2", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480445, "uuid": "74537e0f-094c-4849-bd09-f3f9a9b0ab32", "value": "T19395331765E1107FE8F51FF0DCFA12D30C393E9297A6AA16625A710A5C332C9987A337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480445, "uuid": "6d6caa80-8dad-4b84-9fc5-9a6fa45ec217", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480445, "uuid": "7f356f9b-0740-4acf-abf4-3d9a7582ed65", "value": "24576:kyGpLzAZFFfc9EoYkqip3FB9b1ub74PhvAgMreRohjFrnEHEd0cN9rY7tjmYkKYs:zGpLzuFFfGdXqipRDY3vNEkd0Wa0YDX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696480445, "uuid": "1251565e-59f3-4cd2-8e85-dc8ed70122f7", "value": 1969152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696480445, "uuid": "05c2b683-021d-4329-9a3a-f16f507c3fc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480445, "uuid": "bc6147c7-2f6c-433f-ad82-1afe03035526", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4ffd527-637a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696508916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508916, "uuid": "bc3fd390-e8a1-44a1-a365-65b8373c8077", "comment": "Malware payload", "value": "4c2cd176f6ea7101e09d3ba65f8a8fc1", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508916, "uuid": "5ba7b6d9-3a47-4d6c-be52-145933a5b814", "comment": "Malware payload", "value": "36a86e0d956a156ce06ad1df5300cad8ece1cf554e9cd93657b58a53dd6dd801", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508916, "uuid": "b0a9528c-d689-4f84-8991-fe289476191e", "comment": "Malware payload", "value": "5a91def684bd16fddfc43e18e450f618c93ee6bf", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508916, "uuid": "f6372143-7f18-4414-b547-0404f61a751f", "comment": "Malware payload", "value": "343269e2d642777583a484197923dec4a814ef9e916c7b4fa60f2f9ddd2b525c5dfc67be5f0dcc5bf4ecefa16597539a", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508916, "uuid": "d379da5a-e3b8-4fe9-a1de-957cd4e8c8a4", "value": "T1BC0633AAD4334F34DD5C0AFB34C03428B7ACE1083615A82B346BE836B6DA36ED5D9D55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508916, "uuid": "97ce1fc1-a6ae-4b76-aba1-5fa6008ef75e", "value": "98304:KDW/Wlc12pUYvILoez5AJ8n1MhRVB7IxMstkYS3EbiC:KDsYq2ptiAO+LB7dAN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508916, "uuid": "d4c5d77b-6e81-4365-bfa6-e720659a6f8d", "value": 3664122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508916, "uuid": "d8266266-7233-4332-bbef-6d18f2cd4a5e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508916, "uuid": "dc5fa2a4-ea22-454b-8e96-b0e9676d527d", "value": "5390IDFac_PDF_QOHN8630MXTG5220.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "330ad06e-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696494954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494954, "uuid": "e03a83d6-04a4-4177-9c93-6e670ede5d91", "comment": "Malware payload (RedLineStealer)", "value": "aab63c233da2acf54393ba50f92bf7f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494954, "uuid": "462d46b7-eca7-484b-b753-55621ace9acd", "comment": "Malware payload (RedLineStealer)", "value": "37a81bd1ee8e13048f5a71bee31fa16b0065f84b90670474c4e6d9a3d5ffb32f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494954, "uuid": "1e52ff91-75bd-4c07-a6ca-353d1bc4929a", "comment": "Malware payload (RedLineStealer)", "value": "8b94aaa8002c4ab6665d86dd079783bcc15a78ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494954, "uuid": "30811099-bbb3-4874-9ab6-1a5e789e3c9c", "comment": "Malware payload (RedLineStealer)", "value": "9b04f2384bcf31f3054c4584ef5a90a8d5eb9b4f1f23dc86c22d5ceec1f0216d1d9dd8f91022e3d67269e5104bcb2f9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494954, "uuid": "37533c97-4f38-4f46-b685-ee5e3d273e4f", "value": "T166653342CEC8DA33DDB91BB059F9578B2531BC102979875F530DA64AAC330A5D63B32B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494954, "uuid": "1e38d868-02d3-4a06-9cd2-21b979c66590", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494954, "uuid": "f1b25725-fb45-4057-a4d9-f96b4d38d096", "value": "24576:ByVjLdwJ4tg3Sc27AXy6d2n5HXMXsASI2ghNRXcgEI++YQygNaApK2j/gCP:0VjGJ4ux27od+5H8X/TEI++DGC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494954, "uuid": "fbe930d0-a82a-479c-9a36-b6572fac12b5", "value": 1543680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494954, "uuid": "42477377-887b-4254-9ce4-ca43a05e990c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494954, "uuid": "a1de7b1d-5f20-4f6e-b921-4355dc571311", "value": "aab63c233da2acf54393ba50f92bf7f5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac67ea99-63b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696534242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534242, "uuid": "532c778d-de8f-4fd7-92e3-59f79e96e0ad", "comment": "Malware payload", "value": "68ee426ed8ec39a87be67ab585853428", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534242, "uuid": "ad66f22c-5c1a-4f21-8718-067b4525b91b", "comment": "Malware payload", "value": "37ad792c794092e829f44f4eed57ad5d4cfa9f0a1cef2dc3bc14fbf6027afa06", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534242, "uuid": "22de374d-a0e2-48d4-be29-a601635384fa", "comment": "Malware payload", "value": "56102019e9c700b615660b8ba91a199e1f9e3692", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534242, "uuid": "82580e36-b03d-4654-af2b-bba8757ed88d", "comment": "Malware payload", "value": "116c8374641248779adb007491eca8de81e0eec8d51cb549c31dff6fd2654dd9e6ddacdce90a34e1db9ba88b2b8bfe0a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534242, "uuid": "8f7a88fe-e0d7-4b45-acd1-4d5eb9668ab5", "value": "T11DA48D05FB9448E9D077C0348A178652D932789A0F75EADF1398927D2F3B6E85F39B20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534242, "uuid": "67c78a04-622a-4342-981f-91d9b43b957c", "value": "ad93bccd3325bb814d5a573c3780f75f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534242, "uuid": "5e7ee489-5fca-45ce-ad40-60f9677bef3f", "value": "6144:K2vYg/KfSIBMDgW0L4FWa1yYMOgWQOp+071y6rpz0V:2gGSIu8OshYMUQOU6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696534242, "uuid": "54f2a60d-8128-4754-8789-b46b40f98d78", "value": 449024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696534242, "uuid": "810c091d-c8fa-42ed-96c0-c84fbc1b9bbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534242, "uuid": "7a2cffb6-22c7-4460-8456-c1cbd70bbd91", "value": "SecuriteInfo.com.Trojan.Inject4.61380.32032.5547", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec3a0450-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491829, "uuid": "505f70a4-f218-4aec-9967-2ef405cbb3ba", "comment": "Malware payload (Mirai)", "value": "ce444f95514cb11cae80d577ba993afe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491829, "uuid": "656e2c82-fc77-409b-aa88-e1e32366afee", "comment": "Malware payload (Mirai)", "value": "383da0bdfbf80583f0d691ba1b5e865d6aac3ea8ab5398a66380e26bd7e5ada5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491829, "uuid": "1a51fba8-b228-4505-8c44-e7f70b0d0d76", "comment": "Malware payload (Mirai)", "value": "29f413aca3ae80e87297b59d80f63361c8a4ffa2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491829, "uuid": "d14ff468-ae3e-4d95-b506-876821bb3bd6", "comment": "Malware payload (Mirai)", "value": "fcbff2c724aa7940a1b08e9d770cece0abc15703187c980ddc5e483a738e9a8f126de7bd48fbea2dc182bef9fc6e718d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491829, "uuid": "e39e0192-0163-4c3b-84c6-148474e80d84", "value": "T17B539FA5C5ACAE58C71441B8B654CD398723F408A5A76EFBD646C796800BEFCF0187F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491829, "uuid": "53d8a85a-9a3a-45a1-b944-b6f00157d972", "value": "1536:PaAtVnz1/mUUNztiYmW6xhiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwNjT0f+whWONEJ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491829, "uuid": "4cc05eaf-2699-4b81-b305-24d321a229c6", "value": 63772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491829, "uuid": "1641e61e-66a7-45ed-b405-8b265410cd3f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491829, "uuid": "785f52cb-3e91-4862-b447-0f1308cd76f0", "value": "ce444f95514cb11cae80d577ba993afe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d0da3cf-6354-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696492528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492528, "uuid": "f3c446e2-d433-4855-9559-2cdc95fa09bd", "comment": "Malware payload (Formbook)", "value": "86a2bb0fe08683846cc116ae3a8a1352", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492528, "uuid": "863f142c-90aa-4419-ae16-db146f5e2a8e", "comment": "Malware payload (Formbook)", "value": "38c02a1a5ea42772517bec11ef10f3ed1a50172d35701c604180fac3b7900f47", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492528, "uuid": "ae648893-de63-4b6b-81a7-15f030c9a12c", "comment": "Malware payload (Formbook)", "value": "b20c0848892dcfe06eb6f5c372dea41e76c308ca", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492528, "uuid": "2ec43993-af1d-483a-abc9-5e532363ca40", "comment": "Malware payload (Formbook)", "value": "2f9be199766704c7746dace9768bda65ea8a3f804da60b3db6244bc7af23420876dc2175b4c5485450af32bc01cc15fd", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492528, "uuid": "fe48ff6f-db99-47da-be6e-35e32a4b1795", "value": "T18654236EA339CD4489BF6158E17BEC1DC4740C221122734E4FA65C1C7BE8779E6E2E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492528, "uuid": "b9cbdf6b-136e-44d3-b3f2-8ad87bb89084", "value": "6144:+y/KxlL6T6DyfxsQzdN5tI/Z+fECasvt+oDkeoLK4obkg1J/O1vo8WD9imdLXiqy:p/K726GpsQzBAZ+fJa6tlweoHoYu/Qwe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492528, "uuid": "4910ec31-ff50-4a60-95e1-d20923ad001c", "value": 296814, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492528, "uuid": "69d059ef-e6d0-4bba-a814-ef6858776cd0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492528, "uuid": "5601b1ea-a89e-464a-8520-1e3df241f831", "value": "Transaction#27.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e207a67f-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696498684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498684, "uuid": "fd585957-2e8f-475a-a299-75189e69ac27", "comment": "Malware payload", "value": "1f270c6e10e69be36680d72725cbb37c", "object_relation": "md5", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498684, "uuid": "1b0b7d90-1241-4465-a23c-6a968e2fc344", "comment": "Malware payload", "value": "390ba31f77f9d88377221c6581df4d9983a2ff0075b04f0a32856467cf7c2d07", "object_relation": "sha256", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498684, "uuid": "29d00e0d-116e-4a55-9640-0a1275c58a2b", "comment": "Malware payload", "value": "5d430461fa3aabc094e3db9e91b69f703b9e94cb", "object_relation": "sha1", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498684, "uuid": "410a48d3-e654-4a0b-a622-2c5a85a427f6", "comment": "Malware payload", "value": "52bcd0dfe37021daab1d990e7c26e75da7623e4540ab387b90d4fed2613bd2393567d7fe6e6b655b2ada49543e52785f", "object_relation": "sha3-384", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498684, "uuid": "6895d169-2d00-425b-b242-6ceff79a2a2e", "value": "T183216B11A9F69224F3F3DB3E59BFA5518C723E4AEA11C31E01A1058E1A31D109DA2F37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498684, "uuid": "7fcd1098-fcce-40a7-bf12-a556e78d527b", "value": "24:wlOqgH5wEAWuR8+6CIGfq2sCUGJCUGfq2gSCr2UMkWjxSCrs7dCZZm:SOqUi38Lp7Ha7x2HLT4dCZZm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498684, "uuid": "456f50b4-0529-4bf5-8995-885efb814ad1", "value": 1325, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498684, "uuid": "6964b028-7051-4d37-85ab-64edff05f093", "value": "application/vnd.ms-cab-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498684, "uuid": "05a48d97-6d2b-4efa-a6f5-186e0614b89a", "value": "e55d68b79e323381145aad38c9650e36be9dd6d92262e57a55c4fc222fd71746bb6e880f4dd1bdbe3a81c4115f247b1c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "972422fd-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696494693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494693, "uuid": "fbbd2537-7786-42e6-8ea6-0bdf59a0dfa9", "comment": "Malware payload (Formbook)", "value": "bc18302569c7391add21bcf078c569e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494693, "uuid": "f107f86e-ba2a-4088-825d-cfaa4064c75d", "comment": "Malware payload (Formbook)", "value": "393f41d6aaa447a3fc89f83b3ffb08574464197bf45704ba8226cd070b63c6ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494693, "uuid": "652a5c4f-93f5-4032-9672-fcabdf226b96", "comment": "Malware payload (Formbook)", "value": "43c112099df6d2b3cdec8153a28f2871cf46a563", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494693, "uuid": "82a568db-5e58-4fbd-a6ff-9312071884ec", "comment": "Malware payload (Formbook)", "value": "93d839c9c005f03d1b8e66f80ff7982041be950c76b7d0350c7f8838ada9ec81c237c06289f99c1f9fd1bf8fb155ff12", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494693, "uuid": "45311042-f4cb-4501-a241-027f0ca3c8ab", "value": "T1506413E4A664C193E5E20BB0B9F9067F2EE9FF3701ECCF4FA7A05245BC05954A909351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494693, "uuid": "5448c654-9ad8-4cd6-8ee7-e549bdaa77f1", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494693, "uuid": "f2ed847d-1889-4309-8008-414a08caa257", "value": "6144:BnPdudwDsk05ReD0wfm7DQK1oNE/gnsEgIOHLm6kl7FPFwwJ38guHlkL65m/jrqL:BnPdwk058cDQG/gDL2LmPl7FNwz1m/j4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494693, "uuid": "b8d51154-b7ab-4659-bfff-90f035e5d55b", "value": 310982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494693, "uuid": "b5d2c8ca-c8b4-4124-8056-d81bc0c4e103", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494693, "uuid": "06593546-b6e9-4cdf-b5a2-8f857f572aae", "value": "Salary Payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c60955b3-63a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696528702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528702, "uuid": "6ed982a3-5fda-4eaf-a2cd-c28e5a267180", "comment": "Malware payload (RedLineStealer)", "value": "beb8f4323c158202900491400cb39fdc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528702, "uuid": "a16d43c6-293c-4cf2-99a6-fdf9242e7e03", "comment": "Malware payload (RedLineStealer)", "value": "39c4303243f8ba84b1aa745c8ed21f8c0429a01a8a8762a78b26861ddbf2b8a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528702, "uuid": "d0f653eb-d6a1-497e-bbd8-eeada328d105", "comment": "Malware payload (RedLineStealer)", "value": "09dc41f7e9e688926085062ed8175752d92b1cd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528702, "uuid": "96197e9b-45e6-4d41-a738-bd02b1f8324a", "comment": "Malware payload (RedLineStealer)", "value": "f7930e152b454cd51ea3559309d61eff40d08b8f8f3e10bf12014dc7954a4f0bfb8994621c5b25d14362be66d4695fba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528702, "uuid": "da57f465-26e6-4ced-a2da-877e16c6b38c", "value": "T16B756C20389082E2DDE2507D33ACF772456D93F48B2752CB17C46AE99E735D12E32E96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528702, "uuid": "02d55d0f-0826-4395-8744-90a8e82cd094", "value": "866f5ab4dadf03f032eb53be5227146e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528702, "uuid": "9bad9793-dca9-4e96-9b62-ae474e25df41", "value": "24576:3kdoWIG0h0DdJItcusXvxsS2fDhg2XPr84+wsB:TG0h0D/fXj2Vg2XTqwsB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696528702, "uuid": "96ec1c0d-b56b-429f-8644-0c33683e20ae", "value": 1680384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696528702, "uuid": "e2f3b793-87b0-4bae-91c5-f36221c9cfee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528702, "uuid": "a11666f6-196a-4a72-8708-4ca4cb933494", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bb40885-6369-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696501385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501385, "uuid": "ff405695-26fc-41a7-9417-2eea695b6cc2", "comment": "Malware payload (AgentTesla)", "value": "f0af137175487b4d1249921ce506efe9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501385, "uuid": "92d88c22-e1b0-4ee6-bbda-eeb812f16f6c", "comment": "Malware payload (AgentTesla)", "value": "39e68b3555c03c108a8dc3f9373a2031ba20ce5e0adc492ab3b2d2e5d3150d86", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501385, "uuid": "80b126d7-dd6d-48a9-923f-cf18bd5f02de", "comment": "Malware payload (AgentTesla)", "value": "7e175b57710312c75d3580b058c1efd91dc55098", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501385, "uuid": "20f47668-b6e0-40e5-87a1-c3f216351772", "comment": "Malware payload (AgentTesla)", "value": "c5d9e8cc17605d5ee582bdae4330652251d3785d50c4844095a162dee57310c02c8806be937c82e15d0770a8e0f2174a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501385, "uuid": "a6240acb-f5a7-4f7b-82c5-34f8af6014df", "value": "T1E2340E037E88EB15E5A83E3782EF6C2413B2B4C71633C60B6F49AF551851646AC7E72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501385, "uuid": "af282003-197c-4b19-8fb8-5b387f3d9de0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501385, "uuid": "b9fa8a03-822f-4c8c-b8ca-cae843b44433", "value": "3072:el24k4MYiTjnx6yshhaLwl9K3z5mhdljlnV:B4k4MYiTDo8E03ylB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501385, "uuid": "cbd1ffc9-2401-48b3-bcdc-47d793271510", "value": 241664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501385, "uuid": "0d042743-43ab-4c23-905f-721c886c9251", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501385, "uuid": "241fd720-d432-4f04-87d6-a4d107b9e04e", "value": "16965013835371bade819b828d2ef6e24480e6d349f5b28ef4ea2aba6ea0633ce7f5b34953602.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e02cdfb3-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1696502117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502117, "uuid": "ca8c851a-421d-44cb-80fc-7e7b3b8f7f2d", "comment": "Malware payload (njrat)", "value": "b0ad2d1c5c3f8292c87253e48bbe65b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502117, "uuid": "db7809cb-f8ef-4fea-b8a4-94a4a3434aa8", "comment": "Malware payload (njrat)", "value": "3afb59529ffa4513006bc0439666f31bfff54d2d3de260f0f5280e1ac8cc2190", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502117, "uuid": "0f59fd1d-988a-4906-8c8b-3577921e72a6", "comment": "Malware payload (njrat)", "value": "684d349fa51ce0315fd88dde32bb7cc9dd31d8e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502117, "uuid": "b277592f-2030-41b5-935b-9d769a999cac", "comment": "Malware payload (njrat)", "value": "5e365722d45832eaee8f8c0c33084092b654bb649a73f52de80cc0a65cd6c9b0d4c4da378d085ec6eac481698ca81e32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502117, "uuid": "b30984fc-638b-4584-a27c-d1b9a2abcf9f", "value": "T121032B4D7FE18168C5FD067B05B2D41207BAE04B6E23DA1E8EF1649A37636D18F50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502117, "uuid": "4ecff873-357d-4292-849f-e8152eb81359", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502117, "uuid": "dbfc913c-9a15-4576-84ad-e4941f08e41a", "value": "384:3WqIiuVjtD+P3V+y0bf2TKtvN4suKfdrAF+rMRTyN/0L+EcoinblneHQM3epzX6J:mNmV10bf2TKtClK1rM+rMRa8Nuk5tt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696502117, "uuid": "7d5b0fcf-523e-4119-a537-db5b91802892", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696502117, "uuid": "f97851c6-89d7-4023-b312-0aa97ee1da2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502117, "uuid": "c730d809-7480-4c89-a6fe-fc83e940f31a", "value": "b0ad2d1c5c3f8292c87253e48bbe65b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49471008-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496710, "uuid": "e079629f-6a32-4725-9a5a-77560f9cd15a", "comment": "Malware payload", "value": "37759d505c614f82bf436079823a1b33", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496710, "uuid": "280c7e96-a4e2-4acd-b52a-0547bb2d2268", "comment": "Malware payload", "value": "3ba488987cc2acd9bf520ebe5d7d4a24ca1f0e4663e16bed19f9de1405fdce6a", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496710, "uuid": "a3eb5771-319d-43c2-99e0-245455ea5b7e", "comment": "Malware payload", "value": "4c78cfe78b3586244cdbf63f75e934c096edb56f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496710, "uuid": "db7172c7-0915-4b8f-a5e2-7b0848fc2664", "comment": "Malware payload", "value": "384ad611df3fbde2968b06eec293cada4437f3d71becf2f5571bb6d7df88d3b8f2809d5d16448e7d1a0d454abf8b9893", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496710, "uuid": "d3b105ff-2a87-45f0-819e-9b5c3ec681da", "value": "T146F423BC52C00B578A81F7979563A891A46B3D894047FFECE13462FE2D2BFA1C8D3464", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496710, "uuid": "3c6dd3cb-a098-4e17-b434-4793a44f235a", "value": "12288:pAYFhNtOnkI89ltC141SMwmVy48hD43M8Eu5UfHsfN9/6Qe9mlUB380pD7UxEl9h:p1FhDOkI89ltC141N9V8hDUrn19yQe9B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496710, "uuid": "d1d0561a-42ee-4e99-9595-657900a305d0", "value": 726594, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496710, "uuid": "462d5515-7637-4f7a-8a59-3517b3f8a4c0", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496710, "uuid": "b501ff2b-2be5-48de-89ad-482041b4f048", "value": "orden de compra.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "038206a5-63b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696534388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534388, "uuid": "06cd76cf-232e-4d9e-b5a3-ad5b885edcad", "comment": "Malware payload (GCleaner)", "value": "9452dff09397314ab6dc4c685e6c8f02", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534388, "uuid": "2a4120b1-2d2b-4746-9c07-2311f121c777", "comment": "Malware payload (GCleaner)", "value": "3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534388, "uuid": "e1982051-9316-43c9-9fa5-28d501f23c4e", "comment": "Malware payload (GCleaner)", "value": "3374e1886a0992cc147ae1d0005ee387b3840354", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534388, "uuid": "81950538-4597-43fb-acc3-0b1a210925cd", "comment": "Malware payload (GCleaner)", "value": "3bfb5a98be953e6ae7c9ab0fce417825e973901577bbe2d318f2c4f1aaa93a7c76ec307fbc3eca7fc08f354fae57467c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534388, "uuid": "064a6d7b-8cac-4c14-b5c6-bdcf6f75ebf0", "value": "T12B44F1217590DCB2C4C741378815C7A0EA7EB871FA978A8B37941AFE7E303D1A73A245", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534388, "uuid": "ab154e9d-6d6e-4799-9b22-a882a53864b6", "value": "f7870f247b6310288a9657f261d28969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534388, "uuid": "56515139-8840-4e21-846f-b29759c003b0", "value": "3072:bwd998ZfNKx2bdV4VUVAMmoymL0qMA6wcyN7cQZzi0oeH5NrM0:C98KwbXV3moymJMGNtcQZz5vr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696534388, "uuid": "14a72c8d-76a6-45b6-b7ca-a4d10eaf9b93", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696534388, "uuid": "254d8295-8590-421f-b62e-f825722b594c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534388, "uuid": "f8962a23-0d2d-41f1-a4ad-9fa22373f489", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1598941f-63db-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696550310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696550310, "uuid": "30fce028-34e0-4def-8c14-0a5aee8fd536", "comment": "Malware payload", "value": "a5ac5a96beb2ff5f78d7c38949b0040d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696550310, "uuid": "fac15b2d-391c-440d-bd81-38a35eba49be", "comment": "Malware payload", "value": "3d03eed9848645fde88610e9d0b08070dfa6713264111e1eea6911dfa2bef751", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696550310, "uuid": "3456469d-af81-4d69-8588-62eecdcf8202", "comment": "Malware payload", "value": "356913a71ec7eadc5ddfdb21844cb617aafb013f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696550310, "uuid": "08cb5732-e971-4484-855a-40862b763afb", "comment": "Malware payload", "value": "43becbb5325558369717e99e34af3dfecb30da7cadac8d3da38cc8539765bafcf9df3be13a649e6561f07fc7f70154b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696550310, "uuid": "bfba824a-6164-4828-8b82-81855f63e2c4", "value": "T14B44F1217990CCB1F40775B58825CB60EA7DF8F35A96854B37542ABF6D30392A33B389", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696550310, "uuid": "8bda4626-3fdb-4cc4-9fa6-f7e15cb3ea63", "value": "d3c94bb73994a0063781772af4feb487", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696550310, "uuid": "806fe5f1-d4fc-4da7-b251-e50f910e8b02", "value": "3072:Wj8qqtU/fpOZptioUkGaVMejZmlXrON0L/0VFnSXfJNW+lJyZu/dL/P5tLt:EEtqOHDP7Z+gvSXxsQ7bL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696550310, "uuid": "62005f79-537a-4804-a84a-5832eaa00994", "value": 257536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696550310, "uuid": "9adffd27-038b-4f02-962a-5fedf27c76b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696550310, "uuid": "5907a432-36f2-40e7-8cb3-47fac31da2e1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e484e8ef-638f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696518016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518016, "uuid": "cec83d86-f057-4033-997e-554d12ec55a9", "comment": "Malware payload (MysticStealer)", "value": "6e048dfe418439ad4638c111fd040b9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518016, "uuid": "db61edf8-d221-44da-926e-5fc64bdcbd14", "comment": "Malware payload (MysticStealer)", "value": "3eef8702ad0c0ca74a96b70e37147c47e2aaa0a8715b19d010e7a53dcedb991a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518016, "uuid": "3c75916d-a775-4de6-b43b-1a377db30ffa", "comment": "Malware payload (MysticStealer)", "value": "2b73271dfac18451b5fd3478bebf8d6ed4eab815", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518016, "uuid": "ec28dea5-4004-4e87-a7c9-34abc447abe7", "comment": "Malware payload (MysticStealer)", "value": "b29c16c2f00553165fc9c603be2f3ff74505b73a0e730bb0733d0d4945b1a25aea855d703705dbb701ba7ae32af7ede5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518016, "uuid": "0a5faee5-68ed-4de7-8361-67e830b91fdf", "value": "T151852B117BF94B59F6F38FB896BAA611887ABC698F11C2DF1251504E0C31BD08978B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518016, "uuid": "04bd119f-0576-44b1-93d4-4a75f0a28079", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518016, "uuid": "3db221bb-e538-4a78-b63b-2cd62400f726", "value": "12288:T0JbUyuJ4dXMJGdDQd19QyVeidvIpQpFBU26uBavV9X6a9Dhvhv6rCdTNl61n2Nq:yuJ4d8JGdDQd1vtdv7Dm6a9Dhvhi2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696518016, "uuid": "ac0849ff-607a-46d4-bba8-c0239ca0bfd1", "value": 1839104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696518016, "uuid": "426589d8-052b-41b2-b5d0-a4c906314d15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518016, "uuid": "60bd2eed-9f03-4876-84f3-5c4cd3be6dbb", "value": "SecuriteInfo.com.Trojan.Inject4.61813.7783.12964", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98b6b42a-638e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696517459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517459, "uuid": "88917ad5-9647-4d07-ae07-1581697dfa96", "comment": "Malware payload", "value": "5aac2b17c8da70fd4386a66974d5206c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517459, "uuid": "5b4c3ec7-bcd0-42e9-bfb7-0a5f1f2d9126", "comment": "Malware payload", "value": "3efb425f8ad8d6ccb391aa6a96efbc4413a88e3a0e0696dedaceaddea87d77ba", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517459, "uuid": "f9c512e8-8f3b-46a6-b78b-cc07f3af7a01", "comment": "Malware payload", "value": "b03ab92bd9ab072601898b7bf8eaf2a243b48d0e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517459, "uuid": "ce3fe86b-ff65-40c8-9f4a-cef8928d57b5", "comment": "Malware payload", "value": "9c91df6bb357d20afab4fa2b1d7be7e55ce040c71f33cf9767e2854e6fd92815b9a58dc665f65dcb5810d93ae6683865", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517459, "uuid": "948cd618-aff6-46b2-9182-bbbac5f501d3", "value": "T1A0842884269C26AFE1EB1B71103295D1CD17D3A862A4693DB2F36077F8B0FB7562C217", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517459, "uuid": "3086d380-8750-41ea-90fa-fe3702760ec7", "value": "f707ada0aac189999ec6eb4a5a71dfbc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517459, "uuid": "dda1d784-7dc2-4e67-b691-57aa655efcc0", "value": "6144:7Aosk1KQkXHfCz35J82OO5YNG8FA6pn7jFb5kNko6/ldpRxJg9pPIwohvaTO4:7Wk8j2OO5YT6ifFb5kS+W4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696517459, "uuid": "e5f59520-6fc8-420c-89e4-2ea2e28559b8", "value": 401409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696517459, "uuid": "ceb13e5f-381d-4e43-aa54-85cb889b17df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517459, "uuid": "766fee55-08c9-48cd-942c-5619924c33f0", "value": "5aac2b17c8da70fd4386a66974d5206c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d04d43a2-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696502090, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502090, "uuid": "0ab2bbcd-b24b-4eb2-b7b2-6338d6f57510", "comment": "Malware payload (Smoke Loader)", "value": "ee47473896523d487d47ca59b4b22139", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502090, "uuid": "0aa9351a-3623-4fba-bbf8-ba5354ea83ec", "comment": "Malware payload (Smoke Loader)", "value": "401840c36336f6fc88e312b927f8bee2d35f2c847734b67d4bf934b6044ee672", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502090, "uuid": "8c74ccba-ed35-406d-93d3-9a19b80c2c18", "comment": "Malware payload (Smoke Loader)", "value": "c2d351ac3308a6e56efd54ea1207d5c9c6a2500b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502090, "uuid": "a5da9670-5349-4f3b-adb7-edc42ed91726", "comment": "Malware payload (Smoke Loader)", "value": "bffb8dd7665a9fec9217e7d2c1e2fd0303229f7253d00d9774650990d635a6aae4a5ec6ede792d0d0b59a7793822d1aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502090, "uuid": "569ee4d9-2f24-431f-a261-fa9337f07d56", "value": "T18F14E0213990C072F88BCC758430CB63FA79B87256A9898737681B7E6E307D1677B356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502090, "uuid": "9707fb16-6114-459e-9b29-f172bd2f09a2", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502090, "uuid": "853b4ce4-3fd9-4aba-b494-ab08a9e31bcb", "value": "3072:1xjtp0gm+Y8RTdGxVlhZ5Ktuf4DBxUUx/t5vjg5XrT0:rjtpC+YuOhAufGxBx/H68", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696502090, "uuid": "cd9c1b7f-29a4-4135-a99b-5e39e8ef9035", "value": 199680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696502090, "uuid": "0827644f-36f3-4532-b347-92093764df09", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502090, "uuid": "89962e55-ea93-4a04-9adb-45e6dff51f25", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8882215-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696507204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507204, "uuid": "af35e332-05fd-4ba3-b5d9-40c4a208c3b0", "comment": "Malware payload (Mirai)", "value": "31e4e73f1577e14eb0891c829e47b8dd", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507204, "uuid": "965064aa-1d05-452b-a4fc-aa4b2a834704", "comment": "Malware payload (Mirai)", "value": "403e603ffe0f76049c124c4801a94ebf3df092a151be1ddfd7436b25b1e6aaf5", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507204, "uuid": "a37cfe81-fae7-41ed-bedb-e88b815a0014", "comment": "Malware payload (Mirai)", "value": "ed54f0c426fc7e6cc7d83c7f2f057b6f92352612", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507204, "uuid": "965c22ac-3322-4579-9b0b-af236ad7c888", "comment": "Malware payload (Mirai)", "value": "14b3281a9c2f8cc4f1ab2ba795788d0aa258517f9b8197c8d74eb38594c82eaa1a3255dbbac180ca867b0d0abb589288", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507204, "uuid": "ac46561d-b3dc-4e38-89fe-4acb1bae1fd8", "value": "T160A2E0207F2DE88FCC37F23886E5E5C692D07D64D2DC89866781C15BBBA36846834E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507204, "uuid": "f690684a-b17b-4827-870a-ec7d2deccc27", "value": "384:Mg9Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaQNAr8vcoBAvP+qNV+KLebRtBaO7K:798o08kxofBE+ZkXaT47C2Epit9B4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507204, "uuid": "90b247c9-1701-4eb3-9b34-3f2bfabeef8d", "value": 21500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507204, "uuid": "a1f87a0f-1f04-4cc2-8c79-cdf135012878", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507204, "uuid": "924800f0-2210-4e7a-907a-d23b7f4c84c7", "value": "boatnet.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "996f3672-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508441, "uuid": "f2a64b30-2fa0-474e-98e8-e36f885ead7a", "comment": "Malware payload (Mirai)", "value": "eeca95480aa8b5f49ee20eafeafeabe2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508441, "uuid": "7ad01b2b-cbf2-42d1-a1a1-fe458481348e", "comment": "Malware payload (Mirai)", "value": "405edcc3d1684532b8d401c9992467c9281ccbf7057c11fb84723269ec1a8c3c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508441, "uuid": "ea63e5d0-1041-4757-bb81-badc86623327", "comment": "Malware payload (Mirai)", "value": "bae45a406b1708253cf6a905a2620a93d9117dfe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508441, "uuid": "709255d3-dc1a-4b12-adb4-28be2921da6e", "comment": "Malware payload (Mirai)", "value": "74df6462ecef7a5873e8010daf6d7a418d920908159c06f24fc69994183233d2d4d5bb650e2023784f18a2be0e5f542c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508441, "uuid": "093ca668-13fd-4bde-807f-dc2ad93a51e7", "value": "T1FAB2CFCDA0543084CA8D7C7C178D4A664F6CA190BAED9B26E354CD98B3BEA4F385D078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508441, "uuid": "5e34e9ee-4ff9-417a-941e-77786be0b26b", "value": "768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpXZqSWvM:4QlS07FUXqIYSXQKqupqE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508441, "uuid": "32a8ab1d-8339-44fa-8939-a424445b1da2", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508441, "uuid": "5a7c2d90-ee69-4d64-a53f-76567ff04d28", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508441, "uuid": "70a2c0c6-c05d-4da0-9cb6-c3e6b0cc5256", "value": "eeca95480aa8b5f49ee20eafeafeabe2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac372256-6372-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696505466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505466, "uuid": "4cc51950-b20c-4398-9086-813c1b99a78f", "comment": "Malware payload (RedLineStealer)", "value": "544fe82652937dc5953b04b4ed4a7ef5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505466, "uuid": "5259ac2f-5709-46d4-8590-8f6fa0333d79", "comment": "Malware payload (RedLineStealer)", "value": "40a90e628cc075526434cf155a464239f8f6a6dc9157788dee5b5209943ab67f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505466, "uuid": "383bc990-8721-440f-976c-780f51937813", "comment": "Malware payload (RedLineStealer)", "value": "e7f4e6757f3506855c9719dca355c445e5229415", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505466, "uuid": "8dafd369-99c5-48f2-85ab-e8ce2ab67577", "comment": "Malware payload (RedLineStealer)", "value": "e866da09ba7c5ede6c23d63a3c01e52cc690ac5b1644da42ce94ae11822837d828ebc503baa14f76eece72837813e54f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505466, "uuid": "e0943873-7bc2-4eeb-96fa-48eb31da34e7", "value": "T1B9951C1172F91B59F5F30FB866BA6612487AFCA9CF15C6DF1254A08E0C21BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505466, "uuid": "cddc5cd1-36c0-4493-b883-eb6cb53b3a85", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505466, "uuid": "563005cb-7bd6-4ddf-b7e3-d5db00d1b5f2", "value": "24576:wWNAC8VWhOxtI9edEzFN6a9DhvhhWM1/:thOxtIvzP6a3v6e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696505466, "uuid": "4e89d226-2959-457d-b3c0-999c20154bae", "value": 1938944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696505466, "uuid": "f4d717d5-1fa6-4686-9d9d-93ea096390aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505466, "uuid": "c36b5d4e-ad6e-4bc5-9e80-061dc42410c9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b752642c-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498183, "uuid": "e3f7649b-9e38-4852-b476-e7c0ad9ae711", "comment": "Malware payload (AgentTesla)", "value": "d9f3d010cf85261c8af68426d21f7eba", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498183, "uuid": "c6316719-caa9-4c86-ba50-6c7c3cc7e057", "comment": "Malware payload (AgentTesla)", "value": "40d0a5c663f59b7454e4e8535918b57ccba56e5f445d02e384debb16b868ebce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498183, "uuid": "f73002ab-1e9d-4b3d-8d60-9052db38df02", "comment": "Malware payload (AgentTesla)", "value": "7ff2897893aa067301802971b34913ab536209a6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498183, "uuid": "a4285113-1b43-4482-9f28-fb81318387f0", "comment": "Malware payload (AgentTesla)", "value": "721d21bc90e647c1a12caddc3f510100bc0233740f9cbcec2140599125793a18081328d566847293c347e5307c53021a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498183, "uuid": "14397883-b361-403c-b90b-2acfec21f724", "value": "T1EEE4224132284B0BDB385AB288B558A54B719E936C51FBCC9CA435CF1DFAF849725F83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498183, "uuid": "ec83b199-ca79-4aec-964a-764fab44fe95", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498183, "uuid": "456bdb96-530d-44d6-95dd-3489d7b00aa3", "value": "12288:j8zS55mFzqng6/MxuxXtASmdj902C+vXprTJWJ217pv0761ep8RoYQfe1CIk:jf55qeTxXtAlOmtCE7ZkhEOfecI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498183, "uuid": "cb644886-920c-4fa2-8d5c-7c7aa5b7da1e", "value": 667648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498183, "uuid": "dfe351e4-3b24-4a20-9803-68564a3e4836", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498183, "uuid": "6f7e02bb-a5ed-4caa-b549-a2f3f649d353", "value": "MV YU FENG4 TRADER_ISO 8217 2005.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89f3d301-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696535043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535043, "uuid": "53a32264-c4c5-47d0-8812-7d64a44d3a7b", "comment": "Malware payload (RedLineStealer)", "value": "a130295b6d79f33a7f301786ffe93fc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535043, "uuid": "6911f182-8b56-4fc6-a580-deeef87f649a", "comment": "Malware payload (RedLineStealer)", "value": "4209260d00a90a1f2494b8612b904e13f512de074c39a5d2ed0bd376707a1140", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535043, "uuid": "7832a04c-6951-4fd1-a4e4-fc125b2e5db4", "comment": "Malware payload (RedLineStealer)", "value": "18efba898f61933f61d5a7640602241e465d3df7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535043, "uuid": "e71285bf-3de5-4a0b-baad-8cf013824fb7", "comment": "Malware payload (RedLineStealer)", "value": "60995103d59f583a36550b71f9fcc7db9a725c3367e87e9fc464693a29def88e87d52d131de0f36e2fc4ae9c140d8376", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535043, "uuid": "b76943d5-fd12-45d4-953f-b296c800603f", "value": "T1F2953391E7E850B2C4B513F4A9FA03D30632FD44AD3642AF3265295B1CB31D8EA7536B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535043, "uuid": "d7a2e979-71c6-4089-84e7-f076dd2796f2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535043, "uuid": "f969abe5-dabb-432c-b1b2-2ac3835e0ff0", "value": "24576:SyvJoUcAxBF7vijwnM9rEKz/2IvmYckXy/N6Y5BsPb31P2mrryNyWp5/ByG2H06O:56w3Ax9rhuu4DkPN9rrap5/466V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535043, "uuid": "05cdbcd3-146f-45bd-81cc-107358cc7a3b", "value": 1922560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535043, "uuid": "c789de05-f24a-4b07-aca7-507e49799fe8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535043, "uuid": "94e2f0e6-785a-4b32-9a30-80fe58639bda", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d026dc4f-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510680, "uuid": "a36bf2e1-8c2c-48a2-9fb5-e61c1bc350fe", "comment": "Malware payload", "value": "6de8297f6c4d4ad66db91d07b5da5bc7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510680, "uuid": "43d1eb4f-56c8-48a8-9dce-39428afd2624", "comment": "Malware payload", "value": "427acbfd26e679875370f30308edb23efd3143eceb11e9b19734e40ba8476ada", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510680, "uuid": "ec9ca570-bbb8-4349-be3f-1cca79c8ed16", "comment": "Malware payload", "value": "2758d3306a9f1b3f9ef544e3bf0e8fdb81f87cdd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510680, "uuid": "72f296a8-fc33-4ebf-a045-bef29341b44c", "comment": "Malware payload", "value": "ae5936a669203574334bfe7c858ee10516dd893d6eb467c2d217c75975898971835112dd1c974aaf778305c13bff6c8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510680, "uuid": "526da2d0-0a2a-41c5-a84f-9a84a44ec56a", "value": "T164D63A83F8D61498C8E9D3B488254262FA707C580B7973DB2B61BBB42F327E45E76750", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510680, "uuid": "e6606172-6585-484e-879a-4dbf0ac51edf", "value": "f0ea7b7844bbc5bfa9bb32efdcea957c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510680, "uuid": "fdf5cf51-0650-4598-acee-5b3b6daeb327", "value": "98304:r3OmE3HZqM94+mhsv0OF4kACc/kJSu3huZnEix4yjq:jiHZ0hGF4kLc/kYu3huZEg2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510680, "uuid": "58cbffd6-87b7-4c11-ba4b-1c955d259774", "value": 12894720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510680, "uuid": "98e7b45e-c4d7-4ff3-9194-86a9fee0acb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510680, "uuid": "c4cb3980-7d23-4110-a575-a0d6707ddd21", "value": "6de8297f6c4d4ad66db91d07b5da5bc7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34bab41b-639b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696522875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522875, "uuid": "f3622e99-5a21-4e2f-b320-b197dc2f847d", "comment": "Malware payload", "value": "18a0c820fcdbe26ffe2c8ed84f79a58e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522875, "uuid": "739b2b12-fb8a-41ba-a2e5-f2f914e0b2cb", "comment": "Malware payload", "value": "42d6a4edaa5f2ae253f52628a1f9426e54004d3d37e81de5404f64e0472c92cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522875, "uuid": "bda4c736-76ad-418b-af46-5cf74ca6ab60", "comment": "Malware payload", "value": "36cab0a2fff07c8f4e0414833a3a1ecdc7cd0aef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522875, "uuid": "cafd9ab6-318d-4b68-a2b8-af07c815fc64", "comment": "Malware payload", "value": "07bc1762d30cf720a6901b128007577c188dfe3ff70f6adcaf13775ad8f6c9f1f2f87962ff6ac859c9e0d01512af6dd2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522875, "uuid": "d36097d6-63d5-47b4-9157-179086363ddd", "value": "T1D4A4972A287A510DF661AD3C9BBCB172925EF7F216361CB70DF7044A11129F0CBAD627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522875, "uuid": "81029e36-1528-4195-9079-0cadbb7e1e89", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522875, "uuid": "7362bb43-1d92-49db-bdae-667938b315ba", "value": "3072:mKXhPtd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+1U8jG7QwF:mKXhBjkbNNhNHG+96+1U8m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522875, "uuid": "ab90d69b-e068-40bd-a32e-ed78b2abd16f", "value": 461824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522875, "uuid": "bb4375ec-12f9-4070-b513-401c46e76f7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522875, "uuid": "90ac9fa3-529a-43ab-b9ca-1604c71f9521", "value": "FACT_023.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c381ecc-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539664, "uuid": "0209ecaf-1aab-4a03-b163-80a7315b14a9", "comment": "Malware payload (Mirai)", "value": "bb62d92a854fbcabd816deb3625c608b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539664, "uuid": "515d0638-9495-4a78-a677-6b05c0e00367", "comment": "Malware payload (Mirai)", "value": "431b0b8111c87ff74a6c1b8bdcd0aca7eb5f352c2068fd68d56dbf70946caed4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539664, "uuid": "be8ab818-c8e3-405f-b22a-0892decc6674", "comment": "Malware payload (Mirai)", "value": "dc6241890dfd75b868974247f6ff926d614f03ab", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539664, "uuid": "81b7ccf2-402e-49db-b732-449785b16cf1", "comment": "Malware payload (Mirai)", "value": "a7a604a0aa3189dc56fbcabdab83fbce71a2fb31768027f7e91c63645b0b098c83d4e3eefbcd5103ce170178122df2ba", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539664, "uuid": "2c8b1d47-f2e3-48a8-9305-febb334a834d", "value": "T1B0E2F197D371A452DD782AF1F96A85CB6B7D0AACC57730B3160556282F5A0031E7C893", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539664, "uuid": "e024280b-ea9a-48b9-a0f8-752c30696f86", "value": "768:PoiWiO031vpAPbrVWZK3XVGxm9XZm9q3UEL5IE:Porm1vpALgUJZLLn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539664, "uuid": "93bc9499-a0a5-497e-85a7-530ca49d8c5a", "value": 33028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539664, "uuid": "0dd77465-3ad5-4721-a3b7-61b17df2544e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539664, "uuid": "66e40904-f946-482e-ab54-4da10dd439b1", "value": "bb62d92a854fbcabd816deb3625c608b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca66c81e-639e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696524414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524414, "uuid": "0be10e9d-e99d-4473-9b7a-13f69c4b30c8", "comment": "Malware payload", "value": "57d3eb665f1e9e6a19f278baabd49e7b", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524414, "uuid": "79808f69-86d4-4c12-a707-04999cf2b37e", "comment": "Malware payload", "value": "4380de3cba18880ef72d2bc73ec84ee6f9f27b55d635a81ab8d40d488f59303d", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524414, "uuid": "34d07b6b-30c7-432e-942f-bf1fa83f4284", "comment": "Malware payload", "value": "44566a9d716e6abd0304544dd88d245fea990882", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524414, "uuid": "9ebbde13-3d91-44fc-b4a5-8e616a241fde", "comment": "Malware payload", "value": "f963c517adadb1c9203316939020f85fe4896cae78022f080a2d405425bd065d99334771d56d5768d2835f351fe10c77", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524414, "uuid": "bd29e81e-bf11-49d4-83a2-eb99df19f5ba", "value": "T116B26B6D034FA8FC9673ACC88AD5AC53FB7587264A6CDAC49F30BEEA2410174A4F551C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524414, "uuid": "59ed0609-3b61-47fb-a79a-e33607266b7a", "value": "384:rO6BO5aa8mOFhyS1q5H8qxAt4VFhmqmfW9PW6vN1v35Zh5LaBY5E6bqBdOfF:4zS0kPWVN5LbtcOfF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696524414, "uuid": "265eb3a4-7689-4182-96f3-5985d759227a", "value": 23545, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696524414, "uuid": "a03ed8c2-7c5f-459b-ab01-d0019fa1b135", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524414, "uuid": "ee797dd3-4507-4773-bd10-6c642ba96c91", "value": "client_1.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "855fbb80-6386-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696513990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513990, "uuid": "7ce1fb74-9a83-4d9e-9ca2-a3fa8cf62b8c", "comment": "Malware payload (Smoke Loader)", "value": "739b3c4af25959f827db886f8e998086", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513990, "uuid": "0e0e468c-0419-49af-807f-cff047a6bca7", "comment": "Malware payload (Smoke Loader)", "value": "43d11ecc336a1f109ac2084558a1a46e0b98bf6ebde333d59d4348a38564363e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513990, "uuid": "2f14e7f9-462f-459a-89a5-41a775a80d4b", "comment": "Malware payload (Smoke Loader)", "value": "cf4a56894d216b855f66bbc88e360970be1cbe47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513990, "uuid": "abb123ee-8df8-44eb-886d-b783d51b3366", "comment": "Malware payload (Smoke Loader)", "value": "1fdca1a8057c598cc3545debd8d06b46a6080aea4db3d2a69af9214d31bd301d0bd9d6d45e84b3728dd41c45e28b62f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513990, "uuid": "cbb25b2c-065e-42d0-9732-2d4b4192e046", "value": "T19514D03179A1C072C44741744424CB60BABABC729BA8CAC773681BBE6FF43D1977A349", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513990, "uuid": "c2a41207-4040-48bd-8e36-2faefe85b6a0", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513990, "uuid": "ed825f74-58b1-4bdb-b4b4-d184473d0b69", "value": "3072:lmVtHfMyMR16nmtMq7jMKkWbl1kIwQSYLuoZXAX5I:kVtHhoQmt17jVsIHJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696513990, "uuid": "77649be3-7e23-4318-8f0f-44e22f5557c2", "value": 199168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696513990, "uuid": "5d0beda4-e18e-4768-ac37-2466662ae38d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513990, "uuid": "fe5b2055-8982-4ec3-b18a-1650aabfdac2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58bb75c0-6341-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696484280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696484280, "uuid": "1c169f9f-b8eb-425d-aa62-d27a969774ab", "comment": "Malware payload (Smoke Loader)", "value": "4a8bbabe2e1d533e3da0c69003a58ac5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696484280, "uuid": "0bdf7668-f81b-4e38-b602-ab828e5b8846", "comment": "Malware payload (Smoke Loader)", "value": "440d10f656b983b2fdb491de044f3b653094dc6c6e624ffdc8841faeab997515", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696484280, "uuid": "1610ef6e-1d9e-4449-8df1-ac8cb5ccc1a8", "comment": "Malware payload (Smoke Loader)", "value": "ad7e55773b84bb0d053f064d2cbd888de0c258e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696484280, "uuid": "b927dd89-6830-4ba0-b0db-5364351af4ea", "comment": "Malware payload (Smoke Loader)", "value": "9f8f71479ff46feafb246652497520dabadb3825cf511f525a4cb99bb04a4a49ddeb7c37e381675d60038d2063094ba5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696484280, "uuid": "9f696329-2feb-4e64-8edd-07d7db35dc96", "value": "T19E14CF21FAE3C072D6A786308534DA54AA7BB8335774854F335416FE6E306D28BA6337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696484280, "uuid": "0bc0e6a7-a677-4b81-b4e6-88605ff2211f", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696484280, "uuid": "1ba22651-10be-4f0a-a9f0-529ce67f9a42", "value": "3072:SRP5Nxl5KodH8x2/65GUoE8u/MkXFOagxagS5s/Vr:0NJKoNe2/CHoE8u/RXFObaIV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696484280, "uuid": "a7c7225c-ad5e-47a5-802d-48a7e26713a9", "value": 206848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696484280, "uuid": "fdccd716-3957-4560-b7a5-6e54a64934ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696484280, "uuid": "0263c150-6d18-478f-b8a2-a69d0ba56739", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33c311fe-633f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696483359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483359, "uuid": "ce39da17-01e5-4b6f-b78d-9111c92f1d89", "comment": "Malware payload (Tofsee)", "value": "0e912c89df4a4fce65d70506d0e7f233", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483359, "uuid": "1f0c3e5c-7eb7-42d7-8748-a93f50b5056f", "comment": "Malware payload (Tofsee)", "value": "45b199d7f3571172242647277be284df1a6fd3c4a01b084ec02bd9f661a8daf3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483359, "uuid": "ebb005c6-a866-453b-9fb8-221199298328", "comment": "Malware payload (Tofsee)", "value": "e437ddd952485dab4dde33373c8dfc1d2cc8370d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483359, "uuid": "4e8801fe-f1ba-4aea-a482-e5d19a246f40", "comment": "Malware payload (Tofsee)", "value": "3821f1725a014aafc921c06ff5a5aa053b871c7367064175813a4b39a0facc7c8e609f1a0d4ea7b44c6172964df291e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483359, "uuid": "85bb1f15-b407-4793-9f7b-7efb18501207", "value": "T18614CF2139F1C073D5B746348870D7507A7BBC726EB4899B3F541A2E6E302C28B6AF52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483359, "uuid": "21494ac3-abbe-4f58-b465-37526ff3d7c9", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483359, "uuid": "eb42a5c0-2900-4b45-be11-0cfa1524c1f8", "value": "3072:/RqPDovM85s6O/z0U6Xz8nTNKYwPV4spZRvolZgw5HX/Vr:KDXIjkoU64R8dTRQlFPV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696483359, "uuid": "e03f7c17-15ed-4b07-a1c3-2de2df727830", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696483359, "uuid": "c6d155b4-ae48-4d22-912c-33018b71bfb6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483359, "uuid": "3d51f821-7166-4496-b3ff-ee736278024d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fedf5d9-6399-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1696522061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522061, "uuid": "885db81c-8078-429c-aaaa-3bfd691d8d9c", "comment": "Malware payload (RemcosRAT)", "value": "eb5c869423632f5d3fe31cbbe85bfdbc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522061, "uuid": "0f6d7456-f3ca-40a0-96e4-ef8cb3fc24bb", "comment": "Malware payload (RemcosRAT)", "value": "46578af72eee4fa34a150d0f9409041fcdad17a061e77f1017640ef7373a6da6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522061, "uuid": "19f547b3-cd5b-4cea-8153-2f7e40615a44", "comment": "Malware payload (RemcosRAT)", "value": "0c8097ea26f0c6c5a5df007b8f0fe168ba0799d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522061, "uuid": "9e500f7a-3e91-4fe9-aa72-2cd0c4c1f175", "comment": "Malware payload (RemcosRAT)", "value": "a62a8bf9f82a8108c9334263c7cbae26aff7e33adb9358ffed65e49943fe3637a05580401bc4c5ea4d9cf228d4c36eb3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522061, "uuid": "6912e903-1ac0-4ee6-a942-496b5e5289ed", "value": "T1F13412641711E55AF0E0D0BCDA44E9F25AA97C202D8B6B1E07ECFE17F91B042E7CE156", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522061, "uuid": "020a6e03-71a3-4026-8d4a-a987caf332ce", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522061, "uuid": "d09b6b6f-1ddc-44cd-a2a8-8a900b8d0ef6", "value": "3072:tOSI2I7txG68nYrugMZJMfsciIpuKNtrUQlAK3qSjYPS+IAXb3Ixi5eFrgurIlNb:YvG68YrvM80ypnjAedo3qiGUY2ChzI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522061, "uuid": "daca2287-415a-42ea-89af-772651b3994c", "value": 238592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522061, "uuid": "cf3146dd-0d1a-4efc-acd9-22e8091c784e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522061, "uuid": "3b31f7f1-b31b-4bb9-b824-fd20b38813b0", "value": "bQxf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27566dc8-634a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1696488063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488063, "uuid": "94ed6b7f-db60-4fe2-a9dd-65cda115a2dc", "comment": "Malware payload (Cobalt Strike)", "value": "deeec9c9f04b67a2e6a55eff7cef8aef", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488063, "uuid": "1f1ac84d-2390-421d-8690-d8041e34ae91", "comment": "Malware payload (Cobalt Strike)", "value": "46725598f6c781f6fd178d6f1bce8c93bb21a6a27d6daebc9ff57878a1a301ad", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488063, "uuid": "ae2f3352-92d3-4735-9d91-33d44668a63c", "comment": "Malware payload (Cobalt Strike)", "value": "3640bf3d7b6ed87548a2d14d27262e8ef9010f94", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488063, "uuid": "1014c083-83f7-4bef-a97c-1eadbdba676b", "comment": "Malware payload (Cobalt Strike)", "value": "11a576f4941e554680b8d5b3e5be972dc476cab4e441d3e21e5479d32da82ee0b49b74989e71da39008a9b53b8d48c6e", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488063, "uuid": "37bb8598-013c-4d3c-8347-67ab7daf7c1a", "value": "T1D094CEC8CE4613A1E6925DB72CB5C6E9C5E07E8F6C308D7F9E3A4134A439B407AA51C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488063, "uuid": "81b03cb6-70d2-411a-9560-c214c1c5cb1f", "value": "80ab3e0063a1c634df181b0f077d7bd9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488063, "uuid": "8b1322ca-975f-4ddf-8f2f-4c807149fdd5", "value": "6144:pRhbr4sIHfKpjJ81ptjWxMNp6ig7Oyj5Rz66rPT/qMzoH/coVR:LN016ieejwt566bT/zoH/rVR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488063, "uuid": "9377db05-e2a0-49cc-a7fa-2920d40af1c7", "value": 408078, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488063, "uuid": "5151d3b3-b5f0-408a-bd95-b46b55fa16b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488063, "uuid": "9cd59b90-2658-4b79-a542-124b0da2a188", "value": "Oneninetree.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e7982e7-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496665, "uuid": "2b4d00a0-0b34-42ff-b1da-924567da3870", "comment": "Malware payload", "value": "a70f8a4508db3e2efc6e99dcd4c28a0d", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496665, "uuid": "ee17e6e7-ed04-44ce-8f4a-dab422cc3614", "comment": "Malware payload", "value": "4676d10538be8fe472991f13c06f7a3131856fdd16f4cdfeee86a46076159f2e", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496665, "uuid": "0b9ac493-5548-4898-a847-5e2d8952bae9", "comment": "Malware payload", "value": "be384db802b037fecf340ef306558c2628ea86b8", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496665, "uuid": "3dac4395-2ced-4d4a-b4f5-8e9394931ed9", "comment": "Malware payload", "value": "c50611b1ea1ea136574040742f9c3cc62d89a98500646a8e2fcd45b688f0e754a9a773d354fc47a0fdea00987e7ed33e", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496665, "uuid": "8c066fc4-18ca-4988-8742-a5a42558257d", "value": "T1BFD42378AE7C1F39BFC566758530A13B0676BCE03304DA1B2094F605B4B1E2C5AE6BC6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496665, "uuid": "d232135c-4aa4-45a6-bcce-182c39659b66", "value": "12288:y71O/xvDZkcu5VtSpCEYkGvFcYfMFtksN4C/yX4dfrZ7B3lwayagptGSE:yxO/5DZkcu5igEwvjfMFJFqXcjyrptGx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496665, "uuid": "cc5af80e-dfdf-4654-8e1d-ab4e5f51c11b", "value": 646963, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496665, "uuid": "55c02bd7-cd34-4304-9a66-93b929dd9e02", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496665, "uuid": "11e3be4a-78bd-4beb-bd90-53308e452f89", "value": "ORDEN DE COMPRA.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c4660a1-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696535289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535289, "uuid": "bd360bd5-548f-479a-b5d8-735d82cd5756", "comment": "Malware payload (RedLineStealer)", "value": "6208d485488d0d3e5be723f131dd4ba6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535289, "uuid": "6898f595-d271-43ce-a81d-ddd998b798de", "comment": "Malware payload (RedLineStealer)", "value": "46b9258bfef3d7bcff03b076ddc02ad29865406edf75bdc67d5fe7c70214c439", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535289, "uuid": "2ef61f45-d163-4737-bbd5-f54557f745ec", "comment": "Malware payload (RedLineStealer)", "value": "5d312cff4484400141570ce9993ff3ee2247efd9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535289, "uuid": "1e37f0b5-8a3c-4a82-9ca6-a61845f7e0e9", "comment": "Malware payload (RedLineStealer)", "value": "3d866dfad8a4e1afc9361bc1a9e4bda52cc62bac0a4de57a1afa5a9c633066d0c98e5f126d48e6ab6edf11329c283d47", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535289, "uuid": "c59addca-fde9-4b54-89c1-ba02efe5cbce", "value": "T11A75FA1176F95B59FAF34FB85ABAA611087AFC6ACF11C2DF1251904E0D21BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535289, "uuid": "7dd3f7c7-b263-4728-ad01-148e2cdbb651", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535289, "uuid": "3072e357-935a-419e-b48b-e089114af5e3", "value": "24576:6OxY5+whimILMd8VNT6gHBA2FQ6a9DhvhEitif:6uwhimILMdYZ6IAaQ6a3v2f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535289, "uuid": "6dc6835b-47e3-4259-8ef2-913e1ddc8fae", "value": 1692160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535289, "uuid": "9c109296-4e52-490c-a3c9-2b2bd7e6ecdd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535289, "uuid": "dd956977-003b-4574-8a90-392f819533f8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be70492d-631e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1696469419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469419, "uuid": "ce499b81-d1b9-49eb-a3e9-afbb4dc4a1fc", "comment": "Malware payload (AveMariaRAT)", "value": "ff347cfc7f5bc51e626366aa9099e2d1", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469419, "uuid": "f9dbcd7f-3803-400e-8852-927130fe059d", "comment": "Malware payload (AveMariaRAT)", "value": "4732c2a4e78e5f416cf1d7abf28c1991e45ac8706fbab576b84f0b72d0288d2f", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469419, "uuid": "875cc30d-4889-456e-8557-4581647ee253", "comment": "Malware payload (AveMariaRAT)", "value": "6f4e07dd2aa8abd8d4ff4856cb7f3d1dc3549740", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469419, "uuid": "8a59f293-0c8c-4ebc-8ae0-20ade9518fb3", "comment": "Malware payload (AveMariaRAT)", "value": "a66db3493ea6ec02febeeb2a1dd42a7cae3a3aacd03f907171f6e7352c7b85c91d5b788cff11559017348b68f6e145a8", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469419, "uuid": "6d8b2d9c-43a2-4f1d-8d6a-040802fa630f", "value": "T1945401787293C8ABDD621B301829C6B759A1BE1418AFCA07F7807BCE7DB5994950E343", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469419, "uuid": "6670327e-1c1b-493e-995d-aed46d13e0fa", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469419, "uuid": "c4866c75-b671-45f0-99ca-525cafc88799", "value": "6144:InPdudwD/cmeeEYgXrCxF+OUC2oODwgqazL8sMb2jBV+R4N0W+TO:InPdTb7EYKa+OUC2oODw0zLgbgeR1/O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696469419, "uuid": "d4454ec2-9d03-41c1-ace8-971dee02c612", "value": 300862, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696469419, "uuid": "bdc4d669-ce59-4292-adb4-0fc376b63741", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469419, "uuid": "8250702d-096c-4f36-90ff-5c4a4d79fc35", "value": "Order specification details & P.O.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ea2263a-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1696510785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510785, "uuid": "bacd5288-f3d8-4dce-9b34-d147b2cbc343", "comment": "Malware payload (RemcosRAT)", "value": "5dd0bedc7f6f9096ca5abf564a7901d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510785, "uuid": "bcd32dfb-553e-4fae-8933-a863bde1a6ba", "comment": "Malware payload (RemcosRAT)", "value": "483d7f7379d43c9fb3effb226cb58a443f48105bda3a9a6310a76729d7c1b3bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510785, "uuid": "12af5eb0-ad3e-42d7-8111-0086891db543", "comment": "Malware payload (RemcosRAT)", "value": "f170d704ec220a6ef1fe6f2c2f0f755909004c00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510785, "uuid": "d0d68769-7ebe-4cea-84f9-e610a799ab6a", "comment": "Malware payload (RemcosRAT)", "value": "662457ebcecfe24cfa028f88518473bff7eadce10f72ebde3a6efd29bd7ef0a0fecad1162e2fa615ae915fed55ad3237", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510785, "uuid": "dabbb2a8-683f-4255-a476-fcba9b42e71f", "value": "T12315126176ED8B39E97947FD0238A90407B2BD2B3939E64C9CC671CE0A26F454760F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510785, "uuid": "e3a02059-2dc5-473e-9f73-ce89b006a383", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510785, "uuid": "ee158755-5723-42ad-b98d-9c20451ffe3f", "value": "12288:4iM2/jjKqOW4hKAQc8MrmzwiysldDE0Igu95Pecpfj5hsLBpYCptgVkKnNAMYG:lLD40At88EysldD1Igu9xV5hyVtunNS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510785, "uuid": "ca377293-1e66-4d72-9766-d1ed96ea3d0c", "value": 941056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510785, "uuid": "3098d8c4-ed28-4ff5-920e-85d8547552c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510785, "uuid": "5a0e642e-00f2-4af9-b4c3-d6b86b1f26c4", "value": "10-15 - SO#9421 INV & PL 7245577630.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41d46d85-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539647, "uuid": "63ce462f-ac9f-4e12-b72e-755eaf3c8a54", "comment": "Malware payload (Mirai)", "value": "a68fdc610802fb86d3b9a5a93d4c058f", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539647, "uuid": "3bbee9ad-c47d-42e4-bbca-cad9b96f0f2d", "comment": "Malware payload (Mirai)", "value": "48c1f3696b6786d4f8bd67b05396dc1df60db0903043fe6ff523bdaf63365bb2", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539647, "uuid": "d9e663e8-0a29-4868-a3ea-15bbd27ab3bc", "comment": "Malware payload (Mirai)", "value": "87bb16fcde1f534753a2bdcd7d6488e2d63bf2ec", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539647, "uuid": "08ced286-8d37-46f6-aa76-1b3f0e7b66dc", "comment": "Malware payload (Mirai)", "value": "a3f737c80d61eb06982c4caa6f17b92f4414f7c788a8a1ae47163a24300daa6d32c1e04a09676b2f95bd8a3cf67de7b6", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539647, "uuid": "9e5afe8e-a854-4644-8571-5578b90798dd", "value": "T13ED2D1EB64BFF173C0757874706014C4FA383613E21D576F0CEAADA856B26D12B50D61", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539647, "uuid": "017d22fc-4440-478b-9471-d522e2960ae5", "value": "768:DYSoXdJZ5U05VxmHSSc+H2c+lPhpSx0s4:DYJdJZ5UQVH/+Ket4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539647, "uuid": "d4f5da86-1611-43e2-9406-4d52d1533348", "value": 29432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539647, "uuid": "2cd84ebc-9e71-44ec-85c7-6f2f2b786a96", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539647, "uuid": "e1011bda-3f6d-4b3b-b9ec-158e90e91d9e", "value": "a68fdc610802fb86d3b9a5a93d4c058f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7647ec14-6383-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1696512677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512677, "uuid": "882470f3-24e0-4095-a5e2-2407a347271a", "comment": "Malware payload (RaccoonStealer)", "value": "056f6e5a3129078871aa031a8dac8fbc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512677, "uuid": "a23162e7-36d4-4702-bca9-74a13b8961a2", "comment": "Malware payload (RaccoonStealer)", "value": "48fc296cd75daa6e3624119a759b81a2ac2e3eb640e04a38f4e7cbfbaaf9ceff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512677, "uuid": "4623f8ac-67fe-47c9-9e59-367df75a2b59", "comment": "Malware payload (RaccoonStealer)", "value": "2f51ddd9a47caf592beb6ddf4b52a091bb976095", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512677, "uuid": "47a91c5d-db8b-470e-8ff2-b70044282d99", "comment": "Malware payload (RaccoonStealer)", "value": "8dc9f67b8510db679cd65311f2710061388ecbc323cf21ea53a66b1e29418abd9a9efd5eae63aad06c4abafb82d8e725", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512677, "uuid": "355e1053-e502-44e9-ac63-6b185e895550", "value": "T1E1952397A6A84133E8B4273861F703531A797DA44C78C33B6794AC9ED9B1884F97133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512677, "uuid": "ba50cf2f-4128-4f0a-b074-5d94be89e037", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512677, "uuid": "1ebe2325-8f1d-45a1-9041-6bf98b21d923", "value": "49152:L41CRkrsH9qL+hOg++YyDamy+FTJe4iS2vrwCAos8sLJ:kMRusIoW+LDfyGJe4iS2vUCAosP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696512677, "uuid": "93670f89-4f3c-4907-847a-3161882f392e", "value": 1922560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696512677, "uuid": "6e9d2426-6b25-4397-a491-a33d11fb43c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512677, "uuid": "1563839f-6087-4548-a387-b4e06ebf5f86", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc08269a-6356-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696493574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493574, "uuid": "bf1d6f81-a30b-4312-9838-8342aee06075", "comment": "Malware payload (AgentTesla)", "value": "0f287672bd9ca787337fd696b987ae4f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493574, "uuid": "abf8a530-cf7b-431a-b8a2-f4b39daf40eb", "comment": "Malware payload (AgentTesla)", "value": "4a338a75360d288e6b4fa542b39f45900c33aa433f0cfa21b45079fe900a64e7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493574, "uuid": "b87907b8-ae87-4f2e-a01a-99d6e4f98896", "comment": "Malware payload (AgentTesla)", "value": "78cc793ea56e46b463c33cf85f1dc0072632f090", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493574, "uuid": "844af9b5-2555-48be-b8ce-fddc1ff8be72", "comment": "Malware payload (AgentTesla)", "value": "61589a0753470e9b4d787e25df301729cf2d7216f5f4a53ad96a9fb625eb1a8b914928ca8e36a06e719b1a8849eed8c1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493574, "uuid": "9852bc4e-215a-4e44-bf69-e3780128aeda", "value": "T1409423BFA514373AA3F3825052066DB8DD3410FAD1164854942E9D33FF46A6B872EBF2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493574, "uuid": "985e4b00-3bfa-4879-837b-1434b158e90c", "value": "12288:jCGDeJ1vwyl03uNxLmVTFSMXDxXfriiEZR:jC54yyC+V1Xfrq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493574, "uuid": "c0d3a247-26e6-4075-a033-c7bf3108f5b5", "value": 425950, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493574, "uuid": "fbd0bd68-1ea0-4476-9fb4-23e5a43e94e2", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493574, "uuid": "ed18a191-e715-48cc-b3d6-f6be1b47cc03", "value": "2023 Customer Information Export(1).doc.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5aa7433-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498180, "uuid": "6ed63cf2-3974-4b51-9e51-ea2686ddba82", "comment": "Malware payload (AgentTesla)", "value": "863329b23b220f6900b09370b57adf79", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498180, "uuid": "7aa92d0d-af39-4538-a3a2-a8a9a342df0c", "comment": "Malware payload (AgentTesla)", "value": "4a699a693c63228aebd3e0bc98d92fe2d8bb7ae487992e81cfee767f0b9ed1bf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498180, "uuid": "3745bba0-fcdf-459b-9790-e7f1835d7364", "comment": "Malware payload (AgentTesla)", "value": "b35abfe54f9dd5f20ef81a07484ed13e6bd72a1e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498180, "uuid": "98323015-c573-4e21-8956-ebdac191c69a", "comment": "Malware payload (AgentTesla)", "value": "7c99d0006e703848b376937874b3dcd5c2ea94cb9645ea672095b9ddfe1d73e5904d9b6f5122f0162f6a3f7d06e47a97", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498180, "uuid": "aa235d90-faa8-4d42-80c8-12f874292aef", "value": "T1A0351823BA5786E2E2483732D5B75C04B360DD82F32BD7AA788E33D519133A79E49507", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498180, "uuid": "962ffe5f-338e-4add-bb3b-d9b4f4cdc173", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498180, "uuid": "32106cdf-20bb-47fc-9a68-1e5ddd4211c1", "value": "24576:1uq97s3+UV7RoGfWNca9sq9sAiXdeZwItFeM6IOrJUx1B8TIrxAPznLMWtByjE:PJqb7RoGfWNc4sZPHJUx1OT+KLzgE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498180, "uuid": "c0c06f6b-e8d1-4e66-8d1b-404f69bd2f37", "value": 1151304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498180, "uuid": "472829c1-5564-48aa-901f-b80da9969f05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498180, "uuid": "024fa796-b72a-46f9-b52d-f2652f5e985b", "value": "IMG_Bookfdp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d011858-634b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1696488556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488556, "uuid": "c3eab952-98e1-434a-9b3d-2005ba6931fa", "comment": "Malware payload (AsyncRAT)", "value": "2902f7ba556f9db5f304640552c51284", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488556, "uuid": "8037ff6a-941e-4674-8e8c-908ad07861ce", "comment": "Malware payload (AsyncRAT)", "value": "4a72f887ce916e9eaef552c54fdcdc51dd610b3b5c92528956341281bdcbed82", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488556, "uuid": "49800b1b-0d4d-4d80-b3ec-21469985a082", "comment": "Malware payload (AsyncRAT)", "value": "4c97abbe544df31d5e61bd2f9ed29a93a5986d9f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488556, "uuid": "888b7e33-db9b-4574-9b1c-4164fd759124", "comment": "Malware payload (AsyncRAT)", "value": "4d6efcd1c72a5d52956ba5fd58eece0c698cf7baad16247a11119c596974bc7f9b6a726329e713f3d1f2637f1bcb7d3b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488556, "uuid": "cc1f287b-d1c1-414f-9202-115a8a0cf851", "value": "T1CD347B8C766072DFC867C8B6CAA82C68FA50747B571BC213A41716ED9E4D99BCF041F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488556, "uuid": "7fd5d2a5-5f99-4d6c-9606-19b0e7430fe2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488556, "uuid": "e9ae2aa6-a365-4253-b66f-fb43e1f5a2af", "value": "6144:Cui8IhDr4t3qeCwbiJxb+FIoK3ShRGrQWMtZXmxroXfgI:Cu/Or4tZWJwFasEMtZXmxroXf9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488556, "uuid": "feb4ec44-44d7-4db9-bf37-935a21c892bf", "value": 239616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488556, "uuid": "6616cb8f-0cbd-40ef-816b-aec51679d357", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488556, "uuid": "0e02a3e4-76ae-42f2-8dea-2794df4d7874", "value": "2902f7ba556f9db5f304640552c51284", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e92665f-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508449, "uuid": "44641d92-5bf2-4052-984c-e05a846f1cee", "comment": "Malware payload (Mirai)", "value": "3d8f7e495cd7ad2a781499e2a79c3af4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508449, "uuid": "ba829186-e923-46c2-8c20-af0e8e517d0c", "comment": "Malware payload (Mirai)", "value": "4aa7ec31a32c979f563894e0d97ff48426a3215dbef9988d7c147a1ef9759691", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508449, "uuid": "017dd209-f7f6-451d-8cf3-0cc0d1b74dd9", "comment": "Malware payload (Mirai)", "value": "db38269189fc9816989c7a6459bf09a0a22cc5e8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508449, "uuid": "aaeed0d2-bb82-40db-a414-8ff5c36589c3", "comment": "Malware payload (Mirai)", "value": "de55cfc2a4cf776bb891c502888853852ca306cd34326f9e9f0cf0a226aae3a79558fee613adb4c0e2c4c8d052165c7c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508449, "uuid": "ffc8481b-ea25-4112-b79e-697da52ef74b", "value": "T1AC336C36E029DED0C6560234A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508449, "uuid": "327ff640-1b1f-4091-af28-2c02002b15b9", "value": "768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508449, "uuid": "17e713e5-59dd-4174-b7fb-0c7a1f3f012e", "value": 50168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508449, "uuid": "c62c6fd0-00c6-438e-be6a-1ce522e9ec4b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508449, "uuid": "f9e340d7-8281-453f-8061-8c1176eb4a31", "value": "3d8f7e495cd7ad2a781499e2a79c3af4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ab8465a-63bc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696537219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537219, "uuid": "bd13bcdb-1755-431f-9bf2-43c1c70b65be", "comment": "Malware payload (LummaStealer)", "value": "1acd46d687256731538d47f105f984d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537219, "uuid": "d03dbd69-ed3d-443f-8a9c-a974f8fb96a6", "comment": "Malware payload (LummaStealer)", "value": "4b956b7f9addbca5bc0325710143086cea840a11f3bcac9264019094f0c6b754", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537219, "uuid": "8bda3dfe-750b-44a0-a7fd-2d78dee3b9ef", "comment": "Malware payload (LummaStealer)", "value": "038fb217d074809b8429f5109b536d9a8f8704aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537219, "uuid": "0e40721a-b933-45fe-a27f-c701ae7b024d", "comment": "Malware payload (LummaStealer)", "value": "65e51df5d27fdeece141111d39ca1cdcb2254c352f055cdd90a731d7b028e149b938ed89b4c6234c9a813419d9682184", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537219, "uuid": "c79f12d4-a300-4e34-bb2e-128d97c1830c", "value": "T1E6E5F1413F69C922D12E7A33D5F604194377F5D32606FB0B2ADA13E90E633EE4E8495A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537219, "uuid": "7c237341-ffe4-4105-86c8-5ffb73d0a890", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537219, "uuid": "b323a0ee-fb84-4981-ab33-1728caccdd13", "value": "49152:FHwIgD634qhiNzIwDWfJxckRltn5m1Q36/v3H:Jg6/wWwDmxckRn363H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696537219, "uuid": "6c5d8f5e-13ff-42d3-93ab-85339e4aeebb", "value": 3055624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696537219, "uuid": "056f4e4f-005d-46e6-a2cb-f7219910ce6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537219, "uuid": "dca8e636-6ad4-46f7-b25b-c0c640c3e9ab", "value": "1acd46d687256731538d47f105f984d3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86651f71-63b4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696533749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533749, "uuid": "c379ff2f-32c7-4693-8c22-6117d5026d68", "comment": "Malware payload (RedLineStealer)", "value": "169b6a20fea6f9c6e68eb87e4a07db0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533749, "uuid": "45e46b3c-4043-40de-a88e-b746567cd932", "comment": "Malware payload (RedLineStealer)", "value": "4beaa05abbc9c61649f59a90870cf295699f35a90c02b4059a220bb281ca4150", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533749, "uuid": "f42f7138-acec-40e3-a35d-812090dd0317", "comment": "Malware payload (RedLineStealer)", "value": "126fe5d3b39d0e1ae549edbc5e4b615db11454e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533749, "uuid": "d630e931-5a5f-4f24-9ca2-fc627c74902f", "comment": "Malware payload (RedLineStealer)", "value": "36529a1ce83cab724006c43375d0d61855fa95c8652a6c1fd6a38b51d459081cb070285e4a95cba63ab29dace26aeed2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533749, "uuid": "4f80c920-0f6f-494b-9f03-78d0aa90ba64", "value": "T178953317BFD48972E8552330A5F2A1A70730BC78567C970B2BA984961DF38D4A431FBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533749, "uuid": "01c8d651-01af-4b96-a8d0-b633d759b3f1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533749, "uuid": "f6f4d613-c586-4c86-b99d-a90f6e7173a4", "value": "49152:qFV8hLZda2Oxs537fOhRnjekVYZcsRCOpulN/H:MV8LZ/+98ZcsIOpOF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696533749, "uuid": "4a75cb50-e9ae-460e-8ba9-7882794a95d9", "value": 1924608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696533749, "uuid": "1c60357b-3324-4199-811a-ac6347e89c57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533749, "uuid": "65de6e85-1c30-4e26-adfa-a1a51e9e6aa5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6759accc-634f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696490318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490318, "uuid": "ba75abaf-1ec5-46b9-b942-43bfddf690dd", "comment": "Malware payload (Stealc)", "value": "c80f8e79173f9bcb244ca01504ae14d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490318, "uuid": "4ca2bf0a-a10e-4bf7-a6ef-771386983ddd", "comment": "Malware payload (Stealc)", "value": "4c2c29a4b42e587960cde9634fd11df2273262cc4be06e81dec7afe3695bdeb0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490318, "uuid": "a60ae3a9-7eca-438b-b6bb-2acbc8c5039b", "comment": "Malware payload (Stealc)", "value": "042bd5322f1c94df421a1745c289ca02bbad6c39", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490318, "uuid": "225099ff-38ee-46c1-8721-5ffb00ff73dd", "comment": "Malware payload (Stealc)", "value": "34f638f20c1a575efa36a31e8aab27188bdf71adebddf8aacd84c44381969341ef3ca1fda6cd25357ab00830cecbecb7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490318, "uuid": "6785163c-d283-4829-9a38-348d41d86cd3", "value": "T10614CF2139F1C032E6AB85318534DAA0BE3BBC22A7B5855F37541B7E5E306D28F66317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490318, "uuid": "e8c89bc1-374f-434a-bad1-3b9c0f545e30", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490318, "uuid": "b00f2802-81f6-4f37-8c0b-ab35456b310d", "value": "3072:eLkPlDAoe6hLA36vPbRzuIUQ7ExlmPyYg2AJd5DVJWVrw:4OlnTLA363oxlmPyJ2A5VEV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696490318, "uuid": "86b95d35-dcd4-4600-98fd-c71f90b89b17", "value": 206848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696490318, "uuid": "26fd975d-88ae-48ff-9867-44cb4938ad90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490318, "uuid": "1552ee36-3cf6-4bad-8b21-74e7ee8f695b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bab2c45-6351-11ee-a6f9-42010a9c0055", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1696491103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491103, "uuid": "4f44497b-968b-4e62-8c25-457f5b91b8bd", "comment": "Malware payload (YellowCockatoo)", "value": "0832b10f596eb1ad78853da3eabdf22b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491103, "uuid": "ec51d593-8769-4c91-956c-915f5295f511", "comment": "Malware payload (YellowCockatoo)", "value": "4cc525e4fe09c6d8d5beb8afb5a3c6525b5a04e6a3db107920189bb1d4814d3a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491103, "uuid": "f2d7471a-794d-4958-8cf9-1176a908723f", "comment": "Malware payload (YellowCockatoo)", "value": "03b3987759ed997509792b30e0aa3d9fb41f44c9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491103, "uuid": "1e972d5e-2d1a-49f7-a544-f21d8ea6adc8", "comment": "Malware payload (YellowCockatoo)", "value": "a2711b4a50e51444db37aecda3e5b9409891f2bcd35044f3d1f4c6c294d1612f8af85ae057435247b438a1d60e536b2e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491103, "uuid": "829b3cdb-44a7-48a9-9676-939b0cf1f774", "value": "T130F4CD143BA4CC509B6C16E8A8EB93174B2752A7DDEFFF1306A291701A2B86357513CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491103, "uuid": "2519877d-a2b0-458d-895c-7e9be440fb31", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491103, "uuid": "9bc74375-60c5-4b8f-a738-51f4789a6112", "value": "12288:qliujZ7oNEjB4IxMPhS5Y0siNIXLxDn94i:Wo3OmN54i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491103, "uuid": "7a926283-5f68-40d7-9754-0a4e0fa798a2", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491103, "uuid": "fd6a1789-925d-4ae6-a682-02ff90d82436", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491103, "uuid": "57cee47c-c512-4e12-8e1a-a7404d940f3a", "value": "jABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZWTSSZNCRMBYVOz.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "538b63d1-6351-11ee-a6f9-42010a9c0055", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1696491144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491144, "uuid": "1fb91672-27b9-447e-9f04-d45917a0d5c8", "comment": "Malware payload (YellowCockatoo)", "value": "6672c71316870f518ea0c06b67b30e5e", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491144, "uuid": "ef93d907-6fc5-40f4-9e98-9d08855d845a", "comment": "Malware payload (YellowCockatoo)", "value": "4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491144, "uuid": "20bd444a-40cf-411d-a5e8-8b13f7c1e697", "comment": "Malware payload (YellowCockatoo)", "value": "46345fdcb0002b3e752d20371f3f666447ee8a23", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491144, "uuid": "0994a3e7-1cd0-4f27-ad23-2d93beed19a3", "comment": "Malware payload (YellowCockatoo)", "value": "43aeafa8a2cb4f204873e068467e73a6bab3a46647e7d127586ca790d25c8e15c4837f199158f3e48efbfafaf8d93c85", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491144, "uuid": "d315f982-2475-4ddf-beae-698aeeee1e6c", "value": "T15206452E5C749892495B6CCC832E7EA75735F01BEE7A339D24A02C391CA93D516C27EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491144, "uuid": "6660c11d-a4e6-44c2-9032-080910d1cc13", "value": "49152:hzgUM3Ys8O1B9Us4nyf/UxpSAykJIGXRHPfUGd/k:hzg7YbO1B9UFOMxpRyXORHP8Gds", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491144, "uuid": "4ca202af-0592-4d46-8612-97556e91d14b", "value": 3954579, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491144, "uuid": "45a208e5-f856-483a-b4b7-c56e76fb2c51", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491144, "uuid": "a0765c42-259a-490d-bb7d-cda87b3f7952", "value": "installer-release.exe.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00e2f9f8-6357-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696493582, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493582, "uuid": "35971d63-7e0e-476c-b7a5-7eba00ffde74", "comment": "Malware payload (AgentTesla)", "value": "decf06be9f0c0eed2d93bf190ba4b99b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493582, "uuid": "f86ed24c-b125-47e5-99e6-d4844db8e6dd", "comment": "Malware payload (AgentTesla)", "value": "4d845e9e862b6cc61cf4909f4c16c2330483ba62d32c977c0080020a841bf3e1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493582, "uuid": "a5b45b5d-ce27-4f03-b4e6-80c20bd916ce", "comment": "Malware payload (AgentTesla)", "value": "e4aa992415440850a9e0a17b2038c066d952bf4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493582, "uuid": "120ea886-e0f7-47cb-a95a-917ca9d4bae4", "comment": "Malware payload (AgentTesla)", "value": "8f26b494b92a3290cf9780ef9038275b160b8bb9a1cf8dc9a692215521c5ceb483a4cbc9e9e7ddc712c8595a9beed5b7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493582, "uuid": "0ffbd860-8300-4944-85f8-f968a3b55d99", "value": "T1D2E4C51364ED9AB2DA35A33D02040CC4D2F56C7D46C9F51A2BB8AE7DD43D8914E2F92E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493582, "uuid": "1fe76c1e-77e8-42cb-8826-25bb9692af30", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493582, "uuid": "382377f4-cf0d-4392-b992-5ddd1eb957b5", "value": "12288:s44lO9ZVrJDoPAYzy8DjzzUl1XW9OSJLIF:s44lkl0N2kzzu1XW9OOMF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493582, "uuid": "f868c8dc-ab5c-4737-9bd9-cccfeb342f0c", "value": 707072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493582, "uuid": "6d111aab-2ad2-4fe4-afd1-11d27fb06487", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493582, "uuid": "3d1d3ee8-7399-4279-b14c-e2e0c23de3d6", "value": "2023 Customer Information Export(1).doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f956ea25-63d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1696547686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547686, "uuid": "cef42415-1714-439c-91fa-dc839b4a9445", "comment": "Malware payload (IRATA)", "value": "5a736b914a1119389bd94142c013ff5c", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547686, "uuid": "a263baa5-37fd-42f6-9bd7-a53f8f7d44db", "comment": "Malware payload (IRATA)", "value": "4e1196b694ec1391ed1874e10f30b2f909a05b9c76828089d2c2aeed5527b687", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547686, "uuid": "93231e42-4b49-46d5-ae33-5338bda25a4b", "comment": "Malware payload (IRATA)", "value": "1c97549e42ca224f86a51fe981fb154dea996f38", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696547686, "uuid": "99f74bcf-ef6b-4e94-89d8-ef400fdce402", "comment": "Malware payload (IRATA)", "value": "9d918c068c8c3d7cacdec0a0e67d0fde200fabc87f062fdfaf340f13df5e7c5e0d7683f287ed5d3756d7dfae98fe99dc", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547686, "uuid": "4ed075a9-008c-40b4-8b54-85495238f7d4", "value": "T120F5CED7F7E8692FC877507288AE52B1625B4D028E879F876C44371C287B6D81F49BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547686, "uuid": "642e7d8d-011d-424f-ad3f-94a53becc74f", "value": "49152:yY8Kaw8qBMCq3K+K/kd54gIg+zdZNjU9Apb3kxJMsdu0av9p+6FgLCrgs0dVY:WjwZQNK/aRIgsPNU9UkLMeu00gLCrgsV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696547686, "uuid": "10b513a3-ac03-4526-848c-df6f163d5d78", "value": 3641109, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696547686, "uuid": "47b059a6-0eec-4abc-ad5c-451b87f553a8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696547686, "uuid": "d0b6f096-3de6-4907-b37b-fc38f66f5abd", "value": "app-release.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9283dd9-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1696495260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495260, "uuid": "9ef913f0-26a8-4c35-8fff-f3fd5d953546", "comment": "Malware payload (RemcosRAT)", "value": "5e83807276b683c3fd2b2e8a882517f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495260, "uuid": "598e8d66-5e70-44bb-ba36-92310c5929d6", "comment": "Malware payload (RemcosRAT)", "value": "4eecb3d02825158bc36d86c8d75f37137a11576eb8fb9fec7e592648fd369f96", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495260, "uuid": "ba5cc5f8-2639-4e97-b067-fbd9a4bb176b", "comment": "Malware payload (RemcosRAT)", "value": "1cc90e3103e8c00edadfb674da777d6009a84a3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495260, "uuid": "feb41529-185b-4a64-88f1-bd807dfe88a8", "comment": "Malware payload (RemcosRAT)", "value": "ff6e7be845361e3ffd0145614e62cd7057921814447987c06cc02754848882bfabc2738bc6d389726123b3ce13dd192b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495260, "uuid": "fe3e34d4-1e2b-4a47-9b42-797b5f3caf7d", "value": "T10815122072A94F7AEC7A67F61270900017F6386FB936EA1C5DC6B1CF4526F424A60F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495260, "uuid": "1c19ac92-e11d-45d1-ae2a-26e834f4adb4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495260, "uuid": "c91f1b0b-5593-48ea-a506-6395eae7dcac", "value": "24576:tLvcqSWTYGtBbwUFL4hKT+iifAlqEpnO2R:tLZS3GfB4hKvOAlNpnh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495260, "uuid": "b9b10f83-0323-4c14-97b5-539167cc95e4", "value": 940544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495260, "uuid": "e3d929b5-837b-416e-b125-738ca3a88931", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495260, "uuid": "6e211d28-cc8b-481f-84ae-1fb010a047a3", "value": "especificaciones.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36040186-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696522447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522447, "uuid": "87ee67a7-110d-425a-8488-817224dfdf89", "comment": "Malware payload (AgentTesla)", "value": "57dc7b511637ca47f41a47aaaed31cd5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522447, "uuid": "4d4659d3-f8ad-4e6b-b0f8-ab959899a2a7", "comment": "Malware payload (AgentTesla)", "value": "4f73fe6e6ff093327306d6dccc38844c5aee07d008de3349a61c9b96259168c7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522447, "uuid": "6de159f9-f01f-49cf-aea4-4c28c5edf44f", "comment": "Malware payload (AgentTesla)", "value": "786518449b58ff4e3ae21b32a2bf76e486ff1910", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522447, "uuid": "b752dc26-1894-4033-8aa4-30b90920be3c", "comment": "Malware payload (AgentTesla)", "value": "52861dde0ccd04c28e888b51da8f75b9143c87d627763ca9e5b616784a051be2af2ed86b8a678f8e069dc194635574b4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522447, "uuid": "653faec8-460d-4a4a-9b7a-eb66d22729c6", "value": "T11E05126136EC8B72D4B953FD99B1508513B12D1BA624E14FECD571CA881EF2A0A80FF7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522447, "uuid": "e5988503-2d4d-4c69-9327-aac0e54496bf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522447, "uuid": "dde38fb9-5ada-4563-8573-014664d60cbe", "value": "12288:Sv/j5wGDzX3PN7eCwJNoXPPq3aqk24VxypJnhfQUK4I4ZjU09HSwoC/:SvL5v/9eJJWX9tjy7nhfa4I4ZPHSwr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522447, "uuid": "dfbf3d64-de01-4a50-94f7-49c3b2fced4b", "value": 857600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522447, "uuid": "8ad63a78-ef95-4ea9-b434-cc676bde24d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522447, "uuid": "d349a44c-db83-4674-bc98-d6fb5018b370", "value": "Remittance-Copy.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29c1f15d-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496657, "uuid": "3bb8a3d4-0620-4c6b-9721-91160f6c185f", "comment": "Malware payload", "value": "3f51df3c9c6f41af7f4a8a6f71ba2e3e", "object_relation": "md5", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496657, "uuid": "6f789bca-ca98-4fe2-9740-b6501de8d99b", "comment": "Malware payload", "value": "506c998caedc0ad9b9a0ed9ccee3aa45342116bae1983baf674da5d80bc2cde3", "object_relation": "sha256", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496657, "uuid": "369868a8-5c5d-4f67-b5ec-b54a36bab53d", "comment": "Malware payload", "value": "6dcee965371a9900e8b0a59582ee18cfc11991b4", "object_relation": "sha1", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496657, "uuid": "ba824249-2d43-444b-9a12-afab958cf269", "comment": "Malware payload", "value": "e393b877c0af258b79b43b03943ea8c56a522a5cb666564fcab55cf8d5d6686ee7262d99aa22039fa5a05a73ff1d2a2f", "object_relation": "sha3-384", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496657, "uuid": "2850b552-630c-4995-95a9-6761c051097f", "value": "T1ACE5338A3BAD200EF1C1367C18B70955323671C07A53BE3D9B35682D9BA6D67E35780B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496657, "uuid": "8d10f3f3-2c0a-486b-85ab-b1ad1308482f", "value": "49152:gAkEAX5GJz+a7xcShTtcb/YGZNQZPjkgKrTYrvALzQNu6PzQTT+fAn5trVoWEdm/:gAFAXSKmxcmIZSdjkrrkrvUr66T+4nPr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496657, "uuid": "71a95859-0fae-4a74-b549-c5a3669ce466", "value": 3101737, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496657, "uuid": "0b21ed76-b6d3-4f61-ad59-691d7c9df8a0", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496657, "uuid": "20a5ceb1-726d-440e-807f-74867b231cba", "value": "RealStats-2007 (2).xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf6a7980-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510249, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510249, "uuid": "ccec24e4-4757-4e85-98a5-a6ad4457c777", "comment": "Malware payload", "value": "95b3c12592ed7de85aeb86fe9c54e23a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510249, "uuid": "a5b7573b-f491-4602-8369-608c6d7317d0", "comment": "Malware payload", "value": "50a3d3508c4b826b4e36678dd91b374c339b0c57a89a31cd3e9f5a4441772dc0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510249, "uuid": "d3890f61-ac0c-470f-be50-c6504b66bda0", "comment": "Malware payload", "value": "4a6f7b46d077ad0e1dabea9f30efa95c52f79f3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510249, "uuid": "e4fade35-e9d5-4a1d-a149-d816a84d21c8", "comment": "Malware payload", "value": "0bc58466c1e8722d41bac8acbb0ad9674018ff1268fd19086da07714e69d694a1ed0cd471311663b95698e3dfa63a898", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510249, "uuid": "efc355b1-b60d-479f-be96-d9dc213a0089", "value": "T139F25B0837E58715D5FE6FF02872A106017AE8076823EB6E4CD4969B3F37B814A517EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510249, "uuid": "8cdebd12-46b2-4275-9a7d-1363347d5c0d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510249, "uuid": "3a4402f5-d611-429f-b24c-033635de15c1", "value": "768:tRmCfIsRkrkdeoQR/auzH9R1acc/FPr9lqO9h52ZL:tRmC8r+uL/EcKFz9lqO9yZL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510249, "uuid": "38501739-5e5d-4c85-9d58-1203fb6e6f08", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510249, "uuid": "b03db37b-11e1-4f64-b4fe-e5955092813d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510249, "uuid": "7d908dde-f1e2-4fb1-819f-984d2ca16ce0", "value": "Archevod_XWorm.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4238651-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696494715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494715, "uuid": "196c9477-296d-4955-a1e7-832edc4fbe60", "comment": "Malware payload (Formbook)", "value": "e85fb019f83cd04dfbf932bff85dc246", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494715, "uuid": "8ab84632-57fe-4980-a816-b90f4b3fdf79", "comment": "Malware payload (Formbook)", "value": "5203f675df07dacb329d3d380aeb2e19f9c4f4dfcbaffe7f00a95411502d5a1c", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494715, "uuid": "d44070c5-c54e-4bdf-a2d7-e49be68e5498", "comment": "Malware payload (Formbook)", "value": "01c5fb2fc908508f4c51c8a6da8d6a6f96e807bc", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494715, "uuid": "941a97fa-98a8-4154-b391-469c56757a14", "comment": "Malware payload (Formbook)", "value": "b1d0a759bde40c8a36f48ee599c4d22bb8af746159181d1bde2aa453240507213b3d45f06941fea345cfc032cf1d95ba", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494715, "uuid": "b57b6bc8-37d4-4758-a3df-b41d81189595", "value": "T17754239C16D830A137C990C99FBB1037A9026485D39B4AC3DD3F8F99EEA9E72607540F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494715, "uuid": "eb9556d6-81eb-4e8d-87ac-cb782bc3cda7", "value": "6144:G9C7HtToil+10FGhixMpit1Ho6k0wzHq9/CYArX/F2AF:G9ge10Ahixwivo6twzHq9/CYATdTF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494715, "uuid": "63cdeb92-3ae5-40de-aba2-720a398f2fc1", "value": 295525, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494715, "uuid": "a3237eb0-63a4-46d3-8e7b-f89a8acb109d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494715, "uuid": "e3e88ee1-b06f-4877-9aa0-6ce77e0a84c0", "value": "Payment USD 34,843.00.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02d9c7f1-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501746, "uuid": "76d5d01e-cd98-469c-bfc9-ed79519a82f7", "comment": "Malware payload (Mirai)", "value": "69b93a62fe1adb58942eac5bb959b68f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501746, "uuid": "da695b16-0d83-4833-a968-fca8021671be", "comment": "Malware payload (Mirai)", "value": "52574d4918343b64950b786e2bb4fb09b998a0e136919e295adca97097bb16fb", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501746, "uuid": "c2472098-dcec-43c3-b30e-805f9d44f188", "comment": "Malware payload (Mirai)", "value": "7741e6ee14d562807372d0cdbe46ad12e3a223b3", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501746, "uuid": "823d66e5-e0a7-44a6-a070-e699b16b76e2", "comment": "Malware payload (Mirai)", "value": "f00f074ac7b466f6806ae3c9a5d5c8cf9b57bfcc75869cc8a5cd1cd16547c75130babfe5640f38f5fb7effea7db18cae", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501746, "uuid": "87f1ecad-0aa2-4dd6-8da8-0ba2a3417232", "value": "T13EA37CC0F283D0F6E86709B12177EB368B32F1B51169EB42C7796A32DC91412DA1BB5D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501746, "uuid": "cf9c5e61-0dfc-4182-9060-bb3e824254f7", "value": "1536:kKkbbbBxLrO/OPXNmz1Ig3gNKv9AFiztUUlSRyvruRBQi:kKkXbBxPO2PXNmq7YiiRlMgu7Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501746, "uuid": "e378dcd6-1f42-44fb-8f2c-0a894e06a4a6", "value": 98664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501746, "uuid": "2358f1d5-1526-44f4-bbd0-60013adee209", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501746, "uuid": "b3060823-a899-4b30-ad0d-72d453fb9661", "value": "x86-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4820207b-6327-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696473086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473086, "uuid": "4c428bda-408e-496f-b8eb-b847bb27d1fe", "comment": "Malware payload (Formbook)", "value": "fad548a15140163e9be4f7c7f7a12725", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473086, "uuid": "2e1e0a17-de32-417d-a61b-3e98d36f247e", "comment": "Malware payload (Formbook)", "value": "52bbb87af8510bd3b008c070c27f022f14315f4d54f3b046b88fe2689e88c941", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473086, "uuid": "16399bd4-6245-41e5-9c7b-8dea52fce4eb", "comment": "Malware payload (Formbook)", "value": "a60d7e702d15eb428745bcefd0bbe440dd722c3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473086, "uuid": "0cac041e-959b-4c45-b71b-323c7dfd7c09", "comment": "Malware payload (Formbook)", "value": "ee6ab059b921fa8e5d860fda9f4bc53ea505854d0fa92cf7a1f42c0182d2e7a302808eda586b38de23511d13ff8079f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473086, "uuid": "b3c0b570-067a-45af-9330-c4859b7e5420", "value": "T18BF36B1136D18072D573023619F4EA615A7EFDB24FB29E5BB7C80A8E0B745C0AB35B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473086, "uuid": "4270ca6c-dc37-4e26-9fa6-619a3681e0a3", "value": "235f54a8f3fab3914ce05790a045f905", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473086, "uuid": "078cc44e-5f2e-472c-bd38-e83bb68acd29", "value": "3072:NSOQKf53nEwlkDRJdCs+0n3sK7AHTccd9jL:NOikfHDnaT99j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696473086, "uuid": "f176c824-a731-4282-b78f-272b9ec8f627", "value": 172032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696473086, "uuid": "9e6b4217-7e06-43ea-885b-d18d6820d917", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473086, "uuid": "804e5f62-61f6-4f40-81e6-b45c74fcf738", "value": "SecuriteInfo.com.Win32.AdwareX-gen.3322.13848", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4fdc555-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696507279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507279, "uuid": "97a883bc-8acf-4b9a-b720-76958b44ef14", "comment": "Malware payload (Formbook)", "value": "e9cd57d0ece266e18ee17313e83a2db4", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507279, "uuid": "1101b236-246f-4847-8b06-4d1ff8ddf8d9", "comment": "Malware payload (Formbook)", "value": "52c234e6afc377f318b30e5a3316c0aea7443eecdb50c6039c765519deb7f801", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507279, "uuid": "c836af58-b2f1-42ed-ae9c-f7ace3dec2fe", "comment": "Malware payload (Formbook)", "value": "f68ba7e434d929cedaedf6d401812948ee369b74", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507279, "uuid": "d31fbfef-e11e-4802-9dbe-6450bb2043be", "comment": "Malware payload (Formbook)", "value": "a024ef3d43ddacae9f761591d25632e2ddf81d33a0f433bf068cc90312ae87a262ae1464bd28ed656f6ea7893bdad70d", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507279, "uuid": "616daa58-56a7-4085-be47-f99bb0f109ba", "value": "T1ACD4239C5ED3AE7A446B384040B20C149A2C46AA25B5FD070E0E53DF6F6D4E277E17AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507279, "uuid": "1fdc4b16-f8dd-4181-b533-02326ab891d9", "value": "12288:VQutdSu/VYsKMWWe991swCgHcfIHwQv0ag4QbWw0f8upmZqW67Ne:WcdR9Mpx9YwCPAHwQv0x7VZa0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507279, "uuid": "08ca2331-d881-4fa7-8a25-62bc025de803", "value": 618386, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507279, "uuid": "07409a6f-ebd7-420c-b1e5-260314d73e4c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507279, "uuid": "c629e046-151f-4afa-a5f4-64f3f49839cb", "value": "Indirect Standard PO_6400456813_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "409aeaa9-63b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696534061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534061, "uuid": "07d4eb0b-18d4-48ba-b4fd-1a499776226b", "comment": "Malware payload", "value": "170aa66f5331dc87707f0d7a405a45f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534061, "uuid": "39381481-e621-4ab6-be45-9ad29e132fe6", "comment": "Malware payload", "value": "539e5470f3745740167fc0db04324c128470e822bddd7dfb7814dd27c60b1a03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534061, "uuid": "15577302-9e19-494f-b57a-3d093a12fe58", "comment": "Malware payload", "value": "5390a4d9e516c05bad7c86b3415c5fd53e0fb9c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696534061, "uuid": "9b73b733-213d-484b-9292-696c1b7b611b", "comment": "Malware payload", "value": "3f8b3c21f1fca6b1b038014db907da91dad816f4dee4d31b97a6a7d17bc3d4ca04516f05869e10e1cb912269d967abc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534061, "uuid": "2696ee98-bb14-4053-9475-b16e0f0ef884", "value": "T16114DF21F980D0B2C01790774425CA65FA6AB861F7A6458B375C7B7FAF303928B7B349", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534061, "uuid": "d006973c-f559-47df-9ef8-f7795946c587", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534061, "uuid": "2472df90-430b-4fba-b18d-08e9dbaf1155", "value": "3072:mN/si5hMdfxA468QwBxt3YNL6tROXsEvoOEQ045Z2UvSNH5ju:GsPfxJ6mBx+SRUvvoOEQ04xvSf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696534061, "uuid": "e2412b62-32c4-4e8c-9947-742ad0f6ab96", "value": 196096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696534061, "uuid": "4e3a31e5-2fa1-4ea9-8568-0ec20c61f0f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696534061, "uuid": "104b9f41-87ec-4240-af66-89ada0c70d74", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0caa37f-639b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696523083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523083, "uuid": "4123c6ce-5204-4ae1-900e-3e5a88681a2f", "comment": "Malware payload", "value": "b8d13a897a82db419e141f07ac61c60f", "object_relation": "md5", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523083, "uuid": "eb12bdfe-9219-46fd-a878-97e60676ba64", "comment": "Malware payload", "value": "53e70661204df5b827134353c6e977f509539aabe0e06c002bbaa87552f9ef21", "object_relation": "sha256", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523083, "uuid": "f5044a17-c83f-4754-8560-644ec4e902a5", "comment": "Malware payload", "value": "d177ceb333a3e99760950a4b101c933fb3ef35ea", "object_relation": "sha1", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523083, "uuid": "35fd5067-3dc6-4f63-a3e1-e81edd8cf8fa", "comment": "Malware payload", "value": "44167662b34ed26569f7f156f7fed8a5df036bd9b48b25238492b4d8cdb79be77d6b10f48acc0b2c13e714d6b64677c3", "object_relation": "sha3-384", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523083, "uuid": "4f7b0595-03ba-4436-9379-46d818fe9cf6", "value": "T17D4633175F2E9E3E8BAC612C24BF0F4F1BE9CE4480007AA953D6BC6B564EF553067168", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523083, "uuid": "12eb9dde-f034-444c-9f8e-fef74a4598ba", "value": "49152:vHoFXu989gdRkFS7lCpPktyIpEjqYczjQFa1iT4ea0AE6+axSz3rlq303ZM02QAW:6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696523083, "uuid": "52e86ca9-43fa-4779-9f27-c1f84b31a30d", "value": 5557107, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696523083, "uuid": "e314c31a-ed84-4dc3-8ade-94143667c905", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523083, "uuid": "0ffbaee2-1c66-4a30-bcef-3ca832e9a46f", "value": "RE_432-7784.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a08cd83-6351-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696491020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491020, "uuid": "b67835c4-a9a1-49c4-9008-f84bf6d9e308", "comment": "Malware payload (Formbook)", "value": "831696d6960a189eb4ed6bcdfeca346d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491020, "uuid": "44ef9709-4cf1-4073-a364-6d5b521dec86", "comment": "Malware payload (Formbook)", "value": "54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491020, "uuid": "9bc66ab4-ab05-4238-8927-f25b25449ad6", "comment": "Malware payload (Formbook)", "value": "257e8400d53ade3d12a35f946f008183a96fd8ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491020, "uuid": "1ae2a993-b8dc-408e-983b-901f102d96c1", "comment": "Malware payload (Formbook)", "value": "1dcf35bb35e784d47a1a1f24cac1d4dc0a64560bb5bdc007f627ed169db62ff880b4f37baf2df92bc6258491d5c1553d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491020, "uuid": "d5b3ba0a-61ab-4cf1-a3cf-837db1d9ea23", "value": "T167F36B1136D1C0B5D477023549E8DB615ABEFEB24FB24E5FB7C80A8E4B74180AB25B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491020, "uuid": "349d9240-295e-4494-98e8-a8406469c35b", "value": "235f54a8f3fab3914ce05790a045f905", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491020, "uuid": "b26b0420-862d-46e1-a811-22caf14f217c", "value": "1536:F9owhCmXQce3gi5MlsuPUuvAg3iHhDvr+6dMPW4DjMDVGWQs+yckU4Ss8jcdsPjO:F9DdQp3Gzqrd6sQs+0n3sPtAhr81cj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491020, "uuid": "3e4671dd-fb95-4cff-b7f6-709feae20085", "value": 169472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491020, "uuid": "1d7df8bf-f2f0-4b56-9d21-6efa5d2b5ca2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491020, "uuid": "24d9c80b-2564-474b-9279-3ac908c33dc0", "value": "SecuriteInfo.com.Win32.AdwareX-gen.25812.20358", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0277dc70-6319-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696466956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466956, "uuid": "73d8f657-a29d-4a2c-bd3a-b6bb9a2ed988", "comment": "Malware payload (Stealc)", "value": "108f64fe904c91b51067316c572931cb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466956, "uuid": "377b86bb-5e2f-49ef-a1ea-815154e694ef", "comment": "Malware payload (Stealc)", "value": "55df033fe62f9b849870c10e28db0432cb4287e278cfc80acc3d113a6887513d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466956, "uuid": "bc5aac2b-b9a8-4452-98b5-1e601a0374ce", "comment": "Malware payload (Stealc)", "value": "bc545c008063d7deaf0715368d96d904db78c668", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466956, "uuid": "2c255e5a-4ae0-4860-b38a-fd18e31d275c", "comment": "Malware payload (Stealc)", "value": "273d308069f243151d19bf1af8e8d837c97eeb2b9bcab06161f978cf5df0a6d5688c8c0d85bfa8d3c89f55f2bfe2838b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466956, "uuid": "fdb70cf6-7be0-47bd-afa0-6e5204da410e", "value": "T19044D0E03AB1C432DDA755358830DB947A7FF8726A60859F335427AF9E207D28B1B316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466956, "uuid": "49c09fba-496d-4941-bc78-8edd80e6128e", "value": "881c8bbf2c7a75bb8a09e79bbc8dfe29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466956, "uuid": "07e2ac71-acb4-4d23-9ee9-e14a6b0e3195", "value": "3072:VRmACtZyJtXMBmTEKneNIN2KPOKmgImzG2LAifDX6SKJB0ivcfEg//c851M/Vr:DCmJRM4ruI/hIDPiLKJBv5g/0HV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696466956, "uuid": "169bfb6f-3244-453a-a506-c7027f8e7cdf", "value": 269312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696466956, "uuid": "b8c0075a-9686-4e3f-b587-da56b5b761c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466956, "uuid": "07ca5402-40b3-4e76-ba81-bd5f14ea0625", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd7f2173-6372-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696505602, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505602, "uuid": "10086a3e-99b1-4bcf-ad04-e8ca12608322", "comment": "Malware payload (AgentTesla)", "value": "b080010f26154310dc09d7154d6a898c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505602, "uuid": "7e6cf0db-82e5-4953-9bea-b6897d173684", "comment": "Malware payload (AgentTesla)", "value": "55e61408253acb2043cd74cae28916dfef364ff8581ff4933e898d41826d5b4a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505602, "uuid": "7b8862b5-d438-43de-a193-b8c89aa41425", "comment": "Malware payload (AgentTesla)", "value": "52d255822e94001805993be67f863d29ea2a6241", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505602, "uuid": "32dcf10a-7c5e-41a1-a6d5-ec2765f6b2a4", "comment": "Malware payload (AgentTesla)", "value": "7661fe7720d51e4e6028eb0d68d94034bf7745c99467de3c53a91aba964e5797e42c9e1bd07a9a9af48e03954f9d618f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505602, "uuid": "fde7ee48-f7af-4ae8-bd3c-cdcda80fb5ff", "value": "T1E5C49D2575EF1E83F3A6F7BA83A06E45C67DF2F5295FBA1B200002A59413D91FB12934", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505602, "uuid": "624edcb0-7740-4eda-be8c-101159adb255", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505602, "uuid": "3fe3c357-e8af-4d21-83b9-175e2075595b", "value": "12288:LawpeOSvqfKeVyEcF5mrzCmlDCK9X5OinvXEDywfPsHk:LawpeOSvqShEMoSU39JhnvUDj8E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696505602, "uuid": "49f4463b-6d55-48cf-84a9-0ed84d463a0f", "value": 579584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696505602, "uuid": "81825df9-538f-4474-8ee2-824e19c7a9fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505602, "uuid": "07938b96-04a2-4f6d-9bf9-12274d780609", "value": "b080010f26154310dc09d7154d6a898c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae39a0e0-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498168, "uuid": "31fbc76e-a2a2-4b7d-ae8e-3e7c4823584e", "comment": "Malware payload (AgentTesla)", "value": "75581f0ab61769efc27e279c0cf1ebe7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498168, "uuid": "bee3dc4d-ebe6-4cfb-9699-8990e7fbe78b", "comment": "Malware payload (AgentTesla)", "value": "5658649d60ad2eb973e1c657001af54d8c1c927d0abada7a13b743a3c90ee6d9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498168, "uuid": "bd7cdb35-f7ad-45c5-a54d-b55aede78186", "comment": "Malware payload (AgentTesla)", "value": "3d9c9d281df3cf8666828bdfa87a82297b8cf475", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498168, "uuid": "f1b734c4-85d6-4910-8562-29430a5772e7", "comment": "Malware payload (AgentTesla)", "value": "e2896ea41a3f2bef3dc1c1e32ec1eb652f88cd535a7dcef37fa9dc3f654ec19ff2c15e9e784fac14bc852b35daf164da", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498168, "uuid": "6bccecaa-6357-4c29-941b-0da9dd5be755", "value": "T1560526077ABEC5D2F19DBEB68056174156B08C42663AE70BD80F7EE4D873303EA492D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498168, "uuid": "42fd95f5-d076-4c95-bb20-1f6a0de9a5c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498168, "uuid": "1626ed8f-8597-49d7-90ac-01340e2aadc2", "value": "12288:cOZwvkZUoqDK5vFY6bZ0bE2Pm29Ldm4R0DXzIyMif/XttiYe/HR:EkZUoczbTRNKXIyMI/Xnhe/HR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498168, "uuid": "39b5589e-e8ba-4387-bbad-d9eb16158a15", "value": 824136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498168, "uuid": "dda85894-5223-4a00-982c-359d2e0aba73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498168, "uuid": "733354d3-1c43-4c61-8fe3-b8a1eb7918e0", "value": "IMG_026_7990xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34ada8ce-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1696491521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491521, "uuid": "fc8b1779-3306-4b26-80f0-f017eefed5da", "comment": "Malware payload (CoinMiner)", "value": "7ab7f16d648c579f0d5e50c938725989", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491521, "uuid": "58f81461-7169-4724-aa1c-ad5e4095e754", "comment": "Malware payload (CoinMiner)", "value": "5690f5208387bba02ca4f4954d9d479c57ca556d553795d813603a2b1f83121b", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491521, "uuid": "21325be9-477d-4dbb-a638-5499c82659de", "comment": "Malware payload (CoinMiner)", "value": "3937397b98454316e2cf822f9583962c4c72bbfd", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491521, "uuid": "0a53652f-437b-481e-8b9d-6a384f9dd656", "comment": "Malware payload (CoinMiner)", "value": "2d1082eaf7c2a490da4eb64ee8a545a972ca0afe0bc99e53d408bad49daf671ab96ef3e35fc95ca83ec0e7e052c60c46", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491521, "uuid": "67078460-3f72-4348-ab4e-fbd8796111bc", "value": "T13B97BFEDBF6443C4EB5F7D95B40C1C429825FA7B8EFE68943047C06A3AA1CA282CD557", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491521, "uuid": "1976a8ea-1042-46d9-9d89-f3941f521125", "value": "0fdd3d21d2193b717f076a70dfaa659c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491521, "uuid": "382502dd-c272-4780-b22a-7b3715495fbe", "value": "393216:cUx789z4nFfdIB0UUAX2ig1qJqSQC/F+pgSMGdCMiidswwrVyHdMk4+8CdKYTvv6:cUp80g8qJqSrVyHdv55HAKAD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491521, "uuid": "a5fb6c75-188b-4ef2-a891-e3de44c3e2a3", "value": 42011136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491521, "uuid": "1a44df8d-c8b1-4b77-b925-3026498b105a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491521, "uuid": "bfcdb0e1-5c62-44c8-9fb8-9d44c9c405f2", "value": "7ab7f16d648c579f0d5e50c938725989", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a22ee3f4-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491705, "uuid": "4bf84985-62e9-4dd8-8a0d-87ab8c05ff5b", "comment": "Malware payload (Mirai)", "value": "4192672133f0b77fd6d3e92629b2ed99", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491705, "uuid": "3536a812-6056-495f-91ce-73d9ec3a41fe", "comment": "Malware payload (Mirai)", "value": "569f352f0a6467e16b81e0541b4cfed72ce9f56a61f1b2206bf1e352b0d16c46", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491705, "uuid": "465b9326-6798-415d-8e92-9b85bae3c87b", "comment": "Malware payload (Mirai)", "value": "6fb208b0752933f232d5995f2f512a85c0aad479", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491705, "uuid": "1953ccae-5200-4bb6-83b7-f80829143ddf", "comment": "Malware payload (Mirai)", "value": "2484654701dc7eaf8b0951e5d8a2dd2db1661010691f61b1375791992e7a5f47b21eaa68ba6b454164434f99e7db8ca5", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491705, "uuid": "85c0a718-778e-49f0-b4d6-fd69e6c50bfe", "value": "T19E334B87BA23DE76DD0710F192FB87318931F83E2862D9C2DB64FC709A51AD0A54676C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491705, "uuid": "e6b1b681-8cf6-4fb5-bda2-f1889d42d191", "value": "768:tJv94NsSG9J1DdUNVch/UOidSS1cmNK5FWGOVl8GChvIr:eNsSG9locUOit1cmsfYChv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491705, "uuid": "e0630404-b301-4db3-b035-ebca32edcf9b", "value": 54372, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491705, "uuid": "103f14ff-9035-4be0-8181-978d6e006c08", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491705, "uuid": "876f062f-99b4-410b-a307-5a15a072d9eb", "value": "4192672133f0b77fd6d3e92629b2ed99", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5f8a7f0-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stop)", "timestamp": 1696494852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494852, "uuid": "2dd8d378-3382-4461-8234-82621fd909b9", "comment": "Malware payload (Stop)", "value": "85f9c13d7c56f39ddea1c2b81159d074", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494852, "uuid": "aab754e5-9ed4-4c05-89b4-9b00cc701dc7", "comment": "Malware payload (Stop)", "value": "572c06dd71a1e949f43dd9c552afef2f532ac20771b065fb78fe21cb9d1704a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494852, "uuid": "322172b6-82f9-45eb-8b3e-a7e752223e67", "comment": "Malware payload (Stop)", "value": "bdbc04ed068a08cb2eddbce899e7e0921d10c49f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494852, "uuid": "9ac85e85-d980-4a0e-83c8-baf0335b1e41", "comment": "Malware payload (Stop)", "value": "5c5b38bc06bdbf6a70ebf49e3fc476c9094007bbaa38ae1f302c467e6e4350f59ef45576e6c10a432a65bef871577b1d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494852, "uuid": "8873ecbc-ac2a-4b99-8ac4-42be0dff06a2", "value": "T103F412117AB4C0B2DAB316BA8530D6407E7F79B3B536CD0B575C0A7E5E723C0AA96302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494852, "uuid": "32908da4-b639-4c01-a13c-b6afcaae66c8", "value": "ce62d6c99a2ee08049f067650fad119c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494852, "uuid": "d0cb8cdd-9231-4c3e-b094-d158166eb9ba", "value": "12288:aOCu6ykBorlFIl3JQXcnDc6tgV7mYNQnR7pa0rB3d4RWJHGP:aOCpVKrl+ZJuc9zYNQa0B32Ws", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494852, "uuid": "fd4f9c32-6bc3-4b70-9601-67b41bf6550b", "value": 725504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494852, "uuid": "89405cd5-cb3c-4bb2-bf39-6e956eaca68f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494852, "uuid": "7e824918-6141-4524-8849-c3ed809fb8c0", "value": "85f9c13d7c56f39ddea1c2b81159d074.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52519d47-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510039, "uuid": "d6b1dfdb-0e36-43d4-aac9-e98daf6ba937", "comment": "Malware payload", "value": "7dd35249069ad19f6d9d27c0662f4b16", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510039, "uuid": "b1cce662-55b5-4567-8355-9134a79a05cd", "comment": "Malware payload", "value": "581679ff0666cea0e67c9674107d63444230645a563d5a6265d175d3a409219c", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510039, "uuid": "6c41aeba-0e30-4c0b-8396-c0a206002c0f", "comment": "Malware payload", "value": "e059bb7b0e6082645c5d9341190febce615c868e", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510039, "uuid": "9b8c1c00-ee06-467d-b7e5-a82a0637c26c", "comment": "Malware payload", "value": "5183e9a2badda170b2e8a1c76c1761e32d103e4b7cceba905cd6be3af58aa2a9c2a5ea1d702d2bb91f3be2b9bbc8c564", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510039, "uuid": "b184bd24-a283-4f23-aca0-660a8eb199d6", "value": "T1F221AF5A49675733F6B04271E5E16001D6762E86FA545F5908DC03450C59382B4E2F3F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510039, "uuid": "96dca8d3-e2d4-49dd-a31e-a0f93efc4cad", "value": "24:834bLPgwv0j0QdKAya8SYBqQdQDyTWab/E0PKmy:834bEwv0Io5b8SYBqoLWabNPKp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510039, "uuid": "97ed6c90-70a4-4a1a-af8a-31a4724d8a3d", "value": 1171, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510039, "uuid": "cc8ee5c4-827e-4aed-b577-761c1457d8e1", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510039, "uuid": "ffcd7216-da9a-413c-8ed2-9810f8deecb6", "value": "824__ionSubmission_Form_ru_okkkkk.LNK", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10ddf77a-6388-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696514654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514654, "uuid": "effe04d7-5a91-4c97-b222-7347a55d33a1", "comment": "Malware payload", "value": "5c6683a06936a39749d7e6bcdf4b87a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514654, "uuid": "094febf8-a1da-47bf-837c-998ce6c6c0d1", "comment": "Malware payload", "value": "581b33f09c35d6df564be5836b7346a7adc7099c89e3dc7526c30aa8f0469e6a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514654, "uuid": "45e735a2-4d90-4e13-9c2c-ef5b09cd09f5", "comment": "Malware payload", "value": "ee6bcde3f1f045f0d3575de986a25d02eabca68d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514654, "uuid": "6b2b4591-7dc8-4f62-86b5-06e64ec5338c", "comment": "Malware payload", "value": "16bbb5b21c88fccb171a61c44ec11fd98f9be31c0c802e0a17b7ac96e08af59e703d6ee770f74e9595f12789010f7b60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514654, "uuid": "81146825-81aa-42ea-85bc-092cd10348f1", "value": "T10014C0203AB0C072C50751758421CA74BAFFBC224BE5898B77981B7F6E346D1977B39A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514654, "uuid": "76ba8a6c-d5ed-4ed4-9ac4-ec44ac98e0bf", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514654, "uuid": "fbd9810e-054a-4153-b8b1-597554331944", "value": "3072:VUtu541Efd3mNsgTdd80wrQqH98Who5l:Wtu5pfd3maIGy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696514654, "uuid": "1f198087-1b95-458d-9c3b-a0c109806f74", "value": 199680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696514654, "uuid": "e33613a1-8ea4-43fe-bb01-82c79719b218", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514654, "uuid": "a3807f7f-cdae-453a-a1e2-8542abfd66c9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78eff52b-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696499796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499796, "uuid": "86160ce2-2ac5-4dca-a5ca-52793d01b52f", "comment": "Malware payload (AgentTesla)", "value": "c4e36ba849d98969b1725b8854988750", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499796, "uuid": "73c35243-1515-4fe3-963c-490fdfd86661", "comment": "Malware payload (AgentTesla)", "value": "583eb071017d6c29cc14420706bdffcd0a5863e9f49cbd739bcc47567aaa719f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499796, "uuid": "1fbb70cf-d88e-4ce0-a139-3c3fa4fd7162", "comment": "Malware payload (AgentTesla)", "value": "ca715af0b8417100f7fb0b5147b49f3a4e2175ec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499796, "uuid": "64023eba-ba5c-42d9-a8bf-f444251c6a9c", "comment": "Malware payload (AgentTesla)", "value": "de6417e54a6f90e09d9d11913d128cc5edf0dcc129d150f494fe5fa1d4f92e1c92db69621037112d60ecd76746d820f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499796, "uuid": "97554b9d-cb8c-4c50-9498-4133fc5eec48", "value": "T18B442339BC224FD15CE622AAECA3A3E1115D8DE291E71B50256B36B753EC03747C49CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499796, "uuid": "323bb2d8-2986-47d6-bb3b-98e4d4e4646f", "value": "6144:q/qSVoUQ1Y3TWzp4fJ5uJMKdxrs957VDp2ubXpJIr+WM+MhRN:qybUQe3TW1ZyKd457VDp24mlMbN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499796, "uuid": "bd8ecfd6-9e34-439e-bd0d-fb090291021a", "value": 269967, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499796, "uuid": "2d952494-1a23-4086-8642-431f6e3fd3e9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499796, "uuid": "e5798db2-10fa-4167-84de-65ac97d0b409", "value": "Purchase Order.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36ad9168-63ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696544782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696544782, "uuid": "5632a985-8ba3-46ae-8c89-06f77e90b12b", "comment": "Malware payload (RedLineStealer)", "value": "188a582b1ea400040dc2edad8e32b048", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696544782, "uuid": "1deaf9b5-5af1-4881-9da1-d5d3eacd88d6", "comment": "Malware payload (RedLineStealer)", "value": "58448c417657e36527847d43cb0adc5e910b8e5211cbf8b3fc35c52b59332c53", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696544782, "uuid": "e29a3cde-0715-46b5-ae56-2795aae32367", "comment": "Malware payload (RedLineStealer)", "value": "eb13fd662dba5d36a26007dc10ef2d3d9143e7e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696544782, "uuid": "e7c465b7-6aa9-4f3e-9b9c-320a4c70a54f", "comment": "Malware payload (RedLineStealer)", "value": "ac72e11a97ef6834309d87b758dd29cd30cf2f26cff781b705067a1e0e796cf84fa80581e2d600883ddb1ba86135f05b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696544782, "uuid": "18d99b3c-d4fe-42bb-a7f0-d4204fbd886e", "value": "T1AD95234A3AC9C172C9F9A7F048F70FC30A35BEF17878855E67126C4D5DA2650A93633A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696544782, "uuid": "94996a7e-60f7-4711-b7b4-f277a0c09d7f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696544782, "uuid": "b6005fdd-13e9-4e3a-922e-137cd2103985", "value": "49152:Fa7A5z3Cj4+mj1VjseHeebn71HJseoWlfRDx8mX92xoX:cy+WpfD1puSDxn92o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696544782, "uuid": "2725ffd8-ab85-4433-9f54-272fa5c6d615", "value": 1924608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696544782, "uuid": "95705960-dd22-4351-9ecd-f1d6bc8a77de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696544782, "uuid": "dbeafcac-0717-42a8-a927-15869790aba7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11155b38-6367-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MarsStealer)", "timestamp": 1696500481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500481, "uuid": "d51ecfc2-01b6-4ebb-ab10-6d4816c5e146", "comment": "Malware payload (MarsStealer)", "value": "99f8b0a8ece03322a63d62c9efe5635a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500481, "uuid": "243bd8bd-d3e2-4d37-a854-04230b55cf9e", "comment": "Malware payload (MarsStealer)", "value": "5949d22b778e3da3407291c13811dace35877d71cd31c8a921c855969aa3f272", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500481, "uuid": "2475b10b-7061-49f2-acb1-86404a8fe8be", "comment": "Malware payload (MarsStealer)", "value": "1709b3d145a020478d9fb755878a0f531f5737ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500481, "uuid": "a3ece804-7a66-479c-84a3-4f716d534b98", "comment": "Malware payload (MarsStealer)", "value": "a0f708f113b2aa96cb44b6281e365574d766e621c4caf4b415e1964d3300eaa5bab00e59fad930847c9f611c90f139da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500481, "uuid": "1d26e16c-dc82-4109-8d23-551b0b4f46cc", "value": "T16B24CF21F6F2C0B2D6B359799830DB902EBFB877A774858B2718166E5F203D09E56313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500481, "uuid": "74be4ba4-d505-4f33-9ade-c7b2d55b65eb", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500481, "uuid": "8fa998bf-3851-4188-a1fc-45f444a70ecf", "value": "3072:WwXzV2fAu9BE/1nNaaBaspx9dvrjFEq5/pqkZOX5Nht87hP9:jUX9W/1nNnF3DyqpbZCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696500481, "uuid": "b96dd60c-e35b-4160-886e-97a0f9b96a92", "value": 222720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696500481, "uuid": "c2b19049-b0db-44ec-8149-b6d8ea75e985", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500481, "uuid": "cc055ce1-76d1-4da5-9668-50780933d43b", "value": "99f8b0a8ece03322a63d62c9efe5635a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61e45fb9-6339-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696480860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480860, "uuid": "d9b21403-2f99-4218-a8de-7e0bb96ecbad", "comment": "Malware payload (AgentTesla)", "value": "ae5c25d80385052f95b1dd47104efa41", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480860, "uuid": "fb4e1614-b297-40c7-a046-ffd8b1561fd3", "comment": "Malware payload (AgentTesla)", "value": "599e180ec9f7e3eec2a03cff1b28e577be2dd044588b8b3877478caedcf52450", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480860, "uuid": "202a2654-9145-4be2-a2ea-07d06104f3e9", "comment": "Malware payload (AgentTesla)", "value": "d02f0eff9348f4aeb500d6b09dbd391c68798fba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696480860, "uuid": "690fd7da-34a9-44a2-b767-b1ec44f40711", "comment": "Malware payload (AgentTesla)", "value": "7996dd56e3724699f1be27de4d82cd4df1078e0e7b4123552be767e84e709cacd404219d2314c5ea263209eb28fdd9ef", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480860, "uuid": "db0c11d1-ee1b-47e8-be51-3d5f56f35ae0", "value": "T120A423DBE1BD130C72DB9C8CDE7E9329490494B61AE81A07FA84CFF3525175E12A0B5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480860, "uuid": "c575814e-2cc0-42af-9adb-38fe1db29199", "value": "12288:nnBHvboZUc/W9o0/F+GHlAZtPUh2Q5F4IF7PhmgcrNhi5Pa:BHvn7PsuCtMVb4YRY+Za", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696480860, "uuid": "d1aab2e3-e75c-4552-934b-3dccffca13a0", "value": 486654, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696480860, "uuid": "c28c4b32-04f0-4b1e-b5cb-6280ad0324c2", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696480860, "uuid": "10ca7429-acf5-472d-8f4d-b5f39ed7b9b9", "value": "nuovo ordine_OCT7FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "809dbe31-6366-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696500239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500239, "uuid": "34eece62-b3ab-43dc-b78f-eb0a22404ac7", "comment": "Malware payload (Stealc)", "value": "d0c643260dd1864c243f6f2ff1579ce6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500239, "uuid": "60a76c79-9b3f-4c17-8705-c97e9f74717e", "comment": "Malware payload (Stealc)", "value": "5a0f70593f14df6acea40f144b83b296e91b89e41f8f0037edfa091b51d1ba99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500239, "uuid": "22d4ad1a-dd1c-4bed-8e3c-5ac7270355c3", "comment": "Malware payload (Stealc)", "value": "0c3c5edff1ab6ca826b3025fcafcafe8b7c92268", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500239, "uuid": "555fb5f1-9933-42f3-bdfb-6d5ef23c8dc9", "comment": "Malware payload (Stealc)", "value": "a011d0b837018dae9df37bc98f812773b14efd5e0005c4a12e4f1775e63f7f8bb195e46f35fd57f0715db7e0a1987818", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500239, "uuid": "b1fde036-6807-411c-8f9c-1093bf69e8ba", "value": "T13814D02139A0C072C40B4135C424FAB4AA29F8F297A7CA877B141B7F6EF17D1976B359", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500239, "uuid": "cf678e77-1769-4e2e-b541-17379a73d084", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500239, "uuid": "7dab944b-4c2a-4fca-88f7-e4b2c9a26e22", "value": "3072:GDEEs3OrnbF67Nc+eeCBB374nDAIVy3ZQd9ZumC61Ib3gKM75oqvT0:+EEs+nh67Nc+bOL/IVySduhrio", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696500239, "uuid": "382c28a0-bd5f-4192-8eda-94bbd2955ecd", "value": 200192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696500239, "uuid": "6afcb9bb-a6ab-4a87-9f5f-53108dcb7dc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500239, "uuid": "850a0308-67f0-4c11-8810-efe35aef5bf3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab93b25e-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498163, "uuid": "9cf7ca10-d7e7-4d45-8e8d-4ff19c10986d", "comment": "Malware payload (AgentTesla)", "value": "44f557148b5aea457eb6720892a7a5c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498163, "uuid": "80cba52f-703b-44dd-8496-f22c831a27d3", "comment": "Malware payload (AgentTesla)", "value": "5a5405a59ac1371bf62ee9599b29bed6e7ee8e11f7319c6ff7d5900963900e3f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498163, "uuid": "ffdd934e-b21b-4ad1-84e0-3322f15d299b", "comment": "Malware payload (AgentTesla)", "value": "20de9ce80d4d194cd77a9e0f4ec2e9b23f5f3994", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498163, "uuid": "bd104895-717a-41c4-950e-af15b7d68954", "comment": "Malware payload (AgentTesla)", "value": "a33c891bc56b32be524e6433f02314b72bb224c5a2b3e17535c9cf0b977a369bf6d7c1c10452aeb6d19b07e994caa143", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498163, "uuid": "0906d9aa-07e7-4fe8-87a8-cf8d2536af55", "value": "T134257C04777886A2CB5ED73098E6190CDAE3CD1B67D5975A28C476B98A333FD8B034D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498163, "uuid": "97960b44-692e-4367-926c-005a4cbcbbf6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498163, "uuid": "598a3d6a-6d52-4da9-b2c9-993cf092a7d1", "value": "12288:rafxt/rzVrkMxtIesnLRgieG16k3lsfZXOWdX/pZ1kfmg:upt/rzVrkMDIfyiJ1d3liZXO+mf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498163, "uuid": "2092e3b1-23c3-4509-b8f6-db796541d115", "value": 974848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498163, "uuid": "52a4504b-8960-427a-902f-7a360ce74b4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498163, "uuid": "f37229ec-7b6a-4ea5-81a5-4b537a6e55af", "value": "QUOTATION_OCT9FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ba43cbe-634b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696488607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488607, "uuid": "8a7f0990-5049-4f2c-8282-d19b366ef439", "comment": "Malware payload (Mirai)", "value": "0a8a6ed32eb75054fc7e28c686e16ae2", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488607, "uuid": "2a9f85a1-308a-4989-9d9d-d7879740f95e", "comment": "Malware payload (Mirai)", "value": "5ab646974fb8622240ea818ff4b83c19d9758722ee1d82fd3e876111221e029d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488607, "uuid": "304b561c-6860-4865-9727-2c1c5c6f7b39", "comment": "Malware payload (Mirai)", "value": "2cfa72c13d686f6bdcb76830ea63704accd0685a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488607, "uuid": "c721b590-151a-418a-8ef1-4396f2f09b81", "comment": "Malware payload (Mirai)", "value": "270277452760c4c07310cb524345048d410f50aceeebca449521183664c452ccb47de969f69c526b8d6d768ede97a012", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488607, "uuid": "632b586b-1b9b-4b92-a30d-c2b3fddbb556", "value": "T192C2E0B099DE28B0DB740C73FAB85EC3BAA70FBDF1625565929043607C8190156EDCEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488607, "uuid": "21b5d9d0-f3c8-4d2a-945d-047f3d14d684", "value": "384:ESt/koxisa34beDtZw+sDLUZ5kFanV5xOwWkqs87H6ql/9sD4fhymdGUop5hK:ESsoTAZV+Yzkc56s8TnOD8s3Uozc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488607, "uuid": "fd1c9f39-6179-464f-9cdf-b252cf9a1b57", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488607, "uuid": "4aec672b-4c89-46ec-bdb7-f943b4639ce0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488607, "uuid": "0aa46c20-2960-4ba2-8170-3d0e06a4a852", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89f2ba9e-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696496389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496389, "uuid": "c9a757af-5a7e-470b-ae78-90286b9471a2", "comment": "Malware payload (Stealc)", "value": "709675442a254bdd818c1fa07e5c8a53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496389, "uuid": "b4d99647-b53e-4dd2-aa5b-96166cf220c8", "comment": "Malware payload (Stealc)", "value": "5aca54a00787e46bde92e8cbba6b22ce1c57358e429cec3dfc8d08966585c2b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496389, "uuid": "d025ef72-0e2b-488f-b748-37ab15b6b101", "comment": "Malware payload (Stealc)", "value": "63763c2c542aed43d6b5e463350aaa295f5f7261", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496389, "uuid": "b076b660-22fd-445b-b9f4-361835c52a4f", "comment": "Malware payload (Stealc)", "value": "cb129c59aeb54c2845394096a8ba9b5689923d30ae881443f78acf7b23e5bb384980ee549a956a5564c72ed5b641660c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496389, "uuid": "7c1a9ade-4fca-4414-8601-1fbd25746322", "value": "T19224DF213AA2C072D6F745789434DB816EBFB8736775848F3B1C06AE5F603D19AA2313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496389, "uuid": "7d3e0080-c293-48de-9dcd-a2e691d551c7", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496389, "uuid": "123fb134-a64e-4642-abc5-9eb229170c9e", "value": "3072:JwXzw2fApW7eQcz3irzsfwkFsGKz2Tk48jINeeVxUuX5Kjt87hX9:ejgWiQczSkwrGs2Tk48jBeVutj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496389, "uuid": "efdc4088-88b2-4c2f-94ec-b21e90ae34dd", "value": 222720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496389, "uuid": "273e239b-b651-490c-b491-805a83b34f71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496389, "uuid": "5a1a7850-f191-46ca-aa5f-0f524c143c18", "value": "709675442a254bdd818c1fa07e5c8a53.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05578d49-63b3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Adware.DigitalPulse)", "timestamp": 1696533103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533103, "uuid": "07f87731-b00f-49bc-af75-4dd147194d40", "comment": "Malware payload (Adware.DigitalPulse)", "value": "5124c07a0005a2ccaff0c64785c38e19", "object_relation": "md5", "Tag": [ { "name": "Adware.DigitalPulse", "colour": "#0E5916", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533103, "uuid": "fe33aac6-d9bd-419d-8e1a-7b9f9fcde2ed", "comment": "Malware payload (Adware.DigitalPulse)", "value": "5cfd37f9531d619fab105eb49fb1cd3c9b38adbaab1cd6f7c546b5189f5a4b08", "object_relation": "sha256", "Tag": [ { "name": "Adware.DigitalPulse", "colour": "#0E5916", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533103, "uuid": "d4b73ccf-aa33-4703-a152-8c600b3a5948", "comment": "Malware payload (Adware.DigitalPulse)", "value": "5db66b13d17a5807ecb1b64557642e0c038803e6", "object_relation": "sha1", "Tag": [ { "name": "Adware.DigitalPulse", "colour": "#0E5916", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533103, "uuid": "77a0bd97-38a0-4927-af70-a1b82f5aa731", "comment": "Malware payload (Adware.DigitalPulse)", "value": "241eb1531f9e02d9ee64d9e2c10c476a25d83063ebebae252346c3166e70e8ba5b0adf128cdddbe422b53143173e7b00", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.DigitalPulse", "colour": "#0E5916", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533103, "uuid": "cc7e579c-f787-49de-b347-fdfdcacf725b", "value": "T1C6840193DDA88106C0ED4A744A6172974F730EB77002D6AABDE4B13CBE7D5C391F126A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533103, "uuid": "c4da4be3-6967-4f4c-853f-cfb05441509f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533103, "uuid": "06dc8c63-f759-4f49-a595-19a88a0b0297", "value": "6144:4UNjlV2Iz/n26fV0CHy79V/R1VCgeD3m6LILUyj9MNrlmMJy64H4fqu:4UYIThfV0k09V/jeyGmjeNrlmM8lu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696533103, "uuid": "9da658eb-d653-4bb6-ae60-a1c896c7add3", "value": 387440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696533103, "uuid": "c5aece2d-335a-4d89-816f-4ad2f9853fbb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533103, "uuid": "60b7a340-fb3a-49a9-94cb-261318ca2072", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46dd8a0b-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539655, "uuid": "c184d6cd-615e-4a85-b1b0-f8cb96cd18b8", "comment": "Malware payload (Mirai)", "value": "09b48932f1dca12e4e7254124ebbe97a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539655, "uuid": "e2a03e3f-1c8b-4dce-af0f-148ffaea7fa6", "comment": "Malware payload (Mirai)", "value": "5d067c21aa7d4dfe48a118d5f3d825397ceb0845ae5022cc7d1c835a04b72de3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539655, "uuid": "16de5548-9414-454e-b525-3fcd11c001df", "comment": "Malware payload (Mirai)", "value": "4724a8b792eb22f6df9dcfbc4e9916f2763086a7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539655, "uuid": "d961e310-1a14-4dda-b60b-fb02b4e0e8d7", "comment": "Malware payload (Mirai)", "value": "a6ec0c1ef888d046c0ab49ec3013a275b12163fd41b19ab033d4a1eb820f49d57052932ad7155e8a43f45496589af293", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539655, "uuid": "d9d63f99-1d92-4df0-808d-2a031ed5085e", "value": "T167D2D08877D353FA8C8DC6BD731E003A70A974E9A6B29373B306D5434766180F691E8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539655, "uuid": "6812b700-84b3-49d8-bf9f-1e6a1b6d9755", "value": "384:MJd/PxEDLd2TwURz06lowYcEaqsD9aC450LQixBfE4jdlz0lewZ90BKlnU/KpNyL:+lxKd21RhxEnsD16IHE4RlY990yn8KaL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539655, "uuid": "04b65a36-bf55-46c4-99aa-5caa3b97c031", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539655, "uuid": "0ad8edd4-0887-4a86-a0d4-bd2c31c65a1e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539655, "uuid": "08fc8861-c972-4a98-b2e1-dd492536b2da", "value": "09b48932f1dca12e4e7254124ebbe97a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b0a7b61-637c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696509571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509571, "uuid": "ea4094d2-1fa2-40ab-bdf5-9197933ef297", "comment": "Malware payload", "value": "c59bc7db2b5e755c3108a0d6eb02a178", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509571, "uuid": "6e0cbaf1-be66-49be-96be-6442f45f6464", "comment": "Malware payload", "value": "5d37dda7b65f39f134be3805969c5c9d7dc53a2e921232dd32e5b8887fd0d908", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509571, "uuid": "ffc86f31-8cb2-4b47-beb3-10f334065da9", "comment": "Malware payload", "value": "b304996af23b950b774941c28ca97dd1aa7bef86", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509571, "uuid": "5e7bff1e-ccae-4c42-a6cb-d6927502abee", "comment": "Malware payload", "value": "cc39773d4ad81bd2dbad637e7f7438ba0000012c17cfba0a92e5941010b4aed76384f6ec2b8898ca2ef1c28865d522c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509571, "uuid": "fa16d139-2c66-4586-90a4-671768f63a42", "value": "T137E66D13F3C4503BC4A71A798AAB5A406A3FBEA026154E5B7BBC395C4F372C13D16A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509571, "uuid": "4293f324-a440-498d-8fd3-8fac9c6efca7", "value": "d8a9749e65fa32cebb234d47cd9de8d3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509571, "uuid": "4e4e2b8d-a5f6-4cbb-a6d2-201657664c57", "value": "98304:4RH1CY0/UYS49mOJEn2yrd1gG0LvJSursqxUB44P5/aYwAI9va2alagc3qAFTB7j:aH1CYefm46MgczhDLTpX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696509571, "uuid": "5b3bea6d-1b35-4b22-ba65-391c175c9af2", "value": 13882688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696509571, "uuid": "033e203d-e6bd-4c07-9fc6-8ef47feeacb2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509571, "uuid": "6fcf1aea-7f1a-4cb4-9e53-dfa5e3d21be5", "value": "ZELRFact_PDF_VUDT4941RMRE2644.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37d20a3b-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522450, "uuid": "3fe2fecf-3881-466a-b525-4ceefa249692", "comment": "Malware payload (Mirai)", "value": "918695cc8f3261a77b0b40e45ee9a8c0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522450, "uuid": "4fd07d06-cc04-4c64-abdd-47b05f401dae", "comment": "Malware payload (Mirai)", "value": "5d409b022dfa14c39c45fdd48c71b1b0035201e8ac7d0d3795ffa6bde2991517", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522450, "uuid": "249bcd5d-1440-40be-b16f-01b926886f84", "comment": "Malware payload (Mirai)", "value": "568ec2083c7895a074657f8d34240705ea6f22b7", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522450, "uuid": "6a2230a8-5f19-4ddc-82af-6ccbf9615f12", "comment": "Malware payload (Mirai)", "value": "ebee924c5fc44d14a06a96387169acb28c22a818147175f56b9ea2ff4efef9d1aeb5d0610034830d082318355d656058", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522450, "uuid": "8f881a3f-33f6-4abf-8223-8996cbd573c0", "value": "T14FD33A17B5C180FDC4DAC5B44F9EF536DD32B1AC1238B16B2BD4AA221E4AE315F1DA50", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522450, "uuid": "7b7e7bba-c633-44b4-b085-314606dc3255", "value": "3072:tGtwnNiaOnUT0FiPT9OSQ7AOaogjV2iZlBWCgaiA8QPdL:tGtwnNiaOnUTeuLyC8QPd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522450, "uuid": "e3da8d66-db65-487c-b238-06fe9874d3ee", "value": 139576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522450, "uuid": "59687ee1-9703-4c92-b91e-7668e690deb8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522450, "uuid": "90d026cc-d4d4-44b0-874e-a36beac5954a", "value": "top1hbt.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9697fed5-63a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696525616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525616, "uuid": "9ec53426-3643-4f98-a53d-18da54b70ec0", "comment": "Malware payload (Mirai)", "value": "ea0cfb09e034f3164416c22d97f37507", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525616, "uuid": "5a1dadc5-5ada-4802-bc86-13b377cddc77", "comment": "Malware payload (Mirai)", "value": "5dad715abdef8f9a947de7da9203b05f2199e1bf80a38bde027302eabee2cb18", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525616, "uuid": "c0ae4a56-5b7e-4300-b0b3-702b46fcce92", "comment": "Malware payload (Mirai)", "value": "fa19415841db5295382c74b7a01fe589ca55eb3b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525616, "uuid": "b74f70b5-5aeb-4467-8a1f-5eaa2d7cfc9b", "comment": "Malware payload (Mirai)", "value": "9f0ba820391981ad71a56dfad381e323af072a1e3ac6beb81224aa408ceefcd69096bf1cab09ac445f1c7075cbb076cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525616, "uuid": "9bd2f474-7fc7-4109-b70a-76ebd95dfe76", "value": "T107E329DBF800DDFAF80AE33748530906B530B7E145925B372257797BED3A1991863E86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525616, "uuid": "6e98c3b1-b669-4696-8391-5f1d7e3d3cf3", "value": "3072:jRsZqThrvKbbWOftDA4EslibVrjbiJLnN+eAyaihsa:tsrnfhAUliwLnNMyaosa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696525616, "uuid": "315e81e2-63f4-4d70-ac7b-1ebda0910179", "value": 150464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696525616, "uuid": "40e3732f-cbb9-4bb2-bb82-a7c0c13bd9ec", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525616, "uuid": "39aea665-7bf3-41c4-aae5-92a2f5f24109", "value": "ea0cfb09e034f3164416c22d97f37507", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb8c05e1-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1696496928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496928, "uuid": "340e550c-b855-49be-8b1a-365f8aecbd3f", "comment": "Malware payload (GuLoader)", "value": "ad4b1f46f22bb2e8e442835c633c8787", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496928, "uuid": "3d23d410-c62e-4fc0-b2b1-920b9b443e5d", "comment": "Malware payload (GuLoader)", "value": "5deb962a29321568c5062d45847e20fa1216a18c317822fb7bbd3f8f67da3c15", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496928, "uuid": "89c5f6f4-af97-4c82-8435-087ef4e6f8b5", "comment": "Malware payload (GuLoader)", "value": "ecb2528535db7a83b4d29a24488cae8711872b07", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496928, "uuid": "66ed9743-5267-47da-a0e5-20bda334232f", "comment": "Malware payload (GuLoader)", "value": "b192495c6f6edd65f960a538bc4592608918137ece7854f60f9d21d876ce3291890b14f68c2b982e086304dc487f8d71", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496928, "uuid": "5cfa16b0-ce6f-4d5e-a941-7a0f382161d9", "value": "T15F2339E4DE991419440B22F7CC0A4C7AC47D61FB152240317D9DB29DAA4B78CBFBCA6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496928, "uuid": "ddef920e-0553-4c98-a1d4-fc4571a58c93", "value": "768:9zccYgSDWZqwAbwHmWK/jCArR3YhgLrYQrZobAsEenErQpHA8yjh70tXrEuriau6:9qgS6cvMWBR3YhuxrZKj3c70tbEuriaD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496928, "uuid": "f583d54e-f082-41c5-a099-85760c893f9b", "value": 47602, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496928, "uuid": "bccbef7c-2b28-4355-9a48-19a546855b30", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496928, "uuid": "c4190063-2c2d-4554-8a36-5842537ca370", "value": "Theomythology.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beefb223-6353-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696492183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492183, "uuid": "129d5024-fb4f-4f54-9705-64827f6b0043", "comment": "Malware payload (AgentTesla)", "value": "ce13e32610389d7d94648754779b9baf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492183, "uuid": "c05406ba-f41e-447d-aea4-0de200cf96cd", "comment": "Malware payload (AgentTesla)", "value": "5df434b86519a9cda49dacc6dd625d8b8fc70c1479004669ed09b35d37816fce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492183, "uuid": "c5335f35-a4bf-4042-83c1-e660ea21c51b", "comment": "Malware payload (AgentTesla)", "value": "8c4fdd43f89a0ed56e5858bb8c1e3a9834d57723", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492183, "uuid": "821aea65-e3c9-4332-92e8-a1fd663b9f45", "comment": "Malware payload (AgentTesla)", "value": "0cc2ae65d2359ca44b7898341a6858250f740833b4750d8a5a5f7907f699fc6e6040a58d3bd6d7f8120e890c484e1998", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492183, "uuid": "b56de51c-7411-4b9c-861e-9c2b8763a4ac", "value": "T1F942C0C6E3F6A6C8C5273998F2580D999FD4E0761852C138AD2D00D7595EA7231FFB21", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492183, "uuid": "f8672518-e40b-4f64-aa66-d31573fb69e9", "value": "192:/zoCnbpPKJ73g//cp3ptfrfW3WlkQ4mJqev1DuvGu0AUUhB6OP9R/hA+SR8WNDHG:LoqPKJokpfrfW3JmBRuL3zBR3JAVg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492183, "uuid": "72da34be-c649-4955-aa28-38521451345b", "value": 12766, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492183, "uuid": "c00d4524-f9dc-4647-9ebe-7a45aa98b764", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492183, "uuid": "ca9b6139-444a-4758-8992-ea02526484d7", "value": "PO-9596996.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32c792ee-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491518, "uuid": "aa2a080e-77af-4d0d-9582-5b2e3b245cd3", "comment": "Malware payload", "value": "5a4ce978301e6b119a4ef562a03df539", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491518, "uuid": "2e88a752-2cb8-4d5b-b081-b2b9bd1eae11", "comment": "Malware payload", "value": "5e4b3e56d2df1e1ddda407b6746fd9db2f5de4ad7005237ae5d1d72401405b93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491518, "uuid": "eb0d6fd4-c622-4759-8ed6-488b0c5a574e", "comment": "Malware payload", "value": "92c61be735994e72a68a05c0bf116c79ddfbce20", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491518, "uuid": "56524e45-fe2f-4faf-804b-3f68715e7e60", "comment": "Malware payload", "value": "a4b654aa01f7218f64239db20b0d897535ae28f69fbd680204cf1bfebb27c3d1fbc44a2302bae2f614db545dd83a1815", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491518, "uuid": "c4c4044e-2254-4193-9524-60131c510886", "value": "T168369D596AB080E5C1AAC1B8CDA7CDD7F3B3B4560B309BDB0195816A0F779E05E7E321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491518, "uuid": "569cdae7-e464-4a6a-a872-7d69cc03ca28", "value": "bcf7def5c18db9d28872570d839d6b20", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491518, "uuid": "ea8984eb-1787-47bc-8004-eaca1f3cd4c5", "value": "49152:C2VwASOLGtlqe6hj6HdZx6SQtOiUvwvGDzMzSml1rpFQWLuQHd2b1dyQ2c8lnRDP:KFH7xFQfG5bUrpmluHVs+aaT0JM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491518, "uuid": "cc2a86eb-b408-48a9-af9e-d856fd459f5a", "value": 5180416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491518, "uuid": "91933df6-83e3-4633-aeab-b44a34d63fbf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491518, "uuid": "4493ca1b-cefa-4743-890a-e565736d3db7", "value": "5e4b3e56d2df1e1ddda407b6746fd9db2f5de4ad7005237ae5d1d72401405b93", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "418469b0-638f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696517742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517742, "uuid": "bc4a901e-aa5e-4db0-bb90-ce91b1928de2", "comment": "Malware payload", "value": "23d42fac674fe15abf335b6761e091fa", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517742, "uuid": "64911440-2242-4fbf-ab65-d4c5b268b2c5", "comment": "Malware payload", "value": "5eb5acda7e3866913d809b7d60a0c141546ddb01e9ee666ef1b6e41ca18b74c7", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517742, "uuid": "c10ae3d3-b9df-4aea-8ab2-1d0efec0e8cc", "comment": "Malware payload", "value": "b10f89c5cb1bd87c4576412ccbb73ed34d43bac0", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517742, "uuid": "e6172ac4-85b5-42a3-89e5-7d550fb77109", "comment": "Malware payload", "value": "50bf9eaf7a34e0d5eab4bb87c3a0ed3d25c8124c3fc05056a66c555080b2ad4a8bde7eda3082142570e834fd42927687", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517742, "uuid": "29bb4ad3-d5a8-4f9e-a8c7-205230e4d163", "value": "T15225F5D4BA4B7DEDC71EE338C9EB834A317829504763DEBB25E9E5711C222D05C21B26", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517742, "uuid": "5f4ea563-b796-41a4-ab11-9bd53e4bc189", "value": "4c0ff5b3377a395ecbe66bbf39e8e491", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517742, "uuid": "314fd370-0de0-4bab-a964-a8fcdaf25c5c", "value": "24576:5N3pfeEKaWhZ2YO1OWQflSrd2qdsocxpBN:ztYhVBN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696517742, "uuid": "b15f242d-0ef0-48d8-b516-3b7a3fa6db87", "value": 1050784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696517742, "uuid": "a764f61f-22e0-4765-92a1-ce9249f7965c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517742, "uuid": "8bfa0e50-13c9-492c-b033-2ecdf1a85b98", "value": "23d42fac674fe15abf335b6761e091fa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "744aab12-6374-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696506231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506231, "uuid": "50e616d6-a67d-458f-9f7b-2033efab56f5", "comment": "Malware payload (Formbook)", "value": "6b227882b2c28140a651f173b7d75455", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506231, "uuid": "16f001f7-fe6e-4fbd-bbbf-72e3691b9a4a", "comment": "Malware payload (Formbook)", "value": "5ee27e21cc6f3a38c31ae0f0968040b7bd4edf4d51b556665bbd8c78910cbd47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506231, "uuid": "225ba9e2-4eba-4943-928b-263a7658110b", "comment": "Malware payload (Formbook)", "value": "6b94c3c9df8e117ba34904bdbdb0c1151cb77196", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506231, "uuid": "854f8606-db15-41c6-a187-18968e202728", "comment": "Malware payload (Formbook)", "value": "ad7de6c32b81ef7a331562f98d76f9952c0404ccda6dfe9ae28d9f886d6d83ef233e47e594b4162270d82b62d40eb398", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506231, "uuid": "196fd89b-8be3-4daa-aa89-5ebc0995d8e5", "value": "T15CF37B1136D180B2D173423619E8EA615A7DFDB14FB28E5BB7D81A8E0B741C0AB35B73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506231, "uuid": "3cb4d989-04e2-4c6d-aa05-8f2f823bd557", "value": "235f54a8f3fab3914ce05790a045f905", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506231, "uuid": "96aa9efc-eabd-421b-8746-2226793a7138", "value": "1536:pvwhlvdQjjWNvPBGlwsuPUyXweZQx+OCC71GFHWGeQQjs+yckU4Ss8jcdsgA0AF2:pYVQO9RTtOZRrjs+0n3sg1AsfHj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696506231, "uuid": "35796a43-b160-4b3e-ab99-9eede2be58a9", "value": 171520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696506231, "uuid": "bc546eff-7e06-4e34-8750-64941674a5f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506231, "uuid": "d5ddbec7-c9cf-4e76-a8a0-f07b1640fa1d", "value": "SecuriteInfo.com.Win32.AdwareX-gen.9637.24802", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09f8f0dc-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696495745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495745, "uuid": "858e68df-ea8a-4d09-89f6-565d77a57596", "comment": "Malware payload (RedLineStealer)", "value": "9599f0e80c2b0ba498a3830f6f1456ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495745, "uuid": "f8b08006-366a-4183-b1db-692aea3d3996", "comment": "Malware payload (RedLineStealer)", "value": "5f36d9ff2ea14bf2aa8665ac0b666323ec2f8beac8f512e989930431a2580de6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495745, "uuid": "e7db35c4-1e4f-49e5-b1f7-71576a0d608f", "comment": "Malware payload (RedLineStealer)", "value": "ed951eecb5a66374ebf090ad8a2d2ed1d691a850", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495745, "uuid": "193281cb-dd77-4351-94e0-ff67beaa0926", "comment": "Malware payload (RedLineStealer)", "value": "e01a26bedc54e4d4677a3f2725f9d089c5a1bfaabcc815b6f72ead348cdfec20a510e4c6068c39527753b267017c2dcf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495745, "uuid": "ca6d7240-2bd6-4a9b-a20f-40e2d018e6d4", "value": "T1CA953396B7E05037D9B407B06CF6498B6F7879E6ADB84E4F7281542A0DB32D8E074339", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495745, "uuid": "a0cc2830-52a0-4802-957c-633578adda83", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495745, "uuid": "0f52411f-df72-4ba5-96bc-232d8d55e93e", "value": "49152:cIsI7H2DpwaFqJbvFubnKMdl43FbcQMIN6:3d2twacJL4tlIcgN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495745, "uuid": "1de87b8c-fabc-4221-9715-b3db8c5058ba", "value": 1971200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495745, "uuid": "bceb8056-4a26-49ba-9b3b-338f6c4e8632", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495745, "uuid": "e3818398-bd15-486b-a6e9-ace3f4226bfb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "165321b6-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496624, "uuid": "3f2574c9-1de9-48bd-936b-769ba9dc1858", "comment": "Malware payload", "value": "819f14b79fe46ad7f9d650bfbeac4e8a", "object_relation": "md5", "Tag": [ { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496624, "uuid": "4a67c766-8c3d-4e98-aeb7-286472d6e338", "comment": "Malware payload", "value": "5f6ced5b42a9100e6692572a6fe02250f8aba5e705a21450ff7955ec48e00315", "object_relation": "sha256", "Tag": [ { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496624, "uuid": "f5a35645-88b0-43fe-885c-ea5d695c0161", "comment": "Malware payload", "value": "c0d9da888539a20b67b8d8f11d73f7e29fc2b2ce", "object_relation": "sha1", "Tag": [ { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496624, "uuid": "61c2bf26-1673-48e4-ab85-bf36bb9ec445", "comment": "Malware payload", "value": "de4d61ce51534218544fbaea8bc433a9c3531ce7ee1626c2b96df452052a6fa2af79b881b9e06f1429ade5752871a727", "object_relation": "sha3-384", "Tag": [ { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496624, "uuid": "af2b4fb7-4bd4-4653-9262-fc047efa10ea", "value": "T1803476CBEC72A7A809B2B2771C6BB58C89BDE2E3C0D89740D597F5DA2181CD11B1F094", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496624, "uuid": "9233caae-b9b7-49b9-8a02-41edd927c875", "value": "1536:9mmmmmmmmmmmammmmmmmmmmmzmmmmmmmmmmmuZmmmmmmmmmmmDmmmmmmmmmmmamq:t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496624, "uuid": "43ff2ac7-2b2b-407b-aa99-fdeadc5b8a84", "value": 231949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496624, "uuid": "d75927b5-c89c-41ad-95fe-503d8f1dc4ad", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496624, "uuid": "64912e59-bb6b-4d4b-a62a-1a993bd5b5c8", "value": "tMIkWuvlXg.wsf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0297d02d-63c3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539970, "uuid": "6a39f83b-c00d-4e77-8e1e-c9c579dfecca", "comment": "Malware payload (Mirai)", "value": "4b5042285cced882ad5767e479402011", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539970, "uuid": "f7eef7d4-1204-4f89-a290-ce625c2c2225", "comment": "Malware payload (Mirai)", "value": "5f7b31e974b4e15b9839348ab1d2e365ca3e497ee6075f81611f0f4df60608c3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539970, "uuid": "d3836671-b56a-46e4-ab2d-48c158626846", "comment": "Malware payload (Mirai)", "value": "08059af4dd6bb956549aeaa9704995a4f952bc1c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539970, "uuid": "44c83b94-ff08-4cee-b556-78488239b820", "comment": "Malware payload (Mirai)", "value": "02ca268ef8637fe94f1189db165ca86f534123f00f3f0e65f00b52496ec1914cb243e2addf6aa8b4889d0a0494402ef3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539970, "uuid": "98debf63-d2a8-4320-b0d9-2b561a2d0e64", "value": "T100B2D1D48B95A606C6B07475D2788FA26F3B15E4C2F63427171082BCDA9549633FC6C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539970, "uuid": "583c6329-0f94-43d5-828d-db122b0ddb09", "value": "384:4C9KXlJIDFUS0Mggks3aIrokYVDoDDRRKj55N7LB9U+B2P2hymdGUop5hu7X:4C9KQFH0rs3zWoDDRsjt7LB9U+B2+s3O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539970, "uuid": "d2d99854-8f16-4f98-9b36-334b64f95893", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539970, "uuid": "662b0775-ae8e-4aa3-a683-1a11a13e9bf3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539970, "uuid": "b4ddd475-6e35-4236-bf12-bbfbd6501163", "value": "4b5042285cced882ad5767e479402011", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b671e7b-636f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696503907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503907, "uuid": "e410d336-cbfc-4396-a29c-8c9d596f1e46", "comment": "Malware payload (AgentTesla)", "value": "14759390bc98bacca6ec550bd2906853", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503907, "uuid": "dac93b22-1330-4be9-b346-a9c027ed2633", "comment": "Malware payload (AgentTesla)", "value": "5fab48fefa7793850febe340712e30c30634ef0517881a613817c754ed15507b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503907, "uuid": "eae810bd-0ab6-490d-8b7a-5528839c8048", "comment": "Malware payload (AgentTesla)", "value": "198edd213cf4ab0b34f9ac74947000b4d63a942f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696503907, "uuid": "4db21b40-4472-40d7-88d5-411f0f2f61d2", "comment": "Malware payload (AgentTesla)", "value": "2d1baf3df808bbb0fe326c454a5145c9ce9273cf6e107650eb1b4eb266044a59a656c2b41ca31d7ba7bc938959100c86", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503907, "uuid": "a563cfcf-41a7-41b8-b43a-2d929e2a392c", "value": "T1C045E0039904DB93C00D83F87E133AD91F0E7F29E9D56EDB14627B8B3A35BA2095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503907, "uuid": "dc5f2320-a682-4b2a-9b2b-9732b42ef9f3", "value": "24576:qWQmmav30x6Zy7w6VZJ9AHevZyfw6VWEeACr+RCbmcI3b5D8GCXZwux:PQmmQ30qf6V1L6VqmT3pdCJN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696503907, "uuid": "2e6fe26a-ce95-40f7-a7a3-039113a57db3", "value": 1208832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696503907, "uuid": "0d9f1ee0-8101-40e7-9b9b-42a163ddc87d", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696503907, "uuid": "905ce3d6-d40a-459b-852f-3a94c47fe2ad", "value": "USD. 5000 + GST@18%.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "391a08d6-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522452, "uuid": "83033361-56da-4576-a340-209a5a32a2e3", "comment": "Malware payload (Mirai)", "value": "026c45dfd7c01ca0c6e62eb8d55393e2", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522452, "uuid": "a3d29651-146b-4ed1-a3c3-922bfa312cea", "comment": "Malware payload (Mirai)", "value": "5fb80dc6d7b765e2188dd8c6671166ab68506ab0775dce76109c8c6b2292e534", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522452, "uuid": "070ef334-f606-4817-9862-202c0a42c8b3", "comment": "Malware payload (Mirai)", "value": "16d9eef51dc88e5c361a989c415a2b40b0f26e50", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522452, "uuid": "5b582fb2-ff55-42da-985e-fee673be7016", "comment": "Malware payload (Mirai)", "value": "5ce4ca9e9afd137838e54ab19b12797ee0352da068f214095b3977f1f19199344dee4f2b9f76bb4cb339d619d7eabf5a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522452, "uuid": "80df9597-5f1b-49c4-a436-88f622b114bc", "value": "T13ED3F845FC405F23C6C612B7FB5E428D3B2A17E8D3EE720399256F61378A95B0D36A42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522452, "uuid": "401aeffb-5a4b-42ee-8fbd-1cfbe1dc1e23", "value": "3072:AHZ+XPAorxFOV48wlPJHQRTaPuU8RSON9LSoib3:AHZIA0AV48MPJHOJ92oi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522452, "uuid": "1c4f256f-ad07-4450-ab6e-dda8530bce4e", "value": 133888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522452, "uuid": "51e00ed4-e6e9-48eb-bb4a-b95a2c52cd1e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522452, "uuid": "ce417743-c483-4252-a895-aad4c14b3839", "value": "top1hbt.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4164ca93-6316-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696465773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465773, "uuid": "76c03463-be02-495e-bf59-b7d2d01fa69e", "comment": "Malware payload (Mirai)", "value": "a1d06b4ffd0fa4f5627d75fd2613bb72", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465773, "uuid": "d83fd6cc-992c-473c-be59-7164782b4c5b", "comment": "Malware payload (Mirai)", "value": "602e22589c0c330883bfac9da85cf669391fa507986c2f9aa45113469f3e178e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465773, "uuid": "516d26ac-53c0-4ce4-b8c7-6df00acd9815", "comment": "Malware payload (Mirai)", "value": "5250b5ac3702521a6af8c1ce8e4326b85808c6d3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465773, "uuid": "a8d5068e-d207-4893-8394-29bed026ad8c", "comment": "Malware payload (Mirai)", "value": "e5c231ae45a3d6c99370f66a523b36d0c34c45889bc9bba1d4dcd5dcbc97ed5fbad2156013e1cc0564d4204671e69d0a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465773, "uuid": "dfc48346-afd8-4259-940e-82365da1b909", "value": "T1AE732A26B97A1E26C0D4B57E60FB8B11F6E1278E26B4C50A7D720E5EEF147006502AF7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465773, "uuid": "47ea0c2b-1512-470f-bb94-e4d000435157", "value": "1536:hD/B6f6UD5hAS7mo0DCCAXpSKV6v3G78nN9W3:927jqCt8v3GI/A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696465773, "uuid": "a0ebf919-57fc-4b14-a117-d1f0b898afe4", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696465773, "uuid": "084b4fed-dfd5-4db4-9385-15928c6bea70", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465773, "uuid": "8b3eb4a0-8858-4d06-9e59-c53cba1e3404", "value": "a1d06b4ffd0fa4f5627d75fd2613bb72", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b492165e-639b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696523089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523089, "uuid": "2224f202-38aa-4834-98ed-b91b0cea7912", "comment": "Malware payload", "value": "c28f830791932e3b807263b5da2e1fd4", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523089, "uuid": "721ca3a0-ecc9-4ea3-a5e3-ce894c296966", "comment": "Malware payload", "value": "60662281b48546627273b1bf32df9d8888930c291521c57a9407bbc33296e653", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523089, "uuid": "4b30113a-5d18-4396-a56b-6327d077d905", "comment": "Malware payload", "value": "39a54e25c1fe9e4df3d4809b225289bf1145fedf", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523089, "uuid": "ab9f802f-cf20-458d-bade-b0ceaf6dcc72", "comment": "Malware payload", "value": "9ea427048ca430fe04676fa2a87ce57c2c12bd409bf69e21a0482df4bf8cecbf68f42d3579dd0e6c04c2a574e1ba680b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523089, "uuid": "ec2ea105-d946-44dc-bfe8-516fe990f2b6", "value": "T16DD533075E6EAE3E4BBC125C207F0F8D5AE58D444040FD76A3E57CADAA4EF09105B2AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523089, "uuid": "df6f6900-34ba-442b-8ebd-181463036fc4", "value": "49152:tYHLlw+LTLOPDhX8eH4q/R/xz7w+cFOx0jdSTlRhibCXshf:I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696523089, "uuid": "bfeb450b-2310-4746-9c6a-8c4724562a51", "value": 2925787, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696523089, "uuid": "d97f00d0-dffe-48ba-a98b-617c72b1178e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523089, "uuid": "21256c01-04ff-4b11-8947-1b94863949b7", "value": "RE_432-55293.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e9c07f2-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539642, "uuid": "7c07310a-a6ca-4383-b2db-f13bc9ddbab2", "comment": "Malware payload (Mirai)", "value": "d2dc4f7f38e53ee8bbb15f78432c7c87", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539642, "uuid": "5865bf81-7f8b-4fb7-ab29-c710ace13009", "comment": "Malware payload (Mirai)", "value": "609032ea0d05bc4159175b5abd38aaa07eff047504f7c3411b9bf9fe288e35f3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539642, "uuid": "f3205eab-f489-476c-bc98-eec2bb11baf1", "comment": "Malware payload (Mirai)", "value": "710b5a8eddc2e0a5c7d8d6a25abcea3db9eaaac9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539642, "uuid": "9aea01e1-11b1-494d-9676-5c207e0d2748", "comment": "Malware payload (Mirai)", "value": "b5d80e5f7d54bff7a11ddc3b92b77560beb950c8470b8bec9b35eba1084000528f682e0e5246fe1863bfc48227a09e12", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539642, "uuid": "381a2c16-2b49-4854-9eeb-1ef5513cea21", "value": "T1E1C2D07092AD2CB1C6540672F7B85ACA7E530F7DEAFA3890214047BF788294529DE987", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539642, "uuid": "87732a53-f33a-4d23-8c6a-163768b8312f", "value": "384:Aot/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNEMVB2wySwJ0hymdGUO:A8soTAZ3alkXLvFh8nNEMVBvs3Uoz1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539642, "uuid": "0ffe7acb-6a3c-4289-830e-68009d42e9d8", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539642, "uuid": "ab599456-2dfc-48ac-a657-045e097d0668", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539642, "uuid": "8bf5f22f-e416-474f-b108-42ba88738cf7", "value": "d2dc4f7f38e53ee8bbb15f78432c7c87", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa94b891-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496873, "uuid": "bed7a0a6-5d15-4e20-bb10-3c1dee87e86f", "comment": "Malware payload (AgentTesla)", "value": "82e0084495a7a22d6eb1efb595eaff26", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496873, "uuid": "a5730269-63d5-4f14-b154-6c25e5d8f64b", "comment": "Malware payload (AgentTesla)", "value": "609592caa987add8031fbe007b2901e0e02de60a8fda33ace07dbec8b2239205", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496873, "uuid": "9168ab4b-9773-457f-bbbb-2332f2174607", "comment": "Malware payload (AgentTesla)", "value": "6a57f1bffc28c8d9dd814214efbc052500932019", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496873, "uuid": "2b86083c-0db4-4db3-906e-6c9537f9aafc", "comment": "Malware payload (AgentTesla)", "value": "f9560f5bc0e7628e130277d294f9df839afe167c6333bfb63c6c67711646b7e5cbae18530e45a0506c741430915e945f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496873, "uuid": "6b4240e0-ed61-47c6-a7ec-59614419112b", "value": "T14874A41035FB905CF2B37F521BDCBEE58F9FF7A26A26505D2504030B5A66E40CEA1A72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496873, "uuid": "6935bbf2-4722-4e3f-939e-e838ba8f351c", "value": "1536:VYpSrsHQxsVexPPvYFy515s5t5s5S5s5JN5s5pf5s5c5s5JE5s5nf5s5Q5s5E5sH:IVexPPvYFAhB862", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496873, "uuid": "414cdace-ef5e-4afd-9759-a89b7166c20e", "value": 356492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496873, "uuid": "a5a1af24-f40e-4872-b649-91d4172adf38", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496873, "uuid": "62e9e19f-931c-490d-9e23-7b41bd2d2391", "value": "BE2039392-TT.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73a83125-6374-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1696506230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506230, "uuid": "9f867b90-4afe-46b2-bdb9-f1dba79d6665", "comment": "Malware payload (AveMariaRAT)", "value": "f77e0dd21817ca68964cda7045db1964", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506230, "uuid": "6254184c-1e65-42e2-8b7f-706f8f7e94c1", "comment": "Malware payload (AveMariaRAT)", "value": "614fd9eec92c135017ae4bdbc85e01b4ef77f3ec59b7bdcbbdf6f33a67601681", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506230, "uuid": "c934dc27-e8fb-4c79-807a-f6c636f5ab15", "comment": "Malware payload (AveMariaRAT)", "value": "491cc39e3ae079575984eef68fb1bb154938391d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506230, "uuid": "868f2367-5dc2-4ad8-a18a-2e2fe39fc15f", "comment": "Malware payload (AveMariaRAT)", "value": "a05ff2a5332f8a8c7129cd9882a29521f20e02d1852d6dad594b6e09bde05656fa68c34a3b33e3e0dbfd052145f384ee", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506230, "uuid": "208e475e-b20f-44b6-8100-8196cdeae080", "value": "T14A745C01BBC822ECF3BE633A646071C3463EFC5AF455974DD88127C69976B09D4A2EB4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506230, "uuid": "b216f9d0-7781-4ead-9932-3d5e314b1f62", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506230, "uuid": "6b8d5c6b-5530-468e-99c7-58142ab50a69", "value": "6144:RjC2JP3gbiSQ8xpP7blpLh+68S3OdJVZFJAgr4Zc:RjCgvNszPcTSM/gM4O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696506230, "uuid": "9bc8e4a5-1a4a-4971-bde3-92c2b35b9a41", "value": 341504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696506230, "uuid": "ea2d7913-3faf-4b1b-a535-3a60e8c0ce0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506230, "uuid": "24c48cf8-bd59-49ef-9674-db2f36791f68", "value": "SecuriteInfo.com.Trojan.Inject4.58600.5955.18791", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24f2f6f1-6396-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696520701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520701, "uuid": "d87e1553-3ad1-4880-a95c-1327f59f6b6a", "comment": "Malware payload", "value": "c8400ff901736f6ea8e9a505562b1791", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520701, "uuid": "6fd8c871-fac7-498d-9abd-2580de8c97c2", "comment": "Malware payload", "value": "616432b80e4e48c0b1f890fa7ef4f27178a93f0f1972d275a9391d8614f86dcf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520701, "uuid": "932004ba-880c-4bec-992f-9207275c6f5f", "comment": "Malware payload", "value": "20a80b5e719e20bbc58884de6c2463cfbe16cf0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520701, "uuid": "4b130539-97a3-4ed9-89b8-7dc514984c2f", "comment": "Malware payload", "value": "9d3e258befff962c066b60a2841945c2cfd24b24df69932b5b28f7244c4e6e2bde82258c817c6f07305108d347eff52f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520701, "uuid": "e76f0dc0-29c8-4ad1-ba95-b5933f9e5d45", "value": "T16A1413752399310ED09E8431EF3574D877FB2B635110CA455DEDA34CCE5762BFA82219", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520701, "uuid": "7946142e-8d50-4781-aa3d-1013433e9772", "value": "3072:SsAg/Tn3J7rJkFq8ZI+gnBLXvPOG00SLJHGCBacbyYUIK/CA1JhydPh4EHKQ:Stg/L5X6pBqRtCJYceYUASydnqQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696520701, "uuid": "b6265ba3-1057-4bc8-a71a-4d22cbd50540", "value": 195355, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696520701, "uuid": "92232b37-da53-4819-b838-56a1e0053ead", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520701, "uuid": "f34ce19f-1a7f-4f83-8b4d-ad42ac77aa14", "value": "SecuriteInfo.com.W32.Refroso.BKBI.tr.2793.3032", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "301c91ff-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696508264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508264, "uuid": "678c3bec-cce2-41ef-ab09-4192d1e677a4", "comment": "Malware payload", "value": "d1d14aa40c89300e5fa8976ed519e231", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508264, "uuid": "82c2b08b-1be9-4987-b9ae-42587c7c88ce", "comment": "Malware payload", "value": "62f2adbc73cbdde282ae3749aa63c2bc9c5ded8888f23160801db2db851cde8f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508264, "uuid": "cac9ba4a-c233-4b28-8cf7-31ffbc73cfab", "comment": "Malware payload", "value": "8c54b1558f2558929e3e9e3927a00e1f7a1a1494", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508264, "uuid": "b6b55a58-a98c-44ff-a9bc-6cc0f56ddc88", "comment": "Malware payload", "value": "625ce6027638c572d59d712007d8219ae8415937c27d18050e88398f371ee9b509a19f5cade697d5016b83479e38626c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508264, "uuid": "d0550ee5-09a3-44d8-8009-68f746630e2c", "value": "T1FAA5BF32F3C5C43BC672177C9E5BB2A994267D102D38984A7BE54F4C0F3A6817B252A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508264, "uuid": "4ddc4e56-b60f-4c8a-9f0e-ce3199e5a9f1", "value": "5f1b02edb6c2d941121fc5f385ca63ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508264, "uuid": "fa24d5b0-a811-4ecc-88fb-d0460e1b9382", "value": "24576:u3ur2dajjr7+keK/+Ro9GIN1KtHO9/LzWCtFTrN9DOD7OD4hEoGECpAGGRMjAzkJ:u3ui02NGUINGH4qHEonk4zz5kH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508264, "uuid": "e2815eca-d829-4ab4-a960-e308766681c6", "value": 2143328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508264, "uuid": "a1ad9118-6d8e-42fd-9f41-6356f103c79f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508264, "uuid": "637e9677-9de3-462b-8222-36cebd6df235", "value": "laminos.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2735854c-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510826, "uuid": "0df00534-920f-45ce-bf5d-0ef0f581015e", "comment": "Malware payload", "value": "7f9dab968a66c88278d6078f24f5643d", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510826, "uuid": "04127b04-ef1e-4ca1-9f8a-c54e41b14cde", "comment": "Malware payload", "value": "631d3a8c5a773f6512ec7b199d10e89da394774652e6b44cf2f3cbf0abc80e18", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510826, "uuid": "0409cd97-985e-40de-b38f-acbf666351eb", "comment": "Malware payload", "value": "15c21247f1e012fa98762e3edde2dab1f0073e86", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510826, "uuid": "35e8abc9-7d51-4e97-991a-13603995792a", "comment": "Malware payload", "value": "ad088214a38262f6a069f6cf2786f16104c06725bc8950e2cb3c92e5acf093891b0ecd3abeb85d0d7d18e662b4aad323", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510826, "uuid": "8696a47c-7c3e-4a8f-ad7b-5f6b2b7611af", "value": "T14845EF039904DB83D00D83F87E5339D90F0E7F29E5D56ADB14A37B8B3A34BA2499A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510826, "uuid": "047f84f2-c0d0-440b-ae8a-78c57db0b719", "value": "24576:CWQmmav30x6Zy8w6VZJd+jhzzZyOw6VE+0S3LCFMbWsATpxSMB4aPJw2x:HQmmQ30qs6Va+6V13ZWTTfmaBZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510826, "uuid": "f61485a2-a908-4b39-bccb-f33e394676ba", "value": 1208832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510826, "uuid": "00573a0f-c37e-47b4-a8af-3623431b3cc1", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510826, "uuid": "ce86f7ca-0ae9-4621-8c9a-f7939ba48e33", "value": "New contract.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53925e8d-637a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696508753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508753, "uuid": "a66328b3-d69e-41ac-8f1f-1a2ea34c2d20", "comment": "Malware payload", "value": "e72afd5359871dd693a9f3e63af13671", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508753, "uuid": "6d554d30-1deb-4e8f-92c9-64f476095c9a", "comment": "Malware payload", "value": "6392503b698a5a969aaa4dcf1491da1dbc0d0d4deb0f23a867ec01991b4de148", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508753, "uuid": "b4c31239-e169-4237-b008-2c19dfe72114", "comment": "Malware payload", "value": "55954fcb6d1a65d2a1679ca1e0f9827674ea6ebd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508753, "uuid": "92c8d1c5-bbb7-44be-91d9-6e275cfde7ff", "comment": "Malware payload", "value": "225c74cf1ac7d9d840860e52d88061f7d9cc0790770f611b1eebb4295ff156dab2e755134b7585eb2311da4a1d390aab", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508753, "uuid": "356a5950-1aa9-4374-a1cd-dbccfb2c2ba6", "value": "T13375E91176F95B59F5F30FB86ABAA611087ABC6ADF11C2DF1251908E0C31BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508753, "uuid": "ddcfab5d-5387-4176-b701-9380de6b6dc2", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508753, "uuid": "e8d36716-5909-4125-bde7-2c55be1c62db", "value": "12288:87+XcYBQvi6GUdvZozMSy1SbpZmPZ/nQQgom8YYquTaxZ9X6a9DhvhN6Z+Ce5:VQvipUdvZozS1mmPK40X6a9Dhvhz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508753, "uuid": "cdae0364-c47d-49f4-a201-c3e2e6161d5e", "value": 1703424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508753, "uuid": "3cf66cc9-4eaa-4ee3-94f9-b349f74afd21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508753, "uuid": "242bcf46-262d-46de-8301-e0c5e09cdba4", "value": "e72afd5359871dd693a9f3e63af13671", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d81dd7dc-63c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696541188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541188, "uuid": "6b07f9cd-f58e-4e57-be4d-5a3e4c10f756", "comment": "Malware payload", "value": "7b70469bba9d761d9b90c49c596575d6", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541188, "uuid": "7051214b-a749-49b4-aa62-db1807dd91b2", "comment": "Malware payload", "value": "63b506c0917d35cbf539bad3ad26d82ea3edbe50ba3f09f6e39a03c969fa8cfd", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541188, "uuid": "c9f35a77-1861-46c6-9796-059e84b4fcbf", "comment": "Malware payload", "value": "ca89ca05ee36b580f713b1e17bb4694506069622", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541188, "uuid": "70e1c81b-583a-474d-b2f9-65baab1fc888", "comment": "Malware payload", "value": "9c1cea85f6a89397f2f8f8f4ec34cd422e32148316c5b185e0b9f0c835e074c977b24764122a6ef6a49edfd215befa6c", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541188, "uuid": "86c01faf-c3a0-47fe-b6be-56e90cabcdd2", "value": "T1A3C0C00E3B18BF7080B09746D91BD44EFC5618E00C0BB104229C08080E04851D7DCD43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541188, "uuid": "7ebbcaf8-c89c-4b6d-8b96-886c7432ed4a", "value": "3:SnfM6mqeXAwLXHPtwrWFFdAFEeIAYRmdKI5MuK6R6IBSMeFy1MFIwporFn:ef8qNWmFvGwII5MIR6I91MFIsoRn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696541188, "uuid": "d1582571-3232-4208-ae2d-dae534aee2b6", "value": 172, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696541188, "uuid": "04737761-a32a-41ae-b701-366dad92ed3c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541188, "uuid": "6c7a1066-7a46-4e5a-a2e0-0b0b2a18ae5c", "value": "communicalink.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8233b55-63cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696545402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545402, "uuid": "abeca900-8446-42d1-95c3-70f5d7564dab", "comment": "Malware payload (Mirai)", "value": "7657b16830c46a4b7046108c0e04bec5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545402, "uuid": "970319dd-7b4c-4f67-bb2e-af7d0f87574b", "comment": "Malware payload (Mirai)", "value": "641dbbc64c36eaa06409122642e25675c15341071e90d8289239842e0b92590b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545402, "uuid": "d31937fc-79cc-48cd-a6fe-e3c9c286ee6f", "comment": "Malware payload (Mirai)", "value": "0db1df93d5165e010f01219317df660d4cbd4703", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545402, "uuid": "bd7517e4-7262-4633-a3e8-45694824cd8f", "comment": "Malware payload (Mirai)", "value": "b86e3633d72372c11d390a13eb1532b73193605a56184ff0454d87a70c6dd86ed464f512d6b06a49801ad05c302a12ac", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545402, "uuid": "b8aeb172-b8c3-46b2-acec-2e80e9f59bd1", "value": "T165D34B46FA418A13C4D513B6FAAF4149333297A4D3DB730699186FB43FC6B6E0E63606", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545402, "uuid": "3ba1fb21-a260-4b7e-89b2-ad3b3fde5063", "value": "3072:fVOaoBmxuVJgyiOP/oxpyaEHDokBzXTWV+84/M/9vDVdYj:f0aoBwuVJgyiO4xpyaEHcsw+8MM/97Yj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696545402, "uuid": "332cbf44-0ba5-4245-bb2b-8608068ed410", "value": 136482, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696545402, "uuid": "a4be4afe-b173-40bd-9944-7869d7338ea3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545402, "uuid": "e66503d0-68b3-4b82-aa2e-9e04b8b3c0a5", "value": "7657b16830c46a4b7046108c0e04bec5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3521198e-6312-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696464034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464034, "uuid": "47fb8df6-863e-4bae-870a-1c259835ad91", "comment": "Malware payload (RedLineStealer)", "value": "6733a0b9f804367c450d7d650612f288", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464034, "uuid": "36947819-79bd-4671-a012-201b9be3fd8a", "comment": "Malware payload (RedLineStealer)", "value": "64b4fdff6a88ebf1ba203f97e6a6d0a5428033bc68dbbba82a617b45f3b49dab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464034, "uuid": "50611045-3f8a-44b7-8b14-7f1b24d7e1e4", "comment": "Malware payload (RedLineStealer)", "value": "8fe29d30ee573ddfd09bb9698ae58b8dbcb808a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464034, "uuid": "6b6042bc-b3c2-4433-aaf7-c9e1c8598591", "comment": "Malware payload (RedLineStealer)", "value": "d68bd38a34fcb79677abdf187d50dd979631896fd5c64dc730e34632fa687555d39148249ce2aa49dc5ff4cd64f1d610", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464034, "uuid": "0629213a-1bc3-4203-aa27-9153f329cd5c", "value": "T1AB743AC0338479CDCC4F9AF1616217788A60D442AA97BB53FC8BACF73859365AF051E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464034, "uuid": "1b5d202f-4fd7-4287-a120-e92163b98f6e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464034, "uuid": "1ce3576d-c593-449c-8bbb-b2e20bad2bf2", "value": "6144:AAY1qeVMuW4iH7HTu2HFblC6sbt92N1avTi:sqbB4IpQ6sbt90", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696464034, "uuid": "8cafdc1a-ca91-4b64-888a-269b22ec71cb", "value": 349184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696464034, "uuid": "505aa3c7-21c5-4250-8ccd-becbcb9234a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464034, "uuid": "09821c4a-8538-4d80-8e6b-f7905a347418", "value": "64b4fdff6a88ebf1ba203f97e6a6d0a5428033bc68dbb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "490866d2-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495850, "uuid": "d06b0062-2881-4a11-9ef7-3b7492f49a91", "comment": "Malware payload", "value": "22360210ed5e1f2c32a5833e097a8b73", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495850, "uuid": "44f66de0-2ef3-42be-a63b-cb272fd97a27", "comment": "Malware payload", "value": "6550486a45e936c85ef1e70973040278aee682de7fcba184b51415526506e569", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495850, "uuid": "f8d25124-748f-4a43-83c9-c48bbcf96a18", "comment": "Malware payload", "value": "05d1162987ef11eb2537336136ce5cd616012248", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495850, "uuid": "96bc773a-0e1b-4de6-ba98-e85ed45c0d60", "comment": "Malware payload", "value": "63ec37e3b94c0c9cd77c2bb0817a9bc22456f4c0efdce479b771e7c1d8daf12d579082fb3dba218dab08132a6fd5a003", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495850, "uuid": "a192f100-5051-46af-961d-ee3d8fa0fdea", "value": "T1FB450152FBAD2A27C04D46300557D7625D3ADD21EA16826B73CD3E387B78B207E17B28", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495850, "uuid": "685ca095-dea4-4a50-a63c-5cac12adcb64", "value": "24576:sO58xO+fTvocrRFjySN3t5v0JfuWT6bLneW8wKxsSUpVD3cJ9fSuYSZSbACkFME0:P4OYTvoYzjykt5v0tuWubLneW8wmsSUI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495850, "uuid": "e5bd201a-0866-4a5a-ac13-08ab9bf3f1e9", "value": 1268224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495850, "uuid": "ac0070d4-ee7c-4c12-998b-8d01e8855d03", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495850, "uuid": "6fe9af1a-50c8-4537-880a-88aad0dd2065", "value": "Hull & East Yorkshire Events - October 2023 Monthly Planner - (Working Progress).doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "338f845f-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522443, "uuid": "54e6f21a-37d6-46f6-abaa-dc856ba3c085", "comment": "Malware payload (Mirai)", "value": "150511f2e0743b1d2c03c09d0dfd1184", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522443, "uuid": "90abf329-dcbc-43db-bde0-0655804067eb", "comment": "Malware payload (Mirai)", "value": "65f62f0542fd0bc6d224526646896f08083496aec5d967f42ea4282a9be5198e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522443, "uuid": "a2c0a6ea-3cf6-4dd9-bd6b-a8f519aa14d6", "comment": "Malware payload (Mirai)", "value": "5cffa15da0078686882acd744502b880456c2752", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522443, "uuid": "6339af74-bd46-47df-bd07-7963667f9511", "comment": "Malware payload (Mirai)", "value": "b7aa5ba91c31bfc29d336974bfc45c4ee911154239b971f5104d2fdbe2efecd88010061b6f467ce1a53ccdcce867ebba", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522443, "uuid": "451245f9-55be-40c2-b246-8deb61c30c9c", "value": "T1A6C31A55FC405B13C6D212B7FB5E428D3B2A17A8D3EE72039D256F60378796B0E36942", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522443, "uuid": "cb9e69ad-35f7-449f-b15c-99390c2d102e", "value": "3072:Dv+XQnRK1g71QNE43UqyNKtO+46zdtbP:Dv+u8y7Ku43fyNKtpzdt7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522443, "uuid": "bbcb8a61-ad84-45fc-9951-88cb411d7e7b", "value": 129792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522443, "uuid": "304b82af-4a4d-4aa8-a54a-6f185fd4c797", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522443, "uuid": "c25bcc3c-8b13-4e36-aeb6-36cb96c7b4bb", "value": "top1hbt.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "729d689b-6373-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696505799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505799, "uuid": "a7aa2995-a186-4b83-98b3-45d05d40e276", "comment": "Malware payload (Amadey)", "value": "bc224d5e840d5031b40f693757ca72e4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505799, "uuid": "82879685-8e9b-4c0c-a329-a137ff69a465", "comment": "Malware payload (Amadey)", "value": "66f976ad643d37fca19bbd0ae13199f39fc4115ae674fed4839f534dda53a727", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505799, "uuid": "4bed1e2c-8e6e-4dc5-94cf-14baffff033c", "comment": "Malware payload (Amadey)", "value": "61faa6d316019e0c89b478257b9e79f318df41f6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696505799, "uuid": "4bd18398-0570-4411-bbfa-41d9a48004eb", "comment": "Malware payload (Amadey)", "value": "9377ba7d5be116c957a0d7b1577e546f221440524d1ae7c28d496be78ac7afd1af6df59d62d1b4c0ac09c78682832b24", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505799, "uuid": "57bb4e61-a6e0-4ec6-918d-f8f2b7b5a2b2", "value": "T1BD952347BFD9A433E8A5177094FB03A32735BC0796B8823D13A55E5A0DF39D8983436A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505799, "uuid": "a447e234-db05-4970-84d4-7fec2bc6833f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505799, "uuid": "295c75be-6a88-4fbc-88e1-a555802674f0", "value": "49152:DDbD9ooeWDJGxbVP5HVRBgJYLKhaKfGBwT:r2CwbVdVsHaK+B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696505799, "uuid": "7a11c5df-0809-4a27-b139-50cf262f4492", "value": 1947136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696505799, "uuid": "0f24b962-2143-4e2f-964f-0d2281e51077", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696505799, "uuid": "8eedbacb-c492-4887-8953-7cc70249f94c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "937318b4-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508431, "uuid": "26f1d572-e03e-456f-b39e-9801c9819b47", "comment": "Malware payload (Mirai)", "value": "943119f0e248a986d44ed8093a9f881f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508431, "uuid": "03e44847-cbba-4a94-bd58-15f9af9b03bc", "comment": "Malware payload (Mirai)", "value": "6715922b0ba5904ac6bf3b24b2047639367bdafdc26459562fb59f3629031a10", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508431, "uuid": "58299927-c6d1-433a-ba1b-d755a92a18ba", "comment": "Malware payload (Mirai)", "value": "2d86c230bcbe9466d791922b82c350e17b8cfc81", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508431, "uuid": "215faf13-2234-4e86-850e-8a09a417a0c5", "comment": "Malware payload (Mirai)", "value": "dfb88507b1b87e4c9e974c57c4a9790c60b829cf78e1135811a4dfea90c2047e3090c14890354c4797dc8bf56614ce3d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508431, "uuid": "614ed6ef-0170-4943-9762-475f7b4be1f6", "value": "T1B2C2D0E07726F931C420AC3DE53A4D8A3A51067C80FF353664258D398EC1A9B63F88F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508431, "uuid": "3d82542c-d759-4909-b4c7-37543f42eae5", "value": "768:eMKyhegCCMqfizjoNpd2vJdX6vwrJ9q3UELud:NKy4qfqoeJdXWg8L4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508431, "uuid": "152ca33a-5361-46e8-9205-56a1fa750e53", "value": 27300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508431, "uuid": "fa041d45-6f00-4037-a011-19eddc5d7e2a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508431, "uuid": "c78c1e21-dddb-4706-94da-53cd45abebe0", "value": "943119f0e248a986d44ed8093a9f881f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b85a3c8-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696494942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494942, "uuid": "08a8c703-c018-44e1-b83e-c61a2488e1fe", "comment": "Malware payload (MysticStealer)", "value": "e3516609fbf6972217835e9ed61c20fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494942, "uuid": "305f6cf3-d52f-437c-b79a-5cb42d2de547", "comment": "Malware payload (MysticStealer)", "value": "68b6a5126661d13b56a808d195850112b421f67457025d5ab0a186dc43cc41d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494942, "uuid": "c1ff9343-fe00-4031-88a2-0a527d1eabe1", "comment": "Malware payload (MysticStealer)", "value": "3f8d9ca9331754a7c8b4e1dde48339994a8dea32", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494942, "uuid": "512acfa3-93bb-4100-87bb-88f4e7951d63", "comment": "Malware payload (MysticStealer)", "value": "859d29b78b80749ea0bb8b53f63c9973435c10f65beef4c634927140b4f900bb8a8422ea72d478fbb5f4f860e65af741", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494942, "uuid": "94ef8967-5b60-48f6-8be1-6b379b0d948c", "value": "T19665C95172F91B49F5F34FB8AABA66114A7ABC69DF21C2DF2251504E0C31BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494942, "uuid": "a9420ecf-923a-4053-96a8-1107c27a56a1", "value": "0019c5cc9dc02122ed11385f5bfdf094", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494942, "uuid": "61f6a785-d724-4336-b582-480a00e152a3", "value": "12288:raWs3sJwo00rnuOVD9X6a9DhvhNELgM/glCl6bj:rmsJw8T6a9DhvhcI8l6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494942, "uuid": "764756d4-aa4a-4f32-b51a-7076576f297b", "value": 1509888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494942, "uuid": "769d56c7-6d0f-4dd3-a183-5e8d702ba99c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494942, "uuid": "b7e20f53-78e9-46f9-afaf-99a7b6702614", "value": "e3516609fbf6972217835e9ed61c20fd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be3a84e3-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497765, "uuid": "b81ac118-e746-4bdf-b913-af54ce2c20a7", "comment": "Malware payload (AgentTesla)", "value": "651a2ef1ba7d9c7c62811a59609a9d03", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497765, "uuid": "097fb759-35d9-40a8-aaa3-fd62c7fc9e49", "comment": "Malware payload (AgentTesla)", "value": "68bfc9ed3467e7772c67f3e8d73243b8221d6a99612ae9bf3046818ff414c6d7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497765, "uuid": "f653959d-324d-4517-aba3-6f756f359072", "comment": "Malware payload (AgentTesla)", "value": "44c66dcbe2ff4fcba9c779c93c6d35d76d4f0481", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497765, "uuid": "81827954-2d61-4937-88e1-da22057cda67", "comment": "Malware payload (AgentTesla)", "value": "24b0a03aba8c03f70cd8463a4076b1f338bab760ae119f321a05ca076dac2b655d78fe09416c6fd128f53bbc26cd6ddf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497765, "uuid": "2474c633-4737-40bd-9f06-a48488ad5e48", "value": "T11C6472077E48EB21D6683D3781EF6C2413B2B4CB0673D65FAF48AA6529512436C6E33D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497765, "uuid": "01b83828-5338-4eb6-9590-a5d92318d32e", "value": "12115494f2c86ccfa8a7bf3471dfac33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497765, "uuid": "005c8526-3bd1-4a40-b1fc-860bf4fcbdff", "value": "6144:mDthOzj8VzK2UcTcN3Oc349uibAzgvjBf:mJk8kocdo9uibA8vjh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497765, "uuid": "c3af23e2-258d-48d1-8160-c603bd08dcbe", "value": 323584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497765, "uuid": "adba6e57-5583-40b8-987b-81cf05602132", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497765, "uuid": "5b410bb5-e847-4215-abd4-052c47629bb1", "value": "651a2ef1ba7d9c7c62811a59609a9d03.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a2bd9f6-6389-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696515153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515153, "uuid": "bc258441-0c8b-4eff-81f6-a02e2670fb62", "comment": "Malware payload", "value": "e835f3c36db7abf2c4f7a81738f24dd2", "object_relation": "md5", "Tag": [ { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515153, "uuid": "7d3d2afb-816f-4a6a-8d5c-e787a12d0325", "comment": "Malware payload", "value": "696e8fa2058676eecb75b40f371938419fa221f3a1daa4cd298193120a5e1e2f", "object_relation": "sha256", "Tag": [ { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515153, "uuid": "35b9e55b-0ba0-4ace-b28b-e1659a1b1680", "comment": "Malware payload", "value": "8ae15d035bf9004f42b05810aabbe7d44dce94d0", "object_relation": "sha1", "Tag": [ { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515153, "uuid": "e8dfd1b3-b9cc-43ca-9f03-7facc929ce35", "comment": "Malware payload", "value": "180b028bc72fc688e7b56840243f2ab01acbe516bf2bc871f87bd31b459529cc2e7d52441ec70dd431868be53ca6571c", "object_relation": "sha3-384", "Tag": [ { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696515153, "uuid": "dc240296-2310-471f-8df4-e870d6e61e5a", "value": "T17664234DEC39B167D2C8F8AB7E57ECD7AF3C6792034F66A175404248580939823CB66B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696515153, "uuid": "e3151c64-69d2-41a1-8289-d53b6cdba4e1", "value": "6144:WbnSUZZ9NRaM2mpnvZkKxQdNQhjO5uQ1EJwjFePHMRI5p86ug5feN7/jYW6b1p:BwJa+nvZkQQAO5uQ1lpePHT5pxxeN76T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696515153, "uuid": "cd9891c9-4b31-4077-84fa-a266065b951e", "value": 320420, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696515153, "uuid": "21506e1c-0b93-47cd-bc79-9f2ff87801f3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696515153, "uuid": "a95e5c81-a0b5-4894-b6e7-243a6b47217c", "value": "SHIPPING DOCUMENTS.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a34e9299-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508457, "uuid": "cb30852b-96bb-4b8b-af27-10c865bd54e7", "comment": "Malware payload (Mirai)", "value": "fc643c2ad76f04709564a4fd6d86a79c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508457, "uuid": "2be82b6e-fb52-42da-a2f0-70601a0590d8", "comment": "Malware payload (Mirai)", "value": "6a545658b2e8f8fb789cb4e81eec328e5008a0d02f67172f2ec164e7c50a372d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508457, "uuid": "1a291ec6-58f3-4a9a-93c8-5247041bfc3e", "comment": "Malware payload (Mirai)", "value": "0b191b30d02e9daad3c32a49744b0fb4002a16ee", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508457, "uuid": "35e15703-a3c9-46aa-97d7-d438ed6d5868", "comment": "Malware payload (Mirai)", "value": "e59cf0f894a861c0e8e230e0c7b92be494b6f54c8ce37f8bdf4689e7f56d6db0f9f8d4f847cb3f4d2392763e335e7513", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508457, "uuid": "8196cc70-9d78-4a6f-abef-3675b8a294bc", "value": "T1BBA2D029D3456FF4DFEF9DA092C2C3C27BE547C62786C8E240EEAF016606046B789D59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508457, "uuid": "1d90b733-53d8-490b-bfe3-8141fd56fc0a", "value": "384:M/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5DM4uVcqgw05VxJt:MRxsSVsMD6xiJJE5zRWNm4uVcqgw09T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508457, "uuid": "bf1ddeaf-bfee-48fa-8cdb-c407877986b6", "value": 21884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508457, "uuid": "87e70ce4-dc28-43b0-9960-f29ba67dc9bc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508457, "uuid": "7272c46d-2cd0-4e78-a4de-ecfc6f6fcf97", "value": "fc643c2ad76f04709564a4fd6d86a79c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4e13bb1-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1696510634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510634, "uuid": "4fff7ab9-358f-44a5-bafb-dccaf455c4c8", "comment": "Malware payload (njrat)", "value": "b52996195bd6af110e82523da49f7bd9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510634, "uuid": "652b0e3e-dbc8-474d-bddf-84aa7f7bd35d", "comment": "Malware payload (njrat)", "value": "6a65ffab90209b9a5fad0523b2878228f7062afc4679742d1efa0e77f419a8d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510634, "uuid": "b0812069-fea5-4496-b39c-6f33242cfaf6", "comment": "Malware payload (njrat)", "value": "9a85fa621679d1629b15f6ed2953f4d7665f5091", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510634, "uuid": "7a33eaf2-733e-4737-b270-c22cd3e3aedd", "comment": "Malware payload (njrat)", "value": "ff4aa5d1544fa87fc8856eed3f9c43db19c3b612564bcae5f4b5f75ad72440d7f63803040cd8d99ce8431b8459d43118", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510634, "uuid": "186f80ad-2d23-45c5-8157-0bcafddd58de", "value": "T1CF033B4D7FE18168C5FD167B05B2D41207BAE04B6E23DA1E8EF164AA37636C18F50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510634, "uuid": "e3b964b9-b876-4b00-8d34-00b31389b7b8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510634, "uuid": "f7c14ca0-06f6-4d85-9451-83b227a71940", "value": "384:63OqIiuhjtD+P3V+y0bLqXOtHBEs++LhrAF+rMRTyN/0L+EcoinblneHQM3epzXO:TpmV10bLqXOtyN+9rM+rMRa8NuWpht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510634, "uuid": "30c55734-91e1-4835-b635-3d7884d6eff2", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510634, "uuid": "190cbb28-c622-49db-a73b-a6f000277473", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510634, "uuid": "03f83a60-0476-40ea-8b4f-9accb7783746", "value": "Server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5257574a-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491571, "uuid": "432eb290-2400-42d4-9d18-1f9c962fb344", "comment": "Malware payload", "value": "1d6ce742783a27c0ac11fc1c178954fa", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491571, "uuid": "3ad3b87d-2ac0-493d-aeca-a2f22f6e1caa", "comment": "Malware payload", "value": "6ababb509555b4a45a521d6f25c8226c4ff6c044e891fa94925af63c16e07b3f", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491571, "uuid": "331570ec-2327-45a9-a800-0dba0b871737", "comment": "Malware payload", "value": "dcfb5bb0f4abc1d1eb33466174806c34da20c745", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491571, "uuid": "e2220a34-2b95-4ee5-9546-6f1b62a0dc13", "comment": "Malware payload", "value": "a67b8ebc24c92f85f2a221f67ee1d37b6874d08f9c4f39d8c57dc1c4b4efa4adba6033751f707695a63d8f348023d5b8", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491571, "uuid": "6efc0aad-890c-46f1-af8e-539e38fd22b6", "value": "T141D61A429A1AFFF1DCC278F40537BFC4E09CEA26C84968C9FB4AC654A5F2E05991DB14", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491571, "uuid": "659367a7-f132-42ce-be51-e77ef8069be4", "value": "196608:EFMn8IJkPZ+kYiTn4fhSpXDb5Uce1uFb2ziUjSLJmt:EFm8IJkx3Fn40ZDba1uFKuU+LJm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491571, "uuid": "0795b101-ffbe-4df8-928b-d2b66d350212", "value": 12853344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491571, "uuid": "2259f4be-015d-4a7c-9e23-172df2b9061d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491571, "uuid": "c825af82-0911-47c1-b7a2-bbb2b7d1528a", "value": "6ababb509555b4a45a521d6f25c8226c4ff6c044e891fa94925af63c16e07b3f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa89716e-63a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696527072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527072, "uuid": "02f5c6be-8c37-46c2-9aa8-f302fcf73129", "comment": "Malware payload (RedLineStealer)", "value": "c43b34c7650870584c72d20bcddf7df5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527072, "uuid": "a2ec66ea-ec47-4e34-9558-1235a502d4a6", "comment": "Malware payload (RedLineStealer)", "value": "6b4dffdcad76a50d5c6268c998e23b297eb666174e871973f3b7684b13cfec2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527072, "uuid": "4d120bca-bb21-40e0-a76a-024830ece054", "comment": "Malware payload (RedLineStealer)", "value": "a1c3d5ed3ed17afb8e8fd32d7ada9587c6b8e4c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527072, "uuid": "084c05e1-d120-487d-96ec-ecb12aa0484e", "comment": "Malware payload (RedLineStealer)", "value": "10c86486d9dd3a0bed92c95df44b18353a2179aef30100207f5875c9fddde20feb4321116317164728726cd8977b255a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527072, "uuid": "14f38eb8-27b2-44e2-8801-991bb9b45e7f", "value": "T164953353F3F991A6E5785B7814FD168327313D939D3847321E86A88B0C62AD1B13A37B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527072, "uuid": "8932f99d-82e1-4a3a-b9c3-e510f5012623", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527072, "uuid": "0ea946ea-2755-4ce9-9eeb-427e587765d2", "value": "49152:T2nzptFlzTn4h4q6sFOUctcMJkyFAcJHRQF:in9tFlz8h48FixlJHRg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696527072, "uuid": "26bb208c-ead2-49ab-9b1d-13e4cfa75b9b", "value": 1931776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696527072, "uuid": "c265a4f3-d3a2-4ebb-af4c-bd095f4a1cfd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527072, "uuid": "3e4768ad-5889-4538-ac44-0fc7608e3c6a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1597de94-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696535278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535278, "uuid": "7bed34aa-c6b4-4e3a-a09c-117fa4425fb4", "comment": "Malware payload (MysticStealer)", "value": "1e53a3f93da0648299f85c9e638d0faa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535278, "uuid": "2f4cbcc8-506b-40fe-9215-62a86c841a88", "comment": "Malware payload (MysticStealer)", "value": "6b6457f9fa9fa653bf15f9fe7878bf7d10c95febeb6632434d6500be7684d88c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535278, "uuid": "603a57d3-da9c-4d5c-abb5-4d01e6cd859f", "comment": "Malware payload (MysticStealer)", "value": "ede2645f9f99aa8f394f92fabe80c2f9bb75f3d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535278, "uuid": "c589fe59-05de-4262-9dd6-e3703123ff46", "comment": "Malware payload (MysticStealer)", "value": "e2759db13361911ec182b0a13d2b2107ccf5ceffd8a80a932754202263c6db50ded613d8c3cb295dbea55f12c8ceb41d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535278, "uuid": "515c15f9-046b-461e-8475-ec963918e9b1", "value": "T113851A1176F95B59F5F30FB85ABAA611087ABC6ADF11C2DF1265908E0C20BD18970F3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535278, "uuid": "5f61d57d-bf15-4f70-99a5-f276ac2cd488", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535278, "uuid": "9f84ccda-7ffe-47b0-ab6b-e947f112f5f0", "value": "24576:oxY5A0vimILMPcVZT6gH/A2Z36a9DhvhNYGzgEf:e0vimILMP4l6SAO36a3vRz/f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535278, "uuid": "4c1712d3-a7d4-4fa9-8a8b-ce041727555d", "value": 1827328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535278, "uuid": "a9166bcb-3f9e-4dfe-9d9b-41d3bb74503e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535278, "uuid": "b4bc4874-9810-4e28-acee-7a2dc5ee8c92", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a5e0bd4-6380-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696511207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511207, "uuid": "01b92a78-ed86-49d1-a3da-212b42f76373", "comment": "Malware payload", "value": "b8afb88f471cf88b67db6a39ff4053e3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511207, "uuid": "dba83ffd-7cc9-46bd-a227-4e93a766efa6", "comment": "Malware payload", "value": "6ba71b02669ff6b6e939e334fd5b2aa907bfd3f54215c19df094be1cd5b948f8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511207, "uuid": "79675aa7-6e72-4d8f-b64f-f4d42508475c", "comment": "Malware payload", "value": "1c3c992f74a7905af067ef49657537e71be67413", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511207, "uuid": "e43935f4-e9a3-4a56-8683-e8a3beb80899", "comment": "Malware payload", "value": "cc59c2bb862e6a59c3a9350c20c23c1a164b187c3645ba430a2396e08cd2d8f4f6ad01beac44ab1f167ff7698ec5246c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511207, "uuid": "e9cc8427-785a-4d82-8fa3-2f9e2451d1d9", "value": "T185851C1176F94B59F6F34FB85ABAA611087ABC6ACF11C2DF1251904E0D21BD08978F3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511207, "uuid": "f50ed930-6ade-44aa-a2d7-99989fd01ebb", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511207, "uuid": "4d46e234-8b42-4f6c-8d3b-76d9c241a834", "value": "24576:+wxY5A0vimILMPcVJT6gH/A2Z46a9DhvhNSf:+W0vimILMP4V6SAO46a3v2f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696511207, "uuid": "19003654-f2c6-49d5-9370-3f5d5df9b849", "value": 1827328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696511207, "uuid": "5d477bd7-1a34-4059-8d7c-2a3622b58ac3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511207, "uuid": "dc897e0f-f2fa-455f-9290-9f230759781f", "value": "b8afb88f471cf88b67db6a39ff4053e3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5ee0333-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696494745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494745, "uuid": "862998ff-96c8-4367-a5ef-a6bfb50c40c4", "comment": "Malware payload (Formbook)", "value": "7874a68e9ffd47b1f75e64dd736c4924", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494745, "uuid": "077e3e01-ba71-46af-8edd-ccf1a62afc36", "comment": "Malware payload (Formbook)", "value": "6bd3e0a979dc756642ce746393277e69301b3fe43aa4f30b7c8fbc563d7ae842", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494745, "uuid": "8700ff9a-ce06-49bd-83ad-a0d63ca499ba", "comment": "Malware payload (Formbook)", "value": "fcad4f405e4e38cbe83981fdb2935c9c0d41fa61", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494745, "uuid": "b2955e46-994c-4b81-bb0a-ab005f35d4ee", "comment": "Malware payload (Formbook)", "value": "1f0868a72ed03cf6997c17974583882f6348325bf89848b33053b195c48ad9b3517671b50092ee589f7393cc7feae0c1", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494745, "uuid": "29def887-5b0f-4d30-972a-a9b251bf7d69", "value": "T14454239C16D830A137C990C99FBB1037A9026485D39B4AC3DD3E8F99EEA9E72607540F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494745, "uuid": "c4956a0f-1a54-423a-948d-5f70bfc64a7b", "value": "6144:A9C7HtToil+10FGhixMpit1Ho6k0wzHq9/CYArX/F2A1:A9ge10Ahixwivo6twzHq9/CYATdT1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494745, "uuid": "28b862e1-35ce-41ff-b509-84aa9b45d8c4", "value": 295541, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494745, "uuid": "12e85cb8-62e3-4c2f-9897-63287ac2c8fd", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494745, "uuid": "7de29931-82bb-4385-bf53-860721766221", "value": "change in staff positions pdf.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "514d8d39-6367-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696500589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500589, "uuid": "37b437c9-c05b-4854-8f73-851505236130", "comment": "Malware payload (RedLineStealer)", "value": "19b2376ab58baa89c90df5156f38bdd0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500589, "uuid": "4c0d69d9-c381-42a5-bf4b-eadfc0db673d", "comment": "Malware payload (RedLineStealer)", "value": "6c513ba352cb295440c086f5a6894f8d91eee105fe218a267c7306045a7ce0d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500589, "uuid": "2e219416-396d-4c11-aabd-c76522904c82", "comment": "Malware payload (RedLineStealer)", "value": "eac54863bd176fb2c8bed57b39c83bdd6775cbe6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500589, "uuid": "6aca4011-af73-4b6a-a91c-fbd31405b42c", "comment": "Malware payload (RedLineStealer)", "value": "d115cf6620ed22dc4bf5928d74f9f0593021d2f548c62c44061b7e78f29050056fad9cf47c0a0c844c4c7af78cd04233", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500589, "uuid": "654e0d50-c3f7-4082-95b7-c5e3879c6424", "value": "T11E95231776C88523FDF133B4ACF643575E3A7C621C65919B2BA6AE4408B21C4BA3137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500589, "uuid": "ec3121a1-0823-45ba-adeb-c27c9084664f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500589, "uuid": "a9f68c27-7fde-4663-bb33-12e837150aee", "value": "49152:kv/Sw8bkTMO+t1DQV5rmJNhKJN2Ezq+01kjzzKy:KSpb2MOiQ3RNk+Iw2y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696500589, "uuid": "4e84604e-bbe2-42df-9c5f-168a4c4b5ec5", "value": 1907144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696500589, "uuid": "e1cc806a-5a1c-464e-86ea-aa61f15d1114", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500589, "uuid": "b59dbe58-c14b-406f-afb9-5094c5b5560d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f23c19e-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696496397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496397, "uuid": "76f3a153-d43b-4fdc-9a3b-4f866830ea3e", "comment": "Malware payload (GCleaner)", "value": "1c7175316b4cef5d06929b6908f420b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496397, "uuid": "6c5918a2-5116-4f64-89a8-a4ee6adfc6a9", "comment": "Malware payload (GCleaner)", "value": "6d0d0bfb0234dfe8b53845a003af0e8dc32f3be55a93a5a0ac7850f24c6df80a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496397, "uuid": "67a2e7b9-81c0-4928-b60d-1ee4c54eddb4", "comment": "Malware payload (GCleaner)", "value": "03fb9f6b311e4b14dbfd9e75dd7312927e65c139", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496397, "uuid": "0c38ed6d-4ac2-4e80-bb27-d29c474430c8", "comment": "Malware payload (GCleaner)", "value": "65e461e9f41109c864ce575d6420cb5586b44d194bd6903881f827d0577cf3c31af4fbbf314c1c177c4740bf6de301b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496397, "uuid": "cfe3ef07-1295-478a-bfad-3a0b496760f8", "value": "T14554E1213AF3C872E7B345355438DB856A7F787255B1849F37140A7EAE202D29A7231F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496397, "uuid": "1339463c-cdd6-45c8-9883-2a925cbfba53", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496397, "uuid": "a97dfb4a-653b-4ab2-b3d5-f8466845cc0a", "value": "6144:Xfxwlu/agMRZXlNFcAYByWsCuHQvwI4J+j1br:XGl8agMxPGByWeQ4d+jxr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496397, "uuid": "3d240431-d6f8-4255-aaa6-c2465ba0dd7b", "value": 285184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496397, "uuid": "b9841d96-2564-43de-9905-86c1270bcfeb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496397, "uuid": "8c1061a0-ed9c-4152-8112-2a26f5277e2b", "value": "1c7175316b4cef5d06929b6908f420b1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd6fc2b1-638f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1696517950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517950, "uuid": "413c62f2-f9e3-450b-b6be-7072b88e034e", "comment": "Malware payload (Gozi)", "value": "8086be77a9f38efa3a06e7ba743972d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517950, "uuid": "a6e4f528-afb8-47e7-b538-82834d8a9978", "comment": "Malware payload (Gozi)", "value": "6d2092ee3351eab23a925073e821d6cc3e78d903415d26d6998d0aa22669ed4b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517950, "uuid": "caf2a22e-3d70-436c-a74f-591abd6a35fd", "comment": "Malware payload (Gozi)", "value": "6ad2b8ff69a9e914828766b49a4156e58400f722", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517950, "uuid": "b921fd72-46f5-4da4-82c4-aaa672fa49f0", "comment": "Malware payload (Gozi)", "value": "69588d6ed04f8a5d451aac9c11ec9502272484df1b0e732f0f647340fd25a2f60d632e516847865509e1e4c6bf8c9e18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517950, "uuid": "f25e978c-3fc1-476a-a4b5-c51b6f58d639", "value": "T17C345B6AA3E50995ED6AD5B6CD53D227EBF334091B24C30F53B0CA9A6F17722B11C302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517950, "uuid": "c74e08f1-7d45-4fac-8f00-75ba8c3553a5", "value": "3072:rXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsFXSTFCr56cjfyfr5Wt:rX72v82Wldh1KeRFSbaWrxlsFr5Kz5G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696517950, "uuid": "4dc8154b-0943-4ead-a43c-f467073386bb", "value": 249856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696517950, "uuid": "dc04d246-8eb8-4585-a8d0-578ab74c00d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517950, "uuid": "27196324-832d-4327-bcf3-26b877d87545", "value": "900000.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2e8e799-6353-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696492136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492136, "uuid": "b33d705c-3a3b-4018-a8f4-957684e92f5a", "comment": "Malware payload (AgentTesla)", "value": "a440d6d47ca8f7400651a27c89d1a672", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492136, "uuid": "c012ae84-05c0-49c8-abc4-d3dabe658b0c", "comment": "Malware payload (AgentTesla)", "value": "6dc931c6e6bb664614b04a12dc10f16e91c1d330a767cd2b7fb3dd3fcae7dbf9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492136, "uuid": "62c7e670-cd15-4e08-8c17-cb4606de4d2b", "comment": "Malware payload (AgentTesla)", "value": "4d885ff6a05b1873283f6c33960c14f61751368d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492136, "uuid": "915751a8-0ab3-4b66-9530-77984afaf2d0", "comment": "Malware payload (AgentTesla)", "value": "09044d89a72f86e726d4c8fd477d6ac5403b95518536e66454fdbc0822ed9d7d2cd421542f1860864c8aaa6877af9a84", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492136, "uuid": "340fe03a-e958-4472-903a-35e6b35d2cb1", "value": "T19855E00B9414EB86D00D83F8BE2339A90E0E7F15A7D169DB14537B8B3E316621DDA2DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492136, "uuid": "bdb60a0a-24e1-4431-ab05-a0799b2c0566", "value": "24576:aWQmmav30x9ZyWw6VuanAXZSEWZyXw6VQAXZS6q+xhbxkovEJGIdKHfwDx:/QmmQ301C6V0ER76VPEOxrvAdK/k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492136, "uuid": "f88e3d3e-7687-4040-9c6f-ae7fdd12f308", "value": 1376256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492136, "uuid": "343c825b-fcc7-440e-aea0-caa57e178b29", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492136, "uuid": "6ad976fb-66c2-45de-aecf-6e93e36168ab", "value": "SOA.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "015fd0a4-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501743, "uuid": "1e3083d4-f658-4694-82b5-702f8160c6da", "comment": "Malware payload (Mirai)", "value": "95cba8f631c858ccc7608abbae13300d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501743, "uuid": "2d58d916-3df3-48ff-8afa-79f6f37b4c3e", "comment": "Malware payload (Mirai)", "value": "6e02aa8a3b5fc3163f695b593870fd4807ab095de1169b820206dc462b0156c8", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501743, "uuid": "d0c21bbf-8cf1-490d-87b7-c32fd751ed7f", "comment": "Malware payload (Mirai)", "value": "952b8a2b81e91df029fda2377d9a3e18cabe8377", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501743, "uuid": "d5a18967-8420-48b5-bf4c-68caf075a11a", "comment": "Malware payload (Mirai)", "value": "a7ad612badefdbbba70568a913c5cebc02f032385d5e5150728fd6ee13695ee59a2588f2a760d9b269ace75445253fad", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501743, "uuid": "7613bcab-05e0-4a76-be63-1bba210ba93a", "value": "T17204A81E6E228F7EF268873447B78E25975823D627E1D694D1ACC1102F6039E641FFE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501743, "uuid": "f0c056a6-2ee6-4d60-b380-ed6ff4c300ea", "value": "3072:YBClC1WLwhztysGgi78x4VrtGtA3A83qW7xUxxxxxxt:oCYxF22YrGAQ8N7xUxxxxxxt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501743, "uuid": "69a1362d-b45e-436d-b4a8-1897d2d53a08", "value": 181696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501743, "uuid": "3cfd9fcb-d882-474f-bc60-10307e052c07", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501743, "uuid": "2966b33c-1842-4d43-b37e-d622c2f6b865", "value": "mips-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bd60210-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696496311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496311, "uuid": "c005a090-28c2-4c00-a20b-e0c270bba403", "comment": "Malware payload (GCleaner)", "value": "a5fa0cbdbbb74d6cf28c0c48703efa6a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496311, "uuid": "590e1c19-9a21-4a7d-8ec5-07add27d7cb1", "comment": "Malware payload (GCleaner)", "value": "6f0274a0e17ea613a840cd89a838151a3bbf145dbbedccbff9efc7ab762b82e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496311, "uuid": "8a1eb271-afeb-4d92-943a-b0710cc0aed6", "comment": "Malware payload (GCleaner)", "value": "c3a2902e79da6612fee788a7a45bad8907ca125d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496311, "uuid": "918cb2b6-9000-481a-b8db-e85e0b3747b7", "comment": "Malware payload (GCleaner)", "value": "1f5b8e01bf90f6512241a591c618a13808bc7a47bab233090bd06fa23969dbaa0f2a80dd73b4709898c6542bbe77db47", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496311, "uuid": "aeaa9c3a-1f27-449e-94c1-dba75927b5ea", "value": "T14154E0223AB3D872DAA355785434EB946E7FB8726671854F3734066E5F103C29EB3322", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496311, "uuid": "dfc7c7b2-2a15-4af8-b1b5-23cacd9f49a9", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496311, "uuid": "ec48d2f4-15a1-405c-8e2d-6705d4c1c6c1", "value": "6144:OAHubgBaYwRuZ+0Oi5cY9ZawOPOQBEkB7HfoxXhg:OlbQaYm6+0mY+TZZRgxxg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496311, "uuid": "60ad01fa-8baa-4a2f-a882-bee72cbc7677", "value": 285184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496311, "uuid": "91f8b1a0-81e0-4516-9085-e1e79c57429a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496311, "uuid": "b6a20458-6ad9-4b57-bc65-3237134905b1", "value": "a5fa0cbdbbb74d6cf28c0c48703efa6a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06cb8e0c-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496598, "uuid": "98dce038-ff82-4ef9-ae0b-c305aa10dc93", "comment": "Malware payload (AgentTesla)", "value": "b14612f2c9eeff9fe1f1c3f075845d8f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496598, "uuid": "1f44e764-6070-41f4-ba1b-66adaccec49f", "comment": "Malware payload (AgentTesla)", "value": "6f3b767ae637d5792bcc7ae9f20832dcfdfc7d6e513f8c2db246a78371fe7f61", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496598, "uuid": "e588d34a-0424-4f21-b298-104daa7e3585", "comment": "Malware payload (AgentTesla)", "value": "d28e85c39f6008c5b5afbc8a7bb947a0c419bbde", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496598, "uuid": "6e3d19a7-8b9c-42f1-ae15-433ab8be1094", "comment": "Malware payload (AgentTesla)", "value": "0d92da8c1abe62f3e162f8fb4f478205deba228a1a0fc84a168a7937def4f8377ac178b740987e8a958370678985d704", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496598, "uuid": "c2a02316-6d1c-4e5a-8cf7-a076bce2e25e", "value": "T13941AC051BE60358E2B78B3DBCBAB2115532BD64EA13CFDD02D0D2882874224E476F2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496598, "uuid": "ce7f5529-a767-4310-8b25-ed84eb508d82", "value": "24:8r16IE4SATYKuhW7MZ3ANPWkp+/CWP2+/CoF4qElnetyHjr4I0WUGCGipK6+/CUv:8B6aSqFND0NMnetyHjUICB82bq4J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496598, "uuid": "d67eab24-5f98-4310-b79a-298ff531e13b", "value": 2102, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496598, "uuid": "ccd6d6a7-1468-445e-84c0-77b10f0a27d1", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496598, "uuid": "a22f655a-e70a-4105-985a-828383ea685e", "value": "PO-098564.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22998bb1-63c3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696540024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696540024, "uuid": "aeb86cf1-95fe-426c-9981-c358db89fd08", "comment": "Malware payload (RedLineStealer)", "value": "d5fb73bcbd2b335ad93db5c6dc87bff9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696540024, "uuid": "c5c9d77d-6469-4469-a859-26293bf70c80", "comment": "Malware payload (RedLineStealer)", "value": "6f4367aebf6ac6bba5acbeda0a097331c2d213290f6d487611ecfa393657e5dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696540024, "uuid": "2630fcae-38a6-46f4-8377-381867edb75e", "comment": "Malware payload (RedLineStealer)", "value": "7d5ffca40a1a3e1ecc9308c4b21b6a1f0c900e8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696540024, "uuid": "a1ef38d2-c51b-4d4c-b536-ab043c2a2bef", "comment": "Malware payload (RedLineStealer)", "value": "4d3da8f55d0ae80d2e02dffaebd661c362795247ad4d9682f9b152440d82128fcdd0e899a8218946db0d3012287eb923", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696540024, "uuid": "cdd80933-d0de-47d5-9387-8c48fed01a8c", "value": "T1FE95234861E166BAC4A01B7498FB02831776FDF05F7883DA369AEC4B0D728C194B1B5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696540024, "uuid": "3a599cd9-dd68-41ed-8a95-45ba8e300693", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696540024, "uuid": "cfbcd4c3-1196-4fc4-8e85-80c9e18a749b", "value": "24576:/ySzwq4WimIs7/h8cxzQvRaRCAxJOGuhiV70vRJqOf++/4wegOy/cKJh4xhbqKuS:K8wqIVKGvRaRPOeQvRvRxegOoJhi/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696540024, "uuid": "e0e2f0cb-54b1-40c3-9f36-98cc46bf9366", "value": 1920000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696540024, "uuid": "b7618933-cfe1-47b5-843d-b9174ba69236", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696540024, "uuid": "87998ee2-59b7-4907-8b7e-f5fd1fa27d23", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd011a24-63a6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696527828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527828, "uuid": "e65c7878-3027-457d-afb8-51a7f277b958", "comment": "Malware payload (AgentTesla)", "value": "af66c287c8d0f07d706a0c925f8274da", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527828, "uuid": "450d073c-b0c3-4db2-8e6c-7cca067b602a", "comment": "Malware payload (AgentTesla)", "value": "6fe23106e705089bc51a81997ce501bc954440f45f8cd425fb23871a3a325886", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527828, "uuid": "b4ed35bc-3832-44be-8e24-ff5596e023aa", "comment": "Malware payload (AgentTesla)", "value": "95112ccdd32822c6ba8a27abfb0fe2e58beee258", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527828, "uuid": "80ac0d17-6fa6-4085-a8ee-f2c9aa739564", "comment": "Malware payload (AgentTesla)", "value": "5898b6b9e658f51459cd180e7b86512da8e487046ceb9baa7b2d239daccd529a08b1bf0b3f76476f2d1875fd3575b014", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527828, "uuid": "a842e584-cbfd-4c6a-88d6-413877ee8dd8", "value": "T191156B1032F55B81C03AAF7583540C49CFE6BE3A6E3EF42D6D9CF185A537A818A66CD1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527828, "uuid": "62cdcbeb-6f18-4fca-8cb2-f65906d3353d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527828, "uuid": "20b7b254-a795-4ebd-bb05-06a34f47f34e", "value": "12288:LFGbVrdi3IrnC14i1BQFK5ksU0BITp1HKDff2fiUaBjr+CZJKxXHglY4MXZKe60P:LFGRc0nC1NhXBIerf1Uij6CIH/4MO0P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696527828, "uuid": "5549ac16-1e77-4504-987d-88b29515ee73", "value": 928768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696527828, "uuid": "4093b652-ce65-4e5f-ad1a-6b22ae0f6b4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527828, "uuid": "d5f1a6e3-9598-4b68-bf2b-4aaa801ac213", "value": "CourierShipment.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4b3506f-63a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696527008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527008, "uuid": "25f76887-7953-4d4c-b4a3-7b1c314f7b60", "comment": "Malware payload", "value": "9fad3cd00c8dee4bb877f0f1fbb8dc84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527008, "uuid": "4b7d04c3-c5b4-498f-8233-2f45c44b4c8f", "comment": "Malware payload", "value": "70c0ef97db97e10004d5b57cb0a26f02aad81cf0bbef8e06f8557acabca625ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527008, "uuid": "c38bf413-091e-4ffb-9187-9d227f4bddec", "comment": "Malware payload", "value": "3f35f0e293d43d23223d2bce976fb37df71cf83c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527008, "uuid": "4998d5b4-110c-4508-b4d7-ed653b32ae56", "comment": "Malware payload", "value": "962d565d09584685989d0e01c6551951c72fc6e610e9cd8592d0fd44187566c7b04a69b4e92b45915b849d90a3fc40d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527008, "uuid": "adba891d-b8d4-40e9-8d1e-d903aee85909", "value": "T1B3F37C1136D080B2D177423619E8EA605A7DFDB14FB29E5FABD80E8E0B741C19A35B73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527008, "uuid": "ba4780ca-1893-46db-b276-a2fcfe4150bd", "value": "d42f205bb87da9f129870c596a747ae3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527008, "uuid": "cff5300e-a8c6-4ccc-8758-eb9c17d339a1", "value": "3072:v+8t+lqKrGGyzJAaMo+E4uRW+2qJavzvT3JHK:v+8wiGSPt4Dzrd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696527008, "uuid": "39150cc8-e5e6-4521-8851-84f4ea4de0d3", "value": 171008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696527008, "uuid": "ba779d03-edea-4cc9-ae1c-cfb2ed4e1fb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527008, "uuid": "58f3e181-8453-4768-be16-a83f05441eaa", "value": "SecuriteInfo.com.Win32.RansomX-gen.12267.11679", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54b93322-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1696499735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499735, "uuid": "0a99472d-70ba-4ff0-9412-1e90a2c78e44", "comment": "Malware payload (Vidar)", "value": "3ac51f92542f2b761956c562ff3244b5", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499735, "uuid": "39bb7f92-01d0-4df7-804f-bedcea831c5f", "comment": "Malware payload (Vidar)", "value": "70eec079b5317455429f24c081b6cf29c0f04d5708c4c2b767b76172643be57e", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499735, "uuid": "9a9b8a46-4187-4d57-b77c-09e8ab2406c3", "comment": "Malware payload (Vidar)", "value": "104cfcb041c9925fc414909df03bcb8b943385ff", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499735, "uuid": "9caeb75b-8d4c-4d34-bf4a-2f60648eec3d", "comment": "Malware payload (Vidar)", "value": "6d73da0a36f4e4b1703fddfa4756ddfe52f54f36521bd2a2e960a62171a0c4edf499c8a047abd65324bed3405c9e5ceb", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499735, "uuid": "548b50a7-73ae-46f1-8e06-bc35f1926206", "value": "T176160242E7D780F1ED4765B4117BB33B9A31A709432D86C7A3943E56E8313E11A3A3DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499735, "uuid": "d3224266-3e8a-4104-9f6e-1ed5e4f04c0d", "value": "9e604fa03f90625680ac2f8bef162aff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499735, "uuid": "ebb2496d-cfb5-4e29-951c-051b11074a35", "value": "98304:TVHFXSCmqsSgfkV9JCESoN0SwXOc3VpdilL:TVHFXSCmqsMXBSRSWO2fiV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499735, "uuid": "5b17a67d-1089-430a-810e-010f8bfed632", "value": 4040776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499735, "uuid": "7eceac8f-24d5-4f41-8038-b2edd968f826", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499735, "uuid": "51256526-b36e-434a-ab94-1b1b8fff8044", "value": "Booking Information.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a476e796-63a7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696528216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528216, "uuid": "56872295-bc5f-477b-9b8d-eaf0db5f0f6c", "comment": "Malware payload (RedLineStealer)", "value": "ff7804ed1b38116017c4ea9434c22e31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528216, "uuid": "fd669e26-b1b0-4729-805e-b5ef0582dee2", "comment": "Malware payload (RedLineStealer)", "value": "7171bc88e1eda14767efb89c9ff8da5b8bb8ef65a1daa4d8c71d11026936278e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528216, "uuid": "7e92af97-880c-4ee6-9de4-d92f8b4fc9c6", "comment": "Malware payload (RedLineStealer)", "value": "63a0b73aea08ba0b279e6aece719a308590eacd8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528216, "uuid": "cc86354f-0631-42e7-bfc6-7e80b5af6826", "comment": "Malware payload (RedLineStealer)", "value": "927d874c0f364d6901c84f6d42b91d32542c0b92c7b33c99e4ec8ccad389eaf99a2c22b4d4315a3284f44d895c4789f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528216, "uuid": "c75c656c-a283-4917-89b2-787458a04192", "value": "T109E6332C03D8220DE0A134F18A5254B927B69E0DD42EEF46E74BF717F4BD366692D643", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528216, "uuid": "c8cabce4-98f2-4aaf-905b-0b1f56002ea7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528216, "uuid": "f7754e02-2e91-4ec4-887d-df56ee7ccb3e", "value": "393216:VNLLhaFCJF8OKsvY9YWcUjm2gfytMQKR:bMk8vTYWckmzfZQKR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696528216, "uuid": "0b402325-4eec-4b8c-9343-8b0fe8d50ab9", "value": 15095296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696528216, "uuid": "0ec13808-8437-4e50-bb8a-60aecb9018d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528216, "uuid": "9cdbb6b0-25d4-4a10-9555-780f900db774", "value": "ff7804ed1b38116017c4ea9434c22e31.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edfa8d9e-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696498704, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498704, "uuid": "fb3884d0-a8c2-4389-b76c-717f9bc436f9", "comment": "Malware payload", "value": "264a37b36511c366730fa05b0d4981ff", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498704, "uuid": "ad562e86-332f-4968-b360-3179a4cc2584", "comment": "Malware payload", "value": "719717c01d82b4a4f96057df19b96b409b74ea122a720784407577b2b41876ab", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498704, "uuid": "414d8732-73e1-45a1-9a22-dfb33ab4793d", "comment": "Malware payload", "value": "ce2bb3512e614c7b9bef6348aa98a7e59193c759", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498704, "uuid": "2c186d28-af26-4c99-b855-49903d236beb", "comment": "Malware payload", "value": "90441327648b8f0850264cc8c4fa07cd703d3a78976131a807329152d5b9b95a7747350fafbae608a973aec4e51791b7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498704, "uuid": "328d962e-40e7-48b8-a81f-ca627a3a30bc", "value": "T15D847D06FBA405B5E4A79138C9738A46E7B67C4A0370E74F23E405572F37BA09E2E761", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498704, "uuid": "eca8d2e3-0836-47c4-b8b2-4dbaeae2a0fb", "value": "2dd77a6fe56c64c816f5a678ecd47c55", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498704, "uuid": "32c00ef9-0639-48e0-ac2f-627e1daa17ee", "value": "6144:bvRk7oxjteyCowrmMmKJSrwg61KX+u2XY1VtzymngFI/oXy:2mRwlmlr761a2I1VtNngK/oC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498704, "uuid": "d980f600-d33c-4a41-84be-9cb9ee0cf319", "value": 372736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498704, "uuid": "140eb5ec-5be5-4579-9860-161bd12337dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498704, "uuid": "b5b004d8-1c4e-4370-ba28-7af3e49eccd7", "value": "a3d1ef821849f015365076467994986ebf47905ffcc4f16761d222e1155abd10ba229aa11e70694c70523e9cbfd0eba5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cac598d-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696501789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501789, "uuid": "a25fdcb7-9368-41b6-bb5d-38ec574a5506", "comment": "Malware payload", "value": "4b30467bb8a0c1f50d0705febb02c35d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "RU", "colour": "#08DAA4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501789, "uuid": "87dd1ccd-9359-4674-b54d-ef53bd7c7887", "comment": "Malware payload", "value": "72eb45deb97510f2a2f7e136dde62b85900866b9cbb9c64d844df213dce20af4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "RU", "colour": "#08DAA4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501789, "uuid": "ff8e9f2f-9a89-4e22-ba83-004785429d8f", "comment": "Malware payload", "value": "f214bcc748a57055e11e72d2323a8e3606335978", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "RU", "colour": "#08DAA4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501789, "uuid": "5969ac64-ea39-4c07-aed3-b7e11e4d6b54", "comment": "Malware payload", "value": "058f3e8e4525d8e2fe8e24c214d2e282511250c5c28f6047005b9102bdd63546467c73f170e4032387da61cb297a50df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "RU", "colour": "#08DAA4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501789, "uuid": "4bfb602a-e0b2-41d6-8a35-2b74e5bf85d9", "value": "T1D7769E03FA5160E9C6EDD170CAB6826277317898433027D36B61FBB62B67BC45E79390", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501789, "uuid": "f81ef1d1-4d07-40e5-a1b4-eec913735a85", "value": "c7269d59926fa4252270f407e4dab043", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501789, "uuid": "19ccd5e5-6246-47c2-9b64-d3bd4e54544b", "value": "98304:ffb13rIvrSARd1slvXqmQ/ohEXGcjUlJeCKGG2DdI0EipclwzEafOi:bdcTdOvamyXGEUdGedI0EipDhOi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501789, "uuid": "2fec4430-53cb-4611-bf45-cc45407e13b4", "value": 7699456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501789, "uuid": "64de61b7-87ca-4d0f-bbc9-58b4636186a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501789, "uuid": "b6d161db-6d79-46f5-9165-4ffa96a2ac7f", "value": "doser.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84cffa2a-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1696496810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496810, "uuid": "f8493d90-8b44-4542-9842-1f2485d2e021", "comment": "Malware payload (RemcosRAT)", "value": "fbbe9c432bd57ec2999ed6c59f56e9fe", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496810, "uuid": "73e3ef4a-947f-466d-b962-e0260dca5a08", "comment": "Malware payload (RemcosRAT)", "value": "73709402a093f4b559532f016cb0c7f8b7bc29b413dc3321a79f5a5a38b81c44", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496810, "uuid": "a92cd56b-6943-4a84-9eb8-f8f1138e87f3", "comment": "Malware payload (RemcosRAT)", "value": "50a7227e75f3dbc73f2bbcc81798612fd7222868", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496810, "uuid": "98c9db8e-6905-4936-bd20-6bb0849c9f8e", "comment": "Malware payload (RemcosRAT)", "value": "e34dc4126df2d26879d5fbbc5c9889bd92c00b4a1fe6240c25eefc7cce1bd756543a52944fb46f4e1a00bd7c21d07efe", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496810, "uuid": "a3df1ffb-cfa6-46a5-a95c-661a9027ba1c", "value": "T1E511884C1EF5F18990D7E290FC98029BB5C2120FD9882A2E539150D99DB51F8F62F3AB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496810, "uuid": "5f58f7c3-c9d2-4a7e-b4d5-cf71c617ffee", "value": "24:hpkNp9GT61R25RGpf6JJpy2SveTwBFW5U6Rs3z7p2:hw/qGa/TPu4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496810, "uuid": "8f2b54e9-0fff-4beb-a1cf-244789816ea9", "value": 884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496810, "uuid": "e4c043bb-d734-434c-9082-ee0acd953cdc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496810, "uuid": "1f2c44ce-a463-4931-b6c0-3eccc6be7c10", "value": "2230105.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54d56d7d-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496729, "uuid": "75acc406-a400-435f-be3d-03307fb09260", "comment": "Malware payload (AgentTesla)", "value": "0a6f9a6de80ce6a762dc57f5fa018016", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496729, "uuid": "8fa4fc45-8486-49d3-8fef-1e6a5a2f2005", "comment": "Malware payload (AgentTesla)", "value": "762f856d6eaf5d2c590d31c123850bf793735d6dcea1eb7d78933e518570e392", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496729, "uuid": "8a2cae8f-8c0f-4b14-ba15-c7ff26e1e231", "comment": "Malware payload (AgentTesla)", "value": "f6a492babdedd0617f85667677888c030e3c6615", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496729, "uuid": "cba10a4a-ed15-4e8a-905a-38292da93083", "comment": "Malware payload (AgentTesla)", "value": "6c88e1c87d6d4e439e1b803abf7ff64c5d56959f2ef1f2b00a0ccecf04cfddbe8b9f48bf58a56e13b91474b30bc844f8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496729, "uuid": "bf7856f9-7c41-4da4-a0ce-1eabdf8f9cb8", "value": "T19AF4333D10BAF5BF7CE9BE62A2A45BBCB6811020910B03A53F7DE510F34996C4B5E9D4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496729, "uuid": "ca91c7c7-1795-4793-8687-497ec14bacb4", "value": "12288:zSx22RwrZX84kvhffnRq9MmEOE4O3Jzq5SgiyR6o+ddJ6zF42WXD5bKHiUjrs:K2yw9XlghxeJD8Jz2Bh+ddk42q5bKZA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496729, "uuid": "65e1e594-a01b-43ce-a493-e0684a72808f", "value": 730711, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496729, "uuid": "bad942aa-48ca-4c3f-abbc-5073b626f007", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496729, "uuid": "d35accf5-7ea6-4061-abdc-1ecd9af8adaa", "value": "PIA-50320.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73175b8a-6358-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696494203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494203, "uuid": "31466b1e-6f90-4e79-b4c5-c7d7cc80257c", "comment": "Malware payload (RedLineStealer)", "value": "1f73498bff18d0f965737e8c78d07c14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494203, "uuid": "82d2948d-33f2-426d-85c1-76ed73f3e5ca", "comment": "Malware payload (RedLineStealer)", "value": "764db089a096438cace81884620336056bf35e146fc61e5a5f30a7723dcb3e7c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494203, "uuid": "5d013abd-5edc-41fd-8b65-64eb893bc050", "comment": "Malware payload (RedLineStealer)", "value": "3a6d37d5108bafe255a73eb9be82cabf92679a1a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494203, "uuid": "a09b5b6a-e046-4736-9c4e-6bade8557b07", "comment": "Malware payload (RedLineStealer)", "value": "dbf48e19328a6f5e9bc1819610e9a565849a8429214574afe1e1b5108d116762bb0021fd8df176da116854d2b36b3109", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494203, "uuid": "276f5518-27bb-4a81-9b58-433512853016", "value": "T1D5953397F9E00172EE65A7F098FF124708713DA5AA70C94B261694BE4EB33C4A532377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494203, "uuid": "5439d2c4-72ae-407c-a32e-fc718742a381", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494203, "uuid": "c22f4e9c-20cb-4682-a845-c219d90b22af", "value": "49152:zwZVOpwRXisYcRN1kbZV/a7dapAl7HrjXHM+Zu1Cl:UwwRBnLEa7d3lHFZu1C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494203, "uuid": "495b0918-b4cf-4484-9209-be9da2db1254", "value": 1972224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494203, "uuid": "82f5dbce-e346-4af0-bfaa-cdf073574f14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494203, "uuid": "b66f7fdb-a3bb-4106-87ed-ae8d2adcdb16", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f9e76ef-6399-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1696522195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522195, "uuid": "73759746-27b4-4796-b53e-136a50efa588", "comment": "Malware payload (Gozi)", "value": "a3f4c907a088c99a8b7bf5f4280d7d0c", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522195, "uuid": "63d68230-22af-422b-bcfa-dc8a4fa4aa53", "comment": "Malware payload (Gozi)", "value": "7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522195, "uuid": "a61cea6c-b01a-49e5-9082-8154b4c46609", "comment": "Malware payload (Gozi)", "value": "9a9297bd0af1c008eb7477c1e310ce70c30c6d56", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522195, "uuid": "9021fd12-be1e-4f17-ac8d-205263ef4e4e", "comment": "Malware payload (Gozi)", "value": "ad5f057d5e329c1ea4673c25b30cf766b3ef1a2919a743fe758cb945ef444ac8b77434fca8d0d5df1fac2bb3431d35ed", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522195, "uuid": "07ec5e3d-573d-4a1e-ad81-39600d3f187e", "value": "T178649E11B4C18032D9732A360B35D5B25F6D68310E269A8F57E8D9B9CF78091B735B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522195, "uuid": "f25ee871-87bb-490b-aca7-b17988643c9c", "value": "3cb81ba964fc4d7ae05be4477da2cf43", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522195, "uuid": "c16ec39e-39af-4cec-961c-9a1596d2440d", "value": "6144:Oo+91vDNpa6NK56upTHirwtc3nhBvjQOR/Oz2IHTN+:ONDLu4K56u1HqfhBvjQOWz2W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522195, "uuid": "a6dcc9fe-25ed-4049-82de-fe6d1b6d79c2", "value": 311808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522195, "uuid": "f468f968-6a98-4034-81eb-a355ddb04231", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522195, "uuid": "40229073-1b97-467e-b1ee-88e3253300ad", "value": "7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34d71d0e-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522445, "uuid": "6d98ca1d-def5-44ae-94ab-8b96aa3daa2c", "comment": "Malware payload (Mirai)", "value": "745cdfe1a61d6f7a78086b8ada6c430e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522445, "uuid": "f38489a8-ce16-40f6-8c53-4c4f0117286a", "comment": "Malware payload (Mirai)", "value": "777ac4817435269b7c3109e0e6a8bac31bab7a393ee928e374f1a8cd42c2b056", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522445, "uuid": "fa94ce40-59a8-4ce1-b40b-436dd97515d2", "comment": "Malware payload (Mirai)", "value": "0ea6a47523e6d1f29c17ae7ae1b0ee043948f76d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522445, "uuid": "f34ef7f9-056d-4730-9a50-b98ce277749d", "comment": "Malware payload (Mirai)", "value": "60b8b500df029286cac2fae558b21a23c9390bb13e498dea8e6276c142157102c02b6365cea8ac0a15ec382013387eb6", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522445, "uuid": "5fe64f6d-891e-45e5-86aa-8cec8fa78f96", "value": "T1FC04D81AAB550FBBCCAFDD3706E90B1139CC954B22A83B363674D528F54E50B49E3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522445, "uuid": "1a33e004-d875-4517-84cd-63cff6a09c6a", "value": "3072:ueEksFM+wX5OOaVR8H3NaMZOTTMJxt9U+7fKbcE:ueEnO+wXKVWdaMATwJHy+uo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522445, "uuid": "507e7d2d-fa94-47de-b947-e43efaf82876", "value": 177860, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522445, "uuid": "ba834e16-26b0-42c5-aae5-b4dd8c8d9c19", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522445, "uuid": "fbc6b0a9-d090-4d56-80e0-8e2ed05ef1f4", "value": "top1hbt.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cf3e88b-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522432, "uuid": "3f43e633-8947-4e36-85ee-d4c2f21998cd", "comment": "Malware payload (Mirai)", "value": "b844c33860094d2856ddc0f2cd1ac1ac", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522432, "uuid": "88200ca8-7628-4ac0-946b-0d59a9b2b8a7", "comment": "Malware payload (Mirai)", "value": "7789c1a6eac5e56d702313ddc65f1af47e80a76ae76569bfc945e569548d2345", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522432, "uuid": "81d51b98-a48d-48fd-a0ef-b1c9c9075539", "comment": "Malware payload (Mirai)", "value": "6d4dcf48680ae7d4499c009ff2bea3a3fd353a84", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522432, "uuid": "6beb4f16-ba0e-42c8-9922-f4920128ce94", "comment": "Malware payload (Mirai)", "value": "4394013b7dd01895f27c6dca9200b768d5469c3f162d8a665476c934f4f681432680b873c425b5f7cbd4dfd8bc7ea1a7", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522432, "uuid": "f4e17f33-a07b-4d4f-957c-58935273560a", "value": "T1D904885E6E228F7DF668873447B78E25976823DA27E1D644E1ACC1101F2039E641FFE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522432, "uuid": "ec81179f-5152-4096-bdeb-383f01c209ed", "value": "1536:Cl2JvnXPvLeQuchMJdDNsCK9H1R8cA2iQembSM+xV7TfF+hPyO0Hb/zYt/Y:Cgv/kcwZsCK9VRhAX+bShFSP0HbbYlY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522432, "uuid": "db862b6a-3795-4c86-beaf-7e8580db099e", "value": 173796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522432, "uuid": "bfe6071c-11dd-4616-ba82-1c87748d3e69", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522432, "uuid": "ce9eeb19-a223-48f6-81d0-6840ee6dda6b", "value": "top1hbt.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc6adfc8-639b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696523102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523102, "uuid": "46557109-958b-4206-9e2d-0291b537df71", "comment": "Malware payload", "value": "d2e22770c7952505599cae8122f0e775", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523102, "uuid": "58155769-5bbf-47cb-b966-084dfe449bc6", "comment": "Malware payload", "value": "778b6797bb9c9d2f868d3faaaf6b36ce3f06178c133bb592c5345c95ffb034a9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523102, "uuid": "5b101419-0bda-4946-b280-a7894df66878", "comment": "Malware payload", "value": "ff9af276270426c9ee638f3536c14f1dfb0a52cd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523102, "uuid": "5c261d8b-f9dc-49df-9515-50411945384e", "comment": "Malware payload", "value": "fb4a3c22414bafd3e800b2715e24ccde19bb04386f212bda7bbf14169d0121a784ee66db158371f948e6ef9609598ebf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523102, "uuid": "a50d7e81-b3b0-4d59-860f-8fce686a7b63", "value": "T15C15F1ADE9C17EABCE2360B7A0115EA644ECCC81AB22EB73C4475B37B25577C1C9B105", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523102, "uuid": "6485287f-b210-43a3-854f-82973d326585", "value": "07944ca6430eeaed9c02e603e65e3e8f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523102, "uuid": "639a4741-76d0-4a50-a072-75f914cc124f", "value": "24576:HErDE+5FZ0sdT22UguL369RNoFPorl6vBX56IsbX:W5FGsdpUgubSRNoFPoQBX56N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696523102, "uuid": "b5b218ec-9c41-47b7-8a83-94e07ead3dfc", "value": 928704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696523102, "uuid": "b3649d2f-f0e1-4b4a-b9da-9fe954f14c39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523102, "uuid": "1bfe5335-a09d-456f-86b6-b234f7ee1c42", "value": "donut.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e930f0e4-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696507286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507286, "uuid": "c3e00e9b-627f-47ac-a833-d7df65d5de9d", "comment": "Malware payload (AgentTesla)", "value": "6cf919a41fe193eefadc57d75449c3b4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507286, "uuid": "d188621c-e683-4815-b0fc-87042dd066b7", "comment": "Malware payload (AgentTesla)", "value": "78091d62251b24e840b99cf80f6f9f68a1725a1b2cc3a11aee84847e59b38ff6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507286, "uuid": "0e2df7ca-9ca3-4bf0-b626-716a6682fccf", "comment": "Malware payload (AgentTesla)", "value": "e5e5d62abc60cec11c420323c2bd9636813adab7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507286, "uuid": "e30aed08-0a94-4d76-a681-bd0f7605251b", "comment": "Malware payload (AgentTesla)", "value": "db928cb940c8c2c197c336f66adf51c46c09b34c664dc0ae5c8f0fcc296daaf3a6d6854c2a37e70318773045c3d20546", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507286, "uuid": "80c52179-e450-47f5-bfd5-632c902a6c3b", "value": "T1D6E40120B7E94B31D9B947F50230A1001BB6BE6FAA74E38C5DD6B0DE1935F824A61F53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507286, "uuid": "f8fd62e6-909a-4b46-ab26-2a7060c0fa63", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507286, "uuid": "f006226c-be21-419d-bf85-b5a77f070801", "value": "12288:RiMx/jwFpuAb38AkUQ/XYBT0mnExmFENGtoOINE52LFfYr5atEZsnpi:FLIphTHkIp3lFRo5NEsLBYrzsp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507286, "uuid": "8f8b65b1-ada6-42e3-af7e-5f2cf572198e", "value": 691200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507286, "uuid": "a4bba3fd-b851-40e0-a86c-8968aa097f7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507286, "uuid": "1c750d68-9d94-4f09-8c95-54b4eae746c1", "value": "LPO.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7de4353a-6381-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696511830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511830, "uuid": "c21a60de-d750-4413-8d71-625470443ad3", "comment": "Malware payload (AgentTesla)", "value": "d3b052e6d69f99af39bc63450bf1c954", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511830, "uuid": "b1293826-bbff-450c-8094-4ae0e5d9db3a", "comment": "Malware payload (AgentTesla)", "value": "7839b201945e7614f7f2d216308aaf552e6229f3ccb4453b7babc0ce63926c81", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511830, "uuid": "0872bc29-c61b-411f-b40a-512bf2a6fa62", "comment": "Malware payload (AgentTesla)", "value": "1f599f59153db4d76511bc367c7f98ca2e9f2ff1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511830, "uuid": "a4d56a93-2176-4e2a-ac23-d8db44af37cc", "comment": "Malware payload (AgentTesla)", "value": "5148e5194059dedc8dce160a8959b789561649ab1f1bb169f200ba2aac46cce0971b8906c61938b44bc0437e88e3d6c1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511830, "uuid": "7a67e7bf-49a9-4d17-abcc-be535a183af6", "value": "T17B746C5036FB905DB2B37E931BEC76E94F6FFBB1661960AD2404034B8B61E40CE95632", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511830, "uuid": "4cc585d9-6413-4a37-be4c-2a4169bc6369", "value": "3072:54hieoOY/ieopMwFwXCjw2jE8vieUyeE8vieUytelffP7FF0JSsUOeIxjc:QcOY/cpDR9+9telffP7FP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696511830, "uuid": "e19b3b3c-9ac4-4d5b-80c9-b70e2ee33661", "value": 363224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696511830, "uuid": "122f91b4-a7d0-4400-9eab-9e08bfd1eaa9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511830, "uuid": "2778b97c-ca46-474d-a56a-28f7da6efc6f", "value": "castrrrrrrrrrrrrrrrFile.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d89ea3f-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1696496234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496234, "uuid": "d34bf32d-de86-485f-96b7-41ba7cc91904", "comment": "Malware payload (Vidar)", "value": "f1e756b85ee7ddbd40d3a4213956c693", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496234, "uuid": "35e83050-4653-41a6-8111-9c7927309e2c", "comment": "Malware payload (Vidar)", "value": "786b943c54412ea1361cceb2cc72d380ff10acc1b604d72c2c791d7ad8b45957", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496234, "uuid": "83211c48-cba9-4cf0-91c7-0c83c4a5c8c7", "comment": "Malware payload (Vidar)", "value": "c728d9c975e8e2562210da21ca9a43f8a12c21aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496234, "uuid": "b60f7e07-7295-4898-ab70-c4c403a13b78", "comment": "Malware payload (Vidar)", "value": "d7fa740b376b9a680a7c1dd792e2ab85dd2c3ede405f2d4c10159f7c4cbc6cc828ac52d7057de874bd9ec64473fc34b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496234, "uuid": "375c6b01-cc08-4394-b6b1-62b3199b5343", "value": "T1AF64F22172B2C4B1E6F216784834DB80BE7F747329B9859F3715066E6E613D29EA3307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496234, "uuid": "d611ae3f-b614-4d1d-b324-72e1265d193e", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496234, "uuid": "9425db64-f48c-45db-b81a-cb6eef92b51d", "value": "6144:neX652Eet/FA1qB5W4NduL7WImMO0lJCr02:nn527t/FAEBDNgLaeO0l0r02", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496234, "uuid": "5611ca55-df72-4b37-a110-360d940d9e87", "value": 324608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496234, "uuid": "5944f566-496e-4eba-8348-9e387f9f7332", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496234, "uuid": "b1ee30b7-e81c-41ca-b12d-30ed1b786cfa", "value": "f1e756b85ee7ddbd40d3a4213956c693.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cce46c2a-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696495642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495642, "uuid": "fc55560c-580e-4c45-90d6-df8a9eda1210", "comment": "Malware payload (Formbook)", "value": "11183eb7b983bfb2186430f24434d772", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495642, "uuid": "2a27bf13-f87f-4dad-bd2f-a193eb4a1a83", "comment": "Malware payload (Formbook)", "value": "7913fa8f88bcf743352767b91881a163ac31b56a30c09fe87a3547690e481430", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495642, "uuid": "164fccf8-bb2c-4794-9287-8f045adebfe9", "comment": "Malware payload (Formbook)", "value": "bcbe97b20a3c8cd38f92c86c299e5f8ae8717f91", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495642, "uuid": "6c0bb0d0-169c-461e-bcbf-325d41e89905", "comment": "Malware payload (Formbook)", "value": "0dd6eac33eda98070983a53d8cce70537e3e95c140cab4aa5b8e4f7d05d8ed15ec53a974b2f0c81f681da15e6c4c8745", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495642, "uuid": "ff028d5b-4542-4c03-8c21-0269181e833d", "value": "T14755E00F95249B9AC00983F87E2339951E0E7F19E7D169DB24537B4B3E317A219DA2CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495642, "uuid": "b4e831aa-0de0-4288-ba6e-92a7869a2a30", "value": "24576:KWQmmav30xuToZyow6VbAXZSCWZyXw6VoAXZSGmwVJzfJbW0YfEhVivUziH/wrxU:vQmmQ30ps6VIEp76V3EqVW7f6ZzifE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495642, "uuid": "b2e8bd90-36f8-4080-8211-6709a226c11a", "value": 1375744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495642, "uuid": "e9f1d975-b9f2-454a-af53-9215c06384e3", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495642, "uuid": "667b0778-328a-4ca1-a2c4-babaa6528bde", "value": "Purchase Order 4502726800.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffbb3017-637b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696509471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509471, "uuid": "46dac04c-30d6-435d-b94a-de5dc5c7d60c", "comment": "Malware payload (Amadey)", "value": "a9a1d5b2dd05aa91f050f9a5fdbdd564", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509471, "uuid": "f0303d9c-6d46-4d53-8d92-88becc361bc5", "comment": "Malware payload (Amadey)", "value": "7b8d31711a3f495e15f4a474ef05048dbfe1a414ea56bea3e22f3c0211c60892", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509471, "uuid": "c4136b0f-a2f2-4802-a411-4bcefc9fc9d4", "comment": "Malware payload (Amadey)", "value": "f3dc5b4e8a37483a59be2f2fc6123d8be42ca980", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509471, "uuid": "3526a655-7c06-41ac-b145-ea9f6acc4e1d", "comment": "Malware payload (Amadey)", "value": "1bf2790b60770f1ed20a5ed1adef3b55839617619e86667ca2dd872c9dbd5881c4dbd9dbcb01e1d21e4d3f68728f0c0d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509471, "uuid": "6994d591-92a5-448a-be0b-590d319bfef3", "value": "T1E1953352BBD9656AE9753B3426FB018307317C91CC6183AB790424AF9DF2E88D43276F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509471, "uuid": "c70b83cc-e5c3-4cd6-a462-b001139c0c7f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509471, "uuid": "c32db12b-e70e-48d5-9d28-8e7b8213989e", "value": "49152:KtQVOwJpGCNhYsf4eP2AFIq0nVIrR0Qv05aBIjipc28rG3DAtOblG6a4HIw:uBKYFevFIfI67Q7bjz/bnzHIw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696509471, "uuid": "a8de4f69-c02a-4a48-975d-14b86dd648d4", "value": 1946112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696509471, "uuid": "82bcd432-e174-4253-809e-1004f7b09c79", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509471, "uuid": "e9c2dbba-fdc6-4a58-9682-b8c3313c79d0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67870dc1-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496761, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496761, "uuid": "8dddc4c1-7714-4c10-8965-39b3ef71fee5", "comment": "Malware payload (AgentTesla)", "value": "010ac5aa486e123584b06d48acb633d7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496761, "uuid": "c30afce4-32c6-4b39-ab1d-fdf78fbd402c", "comment": "Malware payload (AgentTesla)", "value": "7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496761, "uuid": "140f2148-31b5-4646-8f9e-1387d8b4cfa3", "comment": "Malware payload (AgentTesla)", "value": "4d16403e148cbd35d815bf3a78da11b4b64249bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496761, "uuid": "b7cc1aae-804e-4020-8db3-721be7aeffdb", "comment": "Malware payload (AgentTesla)", "value": "5b88edce4a586d8afcbe934ee64fb23c5d7b48c3e2a0adfb17dbe6c8178f5affea453b7368e883be2c2f6cc689791f93", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496761, "uuid": "50381946-e8fe-4172-9b7e-cdd19b82d712", "value": "T1AFF4237DF9174E91B16009A4D53C76BAC76A7E972112803F8B3689CEC7A84F60742F47", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496761, "uuid": "201a231c-18b2-4750-9267-5f8cd054187c", "value": "12288:7WnWMgJAxjJLUtVbzKCkr7u9wkN+brQzb2VLCmpA9Y:afE0XuT2bpA2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496761, "uuid": "b5cfa89c-3994-455e-b109-eb83337f15a2", "value": 722980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496761, "uuid": "2d2fb2b8-716e-4419-a198-805bcc31544f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496761, "uuid": "27bdd8a7-5c42-4f1d-bfcc-cd30fa634820", "value": "5Days 4Night.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90f4d502-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1696494683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494683, "uuid": "c3fa0fdc-2618-4e7e-88e4-d89be8b5b87b", "comment": "Malware payload (Fabookie)", "value": "9a4c1ffa5524000e27d735a01b5c7046", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494683, "uuid": "35fb54a1-53b5-42b4-8af4-4d6e431c6003", "comment": "Malware payload (Fabookie)", "value": "7cd7bf6e8ec89fecb6efbad8f40556bd1e2433b58864cec67c216bbd0bacee74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494683, "uuid": "63e5d598-473f-432c-8a91-cd81cb936cf6", "comment": "Malware payload (Fabookie)", "value": "1cd6d8a903945d1b21ff4261c3c50370fc4acca1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494683, "uuid": "079a1ed7-383a-4c4a-8224-76e283958dae", "comment": "Malware payload (Fabookie)", "value": "3c423c8c1ca528663675fd1c2ccd9f31646c50b4a2b51f2b980db80f8946e2775a77246c95fffc4698c2b14fdf217176", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494683, "uuid": "dde0dea8-86f9-4290-8f06-3b943872c1e5", "value": "T14254CD53DEB54109E8ED16784AA4B2E35E321CB33112D622EDA8F07D7C3C2E749F15A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494683, "uuid": "ba1a6dc8-c272-4d3b-9339-fb25c9a1ad45", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494683, "uuid": "3315eeb9-24aa-4456-ba0c-47a5ab866a92", "value": "6144:T4UpOobfAtnh2LnXHkWNsJxlSKz0oWV8zrlSenTExmKV7qF:8UQDtnhoUashS20hizrlS2ExWF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494683, "uuid": "eb0f756d-c728-48a1-8224-3faa06f76022", "value": 279920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494683, "uuid": "7b00c15f-4618-4a78-b718-b10fb658d8db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494683, "uuid": "f1782fc1-8df5-45ca-a73a-2589d1b8ad23", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3fa3397-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1696535195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535195, "uuid": "162176bd-ab2b-4f5b-b174-02cc8810b2f6", "comment": "Malware payload (Fabookie)", "value": "83330cf6e88ad32365183f31b1fd3bda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535195, "uuid": "6e4d17f0-8595-4b02-93e2-0fd07e54b5a5", "comment": "Malware payload (Fabookie)", "value": "7ce942cdc58ba5fa628d97f991c8a794294c2acfb724efbf0ac887c47942a31e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535195, "uuid": "5d9bb428-7cdb-4e13-9a14-bd4363b1f209", "comment": "Malware payload (Fabookie)", "value": "1c5b47be2b8713746de64b39390636a81626d264", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535195, "uuid": "6800c64d-30ca-48f1-8dfb-9d977e6d76fd", "comment": "Malware payload (Fabookie)", "value": "3fcdd76a0bc469051481eb9ce11bbc587df430c60bb8084684cc0a7b9ae6699c457ff74a9ef7884054573864ede4cedf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535195, "uuid": "069713a6-9265-45a3-b29b-85362fbd6175", "value": "T133941849FB7408B6D096C531CDBE8376E2727C831B25930B8641FF6E2FF36216969681", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535195, "uuid": "e36e0eb3-e09c-40f6-b6be-bab11b804862", "value": "ff082fef3d15cdd142534440e54d6a28", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535195, "uuid": "d849dcd5-b0f3-4c93-8414-b25798796560", "value": "6144:syUa7AQnwciHMc4oiT4MKBz3I8JKGxerEhgVIXFM:sf4wcAQVrKi65erLIX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535195, "uuid": "1f1605ea-4ee3-4425-8a25-c0b5c54b0455", "value": 426496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535195, "uuid": "ba07002d-7c1b-4116-948d-f52c4bf280d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535195, "uuid": "e688152f-f636-4cb5-9947-edee78737a77", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fa8cec4-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496747, "uuid": "c38b78bb-4a14-4832-9e23-3908852c08da", "comment": "Malware payload (AgentTesla)", "value": "41da9a956347c92b54275e913a561fdf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496747, "uuid": "a2ff92ea-84bc-4e49-819e-cc0162210199", "comment": "Malware payload (AgentTesla)", "value": "7d7435872eaf0369dc06058489df154db82ce0acfbe6c78e1d1c81a6b94d6019", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496747, "uuid": "ed9b844d-bf12-499b-8f92-7475eff272cc", "comment": "Malware payload (AgentTesla)", "value": "da5911727f0121e59a17b6b0e6021c68f4bc3ccd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496747, "uuid": "c44c9651-bd13-429b-a285-779e150dd45e", "comment": "Malware payload (AgentTesla)", "value": "ae5e6cd84cc5befdf5d1cc79ac37311e3a03be74c556cf4adb4cccc85e8aa0f55be12269d70ee2a2c54e2c70d50cd00d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496747, "uuid": "6a05352e-2689-45e3-bd4d-6101e0fccccc", "value": "T1EDD4237654A02098E3F7777427B2708C2BBF286570DC16B61A3FA05FCC0DAA49B4D799", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496747, "uuid": "a8eab712-5025-499d-9386-eb8ec9ff7b04", "value": "12288:qgr0KlIosiSsf2rJmBYW50L+amEz6a3uNNzcs6gW3PZF46sJ:qgr0KvsiS+2rJm706at6a30NosjW3PEV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496747, "uuid": "4b0d8ba8-0af6-461f-8e59-22f1753efb1f", "value": 640909, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496747, "uuid": "2db14946-f61c-4f45-8479-2fde7006c1f9", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496747, "uuid": "c1c137ec-eef8-4728-b911-6977b37670e7", "value": "Yeni sipari\u015f _TR-WJO-02-10.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5ae02a5-6390-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696518420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518420, "uuid": "9ac64957-b585-4707-8bb8-96f81d6319ac", "comment": "Malware payload (Formbook)", "value": "5760c3d839f1444175bdd379c2cf7495", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518420, "uuid": "820cba2b-dc30-4a41-a8b5-fbcded93106c", "comment": "Malware payload (Formbook)", "value": "7da9294ba554d4c17ed9e4caac9836e303980814c7898b422ccde7a246ac26a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518420, "uuid": "f3c427cb-d277-4ecb-a465-ddf9e7aeec38", "comment": "Malware payload (Formbook)", "value": "d365bc5d708a69d0992e16209ebe0533b41ff4c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518420, "uuid": "b39bf032-3fea-40df-88a8-6fc3cf8ca0e8", "comment": "Malware payload (Formbook)", "value": "ba49c40689cb94128d48e3698e252663ddd79533c56c4111d9b298e5f30ac567c2f888ef11b73bff8330629f5f684c71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518420, "uuid": "0ced6094-6496-4b90-a3d3-68cbd0a73198", "value": "T11C54120D72E0C7F6C66600304A3979B9D7F7AC2651A5498B23B0BF4C7C72AC7586EB16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518420, "uuid": "ab79275b-ce7a-4b59-84ed-55906934834f", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518420, "uuid": "872ba620-a8ad-46dc-aee9-d2305c81459f", "value": "6144:pXFKo5l67pu6bVkzrhYSAASLMWvgWF7DaHvOocNuZ:pXRS86b2z4OCGPiM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696518420, "uuid": "6edb32d9-80fd-4943-ad61-e5249f8f6dc9", "value": 306433, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696518420, "uuid": "93c395c1-5515-4b79-a8b1-0641fbc09732", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518420, "uuid": "118f3a4c-4e42-4d94-bd06-4079387c2fff", "value": "Transaction .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13eda708-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494473, "uuid": "c0824f4b-ebae-40b0-9d82-7308be5f2367", "comment": "Malware payload (AgentTesla)", "value": "d6f9ace9f5dd2c92acb3f5e521d8b163", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494473, "uuid": "2e0e8af9-e448-4aa2-9443-3b778cc6fec7", "comment": "Malware payload (AgentTesla)", "value": "7db3f3f228621a9991fe193d4f8b755a43bb743e6793cb2e42b1409f9404de0a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494473, "uuid": "30a58cc6-3b22-4608-a132-2f70194636e5", "comment": "Malware payload (AgentTesla)", "value": "4287ee357b18668cd447c2ed24eca1706e7f2ca8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494473, "uuid": "316db20b-1360-4ce3-a36b-02b31cdfa0e3", "comment": "Malware payload (AgentTesla)", "value": "0571168c5c831a521fe83d699637c5430e4899d1ea6f6e8062122f9e620f626dcb196ae3c40f404514ab4d736b92c226", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494473, "uuid": "cf9963f7-fdc7-4df5-9ac3-64988b02d657", "value": "T1DED423032C8E2ECD9B399A011B5B73F11AA6AD96FBCD57E24984F77542ED01385807CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494473, "uuid": "0fb34f91-03fe-48b4-9d04-afd9f5919310", "value": "12288:I6D3ppJ8U0fZ6KqvDxJXhyowsrLKfnL0WoOA8affrBtagq4y:1DPJ8U0tOpwsrOfAWzHaf9taFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494473, "uuid": "93202672-bbe3-4d14-94d5-c66916802d86", "value": 601866, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494473, "uuid": "ed88b810-1c43-4bce-afe3-1748164d61cc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494473, "uuid": "fd5b17ee-d71d-4235-bc58-c43bf41f3860", "value": "PO.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "254d003c-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495361, "uuid": "542ea30f-c4b4-4976-b95a-a10f6e869dda", "comment": "Malware payload (AgentTesla)", "value": "ec10979b02d4a069348335c33e0b46ff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495361, "uuid": "7c273b8a-21ac-4daf-af36-0cb94152f278", "comment": "Malware payload (AgentTesla)", "value": "7dbcd203d3c96eb914094bab8a130589249813ba7ef7e81ab9b75d18630ef97c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495361, "uuid": "5bb409d3-9946-45ad-a478-97f567a48bff", "comment": "Malware payload (AgentTesla)", "value": "a65737ec7dc2f7067574bf7c64b9492c0197d091", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495361, "uuid": "1a761f6a-7d90-4320-8575-d0585fdc0eda", "comment": "Malware payload (AgentTesla)", "value": "33e0314e8fa57706f377eec400ed7be07de1df8e7f41c63f07e7193a311487ef73a36b1929e428a9c2f14032e055b0e4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495361, "uuid": "00dedf49-0066-4d22-b71e-6c67dfc328a4", "value": "T19894231356865DFE557EE86BD5AB8473F2B87A7BCD007EC924A15B2222503CADFC0C12", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495361, "uuid": "18931666-7bb2-472c-94ab-ebe9f100188a", "value": "12288:zdf6YIyPIpZkvURsNZVchGCmpm/TrYuVWTbz7:zpFPIpF2Zs2ps/kTbz7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495361, "uuid": "87d79a75-102e-40d2-83ca-0669a8e52b7d", "value": 447054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495361, "uuid": "30368912-791c-4651-a0d1-fdb5b43a8e92", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495361, "uuid": "fd97fe00-972e-46c9-89e2-dceb916eab86", "value": "SEPTEMBER SOA 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd771f13-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "319696cc-61ce-498c-b4fc-1ef168449fb7", "comment": "Malware payload", "value": "69a0c8483f66f38d0069de1f04fc3c86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "c00549db-fd51-4672-aa66-6574be23f73f", "comment": "Malware payload", "value": "7e32e91937f2e7fa4df7d0ce116b4a4df86f688571aa89de36d7d1cabf3e3520", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "731f8a2e-f3d1-4915-b3dc-8d74b9fb943e", "comment": "Malware payload", "value": "6bb2ee92e0bef07cfd4bb84803db817f460fb75e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535237, "uuid": "2a34dc5f-45d1-41f7-9553-e1d03d9328a2", "comment": "Malware payload", "value": "10b21401f2dbe07edd2a0316eb9d3705f86c81951458bdc3df375ebd6ebe3e72f822b67a99eadcd380630a550aa21310", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "97d46e82-9e7d-44a5-bd82-0bff7ebd6bb7", "value": "T10C852323F6DC8A62CD355BB828FB295304B0FD6257A086677652ED846D13BC0B879337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "a24bdfbf-ebe9-48c3-bf7a-4aac7652dac9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "bd2d1b64-b0f5-4d57-8587-00b90e52223e", "value": "49152:D88vvGd55cYiPvRh7impPbY7rLUPxNhiRKkjT:l855lYDmmUUPJiYkH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535237, "uuid": "eaa8eb18-9cce-4cdb-853d-d219a144c2b3", "value": 1742792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535237, "uuid": "a8649697-a2c3-46a4-83d3-3b801af3249a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535237, "uuid": "d62a847a-657c-49c6-bab4-2b512310a8d6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35d49f37-6363-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498825, "uuid": "f1c29243-ef08-46f3-8bb0-ff9ea8a7dcde", "comment": "Malware payload (AgentTesla)", "value": "db82b1e54d378158c2873fd90f30880a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498825, "uuid": "f6ccaa50-bd14-472d-8770-ac7ab97f7113", "comment": "Malware payload (AgentTesla)", "value": "7e5e3c49e0bcb2e16b86e870f591feca75b0d7007ed5851ecdfb70fa3d06976c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498825, "uuid": "6fcd9ced-e4a6-470d-b4dd-89194d093ade", "comment": "Malware payload (AgentTesla)", "value": "75d28d710180b899847f35de4857952cde5d97ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498825, "uuid": "1330f4a4-03a9-4503-8459-5eac379b3862", "comment": "Malware payload (AgentTesla)", "value": "7ed93f80806b4760f50b90412ebb9bdb73e5323660d033c1922d9ee1a7c04d5684d5899d69a6c560ca6c4d2bdca59136", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498825, "uuid": "9248ab36-faa7-4ebd-aad8-0b00daa6ca71", "value": "T102E4026073EA4B36D9B94BFA023054001776BD6FBA78EA8C5ED6B0CE4175F424A51F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498825, "uuid": "27acb648-5c79-4046-acbf-e54883a9eab8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498825, "uuid": "bb280af7-0a15-4d48-abe6-791b44f12a94", "value": "12288:2iMl/jysa+SRohg0KbwQZvwFRQkFvUPaIONAqptrBm1k5Bfa4SliEv3:kLysa+SKeBnMGkFmaISjI1kjfuBv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498825, "uuid": "426882fd-d0d3-41e1-aae4-718695bbadc5", "value": 694784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498825, "uuid": "8e32b9a9-bbe5-403a-a92b-574788d52f23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498825, "uuid": "e101467a-0cdd-4726-8ed6-39c109c30b4b", "value": "\uacac\uc801\uc694\uccad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fc2031f-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696510384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510384, "uuid": "74a37d47-040e-4bde-9c75-9f0bb025f5e3", "comment": "Malware payload (AgentTesla)", "value": "2d8436bfbede27f1d10d07db5c4b6e7b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510384, "uuid": "943b1c69-b9e8-461d-8a07-cccd861641d3", "comment": "Malware payload (AgentTesla)", "value": "7eeeb95b2eb5029093466a921cbfa2d4d1b8ac23ad4ea37e6f710f24439e310f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510384, "uuid": "dcb8c78c-1559-4f8f-99b0-8b53875235da", "comment": "Malware payload (AgentTesla)", "value": "413bbf0a7778ca552ff9e67d1baa82e3bbab3c57", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510384, "uuid": "be705251-751e-4af7-8506-5f24dfdeab35", "comment": "Malware payload (AgentTesla)", "value": "4b08144c495c2d2538c0949bc852d087c6c2dbe707591504a8997b302966f5feff36b8c4791fefd816a7bbfac2f55c2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510384, "uuid": "ce30e53e-d4e9-4a0a-84e1-f0eb33d3e91f", "value": "T172D423C4250064F4039CAB34A6636783B98803EE1A5FE20D7B989556F77B1F83E546EE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510384, "uuid": "467cfd3c-a6b5-4acd-8cf1-98d1fba85ed8", "value": "12288:dXlcLdo0kY0+qZAEYJ7Wz5CxHv4GKpxBMe+06xsqERY1ns4nA748XN69s6YD:dXWLdo0jq6AUxHvFIBMep6xsq8Y1sxnH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510384, "uuid": "cbcf9945-dd04-4ff9-b498-50413320d74b", "value": 626135, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510384, "uuid": "9cb3b729-74d1-464b-9481-dc74f2eedefc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510384, "uuid": "058cc7ce-e814-4654-8222-6a5e1a04cbe7", "value": "SWIFT PAYMENT.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59b2067f-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495878, "uuid": "ca1d34e5-ec6c-4999-bab5-cf1943357f18", "comment": "Malware payload", "value": "04d805ed91f1805e932b88fc0d8ec38d", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495878, "uuid": "b457d277-9a8f-4fb1-a8d5-87346c862326", "comment": "Malware payload", "value": "7efbeae1e2fdf76cd5abef3d084b26ab95b8a8c8d7cbbc6a0d2abbb05af0e2de", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495878, "uuid": "9a09ec2a-767a-42e6-b217-9e1d50d7caa0", "comment": "Malware payload", "value": "92524a67dff1a1a2113b2027f7e86f786e039232", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495878, "uuid": "518a1fc8-cdc2-4e8d-804b-59eec8d26764", "comment": "Malware payload", "value": "3f93741f3f2111148e7e84be08bd8c1fca8f732a0b7952005fb4023e442bd434d3f9a1c92fa92dcf0229882d3835f381", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495878, "uuid": "23c46091-b6c5-4189-b648-958b2bf35bb4", "value": "T18B55E00F95109F97C00947F86E2339990E0E7F29ABD569DB10537B8B3E317A219CA6DC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495878, "uuid": "16ad1513-9b7d-421e-b7b6-144bc8cba6d0", "value": "24576:DWQmmav30xWIRxZyNw6VTAXZS9Yd8ZyLw6VoAXZSab3VPJbzMYTI59w6gDCHPwwx:iQmmQ30b756VQE1X6V3EYpzjT3Cv/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495878, "uuid": "4fe3b3e5-b90f-4e02-80cf-72016349d015", "value": 1375744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495878, "uuid": "8fe9cfca-6abd-41d2-81f1-33067283253b", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495878, "uuid": "627e770d-5f8d-4727-9683-c99e0391194a", "value": "PO-230.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbf4a361-6355-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696493064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493064, "uuid": "c4c5a7fb-2060-40ce-a5c9-9853b7fe91e7", "comment": "Malware payload (Mirai)", "value": "e47ecf499aaa84e7bbb2888ed641908a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493064, "uuid": "ec933599-a8a1-4973-a2ca-ecc96e7036f4", "comment": "Malware payload (Mirai)", "value": "7f497507df0a1e57045b5f9aa8d3bcbc7f9728b801f269377447e907ed0a135e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493064, "uuid": "fe5f6711-95b9-4502-a4b2-006633d7a2e7", "comment": "Malware payload (Mirai)", "value": "cc878a33bbe798d34c3c07262f33bfd3cffeafa4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493064, "uuid": "644a634d-f582-4fbe-ab80-6cfac6894eab", "comment": "Malware payload (Mirai)", "value": "0bf8c05bd28f9042ebc4dc53a515b2978dccb18ef838608f7bf42adc009fc0cf8aef0bf1e11bec83f241915fd520c274", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493064, "uuid": "b3ba30b8-da6f-4423-a8b7-4b38aec485d7", "value": "T1BD434A85E343D6B6D86304B5216BEB36E6B1CC254021D75BCB998732AC33A14FB1BB5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493064, "uuid": "b30de6c6-157e-4f1a-a2c3-fdf101233061", "value": "1536:TcFAHHTx+pWArBYd1HwYpHYQKEzxmsBmLLNRY:3flwYp4Qrd9QNRY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493064, "uuid": "30dbcda1-57ec-4ca4-8f2b-4b529be07d78", "value": 60304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493064, "uuid": "f2430562-5a9d-4774-b21f-00c1413eb43a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493064, "uuid": "822446cd-9be3-46e2-9e51-f77a3836e64c", "value": "e47ecf499aaa84e7bbb2888ed641908a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "772bbb37-6316-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696465863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465863, "uuid": "c97b628b-21fd-43a9-9be7-7cee54471da7", "comment": "Malware payload (Mirai)", "value": "c59cc7f6961350a3f0ef1f685a434084", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465863, "uuid": "98cab826-ec0c-47d4-a02e-ff3a757bb494", "comment": "Malware payload (Mirai)", "value": "7f9935c471f8290021259708dff7fd493aabed081d2a54a630171e8463d6b8ce", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465863, "uuid": "f4f017f9-7d32-4bdb-8e5c-8d8cdc7cbf29", "comment": "Malware payload (Mirai)", "value": "66ba901af65fa13e346668a96e1fb279ac02bd90", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696465863, "uuid": "b2ace167-f0d3-45a9-83f2-5f456f75220d", "comment": "Malware payload (Mirai)", "value": "a03289ded415546630950e1668a5b00d39eeb39d6358a6f9e308188f9cf84888d9a9ab3ee2a5b7059c90a3b9ff3d6797", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465863, "uuid": "3b4d8298-3db9-4e10-9517-ce0cfe410c9d", "value": "T13DF2F1E0E08CAC8EFADF9AB55D5859D6FBA08F8134018CC425512F515F07233B16FB8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465863, "uuid": "d0b5cb85-93f0-4673-b6fa-4a787fea94c0", "value": "768:KLn62rg1EWHclo6aQBxl/k0ZGYp3aorhWxbdOZD4uVcqgw0X7JkmWw:J+oB4dk8BaowxK4u+qgw09N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696465863, "uuid": "fe0a9188-3673-44f2-95b2-ea9acf81b182", "value": 36700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696465863, "uuid": "fbc7289b-bb9f-464c-ba00-0d9f9a50fd9e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696465863, "uuid": "85b39e06-eca2-4070-8773-752c8b1c5f12", "value": "SecuriteInfo.com.Linux.Siggen.9999.19575.11080", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a52659de-6348-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696487415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487415, "uuid": "b8e5664e-f3f3-4484-91dd-d27521af03ce", "comment": "Malware payload (RedLineStealer)", "value": "d1a11a158b5fd2556fb6e5c396a97cca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487415, "uuid": "8fb4da95-7289-4df5-be0d-8b4231bb831f", "comment": "Malware payload (RedLineStealer)", "value": "80ad2b5e7063abf5087ec71a8dfccd59cd976e88023e84a561f4cfa904fa6fc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487415, "uuid": "47dfda72-468b-4ad5-9107-95cceade5964", "comment": "Malware payload (RedLineStealer)", "value": "06169bcaf2aba1d5eb104aa81c1e059250238c19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487415, "uuid": "429d009b-f56a-4367-923d-0eb5c70c5332", "comment": "Malware payload (RedLineStealer)", "value": "93cec60e5bf42da773e73bea1386699eef422dd1cd7c89b4f5fdb9a3d0a17a8428a50d15f269bbe7d64591b5b18fc4f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487415, "uuid": "a96ef637-c19d-4bfb-ad5f-59bd2e24cacb", "value": "T1A895335396C690B7ECE82B704CB719B30E793CE11B349A4FA148645B0DB32F4996277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487415, "uuid": "984ca904-4d8f-4ec6-ae86-08e0a9c33ceb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487415, "uuid": "21c6ebaf-c6e8-45a7-9572-aeaed0f2d181", "value": "24576:Hy/PL3M7q8ksPp3FMG01KbLzXinCDMBEMSonrOhrVf52zX3fNJy/Bf1BC2nIsiC/:Sw7qDsPp2/C6eZ5AX3fmH42quVUEi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696487415, "uuid": "fcce574c-2424-4a20-9e71-5db1e481cc8d", "value": 1973760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696487415, "uuid": "5640bc5a-f853-4024-bbe7-346ace075891", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487415, "uuid": "cd84933f-5f3a-4752-a68c-1551e7f23f0e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c12ce455-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1696510655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510655, "uuid": "d50e2b57-1f1d-4e9f-9375-e30a463d7043", "comment": "Malware payload (QuasarRAT)", "value": "24a21527f7cf342314dbec545ef09669", "object_relation": "md5", "Tag": [ { "name": "24a21527f7cf342314dbec545ef09669", "colour": "#2A5654", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510655, "uuid": "fa25bf01-329a-43e4-9e56-2610708eec06", "comment": "Malware payload (QuasarRAT)", "value": "814fde58d94356918c7bdcd449e46c28aeff737db12aa6307f4dbf87eaf09277", "object_relation": "sha256", "Tag": [ { "name": "24a21527f7cf342314dbec545ef09669", "colour": "#2A5654", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510655, "uuid": "0f4f94cc-d9f8-4678-a302-07603bce678e", "comment": "Malware payload (QuasarRAT)", "value": "8d1ec0dfeb1e4903a2e41d2ea2fe9c8338f7e2fa", "object_relation": "sha1", "Tag": [ { "name": "24a21527f7cf342314dbec545ef09669", "colour": "#2A5654", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510655, "uuid": "8ee1911d-6a4f-476b-84f5-e780c2203d5d", "comment": "Malware payload (QuasarRAT)", "value": "b07ff2a43801668632141d963f689ee6d938c8d349bfdca700a2f68dffeca22a568ddf157df4e94b79618cb4c3baf2cc", "object_relation": "sha3-384", "Tag": [ { "name": "24a21527f7cf342314dbec545ef09669", "colour": "#2A5654", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510655, "uuid": "0b02ee67-9fef-476e-b4e2-4a60a0d5b4f6", "value": "T16BB69DC7FC5050E8C1ADD33585268262AA713C894F2123D72B61FFB82E76BD46E7A354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510655, "uuid": "303e90a2-b32d-4171-8f1e-1f6f838e4a05", "value": "85cddd6092e65c1a58dd1e6e9ab9fc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510655, "uuid": "b0defd8a-d226-4fb2-917e-1b93134750c8", "value": "49152:+4wKGjZqErb/TJvO90d7HjmAFd4A64nsfJVMa+AbKffcVHxoCtosmb4xWqXgHyVi:OZ2+ux8sayZSaEDVc/2P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510655, "uuid": "47f9832a-1d65-4e76-89c4-e02b7f65a914", "value": 11284992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510655, "uuid": "3f5993ae-a921-4bb2-b50a-27e3aac2813c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510655, "uuid": "2bcd02cf-9de9-490f-9d88-89cb733f97c6", "value": "24a21527f7cf342314dbec545ef09669", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10b49326-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501769, "uuid": "8a4c0632-69d3-4728-b011-49750a4ea8f8", "comment": "Malware payload (Mirai)", "value": "e5a75453c900e6142665971708b07516", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501769, "uuid": "661e7fec-c170-48c5-95cb-664ac74954a9", "comment": "Malware payload (Mirai)", "value": "8188b0251a8f723e508ae79eb692d84209b7356fedd73648b68db1bcedc144e3", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501769, "uuid": "fa5ff0ec-e99d-4b6b-936d-11743dccb6d1", "comment": "Malware payload (Mirai)", "value": "b182c21ad4ec9e52ea00200a612a85cd31fc0422", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501769, "uuid": "7b226988-4b2a-4365-8cd3-cc8368b3bf7e", "comment": "Malware payload (Mirai)", "value": "d1b47c51ec593e754d8e26b7b9bd56f8cf3070f81b850661d2138f002d9a195f7429a1348caffa4ff6708ed00f97c217", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501769, "uuid": "408d64b4-1bb5-4f0e-994c-dfb964c61d49", "value": "T103E34B17B1C18CFDC4DAD1744B9EAA3ADD36F4A81234B15B27C8AA261E5EE315F1DA00", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501769, "uuid": "bdfb830a-188a-43eb-8537-595191fdccf2", "value": "3072:aHEUoEVbBwr4p4j4JaWXHapTJDPuW5SknvJuqbOP7F3:aHEUHVbBfKp0W5LqJ3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501769, "uuid": "2c1c8707-ba91-40f1-9d42-7777967767ea", "value": 151864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501769, "uuid": "7e2e0dc7-24a7-432d-a02e-6b9755085e23", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501769, "uuid": "07488479-a67d-47f5-9fbe-5ecdcc52fb79", "value": "x86_64-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60ee0f2a-63d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696549148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549148, "uuid": "7eeb5285-9b8b-481d-bfee-0d10a46d1c38", "comment": "Malware payload", "value": "f90b985db5c3c422248e444e619fa8c1", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false }, { "name": "zip hta", "colour": "#F92B1E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549148, "uuid": "c8d0a1f4-9be7-4ccc-887c-0c0ed8440e03", "comment": "Malware payload", "value": "818c482b0d6be6f5c9449c76d79edf4e038fe639267b2da83675e0c5b723cea7", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false }, { "name": "zip hta", "colour": "#F92B1E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549148, "uuid": "7a123e8f-c193-4914-8446-b831d90e628a", "comment": "Malware payload", "value": "72f729e0782b250036c1ff501c2240abe72ecaed", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false }, { "name": "zip hta", "colour": "#F92B1E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549148, "uuid": "6f9ebbf2-685f-443d-ae42-487242c00d57", "comment": "Malware payload", "value": "d3607914c038a46110af79e7af815abcbbba38780f24f70e85afea8021d116a6f5b7d0add0932e1a44be54ded2787e6d", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false }, { "name": "zip hta", "colour": "#F92B1E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549148, "uuid": "abaa3d83-8ac8-4810-9b6f-43db69770995", "value": "T15902AE714A62D370E1AB587436CFF58868C8EFB873C9250FA615F9DA69E26540F43D30", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549148, "uuid": "7e31e2bb-79f4-4bbe-aaca-b799f2dc9726", "value": "192:PrJyPBWk5W+qhc0LZJkqr9YDXObiEbmA/cOYFBCzAt3tdVGv1NxTu:PcPIJ+aJkm9YD+bnPcOfEpHVG9NxTu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696549148, "uuid": "23918533-bb01-4712-9541-a7139d1df013", "value": 8905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696549148, "uuid": "b97d92c9-b84b-46f9-a577-be855ef9dff3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549148, "uuid": "23b98df2-7119-4914-b4b2-5d13ad40f041", "value": "client_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25c0a2a3-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510824, "uuid": "2e247cb8-ac70-4930-8b0a-41d989aeba9d", "comment": "Malware payload", "value": "030b548e1f2483239465d609b6d7b182", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510824, "uuid": "2683123b-4fee-4b13-9b07-5b2de672be80", "comment": "Malware payload", "value": "81ef3e251264b6490d3b716ace5cb5ef82d9758e99ba7309d77fff93c2483a48", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510824, "uuid": "e53b7da7-e586-457d-98c2-cf853354c48e", "comment": "Malware payload", "value": "f65d3927fc2e76ab8c66b8f5c077dc4e88539135", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510824, "uuid": "848f4594-89a5-49e2-9926-037d518901d8", "comment": "Malware payload", "value": "ba83a25dae77b85cf143b2e4fe961ee13d43a8036b5b16e595dc64b2987f4decf93ce7f088bb1e3826fc78fda07b0cf5", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510824, "uuid": "37d5b2ad-53f0-4cb9-a76d-446c4f2fb8f1", "value": "T1DE45E0039804DB97D40E83F87E533ED91E0E7F29E5D569DB04A27F8B3A30BA2095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510824, "uuid": "cffc8a55-507b-4341-9a8d-5fd97f7b4df3", "value": "24576:gWQmmav30xwZyGw6Vi+MNJJZyfw6VUYe+IEW98bO8QnhhCFSi3dwSx:1QmmQ30gW6VmL6VsCO7nyFSitx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510824, "uuid": "41d409a5-88d4-4902-b81d-7ed408f5ab9a", "value": 1208832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510824, "uuid": "e80fc9cd-d83e-497e-991e-caf8ec088e8c", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510824, "uuid": "7ab3aa2a-3952-4705-895f-ff4eb71eeabf", "value": "TT Copy.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d90fb05-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696499804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499804, "uuid": "802f602d-c96b-4582-91a0-27a2b707307b", "comment": "Malware payload (AgentTesla)", "value": "4ca48341486cc3b16b8d5af405fc46c0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499804, "uuid": "837c135d-5f91-4320-a482-c9d4d1b2cc32", "comment": "Malware payload (AgentTesla)", "value": "820e1b2bff7decc1832bc8804a8329eb79278bcffce98a525fd12de46f89fffb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499804, "uuid": "3378c8e2-2d93-4c22-ae22-fcaef5cada88", "comment": "Malware payload (AgentTesla)", "value": "8ea5b6cf0198aab1eca0ddee14182e8fd6d38935", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499804, "uuid": "18f2ba1a-1584-4c34-bf6f-0133f5951b4c", "comment": "Malware payload (AgentTesla)", "value": "112eceb38130ea2c20e00c4414e2249305933542859d335c2ecb353a4867e77055cd47a5604b90b8cba8d2f35bf8eb80", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499804, "uuid": "9519abec-d405-4aaf-9405-d1ade6953335", "value": "T1D4F4B50BBA4786B2E2491736D2AB1C04C361D983733BEB1B794EA39E7D037A79C45507", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499804, "uuid": "85eab48b-e090-42b9-938a-3b9f754afea0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499804, "uuid": "e12649c9-6478-485b-8b24-5e49c19cfd52", "value": "12288:2iMri507DfNdCX446rveSnC9JqbVooxS/KbLZPj/+DQyoNb8hsOvOpZ8iOg:297NdCX4BvewC9YbVooxSinlj/QQyoJp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499804, "uuid": "404f9e50-0e6c-44bb-ba59-fcd8475d7532", "value": 782848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499804, "uuid": "cd68ec06-d0c1-4bb2-91c8-0d02071190cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499804, "uuid": "90c635a7-70a1-461f-b53e-a2ea33d08cc7", "value": "Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82b73c3f-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1696495088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495088, "uuid": "d02b0ff7-782e-49a8-9afe-1f9990a904eb", "comment": "Malware payload (SnakeKeylogger)", "value": "024f629b2ae57cdc95b91f5f011acc4a", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495088, "uuid": "762a9d10-7b48-43b2-b249-736921b1abbf", "comment": "Malware payload (SnakeKeylogger)", "value": "830bacc86f14b7dd2ee545f213678bc9546dd5afef5a11e33abfeb8cf3ed3c7b", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495088, "uuid": "593f931f-d706-4c07-9045-67e4cc026a48", "comment": "Malware payload (SnakeKeylogger)", "value": "a4582524e9fbd4348090bc87a8877ab258845b3d", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495088, "uuid": "3da03d14-ad3c-42f6-b0b5-940508d95246", "comment": "Malware payload (SnakeKeylogger)", "value": "88e07149115a09270f20fbecfc1240a5c5447c72ed30c720146a6a90855450ea8fe7f154383f64b81328074441e5120c", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495088, "uuid": "a43fba59-0ace-4460-8b92-fa3412663e5b", "value": "T141542343FE10A524BC9B5AD281C18B79409913D75C86736F6EEDAC0FE4E1E9AB13B0C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495088, "uuid": "6efbdacf-6aa5-47f6-a9bf-2d701099213c", "value": "6144:9ADNtckYiDdCzK7AHtOE9mzP5NLYyRzcPa4YwIKYuLfX:9AU8E277AcP5NUycYWX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495088, "uuid": "f28a4706-cd53-4637-937c-63541425bd34", "value": 297399, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495088, "uuid": "9a1e855d-71f3-472a-bc5f-3979cf731770", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495088, "uuid": "26104125-c687-4056-80d3-b3376f741b0c", "value": "SALESINVOICE0989-98656890.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16917b33-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pikabot)", "timestamp": 1696508221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508221, "uuid": "fd361393-e07d-47c1-ab80-673bc34e3243", "comment": "Malware payload (Pikabot)", "value": "6428a0d4014a696c508cf875e128e23c", "object_relation": "md5", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508221, "uuid": "3b6dcc55-d81d-4dcf-949e-75ca41c974a3", "comment": "Malware payload (Pikabot)", "value": "831e5aea20119e3b3e604ce638d1c8d1533c47ef8c82e2599269d952a1a99e6a", "object_relation": "sha256", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508221, "uuid": "6f66bfc8-74ba-49fc-ac0c-1310a13d71a6", "comment": "Malware payload (Pikabot)", "value": "21186f89745df0028243331895ddc94e42bab52c", "object_relation": "sha1", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508221, "uuid": "afbb96a5-9dfc-4597-8abc-121c0619fe88", "comment": "Malware payload (Pikabot)", "value": "2521f9876f3301386c6c734860b6e474580b146ba210210bf77429bb4247afb7883d03c16bf98a5a1b144ec2a43c61e6", "object_relation": "sha3-384", "Tag": [ { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508221, "uuid": "da3d6a9a-aa78-4fe6-a7f3-ee387c86e142", "value": "T1C25633168E2C8E2F86BC6278247F0E4F6AE44E404044FDF663E5BC9E9E4EF25145F169", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508221, "uuid": "85cbad36-506f-48a7-99ae-7c1efe763c2e", "value": "49152:CBfKcex9+TCXNrY9gQN0HdGuY01MNR0jASDmYUqYtIpQoeyz0RHcFFHTpf0z7u5v:r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508221, "uuid": "62a722e0-03cf-40b5-bcd1-007656bfd628", "value": 6344850, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508221, "uuid": "68462f2e-0e0f-494c-be27-71b1aae72b88", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508221, "uuid": "3a53e910-2b28-4124-865c-9f845cc8743e", "value": "PO_17227.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4830e25e-638b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696516035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516035, "uuid": "bc52ab1e-b2fe-4443-a368-cf7a777ba9e0", "comment": "Malware payload (Smoke Loader)", "value": "3f1ae4dfc6b7a859e206ff8f02f9c681", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516035, "uuid": "3b8e7193-c35b-4b6b-b9db-f079ebe1e240", "comment": "Malware payload (Smoke Loader)", "value": "8337b90fc5a37cdb13bbe31c992f9fb3fb769451efd97fc5f8f24d449fae7b26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516035, "uuid": "74d7ad02-4cbf-4aae-9bf6-f1add460eb72", "comment": "Malware payload (Smoke Loader)", "value": "71b633b3610e52e0e630a5c12c6b4d45389a1494", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516035, "uuid": "71c269a0-8c79-4deb-ae2f-0572a31349f3", "comment": "Malware payload (Smoke Loader)", "value": "d2f1581d6c609c4ed268d4209044e7f2dcd9a9dbe28316cd1af0624b858a3f7842363509eaf8832e4ffd0199a9db20c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516035, "uuid": "9651819d-d2c7-489a-b536-f1f2a6517072", "value": "T15914D02179A0CC73C84781718525CB60FB7DB8225BA48A477768367F7E307E2936B35A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516035, "uuid": "0ae6d586-094a-4c2c-ae1d-f78ecc69aece", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516035, "uuid": "93eabc1e-e53d-4a6c-a10c-da16347966f8", "value": "3072:KH/D54JUB6saVYc06r9jEtCm2OCrhiOS21fkGaLf6I5gq:K/D5dB6XVXFo21SIKU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696516035, "uuid": "752ae23a-51fe-41c5-b5d9-15428e781545", "value": 199680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696516035, "uuid": "6bee1676-3ce3-4125-86cd-edf39cf8dbdc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516035, "uuid": "b2e42777-d1b7-4dca-a8e8-70ec5b6bd663", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ff804d4-6357-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696493822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493822, "uuid": "93ba6de2-24b4-48ca-98ff-39f0c9832c06", "comment": "Malware payload (Mirai)", "value": "44b92df4bdd9bd578ebaa677f01447e2", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493822, "uuid": "843146df-2076-454d-9844-250de14131ae", "comment": "Malware payload (Mirai)", "value": "83bae15a9970f63cf882bcc3892c4f7def7a4646fa2e9aa12c5088baaa7dd402", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493822, "uuid": "cb3d6b4e-2fbe-4518-bfff-5c29b37eb7ff", "comment": "Malware payload (Mirai)", "value": "eb3d07efd6500769e46cfc1a2abf566aee951b7a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493822, "uuid": "c8f2da04-3978-40ef-969c-3cea0c26f3df", "comment": "Malware payload (Mirai)", "value": "23bda9adc79ebe7b027da2c5a2a30ae334e1d28753846d816f5b0a6b73acb06980e9b2c4dbac76c35935c345add3eda6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493822, "uuid": "fde6b0dd-85e1-4be0-83a7-03783dcd879d", "value": "T1FA5401311663AEA7C24EA2F09539C5BBEEE1284F043124C61385365ADD336D7EEF158E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493822, "uuid": "4150af33-4d10-4928-b67b-770e6304e571", "value": "3072:Kir4H46BbhM/XJ+12CqpWFqLSjfU6Fmm7FnVZfzDF/cNb:ABkaRqEkiFmm7FnVZfzDF/cNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493822, "uuid": "02fec210-0934-4021-b669-7d03092bfbe0", "value": 295653, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493822, "uuid": "8abae76b-dd0c-435e-8405-546ce7385eba", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493822, "uuid": "36e6314e-465c-4b9e-9f39-6d4a1b09cfb9", "value": "44b92df4bdd9bd578ebaa677f01447e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41d2abe9-636c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696502710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502710, "uuid": "c91b4d0a-b8b5-40e3-a77d-279622262eed", "comment": "Malware payload (RedLineStealer)", "value": "8f83d5d9d95d9462cbf33c00c74e9e5c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502710, "uuid": "2ce2670c-ecbd-4cfa-be15-7aa5a02a39b2", "comment": "Malware payload (RedLineStealer)", "value": "841379ff18e00852295cd883bb4143e17b7a3b5f6808b70bdd65c67686b1f0b9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502710, "uuid": "8c22519b-694f-4e08-9b2a-c6d2ca36f868", "comment": "Malware payload (RedLineStealer)", "value": "ffc65f35e424eb1618dfa42eb9fee0531b56e053", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502710, "uuid": "d2ae0334-909d-45e3-a390-d4eb4306166f", "comment": "Malware payload (RedLineStealer)", "value": "62ddd66bc06cda08d959420e704b2ae7a97c395eaf1fe3fa538453e28c029eb6ed92a2f3331798dc6fa3b7847cf909ec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502710, "uuid": "02ca496f-4597-43d6-8f39-13868f472031", "value": "T187852357EBDC8573CCF07F3068F605630B35BA609A6443AE6352ADA65C536C0B87632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502710, "uuid": "fa7b3e3c-d15f-44de-8981-88afa56b4841", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502710, "uuid": "b8754ac2-2c7b-4aa6-ade6-48f66e9cbf24", "value": "24576:VyYdTa+H0kpeH2kV1ekuKCuL2r2vf6Z7ippLioXSlfy6MwmU6QrVOVZdC0oldT5:wY5kkpa26LBvSZ7ippLifTcs/b3T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696502710, "uuid": "ec3dff02-74d1-47a0-9a87-292c1637ef0e", "value": 1732096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696502710, "uuid": "39e3bb7c-68e9-42db-8e58-0519f5b7b42c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502710, "uuid": "13c61304-d561-4959-9522-bfa73934e284", "value": "8f83d5d9d95d9462cbf33c00c74e9e5c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb492f48-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497760, "uuid": "7270aca7-30ef-4efa-a380-7668a2f98c70", "comment": "Malware payload (AgentTesla)", "value": "fbb2c0bc1b3a6b515e8dd46be330af00", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497760, "uuid": "ac228dc5-4467-455d-adde-4c69629ffc92", "comment": "Malware payload (AgentTesla)", "value": "8438ac5745f37292a9c36993ae4ff00fb3f3e52abd075d2efb0e3581ce1b8e94", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497760, "uuid": "1570495c-7d05-44ba-952c-17274aa9bcd8", "comment": "Malware payload (AgentTesla)", "value": "ea4f70a0efe0cf3ea841a93878387f493b6227fb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497760, "uuid": "4dc504a4-04e2-4941-8e1a-898e342a9612", "comment": "Malware payload (AgentTesla)", "value": "863ade329342410114fd00b8182fac1197f50e534f6d3a378c1851d18691397fb20934ae4f3445774323a522bcb899d6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497760, "uuid": "60380e73-4e87-49f4-930c-ae3f8619648f", "value": "T1E3E47C2176FAEFA2C135E77B43543504CFEEAD328716F95E3C99B6856C30DC18A22612", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497760, "uuid": "eca81a0a-3309-41e4-a725-2e922588463e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497760, "uuid": "54f8f4da-88c1-4628-9447-d23c2d046978", "value": "12288:MU+d94SVrrhKI59r/oXsr8YJciAQaZkY/ghOnvb:MU+7XLzrysLXCr/wOvb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497760, "uuid": "844666dd-ab4a-45c1-bac2-27e5b4c10995", "value": 704000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497760, "uuid": "46c2270d-d317-466a-b325-0ec4314dd60a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497760, "uuid": "5a029b16-c456-48cf-8029-a0cf3eb91bf7", "value": "2023 Customer Information Export(1).docx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "893e6a5a-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496817, "uuid": "b3f13a60-7c9a-4856-b843-6f8016f76375", "comment": "Malware payload (AgentTesla)", "value": "8e303f684a6679d53452071f8933409d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496817, "uuid": "39598c69-1a05-422f-b503-e69e1163207f", "comment": "Malware payload (AgentTesla)", "value": "85c5c6fed46b400cf505aad5c84bc1ac76e74488b73d9951e3cda4db18f148e6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496817, "uuid": "b02b4211-25d9-437b-b28a-e4827d1afa90", "comment": "Malware payload (AgentTesla)", "value": "55690116312da78c6abf0bdf662a1173355f51f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496817, "uuid": "6d412c6e-cf93-4fce-af76-48ae7179a1bb", "comment": "Malware payload (AgentTesla)", "value": "c9eb870c8c48d76031759ddea4446df5a7b1b33c2350c228932fb44f7899c05d2f186c7d3c4cbd4eee9d834ce07e2689", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496817, "uuid": "1174a417-7b46-41fc-a0be-8ebc437c9d90", "value": "T11374D22036EFA45CB2737F531BECBAE58E5FFB666A16906D3404030B8B66D40DE51A31", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496817, "uuid": "426f6a59-8ac3-4db8-be02-f503f4ffa3c1", "value": "6144:K+IdX44444g44444h44444L44444E44444/e0XX3YlH44444p44444l44q44444C:K+ze0XX3Ylk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496817, "uuid": "de251184-7309-43e4-b9f0-38b6a00db0cd", "value": 352126, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496817, "uuid": "6d8a058d-12d8-4cad-92b6-2b0460d6cdb6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496817, "uuid": "3e85ebb0-3ac8-41f8-9fe6-4b9f296d0eef", "value": "Factura fiscal.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b528008b-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497750, "uuid": "8ebe79ef-c78d-4a4e-a7c4-0d8c7eda036a", "comment": "Malware payload (AgentTesla)", "value": "d3376e802bba19b0cc672487428c27e1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497750, "uuid": "5ffe51ab-156d-412e-a23f-a9fd871dda86", "comment": "Malware payload (AgentTesla)", "value": "87762de58ca2d2b24f126c5767f14b76f04cf9b8e9d317f325ff131fc3e88bc3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497750, "uuid": "4c43dccb-26a7-4d82-acec-b5d3a736483c", "comment": "Malware payload (AgentTesla)", "value": "976c00d839ed541b3f8d284f36c842d626798bfa", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497750, "uuid": "da50e46e-7991-48d4-a001-44bb06cf30e2", "comment": "Malware payload (AgentTesla)", "value": "f39f6a4cff7deb527f3a9b94dfdb6efb07f73b52a494f940cc5b6339c16bb7f2bfc59f17c3f0fb27a171ee12a4cfb7c2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497750, "uuid": "c5d0e88f-effc-4c15-b3bd-85ee057170b2", "value": "T11DD412ACB2ED1733CF5C09F6182369804B785A77B493F2D14C9A16CE52DBBC09563A4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497750, "uuid": "95c93439-e1a5-4bfc-8922-5f769832062d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497750, "uuid": "bd2cf2d7-5135-4c92-b4df-8d461f806a83", "value": "12288:LF8zS55mFzjst6+jRT0iApBNJNWyhHKJUNVAlmzGFM5TUucy86QEG1h4byvx:xf55qvsIqROD0ydB66tfaLvx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497750, "uuid": "a54d6d70-21fd-43bf-95da-8adcb3d32fa4", "value": 653824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497750, "uuid": "4ed919d2-b078-49b0-97c7-2f012ed0b837", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497750, "uuid": "da3b69f0-3a79-40e4-b153-078ba7358bc6", "value": "Presupuesto+Pago_realizados_03-09-2023.Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbb6627a-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539959, "uuid": "cae387bf-415f-405f-b07a-dd222444c7d8", "comment": "Malware payload (Mirai)", "value": "5bfd2f915898f77c7249c097953388ad", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539959, "uuid": "e18d4c08-6dff-41d4-ae22-ad996a67d16e", "comment": "Malware payload (Mirai)", "value": "87a954c84cc0721667be37d4c63bbad2ffc8d0df963074bd69d6a6d5551e5a65", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539959, "uuid": "269db418-67dd-4b2c-ac2d-bc360b40a93d", "comment": "Malware payload (Mirai)", "value": "77708e182bbb9df7163efc4248e9987830673e95", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539959, "uuid": "28d794ec-41d1-494d-99a9-d542d89f1fff", "comment": "Malware payload (Mirai)", "value": "67639e918a4972346e7e31fc05e42151453d72e9bf84ddc77ba293970008e856a8311d5729881151b17377657e5c1754", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539959, "uuid": "e4d3bb85-b63a-48eb-826f-ac54985c74ed", "value": "T193536DCAB8119E7DF5CBE77E84220D0EB821726150931B17BB6FFC837D721648956E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539959, "uuid": "63632a2d-a174-4180-9d24-ea4a811fe4e8", "value": "1536:AXyRgQF4TbSX5lxLepSGY5cFnehON2PPB+qG76E85:N1TjJ8EVGOH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539959, "uuid": "d99b036e-4f68-466c-a74f-5c1858e4d762", "value": 66504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539959, "uuid": "14883507-f48c-4417-a4e7-c010b4248161", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539959, "uuid": "69ba9773-4292-43c4-9b54-99b057b6253e", "value": "5bfd2f915898f77c7249c097953388ad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f430f0c4-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496567, "uuid": "1e092928-6271-40a3-8913-8acbb6e035fb", "comment": "Malware payload (AgentTesla)", "value": "4cac9f8d34f51b4e2b6232a963cec8b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "IDN", "colour": "#4B32BF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496567, "uuid": "b149afbf-849c-40a6-bfe9-b08aeae81809", "comment": "Malware payload (AgentTesla)", "value": "8922015839596a63179d96f56bd110ddc8d24eb18efb1cecd6b7e1102395988b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "IDN", "colour": "#4B32BF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496567, "uuid": "bb039bd2-8fdf-479e-9c73-ef50fadcd5e1", "comment": "Malware payload (AgentTesla)", "value": "3ba49ee223532dfd00ef7a548f147bd97ab173b9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "IDN", "colour": "#4B32BF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496567, "uuid": "c791bc14-cae4-4661-94d6-6b8cd6923ea8", "comment": "Malware payload (AgentTesla)", "value": "6dfd97bf89feb8565fa54ce70c361ff01244dd277cef579ab29efcf7ac887b3ceb751d66d608d2173003b4c04346029c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "IDN", "colour": "#4B32BF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496567, "uuid": "9c649754-a64f-40a9-bd40-2d1c06386a02", "value": "T183E4F0AC3660B1CFC827C973CEB51CA5E610697B930BD203A517169ECA4D9A2DF152F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496567, "uuid": "a7e81eb6-62fe-4983-986f-ee2597724371", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496567, "uuid": "9a120ce4-bb5a-47f0-bb82-8d757f6bef36", "value": "12288:kYti348zS55mFzwFDAvlkurxlkbbImBzkex/5iNYvYdR/iYHMT75gYY:kai34f55qgDAvlkbbb99XYdR/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496567, "uuid": "8573b092-9204-4c91-86cb-c25f55ec1dde", "value": 666624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496567, "uuid": "98126e3b-ec72-437d-ba0c-0447c8319747", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496567, "uuid": "eebe39be-f0e7-4a3c-b14d-d65a83738235", "value": "Dokumen Pembayaran_HSBC Bank_Pdf.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c14b8681-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1696497770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497770, "uuid": "3d4b78c7-760e-4983-95e6-ef1821404a7f", "comment": "Malware payload (XWorm)", "value": "310ba97c9a96f3db1e4b1c103fbc9954", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497770, "uuid": "333729ea-bfd3-4e1d-8181-1e03629af9a0", "comment": "Malware payload (XWorm)", "value": "89bc9fdb7d1d93a49c7cf3ccfff8ec5c174a44dd580e63e3cb47de448e9daefc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497770, "uuid": "e15a040f-5afd-47a7-85da-896e0ce36847", "comment": "Malware payload (XWorm)", "value": "ce6cffd8074a9f6211f0e43ad26bc7c0cc271b8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497770, "uuid": "e74679b5-c096-4f94-9869-0c14306619b5", "comment": "Malware payload (XWorm)", "value": "6cf28c6cf73c76a4d8773d788046b660e10db09039cd029f7740b1e608005324ee9234fd0a4d5f07f024f75e621f479b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497770, "uuid": "5a651460-bf89-4e70-bbed-57b7f31837c9", "value": "T1D0757B03FA9B8EB2E3491732DDAB5D908360FD83732BE70B788E3B5955133A69905507", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497770, "uuid": "8e0b53ee-24a2-493f-91e7-8eeaf48adff4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497770, "uuid": "07932573-835b-44bc-a14f-b0710c636862", "value": "24576:PINvIlmcBh3paRVGRyIxL/JGZwCdAmuznnHKFxRY+vGOogk8+4o6keKNnEGw3Hwm:tLTVxL/ovmnHKFHY+eOWhmGwXwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497770, "uuid": "2fe6ac27-00fc-444f-b4cc-e1136b9ded76", "value": 1696072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497770, "uuid": "6fc97e82-bf44-4c67-8e9b-ba33fd9c086a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497770, "uuid": "a965a0ce-37de-4265-bce2-b25cc8bc1379", "value": "NewBooking_______________________________________________pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cd11550-6356-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696493172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493172, "uuid": "663c62a2-29d7-44a2-b83b-22b04f454b39", "comment": "Malware payload (AgentTesla)", "value": "d313c816700fc2e13615b7ce4cf237b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493172, "uuid": "b3d9d56a-c6aa-49bb-93db-9b7d99669e51", "comment": "Malware payload (AgentTesla)", "value": "8a1b33e09071cee9982a8a460b288462c7c873ec8a365347c0acc1bda456822c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493172, "uuid": "0f120886-1fd6-4af1-99a5-c2ddfb534819", "comment": "Malware payload (AgentTesla)", "value": "16f4d2c2c1db157010d8eced6f832b973767a383", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493172, "uuid": "cda29959-0df6-4680-9e4e-f9fb1bce5da0", "comment": "Malware payload (AgentTesla)", "value": "3cb060701673afb534142ac86a4a95631dfbdcd0f192db47d74fb06fcb51a086d7ef97333877cc01d7298c0fb825f529", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493172, "uuid": "111cc859-5cd4-459d-a6e1-918df591bbe2", "value": "T1B3C42342A2F6D6E2860D73721A96F74D95CBBA65EFF3C938FCA511C35C0071C8E602A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493172, "uuid": "1bd8cc20-b040-4840-897d-936f5dd91e71", "value": "12288:P5COMIcJA9XgZIzpIGiS1V4qLZ9e/XNVLFMmhHsM:PkReXrZ4kKvNV5zhHsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493172, "uuid": "f0ccb097-737a-4a31-963d-04f163bdc767", "value": 548936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493172, "uuid": "a0fdfae4-26c6-4cfb-bc80-2aa0e1f76dbe", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493172, "uuid": "7cc5a434-aefc-4579-b2a6-c9b8675e73b9", "value": "Statement Of Account.pdf_________________________________________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc782873-639e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696524391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524391, "uuid": "eed3b4e7-774f-4238-bb03-6c066284cf59", "comment": "Malware payload", "value": "3dd859f7aa6f95b80aae2c7c4b5eaaf9", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524391, "uuid": "a24b8e0a-cfc0-41fd-b206-396c8d3f6758", "comment": "Malware payload", "value": "8ad4fd0c0b88ab0d825bcd3d5bea86232dbebbf41f0b3b8de78d5c77eb2de9c6", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524391, "uuid": "af3f3e7a-fbd6-4e22-88ce-39137e8f1313", "comment": "Malware payload", "value": "3ef2f7246e9dee40ca9b6a7ecc0b5c7568367e80", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524391, "uuid": "532994ec-aea7-4893-931b-2fbcefcc236c", "comment": "Malware payload", "value": "0d7f540d2b6a8b68b60cfa15aa9390eaa0d51b33576d7c19bf113cba1826530413a11dd9f801c78deaf174ab7796f886", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "alternative stage", "colour": "#470D09", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "ursnif related", "colour": "#1A6158", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524391, "uuid": "a1a7a5e6-ab1e-44cf-96bb-e19ca5a77a57", "value": "T13CB27D6D034FA8F89773ACC88AD5AC53FB74872A4A2CC6C49F30FEEA2414574A4E551D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524391, "uuid": "499dba7e-fbd1-4c01-b9b3-b3439c763620", "value": "384:GOjk+QtGIKg7ETp2FHIKIGZVgXFpmcMYqYaGmPUVdE/MMMWm4qVuAL:I9eYjTT//0MjgVuAL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696524391, "uuid": "79e5bbfc-68fa-471c-9506-d202c72a8d59", "value": 23407, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696524391, "uuid": "31649a1d-2f18-48ac-a9a3-75ffa3523607", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524391, "uuid": "da61cddf-da4c-4d78-90b6-fe4f59d03c64", "value": "client_3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b03a4ff-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1696499692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499692, "uuid": "a1975023-d59a-4110-a963-7e823e023682", "comment": "Malware payload (Vidar)", "value": "2cec68dffa384c133f42d540917c7277", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-1206", "colour": "#11FD79", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499692, "uuid": "f6122e84-8b41-4718-9146-6eda5ab92f6b", "comment": "Malware payload (Vidar)", "value": "8b114d8bcf13a65dc12f8d43e91e5e65a26f922779617d967d29741d2e0db776", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-1206", "colour": "#11FD79", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499692, "uuid": "dcddc926-888d-4860-9700-752f510d830d", "comment": "Malware payload (Vidar)", "value": "1222a2a2eb5d9572fc94c1254545aaa43515f082", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-1206", "colour": "#11FD79", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499692, "uuid": "2bcc6363-5813-434f-acaf-b386e827b07a", "comment": "Malware payload (Vidar)", "value": "732cf06a438f39a9211bc2899302e8e7d32a08dd40d227eb7bdc6e6ba34bdff4f177035bd8e045bef651196692d8f447", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-1206", "colour": "#11FD79", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499692, "uuid": "ff247b92-1c5b-480c-81db-41c14be139c0", "value": "T19556BF70EE44125B1E83179FACA256D3A93CC11153022268E99E139D2B475DCD3BEFBE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499692, "uuid": "64fc4a95-00d8-42ca-8da7-d0dce6eb18db", "value": "49152:IqrHdSQaSfduKTFJMdW5W41JOoiJtUfcRQ9nMEhClZ2kZwSRkG9dodaVJRfl+QRG:IGdSoXnb5WhZJ2cRWnMGeZ2kZwodgdr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499692, "uuid": "e53c588c-19a0-4e53-8571-dad1d07f0364", "value": 6343901, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499692, "uuid": "3dc4c227-777f-4fee-8452-7ccc2cc10a4d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499692, "uuid": "1ae2fbdb-5ba9-4670-a423-89bdee86f732", "value": "Booking Information.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90f4165b-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696508426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508426, "uuid": "47e894b9-3d07-40fc-9c6a-b8470d871712", "comment": "Malware payload (Amadey)", "value": "c635cdb7138165da47fc514c2353f721", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508426, "uuid": "9a0a9dc9-60dd-4812-a803-31725c8f56f6", "comment": "Malware payload (Amadey)", "value": "8b19caff80484678841f2eed816e8cb673f20205f9af8dafb2e5640fd7efc798", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508426, "uuid": "48670c17-2bb3-4442-9d07-95713caf8940", "comment": "Malware payload (Amadey)", "value": "609c10900041fc4b77c4446a2df04fc046bc93e2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508426, "uuid": "d20eda47-7aff-41bd-9fef-d737502ab862", "comment": "Malware payload (Amadey)", "value": "003c680299a84b68c6755da8d05d7eb451d1d896f062fc620066cd82b6a8bd98a406c25142d3d4983fe7a0095e6bf6df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508426, "uuid": "3e7a1cc7-964c-4bc4-be51-33cda1b48994", "value": "T17075E91176F95B59F9F30FB85ABAA611087ABC6ADF11C2DF1251908E0C31BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508426, "uuid": "e9e0c0f3-69ce-494c-b59c-2e6110323cb4", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508426, "uuid": "6f92ccc2-d317-41b2-9178-8e72eb7b4d96", "value": "12288:Lrq4/YQvi8Iv71ZtBXtjxaslVndVmRQH9j4K1uTaO9X6a9Dhvht6HZ7:cQvi8O1ZtBXtjH3dVJdk6a9Dhvhw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508426, "uuid": "f5d93cea-fadd-4fee-85b3-f75005e974c5", "value": 1703424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508426, "uuid": "4a7f2f89-4b80-4ce6-96f5-e25d462efe78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508426, "uuid": "7accfc10-ddc3-4200-ba11-0602026adae8", "value": "c635cdb7138165da47fc514c2353f721", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f325512-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501766, "uuid": "36b7b13e-884a-489b-8ca3-b8d87fe4f4bb", "comment": "Malware payload (Mirai)", "value": "9de3ca6971f2b0f134c61d8c4b79404b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501766, "uuid": "54f8ebe3-8a49-4960-b52f-375c5438aeac", "comment": "Malware payload (Mirai)", "value": "8b817d1b69bc323f0c803ee638b404fe21b6b9ff9f218f56a7e59af506d17ef2", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501766, "uuid": "ad336911-130e-4839-8254-beebdc8c5ca5", "comment": "Malware payload (Mirai)", "value": "3d702013c657897a24f8291171ea3ec621606ce8", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501766, "uuid": "94dcdc2a-3828-491e-997e-686b3bded552", "comment": "Malware payload (Mirai)", "value": "884c761c7ca902a1b901f8129b4c6c9088339511a174f565e615bcc254ac3f9cf4ba5f7d4f3a2eb1a88a4fb87edbf68e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501766, "uuid": "574765a2-1f17-459e-8c33-905bb773d164", "value": "T1B604D81AAF510FBBDCAFDD3702E90B0239CC654722A93B763674D528F54A50B49E3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501766, "uuid": "1f5622e7-1ad2-4c86-8678-50027def460f", "value": "3072:WCsnSesZAUOPDlUFm26Y7Djd2PFUL983qrE:WjnSesR6Dk6MDj8CuY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501766, "uuid": "9bfff39f-a575-4b0c-a59d-98653bebfbe0", "value": 184032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501766, "uuid": "3dbae834-d324-40f1-b5bb-525685f2bfbd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501766, "uuid": "be825d91-3431-435c-ade0-fc89b08ad563", "value": "mpsl-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8343d89d-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496807, "uuid": "cbdca4f4-5463-41f9-a5d4-cc82f19976e3", "comment": "Malware payload", "value": "cd9d6552877d6368d42bc1c9f6d34eb6", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496807, "uuid": "341a84ae-7dcc-4e9d-85e6-523d615521e4", "comment": "Malware payload", "value": "8c2b156806975374a4c9d904b979fb9ac656ba67ebc4bd75a3eed40f34f0151a", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496807, "uuid": "b4e5d9c4-d8d9-4c0e-aab7-fb3f9941c29d", "comment": "Malware payload", "value": "36e58ba27b76d1754a28a6ea09f30c32dbbe4e73", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496807, "uuid": "a672ed6e-05b3-49a9-846b-e8a7d906e3f4", "comment": "Malware payload", "value": "19c309d7921928a768f9d3ac29834a0c9fae578e395cffbdda231562232d06019d99f0ac0073f7d997ad77cf50a4438c", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496807, "uuid": "35e5e4d6-1e3e-457e-b10f-febe1e9081b8", "value": "T1AFE4E0E3FDD09B3CD36377381D419C33964C2CF58CD6D01644B72889A8A594A27E9BEA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496807, "uuid": "6b12d11a-1847-4516-95d2-34edee70264d", "value": "12288:6Uncgra7Z4vKQniRbKUOrdUCgTUm9xYWKr18sFDyAzFIDNKI8gWHqTJE3:6UcgrGZWiw7rdULt+qs8AxIRKZTHD3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496807, "uuid": "b1b94e66-1206-4f73-90b4-5b7dd3eb0d27", "value": 685244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496807, "uuid": "e5a11d26-fe90-43cb-be4f-97d5c4ac1e9d", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496807, "uuid": "546d841d-f90d-4a0e-8317-c6e7dcfc7fbd", "value": "document039scan.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "567498e6-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696495873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495873, "uuid": "d87e2b4f-9ce1-4acc-ba9f-d82c19e67972", "comment": "Malware payload (Loki)", "value": "456788ce6c20bb4b066874703b8a9373", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495873, "uuid": "a933d47d-1f9d-4bd7-bdd5-e8e1b077001b", "comment": "Malware payload (Loki)", "value": "8c460116d5860aac9824c2ddd8277962998ff5f6ae8dc85bdafd0414220e155a", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495873, "uuid": "e23125ab-de98-4473-96e9-17de0ab3e355", "comment": "Malware payload (Loki)", "value": "5b5df0903d86b6a807e8a051aa93679b8b39295f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495873, "uuid": "04b95061-9645-4aa1-bee4-ee234a0e5b8d", "comment": "Malware payload (Loki)", "value": "0eee3620d05b2374191b52679fa89e4991dd831858f9f3d6115b450ab38ea042c0217f2b8b747b31fbdf1829bd897862", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495873, "uuid": "f9cd05a6-bd49-488f-9f68-d24bcc72c583", "value": "T12055E00F9424AB96D00D83F86E6339E81E0E7F18E7C469DB15533B473E316A219DA2DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495873, "uuid": "e03a8704-686c-487e-a3e4-a8bd877dff1b", "value": "24576:zWQmmav30xDp0Zyow6VbAXZSq/ZyXw6VXAXZSzW2qVJblEIHEBZEqaPXwUx:SQmmQ30is6VIEM76VEE6ljHVqaP/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495873, "uuid": "a167ab13-2609-43c5-b4bc-8c57206fa7fe", "value": 1375744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495873, "uuid": "80796d61-642d-4952-a29b-d03fd002cb64", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495873, "uuid": "ce30927e-0883-4e80-834a-20e22bf11b61", "value": "New Order 04102023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e754d1be-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696499981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499981, "uuid": "511b4d72-0959-4524-aa84-676e6da28e7a", "comment": "Malware payload (Loki)", "value": "a889a7cca1cbb0680532b62569d9e362", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499981, "uuid": "eb41ecb0-9d7f-4198-90a9-b21d4a26afc3", "comment": "Malware payload (Loki)", "value": "8ca0436b72f946ce0c6c5613e991444c69c2e3cc79a43da4e54d49c95ac362d2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499981, "uuid": "e7a4e368-08bb-4267-b6d5-a938829196c7", "comment": "Malware payload (Loki)", "value": "93fa65324219c3dc95a0f1b26c2d5ee351700dce", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499981, "uuid": "1a6bf677-9328-462f-9140-3f3f3df0da55", "comment": "Malware payload (Loki)", "value": "899690e21a7835f2f1b50760c63eb07378989fa32601a8dff71748fb5d9db54891a3b1add024cb4a5eff321628bd0792", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499981, "uuid": "6cbe53d4-58dc-448f-9d8c-e581fd6b68d0", "value": "T112351703BB4B87B2F24B2736D69B1C049361D98B732BE70B758E23E615433A6DD49607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499981, "uuid": "1cb3a7e8-8be4-477b-acf5-b1dc60dfcf17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499981, "uuid": "2aa36c27-3a01-4c34-8928-a23750617049", "value": "24576:Z+SvM2e+ogSYAOgKYa2XwImvGGIu1k6u/N0qrX:8h+1GGIu1YNX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499981, "uuid": "9e2f8f3b-11f0-4b6d-8d44-991de8acf59a", "value": 1059328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499981, "uuid": "38b64206-dbe5-49c7-b9f4-ba2ab20c6f40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499981, "uuid": "f68e813d-ab54-4239-9c15-4cc53d4ddfd4", "value": "a889a7cca1cbb0680532b62569d9e362", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e97952b1-63a7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696528332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528332, "uuid": "4c48772e-7379-43c2-8c5a-495dbe12e97d", "comment": "Malware payload (RedLineStealer)", "value": "e9f5cf469606763d6ad1944875076e4d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528332, "uuid": "e037eebc-a84a-4646-9d9e-ce65c4586e6e", "comment": "Malware payload (RedLineStealer)", "value": "8cf2e3fd2a1f2522870ac61dc4496433c9700b389768d4b6ef75e905cf5f3421", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528332, "uuid": "dec99232-6942-4635-8c4a-c76be7a597d2", "comment": "Malware payload (RedLineStealer)", "value": "c845dabbf481f0f660ce3c60142de67c74e62f2f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528332, "uuid": "46b7e943-8972-416e-99ae-e3f0c8cd3bdd", "comment": "Malware payload (RedLineStealer)", "value": "e1bfad1ee5a54b0c8e0c9e9697c9a1625b70e2002ce657a00119e0dd45e9e032fd316adec11ff0e1ceb7cd8871e6e071", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528332, "uuid": "d4504005-0351-406e-ba0b-420003ae346a", "value": "T12574F13039A0C072CC9251748471C768FF7EB8A2A9D94D8F375827FEAE306E1975B649", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528332, "uuid": "500fe354-3e80-4ebb-88d8-7e345bf388f0", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528332, "uuid": "72807c89-9951-4a8f-971c-0d38db6eca61", "value": "6144:xwFsojeNfFp7kHDVlGwPyoSFmJYvZ0izMkNbcWn7txUWN7aSi:8sYeNz+lVq1ii5NbF0WRQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696528332, "uuid": "2d62dde7-8a48-4e81-bd6a-61471406fe36", "value": 351744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696528332, "uuid": "802d77ff-f74c-4fc0-a354-ec0ce32828ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528332, "uuid": "af1f57d7-bf84-4ed3-84fa-e91fd3ffcbab", "value": "e9f5cf469606763d6ad1944875076e4d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47795c67-6327-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696473084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473084, "uuid": "96e743dc-fbd1-4a82-8255-37771ef81a9a", "comment": "Malware payload (Formbook)", "value": "6aa8e191f471b65065883add866003e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473084, "uuid": "6e2087db-9311-4d96-b156-39b110b6d8e4", "comment": "Malware payload (Formbook)", "value": "8d48b5f989fff5f8f7f654f2d1fa6f8f7e52bcb0a1e2f25b02910ae1861760b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473084, "uuid": "9146d334-821c-4eeb-9abe-15e22e3f6da2", "comment": "Malware payload (Formbook)", "value": "3eeb88cb758a67cd1ef6e3640d16f8ee9bf27ae6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696473084, "uuid": "56c686f6-b06e-4f4e-a607-39761df6760c", "comment": "Malware payload (Formbook)", "value": "eb403a176dd6336e3087e15a81aac4555d8d6a3a300bc497a69d43632ea8a86dd00af6f9784c9c1a35d77911e27cf219", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473084, "uuid": "400fa92c-6ff8-4fa8-bb6b-b6f2f2d5c35a", "value": "T1E3F36B1136D18072D077423609F8EA615ABDFDB24FB25E6BB7D81A8E0B741C0AB35763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473084, "uuid": "666350d4-cf3a-4960-94d3-32aaea66fe3e", "value": "235f54a8f3fab3914ce05790a045f905", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473084, "uuid": "eb1e6d5c-41cd-44d7-ae44-8e50aacb7c80", "value": "1536:AXwhEnNQTLm1HXvoNgsuPU6P4OZgZGWy6DtOlX+2uoYds+yckU4Ss8jcdsovcAxv:Ag4QWlXvRDlWRRbds+0n3soUA9vj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696473084, "uuid": "c67cca4d-9176-4e10-a9f8-6b1ad992c77b", "value": 169472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696473084, "uuid": "0655a57b-9d6f-460a-8887-553db94dfbb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696473084, "uuid": "8a31a730-b661-43bf-8559-9b239c2fdb4c", "value": "SecuriteInfo.com.Win32.AdwareX-gen.21002.24821", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7cbcee98-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696510110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510110, "uuid": "5d5411c7-dd87-4550-b747-4a9b38fd1be0", "comment": "Malware payload (GCleaner)", "value": "6569eceef4279ce644844d4183d91a35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510110, "uuid": "c22b0b27-628f-4ef7-a908-c05647e44f20", "comment": "Malware payload (GCleaner)", "value": "8dd45c3deaa091c3bdde3456ffde09709d17802c57d4d6dbdf6fc5d5d1e3c8fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510110, "uuid": "4c1c6c1b-d5c8-499d-979c-20b58e3c4b63", "comment": "Malware payload (GCleaner)", "value": "54e7b4001ff59286a31e4c3b29905f7e8bb1789a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510110, "uuid": "6d1a3c13-1c56-41fb-acc1-38ccbcd497ef", "comment": "Malware payload (GCleaner)", "value": "6b8795c6474983a8ebd432178ee46a9316f79e49e7c1a45d6c7b297e52b95362ec1b4d7f89953f3b7e1dd136c71ee796", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510110, "uuid": "c67be0a2-0019-4cf5-9ce3-1b4cc637bbd3", "value": "T106440121F9A0D473C44B40398414CBA9AB7DB8B2E949C98F37681B7F6F317D1972A352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510110, "uuid": "8ceae147-ae74-45cb-a316-b0563d2ec5ae", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510110, "uuid": "3c07e0e5-e8bd-44c8-b17a-a9ea84fa1e8a", "value": "3072:3iyY7Rc0xtWBj4OsUPm2+GHYOcFci7OaMQrbN7WcAPAwlNOwjsOPWxDIkaNaL5sY:SyY7RKBMbUmGbcknE9WxYwztsPckaG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510110, "uuid": "8665f73b-3551-4fc4-ac23-f282cb203ee9", "value": 261120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510110, "uuid": "2f18c313-caa2-41eb-957f-8ce0189e1427", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510110, "uuid": "4f80c5e5-6a12-4d65-a683-1917fadfcc4e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bae443b3-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496900, "uuid": "02a5dac3-6062-4595-9e7c-f7349d902a65", "comment": "Malware payload (AgentTesla)", "value": "5a2cce672ed63b9e36135bd7ef5964db", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496900, "uuid": "38583485-3549-4711-871b-fb9dac05f151", "comment": "Malware payload (AgentTesla)", "value": "8e283ac23d83296a36290373230bee138a9d87e160989913dd1b7d6de08fd3c0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496900, "uuid": "0ab88633-e6d3-4eb5-a5cf-4354b45fab82", "comment": "Malware payload (AgentTesla)", "value": "b01e5d060c6b7f222b8814e53d7e6e7123b56613", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496900, "uuid": "c529fe32-00e9-4b70-a561-d0675647bbc5", "comment": "Malware payload (AgentTesla)", "value": "103e242e944fc75facef58fd6c55a3ded17e531b309fefce50dc3731ab3d30615cbe177d02af3eca426eafe994f02e92", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496900, "uuid": "d63d6535-ed16-41ab-a26f-8380bab8c78d", "value": "T199631760CEC527390E6707EEBF018465C4F9847D922980ACFA9D67BE1122A6CCB3F755", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496900, "uuid": "69eabb1d-9c86-42fa-b692-d40cd28dbdbb", "value": "768:Lq+gB4Q77T6Hxq8Yw5bzfw5KHct4s4+SWQttsfKAzgsVyZAecr4NGEK8RH:m+Id7Wo1Uw48t4xf/oK1sVyjLd7RH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496900, "uuid": "86fd953c-934c-482d-a195-fb7eede139c9", "value": 68433, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496900, "uuid": "fc4e2adb-9594-4cd6-b908-7c8ef1550dcc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496900, "uuid": "61823527-54a1-4871-93b4-b3e7eb5f5cfb", "value": "Rude.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36b821dd-63ab-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696529750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529750, "uuid": "b450456b-3d15-4b98-8acb-a6184ec7909b", "comment": "Malware payload (RedLineStealer)", "value": "7fcd0c468a078893f63a9b150a7e4e01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529750, "uuid": "c1867c9e-67eb-43e0-b098-8000f17228e7", "comment": "Malware payload (RedLineStealer)", "value": "8e935ee77cd8dc1bb7cab60d201990612915fcc88659165b10743dede5f3cd9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529750, "uuid": "b2cb8fa2-d208-467b-9bc8-c511c917ee86", "comment": "Malware payload (RedLineStealer)", "value": "852f0dd66e63ac61735545bb33a12036245a995d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696529750, "uuid": "449c5e66-bf3c-4905-88f1-573337c29e29", "comment": "Malware payload (RedLineStealer)", "value": "b10045d2ef0eccbdc5eaa4a76763fca7d0b328aaed3cc102e10716759bc5e0a2834d4c3fd18082ad40fc44deafe3a796", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529750, "uuid": "db6303fd-3c18-4049-a965-dbe6f89892b4", "value": "T188857B2139C2742DCDEE10B63DEEB17515BCA7A20B2796D72AC877EB85E05D11B32C42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529750, "uuid": "dffd36fb-a828-4db8-9b52-bca081d8ee4b", "value": "866f5ab4dadf03f032eb53be5227146e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529750, "uuid": "08ff417e-fba2-489a-a0be-2ec173a639bb", "value": "24576:2mdoWSG0h0Dt1tcuPvfxsSA7NgGJ0Ovfz1r:EG0h0D3vzMgG6Ovfz1r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696529750, "uuid": "08752f31-e4be-4ad0-abc8-3218ccd0dc9b", "value": 1827840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696529750, "uuid": "525ba449-35c7-4ae2-b532-dabec1f950ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696529750, "uuid": "b3d89980-7cc9-4719-966f-f6de0dbcf02e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe803c94-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491860, "uuid": "f11da184-17af-4115-bad1-2e155743a30a", "comment": "Malware payload (Mirai)", "value": "aed4da59226e6466e02adf707c186872", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491860, "uuid": "010baf45-5d83-482d-ab09-c940f5e1e22b", "comment": "Malware payload (Mirai)", "value": "8ff63b74e13cafd6400fdf31fba0cbb5e0351d096a0bfef8061bcbe0c5888051", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491860, "uuid": "7076b7d6-9143-4e11-84b4-c57002bdf218", "comment": "Malware payload (Mirai)", "value": "360710ff34b62a43fa60dcaf64e7cdc3103adf6e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491860, "uuid": "c5f9ef56-1d11-4c87-a18f-284118c1e8c9", "comment": "Malware payload (Mirai)", "value": "99f99fd9ba7bd951b1f5719dc2ae7576dfd725d5fab0504bd7ec1a147e22cee3a171ec94366ea64e32af5d041a5ed677", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491860, "uuid": "9f7a0952-ac72-4b67-9336-696631af4ecc", "value": "T1C9C2D050E5424B45EFE959B02E69C3EA3BF41A0FB677EE853180674B3A2C12B6051ECD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491860, "uuid": "4b55d739-d78f-4562-9cd0-e68368103bfc", "value": "768:wVdafO76jpmNJBI9oLVFTyPpXF+4uVcqgw09U:Aam+ADIuSpXF+4u+qgw09U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491860, "uuid": "da77889f-6738-489a-a02c-8b5afd5e7592", "value": 27064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491860, "uuid": "9ce98f76-c98e-42cd-8be6-7273afabdb29", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491860, "uuid": "e6341aee-d08d-4330-b1d0-9c3f40c1f44f", "value": "aed4da59226e6466e02adf707c186872", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cfe635b-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501763, "uuid": "d8ac60ff-cbe0-4019-bc0e-ae5e9771365f", "comment": "Malware payload (Mirai)", "value": "f4ac59aec47f118f1310189694c0c441", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501763, "uuid": "7192b33a-5789-4ec6-815d-611a337f1de9", "comment": "Malware payload (Mirai)", "value": "90227db4deb9b14794ae8fba68f332a75014fdafab369bb96b60b93186624f55", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501763, "uuid": "1e98323a-10ed-40fc-a3ef-b7e42c627143", "comment": "Malware payload (Mirai)", "value": "cf1a2c9d15a4b1cc793e723f52b81830fd37433e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501763, "uuid": "251c66e8-16cc-4973-924b-bc883dca48f6", "comment": "Malware payload (Mirai)", "value": "c122d06ef13ae01c46db2776862ffe3c038ea53718681aad3a8fe2ebf8541479070683f68287a668e1231176b0637291", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501763, "uuid": "23a6cedb-a5a2-47be-b22b-b3473a8ddef1", "value": "T17AD30845F8505B23C6C311B7FB5E428D7B2A17E8D3EE720399256F60378A86B0E3B546", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501763, "uuid": "e12e4bb2-bc89-4326-86c2-2d8e9b7e44a2", "value": "3072:eX7DkzHFAh94/JhGcNjoESjNyUu3q75v:eX7gTmh94/PGcNqjNyUug5v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501763, "uuid": "977f2608-d17d-4009-8cb0-fad616918b8f", "value": 140032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501763, "uuid": "afc81647-9184-40bc-9c2f-0b301a31fa2c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501763, "uuid": "c6d2047f-9e9c-4d94-ba3c-06c4ef585ac5", "value": "arm-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56336f07-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496731, "uuid": "981efefe-18c8-4a8e-9c20-64aba6a9570b", "comment": "Malware payload (AgentTesla)", "value": "3941800d406b92f0b717c1d28408b63a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496731, "uuid": "159381b0-6d0d-43d2-96e3-170896562919", "comment": "Malware payload (AgentTesla)", "value": "90576dc5b303e038d3cd2d2ef651d57cf8286707bd8d5888ae73ee7bd9dfcc62", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496731, "uuid": "8129cdbd-bbd8-41a1-8956-1ea08baa0306", "comment": "Malware payload (AgentTesla)", "value": "f8751d2a6f25551106a14394dd23c28e8b29ca53", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496731, "uuid": "23af6e9e-49da-438c-a4ec-ab52a4383736", "comment": "Malware payload (AgentTesla)", "value": "8e3da67ad3a11ff1fd2cec11b58813bb9910f6f5f6e45fba3bc99c8843b1711eaaf7291d0ad3238e4192025108cfb847", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496731, "uuid": "c0c22742-ed5c-448d-9493-5c44072fdf21", "value": "T165F43394DBE80FEB6108C01E1C8F32488946737CB78F1BE5173598C92965AFE5B913AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496731, "uuid": "349920ab-8f98-464c-bac3-c15b031226ea", "value": "12288:wzYUd6g4+VhqXZssMSMW8dYmHA+djJ6XuBHCMt6KhVs8OjSY+QCemLl3obqABqZc:wXd67t7MWZmddjJ6RdqrA1mLl3l6qZ+H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496731, "uuid": "5cd4887a-11d0-4e9f-8545-36079ecb481c", "value": 755915, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496731, "uuid": "3f96a22b-0947-417b-9858-055f176e4664", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496731, "uuid": "769e31a1-2a36-4876-8150-234981dd7026", "value": "Solicite Roch-CVE6422-TVOP.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a61ac14-63ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696530749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530749, "uuid": "18cf3a9d-a2dc-4f9c-8bd8-2c85566f2f6c", "comment": "Malware payload (RedLineStealer)", "value": "473c4a4f1b3c77e4cfba7843b9019cec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530749, "uuid": "2101b2e9-7a1e-4e15-8829-29d340a01df2", "comment": "Malware payload (RedLineStealer)", "value": "9361752c41ba1a8271983e2451036b39ad776462de60b4497af5b37f057767f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530749, "uuid": "a008ffa5-a345-45fe-a216-05351e26c998", "comment": "Malware payload (RedLineStealer)", "value": "2b06e64e11733aa586b9e79cf62300a0ce27501c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530749, "uuid": "2094503d-38b0-4645-bcbc-6d2d7c836b89", "comment": "Malware payload (RedLineStealer)", "value": "80861b3f333fea8517e0045499990873810cefe3a33fd885a3debc2fafb690bfb3b801582f0a506d8eff3aad93091fd4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530749, "uuid": "6bebd8db-38ef-4182-bc39-800c8d2705c4", "value": "T177953353B7EC5633D4F8D3B015FB1353393ABBA66825C6932216283D18B2AD499313B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530749, "uuid": "6f599b8f-9ac1-4d74-b02b-7c39a8229793", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530749, "uuid": "0cab9baa-0f88-4ec1-b2fa-6c8a3570952f", "value": "49152:9HVSUXRVbFJb5ursVIAnrChi2e14UQ1IAS3SgJ+P:lR7Jb5dGXeXIIAS3N+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696530749, "uuid": "8a971f3c-8372-4a97-81bf-7c7bc11b00a6", "value": 1923072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696530749, "uuid": "59a442e0-1d82-4935-ac47-28c1b210a4e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530749, "uuid": "c5b67a39-9599-4196-a7b4-bfaaf4c1b277", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fba98b51-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498298, "uuid": "7eab3722-5570-42c5-a0e5-e8cf92a9c0a4", "comment": "Malware payload (AgentTesla)", "value": "0b23fce30943407e5b9227aa5c76481d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498298, "uuid": "0cb6600e-751d-4521-9272-5948eca2a801", "comment": "Malware payload (AgentTesla)", "value": "9469f86dad566eb14d265d9b449de22d1b67b72c40dd3033f15a6243e376ab96", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498298, "uuid": "b2756d35-0054-4406-8fdc-a3dab7ca220e", "comment": "Malware payload (AgentTesla)", "value": "9f84b63edf2c91998a27d7a36ffc0448e4066155", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498298, "uuid": "af3edec5-d05e-4ebe-91b2-1a6eb4239306", "comment": "Malware payload (AgentTesla)", "value": "8271038efd75b29faf8c28fe2ec4914cad6a02b0171ad49f5c6218070ebab76c1708e7f2c743c104ce03a6b4c0b92e46", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498298, "uuid": "9ccb4871-64d7-4651-9a94-4a2fed102029", "value": "T12FE423403319821BDE3926B66C3345C65BB41DA97911F7DC2D6B32EE16BBB800326B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498298, "uuid": "bcdf42e1-805f-485b-9d89-101053bae2d1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498298, "uuid": "e5b2d2e4-3d61-48d1-99ff-ad6340596681", "value": "12288:S8zS55mFz0MIDIH6A8QQmlLffN76zlZJCKVrck/6kbh3hAPYVnu:Sf55qGIa5O578N5ycFhAPu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498298, "uuid": "b74cb4c7-ea59-4556-887c-c5ea36345b09", "value": 662016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498298, "uuid": "32bafa1c-e979-438c-a0c3-11eaebabdd7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498298, "uuid": "0000a7c3-0b48-42ab-a4b1-52b8600561f0", "value": "FedEx_AWB#773430900033.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc759aa9-6381-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696511989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511989, "uuid": "0a833f47-4878-4277-a2d6-9096042b53de", "comment": "Malware payload (AgentTesla)", "value": "ef2de4a8a06f86867f6e460e88919515", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511989, "uuid": "376140f8-db98-4066-bcdd-9172e876f401", "comment": "Malware payload (AgentTesla)", "value": "95146fd91e53797e70aa24b0a662c345ea9c0ed0500e9a996506d3c79433304c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511989, "uuid": "a7b85089-2a26-49e6-9df0-db2610ce3a25", "comment": "Malware payload (AgentTesla)", "value": "927a63e2b72624abb062387e8ea83862c98158f2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511989, "uuid": "aef9bbd2-2888-41f4-ab97-7e13883b699a", "comment": "Malware payload (AgentTesla)", "value": "222a1b8c6f07b4c23f3465dfff2709f0b583123dd2436792fe72a9911476d4b5e78f6eb8f07f1ea3d1d35215741cd36a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511989, "uuid": "fdb64c61-cc46-450e-9bea-fc351980962c", "value": "T136741259E6A1C47BE263D3F56F3EBE3A06E99C3016280B4F6344BADD7B21C11C51D622", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511989, "uuid": "cc7f8e9e-27f0-4036-b42a-ea843ed64c22", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511989, "uuid": "21225380-6d88-4ab2-ba50-ae461626d0e2", "value": "6144:BnPdudwDsAq1bHTMqjOLx9JL78eBZoRgl7bMkqfOCY4JnpmIOHkQTtHVI:BnPdwAUHpOLXJhBZoRglPMkUOCdnhQg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696511989, "uuid": "77838382-c4e1-4c88-9f60-3a3cb37312e2", "value": 355561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696511989, "uuid": "284e3f4f-94af-44f2-ae3b-306eac00c7b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511989, "uuid": "a5e56592-c51a-4c8f-8562-9d03f4651435", "value": "legend.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78fba075-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491636, "uuid": "051492ca-c81a-491b-b54c-f4063fc777f6", "comment": "Malware payload", "value": "fb76320fc4e2c0a66f311493a0e5c405", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491636, "uuid": "587ad365-8e30-4036-b033-e32a2ea1e174", "comment": "Malware payload", "value": "953e86603f3a38ee767c25bd4854b93a905df35bee30f653e7caef954878249e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491636, "uuid": "4ad4cf62-3dad-4ce6-9b1d-0a52b9895011", "comment": "Malware payload", "value": "673aefe694fe9782bf4f328a8d2baf8df0050c43", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491636, "uuid": "2d6431b9-172d-4cc1-ad5a-45b808b75ca7", "comment": "Malware payload", "value": "3bc69373f5ba1c13d3efc3be0a4ea58a68e5c04776f78c975d5103bc732152e21c683f8c514a2a1d2b82d38d8dbd5531", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491636, "uuid": "689fea33-8450-45d2-a47d-28ed72206eaf", "value": "T15EC62B029A1AEFF1DCC278F40537BBD4E49CEE26C8496CC9FB4AC650A5F2B05991DB14", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491636, "uuid": "e4ad2da5-2ba9-4e8c-88b8-fba07b44e3b7", "value": "196608:TUvKIaoiRERRdMUq4CMuiK5oKoxLM/sVzie1Dg46/8GLHuMqaRVDc:TsKIarETdMfMuiK2zxLMEVzig8408GLF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491636, "uuid": "5ec3ea2f-6963-4f21-b5fd-9e54f327616a", "value": 11828428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491636, "uuid": "3bec8b15-06dd-4068-b3ac-fd11202f968a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491636, "uuid": "1b174ae1-56db-4b54-a725-e56a13a0b615", "value": "953e86603f3a38ee767c25bd4854b93a905df35bee30f653e7caef954878249e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2588bef9-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696510394, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510394, "uuid": "c238239c-101b-4fb1-9d9d-fba8cf20284a", "comment": "Malware payload (AgentTesla)", "value": "114e04bc6811036df21b9e9be6164a84", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510394, "uuid": "b1bf9022-6670-4333-a56e-4ca7fa3c22b6", "comment": "Malware payload (AgentTesla)", "value": "954c1a6eaa6c9946aef8dbf957e00b6eb2ab564f564bde22c4a1c1af6b7e2c23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510394, "uuid": "af0028f2-1011-46a4-a6c4-30c5f5cc6095", "comment": "Malware payload (AgentTesla)", "value": "e1f1f6c6267b4deb6984779d90af18a7afe9f3c0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510394, "uuid": "dcb06ce4-8d81-482f-bf4f-13da5eaaf402", "comment": "Malware payload (AgentTesla)", "value": "c88f6ed33357774efa972b4c870d67994d4b4b034f4a6067c5338dad8206207e508dcbb43b102a1de40b404b88616d74", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510394, "uuid": "7cf9a76f-5f3c-4228-a538-60016b977c50", "value": "T1C0E4019077EE5B76D8B847F51231510027B53AAF397AE64C2EC670CE1B65F810A20FA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510394, "uuid": "f0a3e849-9fc4-42ea-9ae3-95d3fd351731", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510394, "uuid": "b763e83c-6d37-49c3-ac60-72323d64503b", "value": "12288:giMJ/j0akYw+ETUEMJ7WzrIlTv4aK1x1MGIUFxJSyE/YFnsknA748qxaCzeN:+L0abEAAQlTvjS1MGIGxkyYYFsNIx/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510394, "uuid": "d2e5d390-4bad-4f9f-8621-f8c803925be3", "value": 681472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510394, "uuid": "fada7e3f-65ef-4d31-8fdb-25f9c8610f3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510394, "uuid": "80323d81-3996-48bd-bea9-7dba8506de42", "value": "SWIFT PAYMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe20eacd-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498302, "uuid": "a6b64d5d-3caf-45f5-8e17-7b7a5559fdc6", "comment": "Malware payload (AgentTesla)", "value": "6fffc4536e78ada892d92ff685fb3215", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498302, "uuid": "220d066c-f7c0-4144-a5d8-0b89499ff521", "comment": "Malware payload (AgentTesla)", "value": "9551b8ab0bc6b210d632f4e4d77238f1ba8ddaefb6e8728c579773ce9eed963e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498302, "uuid": "24ed6787-5fdc-4f0d-8fbf-2addeaf97efb", "comment": "Malware payload (AgentTesla)", "value": "53e7b451192373d1c4527df2814987eef6cc8e8d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498302, "uuid": "35301e86-55ef-442d-95fa-2edb188375b3", "comment": "Malware payload (AgentTesla)", "value": "5f5223e72c061e7faba664a592bc659956a116f9005f50922a455edd5628d45da52aa839462f2faeee0c94fdf486ea28", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498302, "uuid": "eada6308-07a5-4dcb-9ba5-2a5a82686eed", "value": "T17CC412597354F5BFC5274A3AC6D42C609B21B46B231BC607B857219A8E4EADB8F013F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498302, "uuid": "a87ea51d-6121-4915-ba57-56aa5549c897", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498302, "uuid": "2f4212ec-3426-496b-85fa-39927196fb12", "value": "12288:q/jNnkHHa7cVf47W5U4NGRgnUvTZnZABT76K6JKgDnD:qLGHaQgN4YNTZWBf6K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498302, "uuid": "75fac0d5-739c-44e2-ac2b-c9e74718dc39", "value": 571392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498302, "uuid": "66086674-9759-4ab6-ba44-b62a30ccf58f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498302, "uuid": "faca8029-1934-489b-ab1f-894c43ce931f", "value": "DHL statement of account.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a2193b6-631a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696467425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696467425, "uuid": "522d6391-0e48-462e-a5ee-625e22aa8dc7", "comment": "Malware payload (Smoke Loader)", "value": "f748efc814b28f628c6eb9ceac0e1685", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696467425, "uuid": "518a4e08-d5e7-4cd5-9248-c7ca833db4b9", "comment": "Malware payload (Smoke Loader)", "value": "9559d9c18f1f21cb011d6c20a269528879916787c65e3f26f0a4a3c75eb191c2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696467425, "uuid": "e05b6f5c-93ed-4e56-b1f9-540d78de3a29", "comment": "Malware payload (Smoke Loader)", "value": "222dcc33ca18d98db749ca97b909571a413c53ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696467425, "uuid": "1ca4b59d-2cbe-46d2-9ff2-a0e4a2353f0f", "comment": "Malware payload (Smoke Loader)", "value": "56ccfbd83a3993099744b68b34033c4f52e6148b1a949cc16fc3d1d350e554df95200647da821b9fb479ce1e81bfbcc3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696467425, "uuid": "bf380b0b-1981-400a-89be-fced268a5121", "value": "T1D914D02039F0D072D5A789358930D790AAFBB8736AB485DB33142ABE5E303D19766367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696467425, "uuid": "e0fb197d-355f-4840-ab6d-026e8672f31a", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696467425, "uuid": "7b9cd74b-8926-436b-99cb-f9ee71214fc1", "value": "3072:JRc1AYAbaWHnme/OR7KAhZ/z1PQ9Vpzd5RD/Vr:MAPaWH3/k1ht1PCVpz5V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696467425, "uuid": "88cc5a7d-6ca2-4811-84d4-44fd906551e4", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696467425, "uuid": "f748cac3-3d74-4c71-a6c9-9caf2ddefe66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696467425, "uuid": "0b5399e8-9688-4be0-80d0-6a88213dcbaa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4579cc51-6350-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696490690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490690, "uuid": "4eab150d-80d8-42ab-857f-66baa4006173", "comment": "Malware payload (Tofsee)", "value": "fff4f9f23f1f5a9770b9b398e1a8451e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490690, "uuid": "22288eaa-e6ee-4409-bd54-4b0605ea8334", "comment": "Malware payload (Tofsee)", "value": "95dca49016884bc97f00680f9c0f6be340407c9279e27f47404b295cd0efa25c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490690, "uuid": "eee7845a-abdc-402c-941b-3515ca014a98", "comment": "Malware payload (Tofsee)", "value": "36b18c9b988e21ea6315f6403302dec05f7a1333", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490690, "uuid": "351ca3a6-0b1a-4845-8117-4e35ad68e6ab", "comment": "Malware payload (Tofsee)", "value": "836d25cf7a9a8f30ef295799e8a99fd7a8e10abb9228b0d94021f40df38ac6c869a3532dfac87f95150ae758b4e12132", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490690, "uuid": "71b9ecbf-b60f-44d9-959b-83a6419ec939", "value": "T11F14CF3035F1D072D1AB86358435DA647A3BB8336B64C74B33542AAE7EF07C29766326", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490690, "uuid": "0afd9424-ddb3-46fe-9dc3-6fd22bd01256", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490690, "uuid": "43d6818b-557f-4223-8dc3-c701b9afe82b", "value": "3072:s+8tm2CpROXz7PJQZegyMXtG5ZyEZVic+S6hDAo5aqraWVrw:Xsm1RijJ3gd3or+JhDJrZV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696490690, "uuid": "731a1960-67a2-426f-94f1-47003ad67ee9", "value": 205824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696490690, "uuid": "aa229aa6-e49b-4ab1-9766-5fe412ae42a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490690, "uuid": "1bd0be8c-8b67-4acc-b751-2dedd129f0f8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "250804b8-6312-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696464007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464007, "uuid": "b525e087-9c89-443a-be85-aba558534aaf", "comment": "Malware payload (Mirai)", "value": "362e797f7b02b8f1736dfd4c012414bc", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464007, "uuid": "f5d80ce6-1c81-4e65-8086-9de82f440aa2", "comment": "Malware payload (Mirai)", "value": "961c78508b6800ef467d0b5f0045d0961c0738a10a8e9d840c17f17d9a71356c", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464007, "uuid": "5b59f61d-1ddb-4cf7-a7df-bd52ac89681a", "comment": "Malware payload (Mirai)", "value": "2e2e59baba7a80f07ea9044e1d01d6c6b04cf26e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464007, "uuid": "93630347-55af-4269-9660-cbc8f661e60f", "comment": "Malware payload (Mirai)", "value": "887edbcb24fa76d31706ddf856b92cf71ba7211580094fa98967e220fa1ea5d086d44ef289e4c7fb20b11085554eee10", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464007, "uuid": "cb85517c-80ec-4de9-8eca-af2b311112ac", "value": "T12ED35C46EA408E03C4C91775BAAF418E3322A755F3DB73068E186FB43F86B6E4E67505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464007, "uuid": "c4773355-7ac5-4396-9e73-f26517061622", "value": "3072:KDjv43Mu2yGqZp0XJjsX02S3qtYi5/aRahM/9nsC:mj4MuiqZp0FsX02S3GYaaR0M/9nsC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696464007, "uuid": "292ef5eb-17c3-44f9-bc90-d4931719ce70", "value": 137680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696464007, "uuid": "4c939061-895c-46c3-8330-394feba23125", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464007, "uuid": "f598ad5b-07fa-4dbb-9f17-d1868f1702c9", "value": "0xh0roxxnavebusyoo.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f9634d2-6368-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696500908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500908, "uuid": "c0b5186a-0cc4-421e-bd5b-1f6ca857df72", "comment": "Malware payload (Tofsee)", "value": "1a36063f131f54495840d593f1273d10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500908, "uuid": "8bdab1b9-05cb-48b1-a1e2-7be9d8d9a20b", "comment": "Malware payload (Tofsee)", "value": "96fee44306f4be3becd144391e2d8b86150b042c8832e4d7e6feea029813511f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500908, "uuid": "59dac39e-3699-492b-9bb7-d80f7ac10f0e", "comment": "Malware payload (Tofsee)", "value": "edf9ccb48bd3b661bb2280c47c5bf4ecb477865c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500908, "uuid": "ca929635-3fb5-4bb7-98f2-fbec0d7648aa", "comment": "Malware payload (Tofsee)", "value": "d8f4362df4064ff8aa3a0fe398d6258758a38bd45a19edcdec01501b6736e960504b144c266743ddcfedddb4f2e9ff3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500908, "uuid": "a25a47f2-007f-42ff-a260-721da6d3b85d", "value": "T1C014E13136B0D0B2C84B41358814CEA4BF7BB87257A9C84B7B141BBE6E317D2976A356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500908, "uuid": "8b17becd-0192-4467-8f49-976fe36c789d", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500908, "uuid": "8fba4603-b58b-46ae-a57c-0482a2ef2b59", "value": "3072:enAZZE93TT+1Nfzwv49hMM4e4hLqwdmZTO71o5V5f5T0:CAZZ+Padmj3hLqwdeKa5HS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696500908, "uuid": "563364c8-021d-4cf4-ba6a-f7075d754448", "value": 199680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696500908, "uuid": "6771f3b0-1e48-478d-bcce-e9d98606981f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500908, "uuid": "1ffede79-741b-4234-83d7-9df29c6a3451", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea7e4d88-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696507288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507288, "uuid": "fa8dca13-c7fa-4df9-9f2c-8b69d73daf48", "comment": "Malware payload (AgentTesla)", "value": "0cdd0e09018a9a412d9b1e2c67df1ba5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507288, "uuid": "fc3f7100-017a-45e5-92e5-e15ea09bd3f4", "comment": "Malware payload (AgentTesla)", "value": "99752b311eeec1593f81ac05a1f0cd1d037d9eeef043c910e22d176caa3915be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507288, "uuid": "aded39c5-8afa-4464-9512-2a1a0b30e56a", "comment": "Malware payload (AgentTesla)", "value": "8b4b1c766d098b21ff1d3ca42d75b7f0e50288e6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507288, "uuid": "a0db1cef-fd61-448b-8327-d0e6d368c7bd", "comment": "Malware payload (AgentTesla)", "value": "a431b15cf3490cdd978f6e008d894409d514d1657a0b0b545d5a6df00731f015050b83fc14c82d465c7b78ac3a3be48c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507288, "uuid": "da04f2b9-48f4-4133-a161-abdc447dcd74", "value": "T13765F19C3260B5EFC817DDB68EA41C64AA207477571BD203B15B169C9B0CAEBCF146E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507288, "uuid": "9f3f172c-4b5c-494d-b19a-004d27cfdf17", "value": "24576:B77eF7Ax5uPvRXcyksFnl7fr+o5E6dnPnHsn2QdoXA:B77cMxAvNjksl7z+PwvsOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507288, "uuid": "016deb5e-b1ec-43bf-9c3f-0f609ab22cbe", "value": 1441792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507288, "uuid": "037e324f-d620-450c-b62a-e1123b7cf00b", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507288, "uuid": "3ef29236-a03f-4923-9b24-2ec77f8b27a0", "value": "New Order 77100_1.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b94ac4d8-63d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696548437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548437, "uuid": "c17428a2-77eb-4df0-a4a8-b26fc6df75cc", "comment": "Malware payload", "value": "a2d882bad543ca4365ad7d5ac15ef9b8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548437, "uuid": "0f270a30-c6d3-464e-b731-60befb7331f6", "comment": "Malware payload", "value": "99845091a6bb2b2f2300e824a40623f8a9ea00e7f5d432b2794a5b3a0f6db858", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548437, "uuid": "3299deea-fc4e-4672-8dc5-49261cad7590", "comment": "Malware payload", "value": "c75780a1a4d9e08257ed764d095146849c263f67", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548437, "uuid": "8d77cd87-5a47-4260-869a-72bfe386e8e9", "comment": "Malware payload", "value": "64f9949f59e276f2258a849176a3981a19c33a01975156308a160b25b6c18bcf7ea64316530f23b9c2cc0b58890d858d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548437, "uuid": "e88730d1-16fd-43be-abe3-9e25386f3bc8", "value": "T1F873A409BF610FFBECAFDC3749A9174528CC990A21A83B757934D818B25B64F19F3864", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548437, "uuid": "9c9bb7be-dc5f-497f-962e-28022c925191", "value": "1536:27XZ6uImmR3PShnhUSIJNIDxGkmg49Bagzm5G:2kHmmR3PSYSoCXg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696548437, "uuid": "ff293636-efe9-4038-96a1-dc0f9ca7c4f3", "value": 75968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696548437, "uuid": "6bd1f4df-3296-4eaa-8b20-d355abfeb193", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548437, "uuid": "3dcddcbd-8bda-4751-9290-8ac74db692da", "value": "a2d882bad543ca4365ad7d5ac15ef9b8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aeebafe8-638f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696517926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517926, "uuid": "7fe91f0c-5fc5-41ea-a357-b85cbe091869", "comment": "Malware payload (RedLineStealer)", "value": "997fd47f215d61831eeccc85b3a58914", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517926, "uuid": "8abe367d-d8da-4b8d-aa2a-a45e64d2ecff", "comment": "Malware payload (RedLineStealer)", "value": "99ddf87908c8aee01cc6d189f9a9fd8979e8b7d7e118cc47096bf2adb1092d2f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517926, "uuid": "041fe2a0-4046-4494-9775-297fef88375f", "comment": "Malware payload (RedLineStealer)", "value": "1f96bce3557cc31593613049725371393cbcf4f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517926, "uuid": "0e79121e-41ad-415b-9b65-1154cbde9712", "comment": "Malware payload (RedLineStealer)", "value": "49a3d70f03c34e3d554c57a4530472af19e254cad335a80ac6466caaa2978317dae374e1389038198fcc45cf32f54383", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517926, "uuid": "ca6740e4-f6ac-4325-bc5b-70dfc0c3b66d", "value": "T184953387E6D54432DC6526700DF693532A3B3CE25C30C23A27989E4F09F6659B875B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517926, "uuid": "04084c23-db39-4afd-9a0b-0f18e31f5daa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517926, "uuid": "e12b0ceb-8d1d-49ae-9658-44e0f8c4113d", "value": "24576:myDVkq1m7ftIlGhKpF4jBa8ZaPBEL4HGtUHKKmon7AlhdyVe+rq0GISoFjhgRgt:1DVkQgycyWlh/smtIKKQsVnBGtoNhgR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696517926, "uuid": "b559e992-0e39-40db-98e3-10f95ebdf5ec", "value": 1923584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696517926, "uuid": "be0470cc-6df0-414c-9cb8-ebbe08cbbefa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517926, "uuid": "94acc600-4a54-42ec-86c9-4b05867f055e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "090d9d7f-635f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696497031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497031, "uuid": "76694e98-b617-4a08-a665-be56f1bc7b91", "comment": "Malware payload (Smoke Loader)", "value": "65c7d9e822c9f2b8291202128644e825", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497031, "uuid": "8262b157-9900-4d21-b4d6-08076bf4635d", "comment": "Malware payload (Smoke Loader)", "value": "9a528b2b31d9d59018878fdf3b9d8db235df606500c67a4b8be3075701b014fc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497031, "uuid": "1dcfc97f-f1e5-443d-ad90-7f1af2b32d4b", "comment": "Malware payload (Smoke Loader)", "value": "6cb6265721b373df555f0cdbba93dcb7e622344f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497031, "uuid": "91124f85-b995-4198-bc49-f1542e9e3f48", "comment": "Malware payload (Smoke Loader)", "value": "226291bc53368bde9f6dd9253e8a94f1eafbf80c731de70e6bf9dab0cdb4761c76d5b0dd6a039585bcfba2137e459a51", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497031, "uuid": "0117119e-935a-4528-8d4d-b4f52657c684", "value": "T1BC14C0217AF1C072E2A745358930DA60AE7BF8625BA4844F3704DA3E6E307D1DB76717", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497031, "uuid": "72f2db4e-9958-461e-8694-4215f601fda6", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497031, "uuid": "7d2043e5-3711-47dd-816d-ba0b21aff5fb", "value": "3072:FRUUZ+SZlT/s9GnCv315iP0K4qOpvmbUGzrhdLKO5p/Vr:lZ5l/son0152EgXHh9FV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497031, "uuid": "42eeacef-92cf-44ea-9ba6-e839182c9c9e", "value": 207872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497031, "uuid": "d1c279fa-b548-4686-a362-7ca9e585fcd6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497031, "uuid": "e3071f19-1917-4602-a9a9-5e94d7fdad03", "value": "65c7d9e822c9f2b8291202128644e825", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb7df305-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696507290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507290, "uuid": "8cab1d5a-a161-4a80-b03b-b0e16c5154ed", "comment": "Malware payload (AgentTesla)", "value": "5c434f6fd3edd85a8b2072c5a4327622", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507290, "uuid": "4fdaf79e-8627-441e-bcd6-1b7197f3f822", "comment": "Malware payload (AgentTesla)", "value": "9b099c7afe8256358104fced98a6c533bae1084710d2abb269336d83bc8afc49", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507290, "uuid": "60372fe3-1e04-449f-bd04-7bca1efe2bea", "comment": "Malware payload (AgentTesla)", "value": "8f933889642aa9aae81202cb03926ca73e8b3f44", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507290, "uuid": "397852d1-e16b-492b-941e-51ba89e41e35", "comment": "Malware payload (AgentTesla)", "value": "181e681efbf9c36342209af47e91dfb3ac421489a3b97df3dacecdc0993aa90048dc22f79cbf20c61a82686395672fb5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507290, "uuid": "2b6c982a-b448-4eb7-908a-02c1a55fdf63", "value": "T1B505029C3260B5EFC827DDB78EA41C64AA207477571BD203A157169C9A0CAEBCF146F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507290, "uuid": "6a3d8d2a-e02a-4d1d-b8ba-a5839331b791", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507290, "uuid": "a045217e-f97c-4fda-8603-4a4f7eea4487", "value": "24576:C77eF7Ax5uPvRXcyksFnl7fr+o5E6dnPnHsn2QdoXA:C77cMxAvNjksl7z+PwvsOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507290, "uuid": "65fe869c-0029-419c-8abc-b70ba0762859", "value": 840704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507290, "uuid": "7ba53233-48d6-460a-8a64-f262c374f5e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507290, "uuid": "25a6f78c-b09c-486e-bee1-d9f2c3ba9943", "value": "New Order 77100.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3e77a10-6368-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696501264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501264, "uuid": "b5153f7a-70a7-4f7a-83e4-0ca0511e98d2", "comment": "Malware payload (AgentTesla)", "value": "40e9f6368bb2c7f5f5ca5a1d7644513a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501264, "uuid": "cb246e5f-faf9-47c2-8d4d-d1afeb5540e2", "comment": "Malware payload (AgentTesla)", "value": "9b58155670290b5c9a70c783c2430a1614cd855858e2b582ccd20b3ea6aeaa56", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501264, "uuid": "abde73ef-cbe9-45ad-b792-45f9bf18a5d0", "comment": "Malware payload (AgentTesla)", "value": "83b320e59b41e0c158f7e3401c334e5ed66c5bf1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501264, "uuid": "c01acf66-2480-40f5-ae1f-548799bbea30", "comment": "Malware payload (AgentTesla)", "value": "35c766cf9c0f80c362f5b66cd50a8bc30b39f559943e5bc065bb43648ad4b62796d13b524ab07d3c6bbef90591bd67ab", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501264, "uuid": "64eb3c42-27ba-4024-bc50-81ea7a109254", "value": "T186150688AE454811C84CA67A96B9DB34D33A2DBB352059BDD4EABCB3FFF5D531082035", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501264, "uuid": "f813d4c1-577f-4b65-86a3-39023e07cbdf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501264, "uuid": "f475d7d9-bb8e-43ed-88bb-998652b5b16c", "value": "12288:SUZ9Fcwsr4u5vOzJMZBTImnnGw71bDlMH8p+tBoIpyPvkb4WXuSGrP7r9r/+pppJ:SUZ96wskIWeFnGA1bDlCPa1Se1qR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501264, "uuid": "1e3c6528-f873-4ef3-bbbf-3ca719771779", "value": 908288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501264, "uuid": "adf12cfd-4506-4891-a687-c0720edbb7b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501264, "uuid": "c2301c6c-981c-4029-be84-80dfb669e9df", "value": "PO 5997 - AKTINA CDS GmbH.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2740fe8-6365-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696499973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499973, "uuid": "7e414a98-414a-49ed-bbe5-2112d4bd43c7", "comment": "Malware payload (RedLineStealer)", "value": "0f7a30798528a4f0077264b722a6184f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499973, "uuid": "764432dc-5452-4c05-89ca-bcdbf2e9791b", "comment": "Malware payload (RedLineStealer)", "value": "9baa84d8a0ac0238874f12b2e8033d18b42fd1f20684a02c52cdfbc6fed19e14", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499973, "uuid": "12a9360a-5e8d-4fb8-8764-5bedb7b8e3c3", "comment": "Malware payload (RedLineStealer)", "value": "216021d033f4b85208a104fbb19c1b61770d63cc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499973, "uuid": "6bc0a3d6-5250-4b48-abe1-f213c0224f1f", "comment": "Malware payload (RedLineStealer)", "value": "b556f9a529ce4cfd54d8476a874ac652e6c4f91f398fb95adb5493915931a22830642c3bb00d5a2fcd22f346097109f6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499973, "uuid": "71c103e9-2d2a-4ba2-965f-936db558820a", "value": "T1F2853313EAE44432E8A11F7058F8036321357A725BB0879B7785D8AE4DB3B987CB531B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499973, "uuid": "eb2604c9-2837-4b8e-a231-57d011e82bcf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499973, "uuid": "bdae6e2a-bd36-4740-a60f-f84e533935af", "value": "49152:Ix9ZWBEC3zDZTlcNvx/7i7p8iMRw7EfM4D:uUjjg9m7QwEfTD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499973, "uuid": "cf3b3bcb-050c-4b37-ac2b-4694d009aa37", "value": 1742792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499973, "uuid": "411921d6-ef12-4742-9369-786dd6f663a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499973, "uuid": "7d01cf19-55de-4bee-b6da-eb3e278d7491", "value": "0f7a30798528a4f0077264b722a6184f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b26c51a-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1696496767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496767, "uuid": "a850b4bc-32d9-4453-861b-afd51a4288a4", "comment": "Malware payload (XWorm)", "value": "cb3190f7ea755da4975370f0653d3f56", "object_relation": "md5", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496767, "uuid": "928f8506-70bd-47b7-a290-164edbc1545b", "comment": "Malware payload (XWorm)", "value": "9c047638b906f4c825ac82e04cdcfeadcd724a00984b74158fae664da5da8bc4", "object_relation": "sha256", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496767, "uuid": "1efa5320-5099-4c15-94a1-173026878079", "comment": "Malware payload (XWorm)", "value": "8a5fb158c5f681f1b11213bcd7934173e474eae3", "object_relation": "sha1", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496767, "uuid": "f4e1063f-bb8c-4c8c-b9f7-7cfd6e3ad701", "comment": "Malware payload (XWorm)", "value": "8745bbc271c058073b249a9d9fe3fe03b906a41f159edb894fb0d890275f8cc8efff01a0957a4aa2f23f9ab07eb01515", "object_relation": "sha3-384", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496767, "uuid": "ca96a218-bd04-4b16-b2e2-8e13f7d98bbf", "value": "T1D882D0283A4479D2FA16B63596EA413B6352005F35494FCD3EC19E896D1B343478C6CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496767, "uuid": "ccc2692d-3776-42f6-9cbd-ee62924588d2", "value": "384:dXPlO/xfjTvxe2Qd/V/st8KC9GHmUYAf2RI3n:VPlO/jaEFC9Gz6g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496767, "uuid": "dd6b4361-71b9-4dde-90a6-26155eafca34", "value": 17712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496767, "uuid": "b459e64e-ca17-4427-8a9f-c8046c269c64", "value": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496767, "uuid": "035d372c-30d7-4c48-8644-b44ada27c3cd", "value": "LinhasSumarizadas_2022067067.ppam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aece385f-6382-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696512342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512342, "uuid": "fcda13f0-d5f6-4ab5-a461-016617a7db23", "comment": "Malware payload (RedLineStealer)", "value": "07978cb9567193f8fbf259763e411533", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512342, "uuid": "33a3fab3-d947-442b-a0aa-b51a831bc939", "comment": "Malware payload (RedLineStealer)", "value": "9cc458ba7d97a5db07e7a42561b0d55e4adfce7e41a4a477b06e3b0fd5e871bf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512342, "uuid": "5ce76252-fe69-493a-b13a-80ed250a9339", "comment": "Malware payload (RedLineStealer)", "value": "2a5b283f94790aa0c9c4b3cac10ff658715d10f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512342, "uuid": "c05c2890-b468-43a3-ad0a-3cfa9dc4e9e4", "comment": "Malware payload (RedLineStealer)", "value": "638cc7f47b0d5eb23b2ee1e31c8f7970fa641d5b55b9b0a34592cd36f47a2e7efd56ccaaa353eabee74516a8d7465026", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512342, "uuid": "e968ed59-9d24-4fa8-ad20-ad6057cc6a5b", "value": "T165953D5177F95B99F6F30BB86ABA6611087ABC698F11C3FF1261904E0931BD08970B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512342, "uuid": "c1be9fac-358a-4a39-89fc-5517ea26355d", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512342, "uuid": "e8305c74-6d4b-4bde-a2b4-5885e9342df9", "value": "24576:BJxY5KgFimILMhkVSjFgHdg2HO6a9DhvhWWs4Sf:BdgFimILMhAQF8g8O6a3vKf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696512342, "uuid": "408815ae-3e14-4a99-a85e-f3f99f9aaf22", "value": 1927168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696512342, "uuid": "7ded4261-6267-4990-934d-fbda6567826a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512342, "uuid": "1fd50267-27b6-4720-853d-861bad84c33f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ead9b921-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535206, "uuid": "6c25983a-dc86-46db-9b03-44b1581fe659", "comment": "Malware payload", "value": "0a5acc42c666a7cfebf9ea8db9005c6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535206, "uuid": "592937d1-e7e7-4e55-a2e0-bbf3f5640b1c", "comment": "Malware payload", "value": "9e9cdc500aba915c0774caeb19543064db51f8a6c426d1e881a91eb4d7cb7409", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535206, "uuid": "51eb0685-7ef7-4dfd-9c02-2e4192f4b8b9", "comment": "Malware payload", "value": "de5d9e45289121015022e326c5899aa23060f777", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535206, "uuid": "8390a609-ac0c-4699-b951-4c5fa0ed5f00", "comment": "Malware payload", "value": "ffa2acc06e91f58ae7e2edf94b488b12d4335ffb33caf9ba135305768aa6501d7921eb632dabedd85cb1762d074c443f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535206, "uuid": "0d2e6fed-f266-43e2-802e-b37dc1043180", "value": "T1C2C53302F2D6A9F9D2522AB18D64F65154BA771A130C4AC73A363D078E723C3297ED1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535206, "uuid": "53c54fef-e332-4e6b-a6c1-71f1ac76f343", "value": "f6baa5eaa8231d4fe8e922a2e6d240ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535206, "uuid": "123c6e06-89c4-4ecc-9d04-e0cbd59237e2", "value": "49152:Xs5jI+NyvqpBJheWy2pp0erKZCC/bPSRuIWE2VeOZZ1WbeD0ccnWj+Qh/:Xs5jI+NtBeWy2pp0RHSoIhqWbeDEnI/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535206, "uuid": "ef32ad41-5c14-40f9-a6ed-9d821f32048b", "value": 2663752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535206, "uuid": "670174fc-1774-41b2-bdf6-7f1f981f36c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535206, "uuid": "7083ccd6-fec8-48f5-aec0-48930bea6c5f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd9f684a-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510327, "uuid": "224378d0-4b68-4957-89e3-d6eefaff1f07", "comment": "Malware payload", "value": "1dda065d3bd9d01799fd7e480e342993", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510327, "uuid": "c1fcdc38-43de-4c9a-8141-25d27df68d39", "comment": "Malware payload", "value": "9f4d42ef2893257fb2725ab66e9f938812e98b7270801885ca45dd30b7ed2089", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510327, "uuid": "f603b7e8-41f7-4c2e-94c6-1cfece310fb4", "comment": "Malware payload", "value": "af5e7592b1ebb2d295bfb2909acfa6004d2d9cb7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510327, "uuid": "76adb542-ef68-4e42-ab48-d5725cbf88c3", "comment": "Malware payload", "value": "88f4b4a569abd63f5b275351e5a9a9f503911f6bc8de6b2ee4aab5bc35bb78b707adf9600c1e25acdd3ecc063d173e7a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510327, "uuid": "77bfd854-2cf9-43a1-95b3-d0483739da46", "value": "T12AA49D5777A005B5E077D139CA528F86FAB2FC094720A74B03E496762F237A0663F726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510327, "uuid": "a4fee7b0-f2be-47d9-aff0-9a6f6c446174", "value": "d2181aeca5f4d84ebf9b4656dd8a9ba2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510327, "uuid": "c3f0d760-102e-4e80-b6c4-2ee121315769", "value": "12288:qz3lKqNpYmBzR4vyj/DiSOzvL/fye6VOTC3aevaMo4YXbGggjli8:qz3l96Fgpi8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510327, "uuid": "f74fe6b2-857b-41e4-a9e8-eacd917deee6", "value": 488392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510327, "uuid": "1f204524-c5ff-4867-a545-209a07754074", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510327, "uuid": "9e4df9bf-12be-4b1b-98bf-7863213d10e7", "value": "vnchooks.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c443c588-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495628, "uuid": "f9e7094e-06b8-4322-8ee0-7337e3a4ac9a", "comment": "Malware payload", "value": "3d07fda1cb038725a3e8669b03cf439f", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495628, "uuid": "bd4632b7-70e1-4f26-9b00-c4fe94bf8f7c", "comment": "Malware payload", "value": "9f850f64914257e054438997067e51e5eab0c2192f311db479ec79da5b85fd8e", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495628, "uuid": "e644b897-b13e-4dc4-afc0-4c9102048635", "comment": "Malware payload", "value": "aabad1809dc0a7aba9a2b77e69a9766e8bf25184", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495628, "uuid": "8b61b5a5-eed9-4205-9b05-e489cc6ec41a", "comment": "Malware payload", "value": "3b6cae3ca7be4bd8f526728009571eafa176efe92a502637bc93ab5c5705f20aa5f4e6f5f7f6df9f117c269ba598220b", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495628, "uuid": "74c956bb-d7d9-472f-95bc-114b77e83b71", "value": "T14F447EC373504937D398CB3956E34BE2932EFC2BBE1B46162305331ABA77AD465121B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495628, "uuid": "bd1e3071-6849-4882-8688-c92d3e811cc3", "value": "6144:28rmjPOtyoVjDGL61EfDlavx+W/IEf14EwS6gNgpLnJPHCl7qgymFdPEKb9jpppM:P5C1PHi7by6V9H0UYki", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495628, "uuid": "0c3f73c5-e6ff-48dc-bbd8-06a8f7c78a63", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495628, "uuid": "7e326376-a416-4d52-8620-236acd86c478", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495628, "uuid": "3e556319-c52b-4c68-b3c9-da3272a335b7", "value": "Agnes Thage Rosettas Invoice 14-10-2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0d1cd6e-6381-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696512023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512023, "uuid": "a1e801f8-c77f-4f76-b7a6-461a4f83176e", "comment": "Malware payload (Stealc)", "value": "b117ab59bac01ca6b377cfc7bb059702", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512023, "uuid": "169e239a-e458-4586-b737-aa59c112ba33", "comment": "Malware payload (Stealc)", "value": "a0b7af1f1ccfed123c9b3d12f32f077de6c47a42a8662a85a7963b91479e2d41", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512023, "uuid": "be94e295-0a9c-40f8-9f0d-4ba8471ed975", "comment": "Malware payload (Stealc)", "value": "964a0e4e53a009d09d842169bc0dc3cb0f6e59c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512023, "uuid": "e9e09eee-d125-4641-b9dc-1c6248c2ec71", "comment": "Malware payload (Stealc)", "value": "5ff4b9c66a0ad4594c773727f4714d76b25df2681d309e76d8c4fbcb6e1938f3f830c3198a38260a97700ed03ff10675", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512023, "uuid": "0cba20da-c97b-49d8-83ba-f089d409fb37", "value": "T14014D03035A0D073C40741318435CE60BA6EB8266BBE8A4777542A7F6E336D2A76735F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512023, "uuid": "e2d0075d-683f-4357-a954-11313452961a", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512023, "uuid": "6ea2ae03-fc57-4ddf-8168-7c3a69becbad", "value": "3072:iF83bipGnSVSOWft8FhJ0rcVOVSX9eb5U:w83bd+jWqFh2IXt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696512023, "uuid": "aa2d16e5-c5a4-4b63-9824-eb8b51ffb6e2", "value": 200192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696512023, "uuid": "379445d9-029d-4fa8-9837-4593ac6f4f5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512023, "uuid": "1cd5151e-b7e3-4af9-806e-290b17d5c406", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dd15956-634b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696488611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488611, "uuid": "7bad56c5-18e5-4828-9a9a-0b7908f9e0f8", "comment": "Malware payload (Smoke Loader)", "value": "32de824e0c51a8555f3c1b8036475200", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488611, "uuid": "8c663429-c894-4f4f-995a-09db30e9475d", "comment": "Malware payload (Smoke Loader)", "value": "a0daf680f08dfa7bdce07a5530cbb05149208bf4c1e4b438dec354c549429be7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488611, "uuid": "c166ee9e-215a-4bd1-a195-7fbc99ef015d", "comment": "Malware payload (Smoke Loader)", "value": "2d752a0ecea31882c81edf22d4b013b4fa569424", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488611, "uuid": "23595bfc-70f6-4b6f-94c8-0e18685dd9c3", "comment": "Malware payload (Smoke Loader)", "value": "048884f6f9e0b42d336f9ebb74f38c559c4325141589167c08670cf353810ea9e501c39ac6bcd281ee7083b7ec167a14", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488611, "uuid": "8e8ab982-9194-4334-8143-047e7b5b6ab2", "value": "T11214DF3179E0C073C7AB76358834CA647EFBB822DA64869B3754167F6E302C29767316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488611, "uuid": "e63a849b-cb1d-4db3-b612-0aa868242ecd", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488611, "uuid": "6076caa1-4f24-4e19-839f-18a2bf928e89", "value": "3072:orkRyQufQY4kh1C5ZacTyCcKCjcjZghGiczL5mL2W6eJ59WVrw:oQQQ9YZ/C7ajC7CwjZg60LDMV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488611, "uuid": "4859fa33-0339-428f-a417-bf646ab5fef3", "value": 206336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488611, "uuid": "8b5f50cf-658c-4ade-88cd-04b1073dbf0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488611, "uuid": "4bc765e4-4bfa-46a5-8ca5-31e8f11a2d12", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5117594-63bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (N-W0rm)", "timestamp": 1696537746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537746, "uuid": "4bdcdef4-97c4-41f5-9b79-4a91ed3fff09", "comment": "Malware payload (N-W0rm)", "value": "55a55af23b8524052dd95ece311476a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537746, "uuid": "ba994a3d-6761-4359-8f38-a672eb95b491", "comment": "Malware payload (N-W0rm)", "value": "a138ccc47e34eeaf87f7b49becd364887ce548b9c734d214eb5e93c1e27e580e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537746, "uuid": "5bb5fa6d-1efe-4275-a6f8-8d3ec9b7a121", "comment": "Malware payload (N-W0rm)", "value": "0284a81f412c7dacc0332742d224a7b3a4a1b718", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696537746, "uuid": "4a4812b5-bd30-458b-8f92-e6b208cfe17a", "comment": "Malware payload (N-W0rm)", "value": "3eeae7e7ffa5fee2f7ba7d1ead5df01b259c6e329894f449b2646a2d92f96d4034f306665c59c530e985bd0f4e8e7b9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537746, "uuid": "75736448-a8f8-4fb3-882d-ff385676f4f8", "value": "T1239533A1F6D90132D9761F7A65F306C71B35FCB2546C862B128AEF6E2831D08817237E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537746, "uuid": "c96ed5aa-0616-413e-967e-1583a35de4b7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537746, "uuid": "3c7cee86-ed6d-47dc-a626-9964146bb589", "value": "49152:TxC4CgJWNFnAkk3SUkFHWgb9KX1ycs1x2uxf9CJ:lCC3oHdUwcs1x2uh9q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696537746, "uuid": "5b8682bf-3e63-4eb8-b948-061d62626b07", "value": 1929216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696537746, "uuid": "8064af1a-6e22-403e-9ca8-daf4ae637873", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696537746, "uuid": "214c440d-1dd1-43c3-a25a-6ea0c7c8c4c1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "867a5ef8-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494665, "uuid": "b48ced9d-bc43-49b0-bc65-ff0b851a9188", "comment": "Malware payload (AgentTesla)", "value": "374f28acaffedb2fee1fa13a04406cf4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494665, "uuid": "ed09d05f-751f-489d-95d1-7afd7de394f9", "comment": "Malware payload (AgentTesla)", "value": "a142e9505268b8ede2a0be7684e8f268fc4ac56940d465384acc698105307897", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494665, "uuid": "8372acad-bff2-4711-b27f-c937881a92f8", "comment": "Malware payload (AgentTesla)", "value": "6f8ba9a4d652d569116372ef2aaa0e367fb808c2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494665, "uuid": "6f59a368-6155-452d-b544-22b8a58b29da", "comment": "Malware payload (AgentTesla)", "value": "95afea53a9c6ef5d15cdeb28c7a6b8a69a161c87f36cb0109f5299cd9caa67ca9a7b535e8a7834d9b2258d1ed7f2889e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494665, "uuid": "05ba3ccb-859d-44bd-8ac5-6cd4c6a3794f", "value": "T150D4236BA081ABA4F850D38836D5153E9E3F1D3D51653FF525C9C9C20EFA3E1099E079", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494665, "uuid": "2bbd1c2d-fa79-4f16-a5b8-a8995a6e0261", "value": "12288:z7TbZM4RWAHxm0s+hmUWuxA1v/K/1CKieCQ/Q53dRJO:HP64Zs+uuxsaCKw3DJO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494665, "uuid": "8e65aeaa-8974-459a-a96d-a1eae21d6b02", "value": 601522, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494665, "uuid": "f6a320fc-f245-42ae-8bb2-bd9236903e9c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494665, "uuid": "f8ca5b3f-c7a3-49a5-a3db-8efb0ded2ce5", "value": "shipping document.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24f78975-634a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696488059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488059, "uuid": "cbee6c92-4950-4af5-8d5c-3fad194e79e0", "comment": "Malware payload (Stealc)", "value": "a32a24679831a3619d6044a38c4d6359", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488059, "uuid": "a14ecc5e-79b3-404d-aa48-0379d3dd8e74", "comment": "Malware payload (Stealc)", "value": "a1d841ce7d37bf840f5093620aac706b9c5ad87b986462dc131f2dc577aa59f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488059, "uuid": "75696c9f-c48a-4e93-a63e-d86f016c3653", "comment": "Malware payload (Stealc)", "value": "aa93bada818857c481b0aa25c31d59cb85442270", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488059, "uuid": "14487a08-6792-40e5-825f-ce579f0f3c43", "comment": "Malware payload (Stealc)", "value": "69fb8a74b85f35358c64dd1c703129b659bf13cb15116d6cbb753ecb3c7cc0384a9754f1ef568fe6e47aa697a4244582", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488059, "uuid": "7fdf8e56-cfe9-4b4b-93ef-5a76e8871146", "value": "T1D044E1E179F1C432D6A745340834DBA06B3AB86269F0829F376827BE5F316C1F65A353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488059, "uuid": "9f93260a-0445-49b2-b16d-6ad4aeaa56b7", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488059, "uuid": "2887b9a8-99cc-43d9-a3e0-8112a146dc0b", "value": "3072:d2IRaiCGZ/b8jYfmNDzE+Oj3tk+j8SKx5+EozSIWNsz2LZdcC1V6iN95klIl5Z32:44aWZ+Vx2j3tJjIxsb+nZWC1V6MmWnV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488059, "uuid": "6a8e7e96-310e-4e09-a065-3da988ea549d", "value": 268800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488059, "uuid": "62005e7f-f102-4e23-b4b2-d44d6f44edb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488059, "uuid": "5637aab2-6f2c-4b9c-9aff-1871f9f40cdb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "875f0478-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491660, "uuid": "4b3b3592-2022-4984-938a-4195e55ddbb2", "comment": "Malware payload", "value": "a63138899a26858d5e9eb0f9b2a42a58", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491660, "uuid": "45eb0b69-8847-455b-89cf-7cc885e17068", "comment": "Malware payload", "value": "a1da64bd6ca757a39fe06bbb13329d6589a113e9de01661340297c03b5da6509", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491660, "uuid": "8f1dfa92-de1c-4e6b-a7bf-c3a60b91cc65", "comment": "Malware payload", "value": "921cc7ec9782184b115d10a56c98c91b66066475", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491660, "uuid": "44e4782d-299f-421e-aec8-61dd8d3fdc58", "comment": "Malware payload", "value": "1b3663f4047a3de7bb06a34d232248b26bbdc8e189061a15337166253e395f3a0910bb22a0049eefae8b3eb6924c344b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491660, "uuid": "1f38b674-d4c1-4e90-ae7e-9c06e0f11c7e", "value": "T178369E1A9E6480E5C1ABC1B8C9E78DD7F7B2B4590B359BDB0294816A0F335E05E7F321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491660, "uuid": "61d604fd-b93b-49ab-a1a8-ae5754baacfd", "value": "dc81527a9391b1b9420441893870be16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491660, "uuid": "7cda98c1-3603-44f8-83b2-1d096c82652d", "value": "49152:maVwASO2GtlqMHNgoay6NFaPQpEIVSMnbmglEvokPXwBdRxp202bqeW/V0/AJdK9:TKoYbpEIjn51kPe3VfEsQ+NBz+1c4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491660, "uuid": "6f6e270f-111a-41f4-95d0-61f3a95b7ed2", "value": 4980736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491660, "uuid": "86fba25e-964c-426c-a39d-8e15641759e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491660, "uuid": "19e625ce-6077-414d-bd71-95b3964217e2", "value": "a1da64bd6ca757a39fe06bbb13329d6589a113e9de01661340297c03b5da6509", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9cceedc-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696494832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494832, "uuid": "d4c5f2f9-b5fd-413d-baaf-0e0182076282", "comment": "Malware payload (MysticStealer)", "value": "221610ece0649f15926ff8c700894a4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494832, "uuid": "9321bb90-df2b-4bca-bc4b-f02d291b2552", "comment": "Malware payload (MysticStealer)", "value": "a23409f579deb1d68ab914ea800df4a80cfded68e12c9205b9d6f3234c26b47d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494832, "uuid": "511f74dc-6d81-47a6-af6b-29eed9793fec", "comment": "Malware payload (MysticStealer)", "value": "f05152abf9de6bb2fe185ff69ff75ec10ea6b411", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494832, "uuid": "4ab994b4-6668-41c0-8d59-679448bb1ba1", "comment": "Malware payload (MysticStealer)", "value": "40ab62bb6b91c7d58f3e9890172e7bc21e45b78f64ee5270a2cabf0a943e0d775dc120e8ee00389cb2fcfac738e18239", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494832, "uuid": "9e54a9f2-3785-4abe-8987-f3355b3f0dbf", "value": "T10B65B61166F91B49F6F34FB86ABAA611087ABC7ADF11C6DF1251904E0C31BD48970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494832, "uuid": "06ae52b5-30cf-4b87-9be2-303e2e14b3cf", "value": "0019c5cc9dc02122ed11385f5bfdf094", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494832, "uuid": "e91a320e-0e24-457a-a1b9-8a723aa2e242", "value": "12288:jaWs3sJwo00rnuOVD9X6a9DhvhNf9H/7Fc0Y6Diiebj:jmsJw8T6a9DhvhnziOBe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494832, "uuid": "c2712f13-ea45-43c9-8161-dbdc23f25732", "value": 1509888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494832, "uuid": "d0a9aabe-83f0-4eda-81a1-1ff64fe4d914", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494832, "uuid": "37e6a418-dac3-4415-a6e4-d443b09e3414", "value": "221610ece0649f15926ff8c700894a4b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6206c43c-6349-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696487732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487732, "uuid": "456ba86f-4847-4b47-b67f-a993728a9cd6", "comment": "Malware payload (Tofsee)", "value": "342b0fd105800de6cf9bba13f03a7c8c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487732, "uuid": "abf915b2-dbcd-4bfe-9ce1-6ed5c3f9f7f5", "comment": "Malware payload (Tofsee)", "value": "a31d9fcdcdd0dcc27e75875eead821ae92d569d74bcfb5a7478cfc026dceb066", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487732, "uuid": "6902f8d1-2b81-4e38-900c-9779667af43d", "comment": "Malware payload (Tofsee)", "value": "a9b5cddfdb0c7e2dbbd5a5fe7017e81382957fe9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487732, "uuid": "bde131f4-6851-42e1-ab70-12e9d6ae9877", "comment": "Malware payload (Tofsee)", "value": "917b882f92c1dd6724ee6380c0888fa3bcb8bbb131591058de9541a02eca7cd511a2c535c834b488e5b956de60a0ebdf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487732, "uuid": "aade9b7f-e834-40c9-9b66-3f2801edc70e", "value": "T10014CFF179F0C07EC5A745314430DA646E7BB8626774894B23642BAE2E307D287EE367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487732, "uuid": "de92ed44-e165-4aae-b975-37322c5c3f7b", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487732, "uuid": "82c0c860-61c6-4d5b-8a1c-ac621a89d818", "value": "3072:3KJ3nYBgxclary/HmMZBWYXnMx/jlCUaD5CWVrw:6Nndq0rKmMZYYXnM5xC/V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696487732, "uuid": "986e7290-76fd-4fe8-9723-deb26ab0c42e", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696487732, "uuid": "d7a9f3a7-6f23-414d-a5a3-ce7824a8f4f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487732, "uuid": "98035efd-39c3-45b2-bce7-0c4b0995e9d7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0457a949-6351-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696491011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491011, "uuid": "d25b3e15-425c-4fda-bfd1-0dae4bcf384c", "comment": "Malware payload (Stealc)", "value": "0902b78e1e65b2ebf0cf5075e076598d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491011, "uuid": "1268dcbd-2b73-4894-8370-7594b86ab191", "comment": "Malware payload (Stealc)", "value": "a36f57a8a85068b665998f143867ff57a4cad4e24f66acf48cef697df2e9ec86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491011, "uuid": "75a384fc-ea2c-4091-a3c6-269a8984b0b4", "comment": "Malware payload (Stealc)", "value": "a9cda0d89fb72b0e506c842c38de4f7e4ede1b6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491011, "uuid": "a5ce124e-a95b-425b-8d34-2c90d846590b", "comment": "Malware payload (Stealc)", "value": "0e87e8f75cbd0d9708ae7d323c87c30bedfd17226295849f215769bf1f3cc4be368ccfe841c539ea1cc32ce8118ba09e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491011, "uuid": "95855cad-b644-426b-ba31-ab8061f9aee8", "value": "T1BC44E12175F1C472D5A356348930C7A4AA7BB8627AB0885B375C26BEDF306C1CB6B313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491011, "uuid": "caabf77f-aa93-45ff-b897-0b4da6d5a5cb", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491011, "uuid": "29f88336-a7ff-49d8-b14f-648736d8361e", "value": "3072:6tLzQixjzCKOEsDNLnuH+W3rwLWtHVWrUEacLaKYOQvUze6es4zk5+WVrw:m/QIzHOlDNrQrwinEpLFYZvUzecV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491011, "uuid": "eeaf3e88-af53-4ead-a860-c61adad2ad5e", "value": 268288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491011, "uuid": "455f1e0b-2337-4b27-916b-615607cad42e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491011, "uuid": "0bfe1e76-34a1-4f0e-bd54-925a15e49fa2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fec828de-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539964, "uuid": "a95e907e-fefd-4e95-ad5d-72e5d81a6290", "comment": "Malware payload (Mirai)", "value": "2317dfcc843d5a794aab9c180355bed3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539964, "uuid": "ea005adf-d9fc-4e53-8025-a8ff041732e3", "comment": "Malware payload (Mirai)", "value": "a4632ab3f36e4f059b9b14e2709596d5ad428e08aad39b50e5c68419fd09cad2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539964, "uuid": "4dc5a0ac-0297-4c02-97bd-5899c64a9c4b", "comment": "Malware payload (Mirai)", "value": "bea4dbdeb3cb7433974b0fe02a866b6aa8a998f1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539964, "uuid": "8967f848-11b4-4db4-87cc-98b92ef02959", "comment": "Malware payload (Mirai)", "value": "3f6a1e239eec730f832c6ac9f043f193f8aa4ea5d79a2285ac6690d10b1dab529de96f9c2f4a362e3f4db95884787279", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539964, "uuid": "6902d368-def2-46e9-83a4-d076f4c17405", "value": "T130C2E1BC7EFB5F83CA1B0035699CFE3382B0A5A5D35B7297B24441026C131E5BA27C95", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539964, "uuid": "7ea940b8-30ab-4292-ac60-414cebf92e58", "value": "384:MG1DMwk8JPyGNoDZsEXVZVBy6xIJSlSmknnLZddZ6TJfUVlMWEbo28tEe5mjm/+3:HMw4DZdFbBy6x3K/KdWnH5rjT0Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539964, "uuid": "13f46e84-3e8e-4824-89c7-a4a0252fce59", "value": 28056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539964, "uuid": "9436949b-e16e-44ff-a2f7-c48a197e0c85", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539964, "uuid": "a75c29f3-eb22-47cf-b484-15b816688fca", "value": "2317dfcc843d5a794aab9c180355bed3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e9a4eda-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696535266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535266, "uuid": "dacd8e2d-b530-4510-81fa-4cc03f4eca3c", "comment": "Malware payload (Smoke Loader)", "value": "327fb65e18c4ee28f736a8d06bf40e38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535266, "uuid": "bd393b3b-8fc3-405c-acc8-d8547d998abf", "comment": "Malware payload (Smoke Loader)", "value": "a532093893701346a9d629c6e4dcebf648236620215ee9a1b60b943a13dfa519", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535266, "uuid": "e3a4f94b-f544-43ad-987c-96a0e4ca603f", "comment": "Malware payload (Smoke Loader)", "value": "0df099af3e44062258c5d27c01ee27381187742b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535266, "uuid": "7c830f2b-5449-4c28-bb65-e1e0b468dafc", "comment": "Malware payload (Smoke Loader)", "value": "e36e1fb82121f5c642ff621bb55b774d8bfdb99396a12cd4f21d37ddd34ec3b4c04cb7d687b1f23fc1979a69231cb6dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535266, "uuid": "54b1ff54-ec13-4f32-a1d7-462f790a42a0", "value": "T16A85F91176F95B59F9F30FB85ABAA611087AFC6A9F11C2DF1251908E0C31BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535266, "uuid": "33f22909-451a-40a0-b405-ad87627ead52", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535266, "uuid": "26283065-83d5-4f40-8311-8a926121e135", "value": "12288:hreQ/YQvi8Iv71ZtBXtjxaslVndVmRQH9j4K1uTaO9X6a9Dhvht6Nqpj:WQvi8O1ZtBXtjH3dVJdk6a9Dhvh1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535266, "uuid": "e8242fbe-2bb3-48ec-9591-0f77aee6d7cb", "value": 1712072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535266, "uuid": "57bb957e-9d54-4b3d-8f47-23c547f7192f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535266, "uuid": "7e85e05d-ec91-48b6-adbc-27838ccf9564", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7170fff4-6349-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696487758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487758, "uuid": "1ceca5b0-3fb7-4301-90f1-dd8f2003b89b", "comment": "Malware payload (AgentTesla)", "value": "46cb722c9a6c38d8d5c1cd291cae7c49", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487758, "uuid": "73f9b645-aa48-4d6a-a54a-cc5bcc87d9c8", "comment": "Malware payload (AgentTesla)", "value": "a55bc4f0b6518131e8b5a86cadfe4c15201753ca1e14b0fc36692ae802298c7a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487758, "uuid": "f4442354-5b73-4a86-bf5e-b92ddda5c757", "comment": "Malware payload (AgentTesla)", "value": "92246c6677954fe349b508b6b5b0cde2a7d4b3d5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487758, "uuid": "9bd27fc0-315d-4276-804a-52220f1d77d9", "comment": "Malware payload (AgentTesla)", "value": "c5ebfbe51bdbc6ba67295ce283ae5d4c006e617fd91e46d496557696caf7ce06d47003919090e31ed27e53cffecc780b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487758, "uuid": "d5c028a3-4ca3-4fe7-8419-4f581d55174c", "value": "T18EE413A53BA4F1AEC857847682A06DE4A230702B576FC247A95B21E9DF0D1D7CF107B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487758, "uuid": "25f71a3e-8e27-44c3-8de5-a48bea62798c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487758, "uuid": "3007d4ff-0d59-4aeb-8078-60e2cffbad8c", "value": "12288:2V/jTiy4fLIPHViiJ47xfYYd4O+r6UrR+gzd8c0w6uNhaqyrc71OKO:WLJrfMiG7xfYa4O+r6gl0wXha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696487758, "uuid": "28ce3242-5eb1-481d-802a-e53dea994959", "value": 657920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696487758, "uuid": "c12c020e-e96a-451c-a6bf-6022713cfbaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487758, "uuid": "27eebccb-caa8-4fec-b6c9-90754fecd00a", "value": "SecuriteInfo.com.Win32.PWSX-gen.30312.29593", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b6af715-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496660, "uuid": "e08cc62f-547a-4aa7-a177-c6ba69e1257b", "comment": "Malware payload (AgentTesla)", "value": "eb0c982280356945b5351bfe26c01d6d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496660, "uuid": "28c0a442-3687-4592-9c18-f3a4530db7ba", "comment": "Malware payload (AgentTesla)", "value": "a5706754e01d62ed58ca67cd41fd39f6a4b791bda9bf4baa61b8f09caa1e888b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496660, "uuid": "77b4f145-bdcf-4843-9722-7d0807f07ba0", "comment": "Malware payload (AgentTesla)", "value": "e71636bec739feeea7de2b773077fd3e00c06c6c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496660, "uuid": "d886be9f-0108-489d-bcb0-169c8ea9a75d", "comment": "Malware payload (AgentTesla)", "value": "17bed593c1e289a6daf4b53036efe88f9d8f7be248bdd6be1389cc878003a4facd580c6ca1bd766acb5937414cbbb8c2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496660, "uuid": "910117cf-b1f0-452a-a6da-cac882dd3f57", "value": "T160E423E512D3E2F4640D90F2B17117880FE1264D226BF3362F9893C759865BA2EA5D3E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496660, "uuid": "2da3ddc8-14a6-4ca9-8896-03ab81af1952", "value": "12288:eRnWmcXWBP4U4tTWVXWOXwrMguTEhLZeOEbKq7YPHsBEJKzUr4/ZlkFf60nnwgyw:8AW14DTIX5Jv+SK1PHstz44Q60nw37dO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496660, "uuid": "4ec2c63f-afd8-45b4-afe9-47653a855a99", "value": 673842, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496660, "uuid": "bcdcdfc3-32a9-4569-87ec-73dd9c458a34", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496660, "uuid": "aa9fc6c0-e7f5-4c9b-ab2d-54fb32b74e01", "value": "Quatation OF HSFO october FN.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd0a6fc4-6388-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696514970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514970, "uuid": "cd80d6cf-d531-44fb-b6fa-c5860d9970f4", "comment": "Malware payload (GCleaner)", "value": "bfea6c8ee484a64751f97efa1ff5da85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514970, "uuid": "baee01c3-6d65-4598-8da6-93b8dda74599", "comment": "Malware payload (GCleaner)", "value": "a631321bcd5918689455e3c2d2f17538192a27e056b2f2255a68578fceed8492", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514970, "uuid": "550f0821-dcdb-4a4e-bcd4-1037b368cedd", "comment": "Malware payload (GCleaner)", "value": "9a7f80f07b13f6dec174a3d72021c3092189bdae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514970, "uuid": "1bee5a5e-0ac7-43f7-868d-9a1955153cd7", "comment": "Malware payload (GCleaner)", "value": "2f78dcaf4c16d8afd8c24809f86e1059d76d6d17ce13760b78dcbd42cbe04f54f75ba9177ecce00b64b82f840c2fae44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514970, "uuid": "1519bf87-153b-4dcf-bb3e-8399f88d6e4d", "value": "T15444F2313AA0C772C88741348914CEF4B9BEB4626AE9858B3758D6BFAE303C1D776355", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514970, "uuid": "71817838-967c-4011-8eeb-5137a55c9978", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514970, "uuid": "bae6d301-c383-4a68-8c9a-ef726810b6dc", "value": "3072:5XfdiwOyYY1qcR/GSOAZ9rnGPIH2ha0C6BzHMnnhURiZ9ihahcpttmMG0/65+R:1fdiwYY1qcR4oTxHExH1ui/ptMMH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696514970, "uuid": "c38bc095-73d1-4aa1-9465-0db0a2475afe", "value": 262144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696514970, "uuid": "4b7b8ee4-4cd6-4801-82b6-8d617578bea2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514970, "uuid": "f1e6853e-0ec1-427c-81dd-07f37b404f83", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67047384-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696496760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496760, "uuid": "c9f16e1b-28a2-4426-9b02-575d80e5dd69", "comment": "Malware payload (Mirai)", "value": "58a1892f822f85aa2d45e4e57e6b0929", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496760, "uuid": "b1db4444-b9e0-4f1e-8281-27d70e85d9ab", "comment": "Malware payload (Mirai)", "value": "a7784eb54b14b627adc8389fe536e8a04a18ef81ecd3b1c22008c5e04568ce13", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496760, "uuid": "5b19c758-05d2-46b1-95df-47f4d730f9d2", "comment": "Malware payload (Mirai)", "value": "4af615286db1d775a3817ff15348244b1ab46dad", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496760, "uuid": "55e69db0-1ce6-4f1d-9da9-982bfe935b98", "comment": "Malware payload (Mirai)", "value": "0f36a5d2e054a50a513bbad6b2c60298beb630242f59f04931c46d324d44d1ddb1c67b19947bd70cbf3df3d8124c59c7", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496760, "uuid": "df9114b3-f0f9-442a-bbd3-aa9d97d0c238", "value": "T1C514981E6E228F7DF268C73047B74E25976923D627E1D684E2ACC1105E6438E641FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496760, "uuid": "c05f76c4-0791-4bfa-a011-20d0220b6bef", "value": "3072:R3aZrQ1y+jWjWmX6JTHPMpTcJoFR2OHJwWIr5MUR:R3aFAfmX6yZ5AIwW+5TR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496760, "uuid": "623135be-de8a-4aed-8ee6-bd1a70177e12", "value": 198684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496760, "uuid": "4a5daef0-5c06-4f08-bea7-9eaaba0de4df", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496760, "uuid": "986f36cd-49dd-4271-91d6-446e3fdc00c8", "value": "29b1b3c4f1f664aa03a53858592d54a7501b9c1c5cb67477bc871f28", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4976b9b6-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539660, "uuid": "529effcf-e277-4269-b6e6-fb8a01d2f1b9", "comment": "Malware payload (Mirai)", "value": "2711e986e84e576374210e60ee7de505", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539660, "uuid": "9aff2638-1e36-4e9a-baaa-1ce9bb334124", "comment": "Malware payload (Mirai)", "value": "a78c06964da877d4abb350eb60717dcb1ebc386f836fd9d140d6ee9a2ab7d6a4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539660, "uuid": "5bff0052-348f-48dd-aeb7-1c9be86ad5ba", "comment": "Malware payload (Mirai)", "value": "f1f0d360d1e3e6447c66f8fe9c4e9551f6c69d1e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539660, "uuid": "69b91628-610a-444a-a456-5d1a87607a0d", "comment": "Malware payload (Mirai)", "value": "64e135f9ace79308781758a8c22dae1d9b34fe701acda784e3020661067c32c43b49cddb33643d9544791f94e794462c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539660, "uuid": "765893cd-0ffe-4e28-90a8-83159529f363", "value": "T1C53302B25B7D29E251B09777FC32BC1A66DC17B89CA730DA28F0661967C44024FF1683", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539660, "uuid": "1af9feba-d6ce-4751-a072-e562b629d2c7", "value": "1536:d9O/ZMAXIxNUk0HHoLcPqF1aBexo4opKZbd:d9O/ZNKyDHoLGqFUFc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539660, "uuid": "356804a2-56df-4c70-8b7c-d1202de9f07b", "value": 52512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539660, "uuid": "aab223f2-227b-491a-aa9d-a4e8585e588b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539660, "uuid": "0367704c-8768-41a7-b951-32038a334502", "value": "2711e986e84e576374210e60ee7de505", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ffd6ce7-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491674, "uuid": "c8f6d8fe-3ced-47ef-b794-1d327f527cca", "comment": "Malware payload", "value": "f733869bb57425485d45c4caa0f51a0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491674, "uuid": "02bd471b-6ccc-482f-bfeb-663eeb66f07a", "comment": "Malware payload", "value": "a7c484baf21ce9fe45f576019e4ce2b433b9a7fdca84845ac26fb07bdd7337de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491674, "uuid": "fef68ceb-4656-49b9-9f35-06dff6f4518e", "comment": "Malware payload", "value": "dd38bb84136bf838b854b87fe8f32bc7214ee211", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491674, "uuid": "982a3512-14b5-4474-aad2-0e38a479b267", "comment": "Malware payload", "value": "e55ad445fae4e79ee908eac0fce6c9c594b4025f35752051c92577802e0f33649e9e9fddd0e275e69859f5655603dc6d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491674, "uuid": "987c443b-56c8-431b-a066-ffa578ebfc17", "value": "T12CC5BE2377C184B2E2974231482E737D99B9EA701B31C5C7D7D81A1D8E305D3AA3AB97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491674, "uuid": "28a8ea5b-8928-464c-b144-b2b0b65c6b74", "value": "fa0436f0bea084c127a93867ab76cef3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491674, "uuid": "3345ff05-37b2-443b-beb6-562bc8d28d6d", "value": "49152:GNY0JA/aUnCFgvnkI3eymCRcLVp4X8hPPBkzO5wsc3wmjSPbjlyv2LZt:G20JAylFokI3eyir5wz3ujl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491674, "uuid": "31edd774-cbad-4be6-a008-54d952dde1b0", "value": 2741760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491674, "uuid": "279c06d2-f21b-40a2-baa2-3b6e0c313735", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491674, "uuid": "3af0cfe1-54ed-4b0b-bc8b-64f2273fd9fc", "value": "a7c484baf21ce9fe45f576019e4ce2b433b9a7fdca84845ac26fb07bdd7337de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc430c76-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498191, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498191, "uuid": "9b0e76cd-c841-4480-9c54-3c4bdcca79bf", "comment": "Malware payload (AgentTesla)", "value": "cdf54144ad2c7ee28321246536708ca2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498191, "uuid": "91d390ac-8ae3-4bdb-9e76-00b9740980b6", "comment": "Malware payload (AgentTesla)", "value": "a80f66a57d1b52b1e83d934c822088caf9adc98fd41305a78fe5bc20955a48a9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498191, "uuid": "2ed15452-1de8-404b-9be0-56fdcb3719d9", "comment": "Malware payload (AgentTesla)", "value": "974b71e03eb52b9c7a153e88e40267b09390350a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498191, "uuid": "1c3aa3e6-aece-46f5-bc2a-ec695adf8341", "comment": "Malware payload (AgentTesla)", "value": "ca456b7ab756f594746b604b5e65579142b7117e55a30451f1bc50a1d0853520aecef4b6c0f593235776e849564f2e79", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498191, "uuid": "ae3f1611-48d4-4f12-bed0-bf8f5f90f163", "value": "T1B0F42259C3A0E31DD9D9487B4FB023D192F661536626E28AEF1CD58C3D2EBC74AC2390", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498191, "uuid": "8f09af55-95f8-42f8-a145-1f786a8b9b9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498191, "uuid": "09df85d6-49ad-46b5-b3ac-f89ddd8a425c", "value": "12288:M04pQR+ykh3wNR7xzDsONIQc6nUQs7Jil46KAhE5n4X5gQs+bpGu3DZ4POihUrmu:M7QQykhgztsONTAWTEdS5DF/4POgXu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498191, "uuid": "c90b80b0-cec9-45b9-aba8-f4b6f4a8000e", "value": 773120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498191, "uuid": "5e840058-6f74-44b1-98b7-c5a32b0f8a89", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498191, "uuid": "422e8e35-96cf-4833-a0c1-005194b0ca74", "value": "MT BURAAQ FINAL DRAFT BL RFQ32400909909 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd7a0ea3-63d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696548444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548444, "uuid": "2e3a1945-334f-4506-89f3-305d03010852", "comment": "Malware payload", "value": "04960c762b7fd6121a895feefb3b17eb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548444, "uuid": "46742c78-5f67-4c06-bf3b-3688c366249c", "comment": "Malware payload", "value": "a83f0c5b806230aab18fd4f6f1ce980ac86a58b72f7aef7b133ea8714d6156bf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548444, "uuid": "48ac4ec2-12b2-48b7-82fa-d1abdec81be2", "comment": "Malware payload", "value": "a24468b0ab8d5ef2cad19b48cf843e9ea5323617", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548444, "uuid": "dc71d1ca-605a-47c1-964f-1ed21e6f9667", "comment": "Malware payload", "value": "97c7336697c8ea50f8312066fb607509cecedee9629854f8a794b07baa60917c8dda1dcd72a343ccffb0759769471ec0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548444, "uuid": "2ecde666-7b9c-4618-9f01-7133566c0a3c", "value": "T1F2230986B9C1CE5FC6C190BDEBAFC7B633319794D68B3707C50897247E0615A8A1AB81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548444, "uuid": "2298ee55-f5b4-4910-94fb-b2efd6f44d19", "value": "768:wUICcOzuszf0/aIxIz+ixzEEehDSRFHBt2IkWp0zfNgU9lFRXxOuIQ+p:DcuOMJ2ER1Bt2IkWqflFRBOucp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696548444, "uuid": "ad90ce37-741f-4c48-aa8b-f62d37cd6d13", "value": 46463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696548444, "uuid": "d03b3216-aa86-4290-98ae-df232d41424b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548444, "uuid": "3f4d6abe-cff0-4269-b6d6-775bdd09a818", "value": "04960c762b7fd6121a895feefb3b17eb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eca62f34-63ab-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696530055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530055, "uuid": "16d30bf9-91f7-4501-9b11-e0ec702f0ad4", "comment": "Malware payload (GCleaner)", "value": "fb68140a4878f26c0f0c1409749c594d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530055, "uuid": "4b20f388-67a5-40fe-9599-2a460932e4e3", "comment": "Malware payload (GCleaner)", "value": "a8d931c66b621cfb5fb7e504cba80dd3f543b9464e382980663afab49cb64ecf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530055, "uuid": "7ae1cb70-c953-4b28-b227-fce3681ea1cd", "comment": "Malware payload (GCleaner)", "value": "7fc62b706639d307a1f13c148e62e327dc09a74b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696530055, "uuid": "7b9dfef9-e18c-4137-9fcb-a101dd718aa0", "comment": "Malware payload (GCleaner)", "value": "5f0ae6f40296a40c79093037d8f44ae6f241d1294b3f44202af6c2761a24ba44bd77a9fcf63f4ad91ca78979d99c2b4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530055, "uuid": "da5f7482-def7-41c1-9939-f5190a190a45", "value": "T1C144F1227DA1C4B3C84740718855CB90BB79B85085A5B9CB37A41AFFAE307E1977B34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530055, "uuid": "bcb45a58-e050-4842-af65-4188fbaf2d17", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530055, "uuid": "59696020-5cae-4222-a63d-1057b8a8692c", "value": "3072:MKyZ4gTE0l6OxAdGAVxuAm0EMZOodb8bFU1Fbbn2u9h0gAPJjuJ+5j7g:MOg7NcjVxua3ZNMFCF+uAyJg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696530055, "uuid": "80489c57-5ed1-47b9-b77f-a3f852762e5e", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696530055, "uuid": "ebbdbc02-2928-442c-bd6a-4b9e206c21a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696530055, "uuid": "463ec759-1e86-474a-af18-c996623866d6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4cc4e69-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696498286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498286, "uuid": "4c826b02-ab0e-4b86-a107-b5f3f003d6db", "comment": "Malware payload (Formbook)", "value": "306cff2617d35e1d6cb33f36c890e701", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498286, "uuid": "2730a813-0a39-48fd-980c-53c00617bc3f", "comment": "Malware payload (Formbook)", "value": "a915e631517c5b9eadd5062e2c12d33521950a2650d56e69f60ed0d783f35345", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498286, "uuid": "53f3e6c8-4d91-481e-b0ef-65804455ef66", "comment": "Malware payload (Formbook)", "value": "62366d82b7228afffbf631a5722ad982eeabadda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498286, "uuid": "41eef73d-1260-4376-9228-504f42306d31", "comment": "Malware payload (Formbook)", "value": "eeb4dc2e3c794fb082ab83e89ae4102a8b3e09c6f56f23cbee34f6bc007f1c3f30b912ee9075b5bdaf7260b4b4bc4a80", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498286, "uuid": "88d2f25f-73a8-4619-a667-a7f852553769", "value": "T110D4220032692732EB3E8BF319726DA107B53B7B2595F6597DED12EE142AF644340B83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498286, "uuid": "7f1fb893-f11a-41ac-85cc-1f2777bc0a9a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498286, "uuid": "f46ae28b-0e26-41e7-ac3c-0870c6ad2775", "value": "12288:jB8zS55mFzLXH6o1lbBwFQ/hnuY5qjiAWzbNpFL2c09+gq/AD:jBf55q336o1lbpnuY5AibXaf9/B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498286, "uuid": "cdb9a656-2c34-4e28-8f03-f15d10a0ab66", "value": 641536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498286, "uuid": "83dd877a-b41b-42b0-8d5f-68eee1dbc6a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498286, "uuid": "fdf4285e-41cb-4d8c-8464-027597298c73", "value": "Halkbank_Ekstre_20231004_073809_405897.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ea6e064-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494598, "uuid": "9d086af6-0db3-46b9-aa6b-12ec0ab3dd0c", "comment": "Malware payload (AgentTesla)", "value": "6fac1d175f51ebf8890cc785e2eefdaf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494598, "uuid": "349d31a4-d7fa-49c9-b546-7942536e1ffe", "comment": "Malware payload (AgentTesla)", "value": "a94bcff5683c5d1b1a3cead3d8236c98590ba2ea9b9018d4cc5ff9b67f08dc4e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494598, "uuid": "11eafa39-7b23-45fc-a644-9924dac029ba", "comment": "Malware payload (AgentTesla)", "value": "aa50651bfc4f3c2be45f42dda737ac8f5a42b6f5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494598, "uuid": "93ab4861-9456-4113-900a-5c9f36b47e77", "comment": "Malware payload (AgentTesla)", "value": "9d11f4a73bda12301d0283d9ace659a455146f4574918ab7d6d42998108a841d02bec0d466c047ba1b4abaaf5ae46f54", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494598, "uuid": "0c19b581-356e-49f4-9b1f-fad3d4af79b1", "value": "T10DF4E0D5B7D9FCCCF7D6693688B480004175BD4B78AAC65F7C4536A890F3383229AE1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494598, "uuid": "161cd52c-8d5f-458e-934f-6d52ec10fce8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494598, "uuid": "f24b8635-63a1-40f5-b083-b74e634bf432", "value": "12288:XMYnQ3j67SESV1eXl8OhA90G/zoEVEKM3vmVFw3Bzfm8nH9X4OvJq4BTaeec7KEC:XBGpOP9f5nH9IO8IeN9EPOQ+zYe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494598, "uuid": "903c500c-f610-483f-9f33-eb8f10176411", "value": 737280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494598, "uuid": "8ebeb253-7521-4e77-936c-e5d5102c9d6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494598, "uuid": "7d4acc72-5a8a-49ef-8947-8242fd963a26", "value": "Doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b9944d2-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495881, "uuid": "77a3522d-b4a6-478e-857c-125c83c79429", "comment": "Malware payload", "value": "6700d1ceecc9aac88f6ad9aae55c435f", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495881, "uuid": "191dab93-63dc-4a99-9f47-03ecc71d354a", "comment": "Malware payload", "value": "a97eafb4ab280a24aa86b6cbf33d448c975b1bbbb3cc7f8828c0b9ad70730cdc", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495881, "uuid": "49b50019-3f47-45cc-9d53-d6bc8b6c6b9a", "comment": "Malware payload", "value": "5afa84b0a2ac33226396d3ce65229d7a425ea3eb", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495881, "uuid": "2e93c20f-2299-404b-9cc3-2139245f517c", "comment": "Malware payload", "value": "84c87d409347f0866e1e0f8f5f28365fd346a58e1f41568f6f940937433d3fed2a7b178b97473bbdc2fb3a4f8fe92dda", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495881, "uuid": "5502482f-188a-4f3e-a0a9-5c4efdda8ec9", "value": "T12255E00F95109FA7C00983F86E2339990E0E7F19E7D569EB14537B873E316A219CA6DC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495881, "uuid": "1fb30367-8392-4acf-81df-67c56050bbb7", "value": "24576:7WQmmav30xDiTZyNw6VXAXZS/84jZyLw6VoAXZSItsVxkZbdMQT4pdtZHSf/wUx:aQmmQ30656VEETX6V3EidjT+DHSHP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495881, "uuid": "024e78c0-9793-4359-8a7e-e5579fb6b073", "value": 1375744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495881, "uuid": "a7023745-2b66-4f2a-bb66-1de814641d62", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495881, "uuid": "75c31136-c9f2-452a-88ce-6c8f498d95c1", "value": "New Order.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61750546-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496750, "uuid": "bbf94e04-5a37-473b-85cb-8c9e2e3b253d", "comment": "Malware payload (AgentTesla)", "value": "443c25b9285660d4d9e6db2da5d34070", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496750, "uuid": "b374dc9b-c0fb-47dc-83a2-b624b6b21808", "comment": "Malware payload (AgentTesla)", "value": "a9ed9ffb73e6e16c3f15308036bc9ecabd1c8c0adbfbc842acfcd6f51d284c2f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496750, "uuid": "d9a1347b-2e42-42eb-bb83-61f3f66cb6e2", "comment": "Malware payload (AgentTesla)", "value": "79cc4fc333900d72a10a977796cd1485e1bcbb03", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496750, "uuid": "a26b9d8f-1ee2-446b-8598-b77c9d2c46b0", "comment": "Malware payload (AgentTesla)", "value": "a5053ae288b94a10c4b94c399745c5d48d078bd139572f94d67fc69ec53634851b0c6ed1d25cb06b3e2b9cbb9bf5b375", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496750, "uuid": "28cd9979-16c4-424e-a24e-6b99c2b41b2d", "value": "T132E4233259F806A7A293F9AE40137DD9C01639D0224216B7B3251CB5C9B7FBE7CA7709", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496750, "uuid": "4a46e2b5-64a3-427c-a616-74b9ddb79925", "value": "12288:IKcSPUhAf0lRyRTN2OdPflHZxEBn973c74tx1mUwVTpmDchPny7+A0i86unWo:IKIafNtfNZxk973xtx1mUwVTpYv+Dilo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496750, "uuid": "f5635d48-4e46-43fd-b0d2-cce71cf4ce3d", "value": 665261, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496750, "uuid": "b535984e-bac5-4e72-920b-967e29699d3e", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496750, "uuid": "4bacbeb4-9211-4155-b36b-d4c8f9fdd24b", "value": "Yeni sipari\u015f _TR-WJO-04-10.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba21b735-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497758, "uuid": "97061d7a-fd4c-4b64-9755-9e05712455e9", "comment": "Malware payload (AgentTesla)", "value": "929330f5397dcd827d4916d7d4a177be", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497758, "uuid": "276df2c3-44c8-4c34-9621-e30d281c446c", "comment": "Malware payload (AgentTesla)", "value": "aafdc5cc140661046edad9a3b157fab08df14b11b53e394ceb00bbdee14cb34d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497758, "uuid": "482d3a8d-0f99-49bd-af45-51f1fb8aa739", "comment": "Malware payload (AgentTesla)", "value": "3d33ee392983285e8be45d0e8158fb9b360a6018", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497758, "uuid": "fb354d01-cc0b-4c1c-b860-8f1f97e87043", "comment": "Malware payload (AgentTesla)", "value": "32dffc8ce312e0289d7d160fe3bd8269a7067f161ffc7f1889447b200ca813d5d90d7adcd7dbc4ad21173ee1ae0c6570", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497758, "uuid": "eae6a2c9-e1b1-493e-89e7-2a517071d3c8", "value": "T10ED4231C517CA325C2B807B32C3E8DE287715B9B4947FB222A7B992AD49DF45C709B07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497758, "uuid": "7ebb1250-2604-40d5-aad9-7d7165c3676c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497758, "uuid": "9ac5858d-8d91-4dcd-8a73-cbc984d04554", "value": "12288:0o8zS55mFz1/1M6876eVbXPwBAxc9EWVIZKFHMe5Sy8+Lfhnh5qjTqN1Pwr/:jf55qx1MZOABcOWGHVy8qhh8aPwr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497758, "uuid": "8cbdb29e-b138-4d8e-9e57-eb2ed6f8bcb5", "value": 624640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497758, "uuid": "4f7845a5-4e47-43b2-96fe-258b3e6254b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497758, "uuid": "d0cc3fcb-a3f7-4b9b-a6b5-fdc5ca0852a2", "value": "nueva_orden_pagos.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3f7931e-6364-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696499573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499573, "uuid": "553b2d02-4018-4cbb-9d65-5beb2a108c2a", "comment": "Malware payload (Mirai)", "value": "25e722ea25a2a7c5f754b1cbfcb2e13c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499573, "uuid": "c625495f-f457-4301-846c-bf0d29c01213", "comment": "Malware payload (Mirai)", "value": "ab7e5761c38877c24c4b2db38b017cf00a3443275bdfcb41cf368dcdf0027837", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499573, "uuid": "b3208475-4f29-4dd7-bd5f-3a0aa919b5b8", "comment": "Malware payload (Mirai)", "value": "c223e0d1dbb896112b6f998ac5bd4768a3e8b1bf", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696499573, "uuid": "1fabccb4-1cf2-467c-b5e3-414ac509f809", "comment": "Malware payload (Mirai)", "value": "35e1369973a7337a4b52d8d0595370083c46757301c8e640527863bf59a576d22cc519d7a699081fedf6204386efd682", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499573, "uuid": "f35cd158-1afa-457e-941f-cc4d66dcd5c3", "value": "T1F6133AC0A553EDF8DF5E42751173EF364FBAB436202CDA53C7D9D62368926809A0A29C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499573, "uuid": "72771b04-3289-45e7-981d-c005a7c789e3", "value": "768:40a3Ez2zfjEWco6YThflQY7ofhJPGl6sRNqNtHH7bojMHH7bojc:TaUzqfjEWco6YThflQY7AJel6sLqNNbU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696499573, "uuid": "a5421ffc-30da-4bb6-ac7a-5a48aba5fd12", "value": 43472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696499573, "uuid": "baba6b52-1505-4df0-8d55-766f2a50e452", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696499573, "uuid": "da9d039d-595f-4312-9c26-0d8e467cc3f9", "value": "25e722ea25a2a7c5f754b1cbfcb2e13c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6dd8f5e-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696498289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498289, "uuid": "2e2cec12-f199-47d5-92d7-0bb64f5d8666", "comment": "Malware payload (Formbook)", "value": "0ca6d486f879eba5d2cd0fa30417508f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498289, "uuid": "90732bdb-8094-481a-9d63-67b75122b952", "comment": "Malware payload (Formbook)", "value": "ac10fa3a6b7cfc8385aba614ca8f0da49fe6b0cb6f1b939ec0f0046ecf80ca64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498289, "uuid": "3b7a0824-da0e-4842-b26d-d9749f606cdd", "comment": "Malware payload (Formbook)", "value": "aec01c9fdbb0849084efc6bb1e5a35578048ceaf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498289, "uuid": "5fbc80db-44a0-4fab-bbbd-3205cecca24e", "comment": "Malware payload (Formbook)", "value": "fd99e25eaf9823dd4a32a6567fb1ba1e6cc05b75a4289a6d5ef3146ecdb5e8b97ef7fe445ae80468bf2164f9e4034e2d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498289, "uuid": "d78a10b7-be58-4150-9ed1-ab996baf83a8", "value": "T1D7F4F1827236456EE9E80DB3EC25445416A32D6DA670FE8C5CAB729734F2771036EF0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498289, "uuid": "8d4b8329-9b35-4436-a487-80a31924b237", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498289, "uuid": "24c1e6cd-d55a-49e7-bdcc-492e3d64d314", "value": "12288:78zS55mFzqyEqN8DRkyiww4fN+xzxpjH9kHWf4KSMxq7o1jRbOZe5PP2eFWg:7f55qZEqNYTfNkxsS0Vk1jJI8PP2eF7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498289, "uuid": "31c1acd3-8359-45be-8049-f9d763c2cf4e", "value": 785920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498289, "uuid": "3c367b36-8280-466e-90fc-66b8e03553df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498289, "uuid": "69303d64-5af5-4f82-9913-580825cfaee9", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28a1084d-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LunaLogger)", "timestamp": 1696498373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498373, "uuid": "b192fb1d-7c82-4bf4-910e-309b9254f4a8", "comment": "Malware payload (LunaLogger)", "value": "82f3c4268053134a3eab11e7ab3a46e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498373, "uuid": "de850a97-c55e-422b-b11b-813c24944424", "comment": "Malware payload (LunaLogger)", "value": "ad3878b9f52bbc2bd27dd87fda962593411536cb1d97e67c295cc7e04fcecaac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498373, "uuid": "a5830a7e-3e16-441a-9b01-a1fbd3ea4bb3", "comment": "Malware payload (LunaLogger)", "value": "0c00538c824eeb47f1245198f45f26fc29e806b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498373, "uuid": "ca3abf23-9e97-45c3-b6ed-2601340515c0", "comment": "Malware payload (LunaLogger)", "value": "fc7103a01d07da693192c209596b4c25b88cfbe82a3ef47f6744ff4b9060b4b545f3d6ba606ce475a441847806631893", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498373, "uuid": "21291b0c-9033-46ab-ab57-f9198d050c81", "value": "T1E8173303A67118F3E5D0623A844AC5149323BD5357F0E58E47AC9B2B0FE76B9AD32F91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498373, "uuid": "df50d385-f0e7-4799-8bfb-54fc1b3be7f8", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498373, "uuid": "38c6082c-490b-476c-aa9e-f51b271d862e", "value": "393216:0h3nJWQDoYNLOPhVOshouIkPdtRL5J26YD76lCOd/V:0h3EQMYduhwwouJtRLHWmb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498373, "uuid": "a461b911-fa8c-4725-b103-0e1ea1b4f079", "value": 20145196, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498373, "uuid": "39131730-1d05-4da6-9fba-5a92f7cafca1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498373, "uuid": "ecb1953c-a758-4463-bf86-ce9885fc6d7f", "value": "SecuriteInfo.com.Win64.Evo-gen.21731.31602", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c11feff6-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495622, "uuid": "244cccfe-a437-40ea-954f-30cd45ac3fa1", "comment": "Malware payload", "value": "1f53c7bdfdea68bc4e25da78bf75360d", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495622, "uuid": "535b1a82-5131-47b6-bccb-a047da81ab2a", "comment": "Malware payload", "value": "ad692d94f193669dcd693b05b85ac79d10f97136a4c3b5bde41dcfef7bf9965f", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495622, "uuid": "bdc45af2-9f17-4bf4-8fca-4869383a4d16", "comment": "Malware payload", "value": "f5039c4425b426ec98b7c3c5d91e1ea7e9085c7a", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495622, "uuid": "e9b053c9-1cd2-4491-9495-719e3780a4bb", "comment": "Malware payload", "value": "07bd7ffb32ddae103b745bbe2c6072b224a5779111e4bafdbc5b219f185eb8f0f71fede9c4a084901bea953cd54ca218", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495622, "uuid": "ad9e2dc5-d4b0-4f48-960c-0ce076ca4cac", "value": "T18545E0039904EB93D01D83F87E133DD91F0E7F29E5D569DB05A27F8B3A30AA2099A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495622, "uuid": "f47cfa15-ce34-4a52-9d5e-f5ea3410ddee", "value": "24576:9WQmmav30x6Zysw6VZG9++WZyfw6VUJx+/h6obe8AvpJRaPJw2x:cQmmQ30qc6VrL6VJZeTvZaBZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495622, "uuid": "c021e043-5df4-4178-b2ca-505e22efd1fd", "value": 1208832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495622, "uuid": "0a28be0f-1e69-4688-a99b-9bb8f3088dfa", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495622, "uuid": "9d8db970-36f2-4d33-9983-920c3c14d202", "value": "Proforma Invoice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "148d1fcd-6367-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696500487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500487, "uuid": "39912b6a-c50f-44ea-b2b1-b243700be3cb", "comment": "Malware payload (Loki)", "value": "b922022bda08f2e347326929516b042f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500487, "uuid": "fd8bb3df-b479-4ea6-b443-15ed40b8a4ed", "comment": "Malware payload (Loki)", "value": "af0b630ad64ed3f1b91f55389e78fe82c2b0dcaee4965b6442ec2c6814a38da5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500487, "uuid": "6c1b4320-4243-4c35-a41e-eb47cc0cd939", "comment": "Malware payload (Loki)", "value": "b280bee3462eaffb73f4996f4f203b730ff527fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500487, "uuid": "cdd58a74-a8c6-4c76-8c94-d212b7625bed", "comment": "Malware payload (Loki)", "value": "b506a8730834ef154534ac444fd53e612b3ac1b53ff9376e329339b112ddcf08cee9dda5427fe4236a4167013a04367f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500487, "uuid": "1f035539-c282-4cd5-8bcb-887b4fce6d53", "value": "T194549E1372E2AC31D4265A328D39C6E53A2EFC919E6957EB33583F3B58701E19663703", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500487, "uuid": "c701429c-14de-4219-975e-37c0fe690e6d", "value": "75b76fec2d6c17598f5493b9f58c5f6a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500487, "uuid": "d8dfdecd-68a5-4589-8120-586fef274c1d", "value": "3072:3KCGmru9y/PUWe9C5UbLMqPZEmxoecviJPxV7hWSY:6CG+uk/PUpE5fqPG4oecarV7A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696500487, "uuid": "e4b9ebaf-5de3-4536-8533-e4912e2abdbf", "value": 303616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696500487, "uuid": "6534b214-a398-40ca-bdb4-dea8d5c4f7d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500487, "uuid": "0e91d325-8f69-4233-a8f3-f873f5f62dd6", "value": "b922022bda08f2e347326929516b042f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b735f23d-6375-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696506773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506773, "uuid": "894c410b-4fba-4e7b-9e94-f27de83601c9", "comment": "Malware payload", "value": "ffefac9e695d439cca46d2b5769a9df2", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "gamaredon", "colour": "#AB67B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506773, "uuid": "aac40d2c-977d-4eff-8b10-86586b9082bb", "comment": "Malware payload", "value": "b02ace8b93a948e4ee3c51df13a637f39e07793e64a553b1e679dab479e2544b", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "gamaredon", "colour": "#AB67B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506773, "uuid": "6d352913-432f-4a18-92b1-50fbff0d604a", "comment": "Malware payload", "value": "86ae991acf6773d32f0f792c51ffd31459601a11", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "gamaredon", "colour": "#AB67B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696506773, "uuid": "dc953d85-7cc3-4911-b1cd-59bd0ed045b1", "comment": "Malware payload", "value": "92fff55c6ef542fe9bc74ca63c72ea4a3e7f36f9c63adb5f2bdb4b1c8694e5e5b6e45e6802881fd7a4ebda336a8209c2", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "gamaredon", "colour": "#AB67B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506773, "uuid": "14c3567f-20cd-49fd-81d7-622029efea5a", "value": "T1CB63850BF9BA4614F174E230195285C710567FE2DF9D52CAE1AF7E3860792B07F14B8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506773, "uuid": "ec439da7-5ecd-4708-bd29-7e00d508a338", "value": "768:mrjE5jqYxD5mjmVeTPACq++Cq7LRxG5/IPCvMnY0BQwQBLn8z8tD3safTQwMbhjU:nsPq7SvM1Qn8z8KMQwMbhjEc7SDT3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696506773, "uuid": "81aabe05-55c2-45b3-9aa2-90c4f70db580", "value": 72704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696506773, "uuid": "e6a74c1c-7c96-4209-b2ae-c669d2faadbc", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696506773, "uuid": "71939033-fa2a-4815-a475-124f428b354b", "value": "0433 (2).doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50c9edc6-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495863, "uuid": "f13d8dc5-65e8-42c2-be44-84ca756a5e88", "comment": "Malware payload", "value": "6c05ed84f671087f720b9da2a2694d15", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495863, "uuid": "99c6303a-fd71-43e5-80ec-47db8b900fbd", "comment": "Malware payload", "value": "b123354a4fe929ac887e95c171b019ac1976cc71e70e26e43979b6cf0a31197d", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495863, "uuid": "0e399f6e-2af4-4570-8713-f0f01f15b8d7", "comment": "Malware payload", "value": "4afea93dfd0ef9192dcf9eaebfe8650e80acb34f", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495863, "uuid": "4ef6f306-3ad5-4e1b-9e96-7f5489149944", "comment": "Malware payload", "value": "ad51c133e9f356c0a4b13beb9718cc42d478dc0113578fbee99f286c2ec15b5b60607419ce014605caa978a93a4b78a1", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495863, "uuid": "11061798-b6ae-4d8e-8331-b9cbc162afc0", "value": "T174B41218B165DE17DC47A4708CD6B0CB8335BCD25E05E78BB1DAB34E81BA1F28163D96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495863, "uuid": "337a364e-dbf2-4bec-8c02-c41fe3d6f569", "value": "12288:HSL7B7FeEbl7kGhx5ydiPPK/bPHj50o90JB3KFHinOGy:MB7FeEx9MdCPEL963KFHinG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495863, "uuid": "0850f2e5-94cc-48a3-9d2a-db0f4b4fa8d9", "value": 523264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495863, "uuid": "ec667034-fff5-4df7-936b-9625df7f966a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495863, "uuid": "d240fb48-be34-4be7-8df7-64045a573d90", "value": "October 2023 POrder.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d27f8e0-6344-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RevengeRAT)", "timestamp": 1696485549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485549, "uuid": "dd00cd0e-9e62-4e07-a229-c65a09bcf38e", "comment": "Malware payload (RevengeRAT)", "value": "0db1d8ddc6eeb74965961de3258d83c4", "object_relation": "md5", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485549, "uuid": "1dba948a-d71c-45c6-b063-994d7b64fbf1", "comment": "Malware payload (RevengeRAT)", "value": "b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9", "object_relation": "sha256", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485549, "uuid": "02efb0dc-2390-4ed9-b085-79f78b3ed174", "comment": "Malware payload (RevengeRAT)", "value": "fab8246f1f5f6dcbc85de710547f0c173094a2cf", "object_relation": "sha1", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696485549, "uuid": "84201b60-62fb-45ec-bbcb-2e0e00a1c5b1", "comment": "Malware payload (RevengeRAT)", "value": "a247fc216c756674a400437d8861e5a54185130bddbc3de84ba7e4a23906a643208da1012453c3d4f666533737aeaa56", "object_relation": "sha3-384", "Tag": [ { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696485549, "uuid": "6c92459d-f3dd-4623-a8a4-a6bf832d0613", "value": "T16313F11F8C61FBB995BC5F179A48A1BA91A90D9E63C0D409DB3DB5E1780CD6EE81C130", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696485549, "uuid": "c522a8a0-d269-43d8-8667-970782e3472b", "value": "768:A6l48NHfsyokMU7GfyldygaVTQrJTaI3LRUlQuWEy91WhB3WUfKfPo4aeAix:AUuyoTUyfcA5VTQNW+N3JEy91Wf3WUob", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696485549, "uuid": "6e40e0d8-c25a-49d4-985d-e2a44d5679db", "value": 45146, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696485549, "uuid": "b4882d07-d6f8-4411-bb76-8eaa36e6339f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696485549, "uuid": "c90c8eda-a7e6-47e5-a9cd-f05f4d9db52f", "value": "0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afea2b87-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498170, "uuid": "dbb30eaf-0fb2-4076-a3fa-ba0683d1c981", "comment": "Malware payload (AgentTesla)", "value": "0a6cc4db2569add1fdd145571c234653", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498170, "uuid": "94a50eb1-2167-4ad6-8789-4877fdca049f", "comment": "Malware payload (AgentTesla)", "value": "b2060c4e3adfe2e823c677c1e1496211a062f0e805ed9d0e25b822a7ab441d79", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498170, "uuid": "a2ad1a3d-bf82-4588-bc01-c1d4e592130e", "comment": "Malware payload (AgentTesla)", "value": "1fe9434ef8fb6afb99054b7b0bd26dc7befcb21d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498170, "uuid": "81ec0979-d2af-4dde-9a0d-0006263ec5b4", "comment": "Malware payload (AgentTesla)", "value": "ae308fe64ad4d5dddb43d7484016862a8b8eb6f4b8ef7c0c695697e0eb52905f1505f07d40726ad2c60804054ba065c8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498170, "uuid": "96a14524-e38e-4ded-bba9-7b584423de9b", "value": "T1217502ACD2B8BCEBD41744F59CB6F6E1096FEA1950381A59386A311314723637CB6C2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498170, "uuid": "2f4c6f18-ce70-420c-b2c4-17151c274cf3", "value": "e74c8ae3503a17604f2a2d84ae3389c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498170, "uuid": "b8f45430-dbbd-4e3e-929b-fc1fae38e106", "value": "24576:Qn5QJhQEnQG6ZGLykBqHqgCyE9yNVLmgA2OX0VvmyloyS4p62z8:QO9nOuBiCyE9VLX01megq8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498170, "uuid": "27e95a88-0215-4678-8607-770287200ea8", "value": 1573376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498170, "uuid": "08f76575-41e7-477c-b19b-9c64897bbce9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498170, "uuid": "140d3377-d33d-4e5a-a2a7-3e809a4b2722", "value": "INVOICE_TOTAL_FRESH_8916253849_XdrnmgqpjPSf\ufeffd\ufeffp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c02b60a-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696496392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496392, "uuid": "efaa11a3-d17c-4fa1-a187-9180623da1e1", "comment": "Malware payload (MysticStealer)", "value": "bebef81ac2e0a1d0d1a9a77dc0aae50f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496392, "uuid": "a3c11687-0108-4f76-b5af-edf0128a2660", "comment": "Malware payload (MysticStealer)", "value": "b28d4d45175d4948e2393edb7269181bde8cf43621a8ddabe1335ac171656e22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496392, "uuid": "f4b64b65-6bbb-4634-b39d-1045b4605c75", "comment": "Malware payload (MysticStealer)", "value": "02b915955306848cd811e6d038b4af6921f83969", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496392, "uuid": "7551fee4-2200-41f9-9cc7-0579b6ab4f24", "comment": "Malware payload (MysticStealer)", "value": "669a56af710b03a2832280333d4db3a4d562ce8cb855c6f89100c9fdc0f4094023e1e637051b762c1b95faa775b80450", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496392, "uuid": "128d1c5c-88bf-44ee-9465-a3daf348fafc", "value": "T18F54E02079F2D8B1D6B356794838EB857BFF78726474858F27684A6E5E603C18E63303", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496392, "uuid": "64c87732-9d45-4f1a-b28a-8034c383d10f", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496392, "uuid": "c4f2191d-5140-4178-b8cd-3966fe60efa1", "value": "6144:rm5wru/agAjTG9K6fu/cMlDlD8KiFcU4LaHxuY:rTr8agAj/6fwlDla4UuY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496392, "uuid": "9308a571-e210-4fb8-aefa-56ee17e6aa45", "value": 285696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496392, "uuid": "2d6f9ad3-0a96-458b-8578-ee6bcccfb87d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496392, "uuid": "b7455d0c-7f5a-4468-ab15-60b133c152cd", "value": "bebef81ac2e0a1d0d1a9a77dc0aae50f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b04ae96-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1696510403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510403, "uuid": "72c76b6a-b0c1-486b-9e0f-a0eba17ec037", "comment": "Malware payload (njrat)", "value": "89eb28ce0304a358a29bacea9e285fa4", "object_relation": "md5", "Tag": [ { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510403, "uuid": "5649d041-8538-4357-8aa3-1184ec0f1bc8", "comment": "Malware payload (njrat)", "value": "b28eafb6cfc045df2861b5e7d14f865655d74c2e828bfbf9e76e8f8f2f9580d4", "object_relation": "sha256", "Tag": [ { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510403, "uuid": "db402455-fc9b-40f9-9694-c6d12061f5c4", "comment": "Malware payload (njrat)", "value": "9ce1cd5facbda98f4e061431fbadf70450220370", "object_relation": "sha1", "Tag": [ { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510403, "uuid": "6e528dbe-59b1-4e25-a00f-1ed0582283fc", "comment": "Malware payload (njrat)", "value": "002f70527d045f1fd2a4a9ca3b77f304c2112096e55683016de6c1ffd5f8a9dae1dcaa47b2db61e8748acc78cb69efcf", "object_relation": "sha3-384", "Tag": [ { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510403, "uuid": "ee41bf50-0c7e-4e52-9053-632850656eff", "value": "T1F0549EB20617BEC7675E0C80D0E42A845DCD6D57AB349998B9CC03C8B2A9C1CDDBEE75", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510403, "uuid": "ba43f165-66d2-4c9f-91c5-c642a94b6d3b", "value": "6144:cKlZQapayILX8C7vuchWVi9sEPODNe+C3QJibmdj6OywkG+n2E+:cKtTAvuchWaswItZYmF6BRjnw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510403, "uuid": "b009568f-b119-4ffb-8fa6-97667842aefd", "value": 280870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510403, "uuid": "d7f15331-275a-40e6-a77b-4d0da7bb1e91", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510403, "uuid": "54171858-2c26-477f-a7da-b5e5405340f4", "value": "Arch_njload.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f92e9bea-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539955, "uuid": "5b4dc8b5-78f5-4155-b8df-a45a6ef7a52d", "comment": "Malware payload (Mirai)", "value": "bf83d466c54380371c4bd6ebd8c96a1d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539955, "uuid": "4e8a5d34-11fb-4251-bccf-46b0ffea7277", "comment": "Malware payload (Mirai)", "value": "b2ce3b2fe9bce55a5e83242e95cad4bd1caadb897183911f3749cebd86f9e7eb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539955, "uuid": "0ba097d1-88ac-4ea2-98df-31ae26da1a0a", "comment": "Malware payload (Mirai)", "value": "a33f55d02f481e2c19343583d49299490b815018", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539955, "uuid": "0d3f340c-18bc-40f8-9973-42b147fa4287", "comment": "Malware payload (Mirai)", "value": "1fb6f9edbf72201011da6950f62804dab5e09a04bf3b9bb3b09895fd1fa5d13e5b5737ed612275f5c739b7702624c56d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539955, "uuid": "d0fe6fbc-b2b3-4c05-8d0c-36ab178a8128", "value": "T115735D24A97D2E26C0D4A17B61FB8361F2F6230E25B0965D7C760F8FFF2464468162B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539955, "uuid": "5e1af2ef-ce4a-4a34-abab-34fb7fed1f6a", "value": "1536:5ms+geQfvznpCR8ee84cNsAUiAvFI7IlNnws8b:YwfdNu4cmZvFqI3w7b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539955, "uuid": "a91fc3ed-2b43-4166-8379-b3e465f41f37", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539955, "uuid": "11ab921c-b513-4ee0-a98b-f0ac0713d4ee", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539955, "uuid": "a8480396-0622-452d-982d-e6336bb1df2f", "value": "bf83d466c54380371c4bd6ebd8c96a1d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93690997-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696494687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494687, "uuid": "1d4d68a2-853d-4533-b417-a215be761631", "comment": "Malware payload (Formbook)", "value": "1922e249efa0059ffece86181ae18678", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494687, "uuid": "78e30057-c9d5-43da-8ee1-ab565ec892be", "comment": "Malware payload (Formbook)", "value": "b30118fbfd33cd82e5860b43b583a91557e91cec7a0fdf69a315d933779c8c6f", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494687, "uuid": "d66017eb-e6bd-4efd-9657-592d3e70f858", "comment": "Malware payload (Formbook)", "value": "19c33713ff82e1e75fc354fde0c5a24cf06edcba", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494687, "uuid": "79b302e6-baed-4e22-a68f-a157a0c53e21", "comment": "Malware payload (Formbook)", "value": "4739f4a83083fa4f4d187ad248d3e76eb5f3d8d89a0df471e8cc831932994213c8d54ffa68f5752c31343d5b8691de3a", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494687, "uuid": "aca6bbba-e9e3-4684-84f0-218e05b1241e", "value": "T10F54239D16D830A137C990C99FBB1037A9026485D39B4AC3DD3F8F99EEA9E72607540F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494687, "uuid": "6564ccf3-47de-42b5-8eda-291a678d17d7", "value": "6144:D9C7HtToil+10FGhixMpit1Ho6k0wzHq9/CYArX/F2A8:D9ge10Ahixwivo6twzHq9/CYATdT8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494687, "uuid": "07dfd7ee-6d6e-4f97-ad47-e7988f7c49d1", "value": 295511, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494687, "uuid": "99835eef-17b7-43ad-bf51-78214aa82afa", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494687, "uuid": "06290db0-4eaf-4f36-99c5-82fcb567e25c", "value": "Salary Payment.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "188ddb01-6356-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1696493192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493192, "uuid": "a22c8272-d99a-4f03-b0a9-8367d588c8ad", "comment": "Malware payload (GuLoader)", "value": "72ea6103d7eb7080f2930aa75e3a4a7c", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493192, "uuid": "43df9479-9872-4eef-8d01-03c9487077ce", "comment": "Malware payload (GuLoader)", "value": "b328c756fecb2e5f6c511b0efc3149e010594023014da4b609db310bb55180c0", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493192, "uuid": "3efa98ea-a7ec-4988-8872-20d2c8af6725", "comment": "Malware payload (GuLoader)", "value": "9a4fe7d976c0f2964c8225c28fa0ff72a2e438ab", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493192, "uuid": "bb8ed4f6-6125-45cd-beab-8234c8064b1f", "comment": "Malware payload (GuLoader)", "value": "df89845fbff80243922fb5163f9eb2203f93ed9a2587f25279075960cb9a7c17e482136c4bb7b68626b038e22f784a10", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493192, "uuid": "c6e324ea-df50-4c7e-be28-8aa4ac53a1c1", "value": "T1E7236CA0EE851409448722FBDC490875C53980B7152211757EACF3AE960BF9CBF7FA9B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493192, "uuid": "2ad7fa6b-51d0-4c0b-bdbf-669e54ea750d", "value": "768:9PccYg9DWtqvANkmWkBnCArU3hCuLmRZocgHTsm+tEra3HSOJ8XRWuWTBEBA08lX:9Gg964oNtU3XkZkvEdqUuWx089", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493192, "uuid": "229494ae-8c42-49b8-bdca-b4756d45cb8a", "value": 47091, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493192, "uuid": "fc6e3f0c-996b-4d0f-b2ae-8048b4ebed80", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493192, "uuid": "848a2cb6-f4da-4398-ac56-6f418d0b189b", "value": "Skidegod.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1657a57-6384-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696513313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513313, "uuid": "af2d810d-c2bb-454b-935a-97d2951ca9e9", "comment": "Malware payload (GCleaner)", "value": "b8300de49a6161bcca133e41a7dd35a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513313, "uuid": "333d78c8-50d2-4137-aec0-13e856a11c8e", "comment": "Malware payload (GCleaner)", "value": "b482d79969e96500849a0ba17134ce8df366d7ada84949c23f75b4053f4fdbf3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513313, "uuid": "06a56cc6-15c4-4b6d-9710-03510bf92f55", "comment": "Malware payload (GCleaner)", "value": "aaff6f90ddf30f500be52d3a18ecca4343b19e7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696513313, "uuid": "80aa9311-ca53-4b93-84af-27c22eb8c9e5", "comment": "Malware payload (GCleaner)", "value": "22bc9f75e9d53c33e6307294d247b615e6bf0b60ea13ecd41dee78cf440816462aeb10e64c4b35f5c7081e9c67859027", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513313, "uuid": "6b1451c6-de70-427c-ad38-855ecf7ea02b", "value": "T17544F1E27860D471C80F40344821CBA1AF7978F1C6AD4597F79816AFAE3C3D2D76A259", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513313, "uuid": "52bfdeb1-05c8-4711-9c1c-b9752bc80abd", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513313, "uuid": "89ea737b-27ff-432f-94c8-5e9f2c38937f", "value": "6144:ePMFOEh0J7lLRTOX1ZXPJQDN6dYsAjRRZlk:ePeO55UfRQh6CR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696513313, "uuid": "0780dc9e-5b5b-479b-b18f-6547fe015f3e", "value": 261632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696513313, "uuid": "4088626f-e751-4a4f-a421-8f65da42782f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696513313, "uuid": "86828c16-0931-437d-b99b-1d840b11a3a3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57591935-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496733, "uuid": "2953358f-b343-4777-a684-857ef4bf9b35", "comment": "Malware payload", "value": "9bb63c2a598c4b7f9f8e6b828aaa7911", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496733, "uuid": "eb4a4414-c640-4ae9-9bf3-f3fd43064df1", "comment": "Malware payload", "value": "b4c1462f1ba2ce03b6e895eb370baac709ed0c7e7bde0188c28b195277a7ea06", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496733, "uuid": "4b6f23e7-e36e-40d6-b317-6ca48203a33c", "comment": "Malware payload", "value": "e4a311a73b475f064a0bc3ed8fc95c4c7c920a2b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496733, "uuid": "59576a2f-5abe-461f-b155-9d5bd5a4401b", "comment": "Malware payload", "value": "29789b4c20e00fe2c031e9e6fc264ba7f30a8d881c441de26e9446a1d5bd88daae57f82c2040cbac7c6494db9be28c88", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496733, "uuid": "3620a273-f602-4328-85a2-88f56977a874", "value": "T113D42352DAB0F0DAE77C220EB867235AC5347804B71513EA367AED1DEBAD8115B0DB43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496733, "uuid": "6ba6ea49-a439-4a92-9a5c-3df2665fbaaf", "value": "12288:784xGWb+sRF9aH82FTNYfBBzCSqWLDqtZiuuug/:78GRFR2FJYfBBGSqWLjuuug/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496733, "uuid": "6a2e51d9-741f-4b7a-83a5-f0b77d4b3576", "value": 642553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496733, "uuid": "7621c48d-131d-43c7-ab26-a44aed2aa074", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496733, "uuid": "0bb28bb5-48ca-4cc2-91a9-6fabf42e6206", "value": "SOA AND NEW PURCHASE ORDER.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6abd6865-634b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696488605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488605, "uuid": "1074b4f1-e0a3-4d43-a0ee-4aa499c3f1ec", "comment": "Malware payload (Mirai)", "value": "3a63fa43f30f0992ac8bdd1e94ce15ec", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488605, "uuid": "bcaf23a9-82e6-4a73-aab1-dbb74d93c974", "comment": "Malware payload (Mirai)", "value": "b52585241f3b7b740269d6f7d22379e974f5212db8b9eaa635f025a20fda3213", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488605, "uuid": "11142fb6-cba8-490a-8fbb-861660bdbbe6", "comment": "Malware payload (Mirai)", "value": "fd6658f6d62277c956294be00adc1a75a4bc8bfe", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696488605, "uuid": "b4bb2697-a261-4ba0-9718-80517a0d0455", "comment": "Malware payload (Mirai)", "value": "bb4c65a40d3133002882b11e2ca34f7dd174b6621abdb54b3503162ca6304ea0f688286448c46923c555a5ea328e073d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488605, "uuid": "4b5f5d9b-5f0f-4b42-b2a2-0c60e54714f7", "value": "T1C1C2D0F67E377DA7DE25013934A9DD368275F012D3AEA653A240824821131BCB7329DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488605, "uuid": "7cb38da7-f7fe-44f4-8a8f-5903c0764a6d", "value": "768:0MwoDZLFbBb6HQHRYfeAxdd8nbbx5weH0Nq:0olhYfe6Kqc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696488605, "uuid": "5065380d-4a01-4b91-a4b1-cb6abdd2e5e5", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696488605, "uuid": "a86c3831-a86b-45b7-b393-190da74671e0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696488605, "uuid": "e54fcb1b-ed3a-40a8-9815-6749e243600f", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24103549-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696494929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494929, "uuid": "bf57cd67-a04d-4d5a-acbd-f9f3196724f2", "comment": "Malware payload", "value": "24ba18f1f1d21a60422b5675fdf85aa9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494929, "uuid": "a382ce2c-2e2b-4919-884a-4e5bf506c4b4", "comment": "Malware payload", "value": "b5cc12fdc67da1a3f95f51a91669e51a4022a1578c2dbb83440aeeb5e9688aeb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494929, "uuid": "82abad04-272d-4f68-901c-f21306801b18", "comment": "Malware payload", "value": "c1c41e7443a97f045bb6d6a9f3e35ab2ec294dad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494929, "uuid": "e9c41ac3-6310-42f0-b68d-b4b1665d839b", "comment": "Malware payload", "value": "198256473636a3eacad05bd959e27553930744ec2511546a7eea3bf604cb1f8112d8843215cc61e55117611b1be85493", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494929, "uuid": "ba6d9c25-40e6-45c5-bf83-fe89f3d61ff1", "value": "T112B4122235B0C175E6A785754570D680AF3BB823A535818F37281B7F7F23AC25B7A346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494929, "uuid": "aab8c301-7d0a-43ee-9f2d-fef545588b81", "value": "ce62d6c99a2ee08049f067650fad119c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494929, "uuid": "f1383f44-49da-45b4-95a8-9da41b0836c2", "value": "12288:CvohC1/OYGRPg0hc2oIW6g5/O7BBOhlzbkgUM4wh:wohYbGRPgmc2P/g5CBOlzITw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494929, "uuid": "b6f5f167-d5d3-4b34-a9f3-e30fd4a1aed5", "value": 522752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494929, "uuid": "1d24ce41-a2d2-4ef0-bba0-3ec20276b87f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494929, "uuid": "8f3c19d2-5337-4279-8dbc-b410203375d9", "value": "24ba18f1f1d21a60422b5675fdf85aa9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "533500c9-6354-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696492431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492431, "uuid": "82310edb-991b-448f-bcb6-abb0212cc648", "comment": "Malware payload (Formbook)", "value": "2b926e3243efdba09b1b5b6310cee5cb", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492431, "uuid": "7029fffd-05e2-4669-9c76-6c04bc22da55", "comment": "Malware payload (Formbook)", "value": "b5d6328ea4717b0ac0517ec84ff547e8265ce745ce5a83785f2d339cac918f0a", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492431, "uuid": "12c47ead-3d2c-4bbb-ae80-1ce88aa8fd49", "comment": "Malware payload (Formbook)", "value": "d1a4cc9be40cdd1fd2ebb238a0887ab69ad99127", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492431, "uuid": "544129f6-5c0e-458d-a19a-1f1768e23699", "comment": "Malware payload (Formbook)", "value": "6039a5c3d1b2e589f37c63949f36b57134540f7720375f1a3ca3ae73647a09e09730a7150de321af4c43d45f87f229a1", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492431, "uuid": "19c2174f-205c-44e0-ab99-c0fe5f9a0981", "value": "T1BD54236EA329CD4489BF6158E17BEC1DC4740C221122734A4FA66C1C7BE8779E6E2E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492431, "uuid": "3d7a4fc8-4eb4-4078-8f75-cef224a2117d", "value": "6144:gy/KxlL6T6DyfxsQzdN5tI/Z+fECasvt+oDkeoLK4obkg1J/O1vo8WD9imdLXiqO:3/K726GpsQzBAZ+fJa6tlweoHoYu/Qw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492431, "uuid": "1f1fee30-54fc-4c4d-ab3d-52b2f537c2aa", "value": 296824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492431, "uuid": "096cd50f-97f9-41c5-88da-72f904d99de7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492431, "uuid": "0d7cbecc-a568-44d6-87a4-ccb2946fbe9b", "value": "quotation - 0070086.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7db49b01-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696498516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498516, "uuid": "b75ed51b-0972-45b9-85b5-5dbaffcc9a5b", "comment": "Malware payload (Loki)", "value": "b04c242731d9afd15433f4e2d8049f35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498516, "uuid": "6a3968d5-4d0a-4cb8-ab1f-0bc9a34fb40b", "comment": "Malware payload (Loki)", "value": "b6192442fd17604a2ef9bc30426d96c96b50a74be5c9bd13c1b143c7b7b08adb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498516, "uuid": "7c94e0f2-b8f4-456e-b788-35d1ada235fe", "comment": "Malware payload (Loki)", "value": "115cb42fb735bfdacec08c5b455d91dc0f080476", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498516, "uuid": "c50a25ff-a9bc-43f1-ab5f-f5f176010df7", "comment": "Malware payload (Loki)", "value": "d5541dbedb88a38298420ed166e255f1e81f7ccbf5acfd6fad0d302095002bcc388c57f2fe60da1c7bc94686e6774d26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498516, "uuid": "13ec4f6a-eca5-420c-97dc-2d0d9fb345ec", "value": "T174A40169335071BFC4A7C53493B06D549721A96FAB1BC603A863259EDE0E64BCF10BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498516, "uuid": "3153cc4c-c52b-4d09-be8f-e704fe440925", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498516, "uuid": "e1b5edf1-6ab7-437d-bfc2-7ef62d1adc32", "value": "12288:i9j/jDNdGKuKF4k07Ug4qeifjZq24zcrWRfIiRyWp+1lMa:i9jLJkpe4BIgFfjUCMfIgy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498516, "uuid": "4397f038-911c-420e-84af-d78fbb4e91be", "value": 493568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498516, "uuid": "faf5bd23-37ee-435a-bb44-8f69f71f4d55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498516, "uuid": "148ad671-0604-47ac-a490-61243499aa55", "value": "b04c242731d9afd15433f4e2d8049f35.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb83b45a-637c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696509786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509786, "uuid": "cf9204b8-e988-4589-b1ce-b8a23d7a4bdf", "comment": "Malware payload", "value": "cc2db916f8e2020ed1cf4f741777d101", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509786, "uuid": "3e213891-8d2f-4962-b07a-edddf5473213", "comment": "Malware payload", "value": "b8de746feded9dbd1fb290b18d44d33eb02aaa069f789a92fb630ffa585def95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509786, "uuid": "042dc2c9-fe2e-4c18-bf03-7b9155f43aa7", "comment": "Malware payload", "value": "40e5d582687651ec748be305901738e009a77c9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509786, "uuid": "c7085394-982d-4437-9f90-80a1c0af3453", "comment": "Malware payload", "value": "86112230334d132b2478ddd4eda66f4c6af680f504e55da53a5bf87f28b36334cf092c43a64610e7ec07ec0377820d5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509786, "uuid": "5b37e24c-8cf9-40af-9f91-487d2523fa30", "value": "T14614D0217A90D072C44B81358430CB74BF6AB8725B9585873768DBBF9E30793937736A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509786, "uuid": "4c6947d4-f2e0-4ff6-80a8-1b533a07693d", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509786, "uuid": "27fae5ae-7db8-4746-a7f6-806fcca3dba2", "value": "3072:pPTBMwuu/85WrfofsEeF3IedhnrA7kdSzLYrvNR/4k9Y5IAOmKT0:hTBMo/85QgheFNXrr04zNR/r989", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696509786, "uuid": "81e75f3e-6d21-4ecf-a700-470c4db336ab", "value": 200192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696509786, "uuid": "4a78cf9d-4dec-401a-a527-0a3a8fdd1f5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509786, "uuid": "b2b340c1-0c00-4936-9092-7211b684ad76", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32307de3-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522441, "uuid": "86ba7f20-fe9b-4f02-a24f-f669612ee5ff", "comment": "Malware payload (Mirai)", "value": "87c5b5139cb822dcdfe29ddb7526141f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522441, "uuid": "08ec69ca-8653-41b3-92d0-bbfa728a6a98", "comment": "Malware payload (Mirai)", "value": "b913a45a6edd715e310138839f8fe26163daabc3ca423658550723ac0e676dff", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522441, "uuid": "5761c656-9284-4975-b29d-3642fcd825b3", "comment": "Malware payload (Mirai)", "value": "b8daa671cbe8b6f1aeaac937364ad42c4df465f5", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522441, "uuid": "b8a0c5be-d038-4035-9a0f-9a12a3b059d0", "comment": "Malware payload (Mirai)", "value": "0a1cdc0856d6199fae0f612f7114cfbbda737869e35fe4ce7b5cb9deb5179b3b6ac06cd97051f8bb3bae206c172d2c4d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522441, "uuid": "f5cb3fb6-b485-4b89-adb6-a219935d97fa", "value": "T127E30A56F8819B12D5C111BAFE1E128E37131B7CE2DE72029D246F747B8A97B0E3B905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522441, "uuid": "8352802c-8f4f-48eb-a787-66ece56350e9", "value": "3072:ZUIK7G4UWv4Wj4X5s9YHwIaOuxGj5zCm3295Rpw:ZUr1R74X2uHha9G/3295RW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522441, "uuid": "771dc56a-d155-45dc-aa21-2001f572bba5", "value": 143292, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522441, "uuid": "98f2502d-d02a-464b-a9ac-abb2b013db9a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522441, "uuid": "c791c019-31a2-447f-a81e-b15d0b7980f9", "value": "top1hbt.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "265d0e28-6396-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696520703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520703, "uuid": "df5e5b2a-ffe3-4505-a88a-1af6f06c2792", "comment": "Malware payload (AgentTesla)", "value": "fca38d9f17a13f01c024777d8b81ccf4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520703, "uuid": "b4e0b79c-7fb8-4e77-bb8e-c30d54555037", "comment": "Malware payload (AgentTesla)", "value": "b96e24a9ddf6cd213fbc5d9c6412c7466181a39d3ce07f02e3ccfc2d6d52e6fe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520703, "uuid": "28658fbc-76c1-410d-84c7-4a17eacf47f2", "comment": "Malware payload (AgentTesla)", "value": "3972ddfb74e1c26299ffd194f017e20d5d0694ef", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696520703, "uuid": "a12f2486-1ef8-4e8e-a0eb-ea94ad8211b4", "comment": "Malware payload (AgentTesla)", "value": "ba75b407d182f22edb9c57ccd295450f9ae3f32688aee384e11cc7771604e07eba970b46c137840848f1ddd1b64130bd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520703, "uuid": "09588931-5b27-4d75-a03a-6fb154378a89", "value": "T16CE4012176E94B36D8B583FA1630A40013B6BDBFB835D6AC1CD670DE0669F420B61F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520703, "uuid": "0fbff635-e39c-42c9-a96f-fdda98c80096", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520703, "uuid": "984a1984-2e65-4abd-9f5d-fbc6aff563f7", "value": "12288:aiMH/jVJcjzAAQjS06C4lGI2SGh7TsgVNlY6xpMaTssK5pc6rMvP0Oxnp2:+LVJCAAQMji5vnT9ipc6QvHp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696520703, "uuid": "dcf13e03-ff1e-47a7-a401-26f2a9adced3", "value": 681984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696520703, "uuid": "34669ca8-99e6-4dbf-a6fa-dbb54dfe4977", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696520703, "uuid": "c2e059d9-4c76-4eab-a91d-7f8fa45655c7", "value": "SecuriteInfo.com.Trojan.PackedNET.2431.1993.21485", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55fe25b0-6368-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696501026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501026, "uuid": "948571e7-d070-4dd4-87b3-9b40aa7ffd34", "comment": "Malware payload (AgentTesla)", "value": "91adb88af1b20c4497d438d8cd0b274b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501026, "uuid": "dd9914ff-c3e3-4997-ae20-af40e413805b", "comment": "Malware payload (AgentTesla)", "value": "b9bd69ab014678f22e1f3a60b22d377539a03f4f3ce6435cec44c0b23080dc2a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501026, "uuid": "3d30bcce-3778-4565-b89e-6a5d4fb31419", "comment": "Malware payload (AgentTesla)", "value": "d17aae0385544ac6ef0e3decf8e93307d6d21122", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501026, "uuid": "18e9d73f-6783-47ec-915f-5beca609e535", "comment": "Malware payload (AgentTesla)", "value": "fdf783b26558dbae3c7cdefe56f37a1703ea3341063c42e08a3962609b978bdd1b83fefa781c67f7ed133d05bbb27a84", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501026, "uuid": "13b8094d-f533-4923-bec3-54620856fbb6", "value": "T194C4231DB8087CF72A14975A6C861FEDDE61995B637A8ED409113EB0C0DF136D232A2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501026, "uuid": "2ba3df4e-9114-4a1d-a843-89011cdb499f", "value": "12288:VfdFwepxuGOoqX7fMikkAR6coIndQZ98bzj7zQBC:modeXbMhR6cHdQ78brMBC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501026, "uuid": "e99f22ae-9cbd-41e7-9ca8-43c2be4f2086", "value": 565299, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501026, "uuid": "04075bc4-5feb-4adc-b952-fe0e905a64c0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501026, "uuid": "ad3da5d0-27d8-4470-83e7-fc1edfba1b9d", "value": "Invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31331984-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496669, "uuid": "ab67c3ac-727c-4441-9a62-c1565bbdb06b", "comment": "Malware payload (AgentTesla)", "value": "6252c8df3efb1b31225b3b2cffa5ee51", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496669, "uuid": "8ae8ddcc-7276-43aa-ac91-1e740eb95aa2", "comment": "Malware payload (AgentTesla)", "value": "b9e61d6b2793b364620c1e921aef106639484a11de8b23ae2064d51119fc2595", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496669, "uuid": "e0881ec1-3478-44ba-ad08-235b260ce734", "comment": "Malware payload (AgentTesla)", "value": "0f19818a581debd6b8c364572293318c674cad42", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496669, "uuid": "fd07a1c5-6ccc-4e98-878d-82229fc3ab73", "comment": "Malware payload (AgentTesla)", "value": "dec623bdc6ac36bb0ae2bd91963bf4cfe7b5f22beea6fcd921cbad598442672fd9f61a5484e91670654829dcb9e5486f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496669, "uuid": "060661d6-59b6-4b9b-8e25-da8ad860041c", "value": "T110D4230C07A17016D2F701FCBEE99445D7373C9C82692B91AD938C36AB5C86D7AE232D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496669, "uuid": "81dce1e3-24ae-48bb-bb47-2c38497ff167", "value": "12288:9InW8EOuCXhK/3bw1Uk/kbpWCeJyyoUnxvr1DO9aesfc8Hk8ScT3ojGu4:G40hC2ABe8cr1FRpSR94", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496669, "uuid": "c001ec11-c757-470c-b897-37d365a76974", "value": 622519, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496669, "uuid": "8a69fe5f-46b9-4d8f-8b8e-a70e64efc987", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496669, "uuid": "6997a02c-0b49-4b2b-a486-8affda8db40f", "value": "SKM 41023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17f37a20-6355-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696492762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492762, "uuid": "b90fc3d0-7858-424b-b83d-fe8f65ba196c", "comment": "Malware payload (Formbook)", "value": "2355fc3ffe8d8ae08f8e26428e003617", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492762, "uuid": "50094c03-6584-495c-9c25-24822dd729bd", "comment": "Malware payload (Formbook)", "value": "ba16ee5c2a7628f9af912e52ad2b8ee22d1ea16e44163d7b3fa750ac2667b78a", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492762, "uuid": "bd5e9c74-ca89-4ee2-b028-3e1c9e7c5e38", "comment": "Malware payload (Formbook)", "value": "0cc257f30efc1dfc5d5fd5e50acf330e681a027e", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492762, "uuid": "7944851a-0b94-46e6-9b32-924057b5e575", "comment": "Malware payload (Formbook)", "value": "a05905e578b143ecc241efd160cdfef0333fc9495c23b198e7bd2466a67c7f8c6d67a38d30fc449f5465d16b92536bee", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492762, "uuid": "5ee09724-99c1-4115-a5a3-97b4638030b5", "value": "T1DC54236FA329CD448DBF6158E17BEC1DC4740C221122734A4FA66C1C7BE8779E6E2E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492762, "uuid": "6b98c0ac-f348-49d6-b6cb-5eaebac111c2", "value": "6144:9y/KxlL6T6DyfxsQzdN5tI/Z+fECasvt+oDkeoLK4obkg1J/O1vo8WD9imdLXiqb:M/K726GpsQzBAZ+fJa6tlweoHoYu/Qwv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492762, "uuid": "6f7605ad-ecf4-4de2-8333-2dd3877ab3cf", "value": 296834, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492762, "uuid": "0fd34fb0-c824-4375-bf4e-5bf404fa2be2", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492762, "uuid": "53673d34-4293-4e9e-ba2b-f1bd1960f267", "value": "NEW ORDER-SUNNY 10005916.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05e9a93b-63b3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696533104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533104, "uuid": "9cded8f1-ccd0-4017-a102-d2b6f207f675", "comment": "Malware payload", "value": "350486a536e2ff75511d8a40e959cad1", "object_relation": "md5", "Tag": [ { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533104, "uuid": "f433dbf5-1a3a-48a9-9088-80a60f709168", "comment": "Malware payload", "value": "bac654ce026b4383c0c493bf48e85f7f06ff989f9c6394e040c64b40becf6411", "object_relation": "sha256", "Tag": [ { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533104, "uuid": "2d08db1f-0518-44af-b4bc-e3338c300651", "comment": "Malware payload", "value": "57ea372da7b44e0f17e09e183318840e7707986c", "object_relation": "sha1", "Tag": [ { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696533104, "uuid": "9fc8a1ba-c260-4962-bd47-fc5e705ad1a8", "comment": "Malware payload", "value": "53035a406bb4f8b0823427ad887e57427a4eac179282f7638d04c6dfc053c0eb67db997aec51ba2b59369baf2129f5f7", "object_relation": "sha3-384", "Tag": [ { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533104, "uuid": "c9bf1053-fc34-419e-b29a-7a0913a21887", "value": "T14B016E3253553555FE353D7DCD154DD2C148CA263207DDB0E23D07135331176F164494", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533104, "uuid": "b4a8fd14-f4d8-40cb-8ec3-0a82c16fd46f", "value": "12:n5htmdM1QmTJWhKwpAHuuan1tLs9MaupK9UCQHsvkeND6pSzu0aW5XRCwt3:n5hkaCRhK20G1YYKZqheNDMSCvO7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696533104, "uuid": "34b7530e-b736-4952-8e28-82e594246e81", "value": 755, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696533104, "uuid": "0755f77b-b8fd-4ac3-8e81-c5c3fc2e8787", "value": "image/webp", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696533104, "uuid": "a39c20b8-06ba-4832-8354-ee85926dde85", "value": "bac654ce026b4383c0c493bf48e85f7f06ff989f9c6394e040c64b40becf6411", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bb4b3bb-6340-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696483829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483829, "uuid": "c065f3a1-a8c8-4787-987d-0931ec3d28a5", "comment": "Malware payload", "value": "f81f4e1977b3cde29b1425d26bb4af85", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483829, "uuid": "39183af7-885f-414d-b4d4-19b92f9d316f", "comment": "Malware payload", "value": "bc2a801d12ae80323040277b53334834f73819a20b0825d3672891d62d41e3c4", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483829, "uuid": "f271db6a-00a2-460d-9e75-0237b7767132", "comment": "Malware payload", "value": "43d7e0ee51b8b8ab83d9305739ac77ab833aca54", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696483829, "uuid": "1a8014f8-23dc-4311-a34f-52375af5da9c", "comment": "Malware payload", "value": "cf21749ad0eb21af005a42f978833f1fe72a305db5aeab177c74c05ac56af42a85778bed529f895f7ba8b314866dcd4f", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483829, "uuid": "1bfc3dfa-0da3-4a43-ab9f-684b73ef1a7e", "value": "T10908330434720BBD62457BE16C967B12C8872847FBC5CDF12834AF42E6D70ED6BADA85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483829, "uuid": "008fedf4-e737-4dc6-9cf0-380da55b29a3", "value": "1572864:l5mXq4wmZrL9ppomkXfXWKA2v+5KQ9wbiM3S6V/9DLMjJFxZ8lL2TOL8cnyJX:lQXqbmZrv2ZhA2v+kQiE4/927f8X8kyN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696483829, "uuid": "a7cd5da0-2cdf-4b2b-ae7d-d2d38b00ef26", "value": 81708208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696483829, "uuid": "f418ac95-5e80-4c65-b846-a638ce928147", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696483829, "uuid": "a2286a68-c7ac-4f12-aa8f-88be6a7aa806", "value": "ECOSYS_M2035dn_v.05.05.0020_(2017-10-12).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9e8f3c8-63d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696549351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549351, "uuid": "0849636f-fde8-4767-a34d-a31c39293582", "comment": "Malware payload", "value": "5ed6ac8bb9e9a3ee98e6f1c85f6a6ada", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549351, "uuid": "ae09cc94-c2e9-41d8-aebc-69be075f414d", "comment": "Malware payload", "value": "bc691d3d99e8fd93d9cf9eab76408d4cc96535c4c225c16363ff423b1f0933a2", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549351, "uuid": "6a8520cb-c6de-41da-a9d5-ae65974853fe", "comment": "Malware payload", "value": "ddf8a8d4e1edd801cfabd491d2e3d67768c353e1", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549351, "uuid": "d9c0425d-e988-4106-a101-cb9773c81638", "comment": "Malware payload", "value": "5d8eada63d5fbc4b59d01c2492cb27fb8da5092ec2da36cfc58d371e6ef451fdcb5a940ed50983387a41b84e0a8af057", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549351, "uuid": "107c1534-7937-4a5b-a3ce-47f3dd9070d3", "value": "T1C2D023140E4EC171C0034506D05CFCD99C0DB0441DE7F85C7144D68A7C810D1DD4D6B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549351, "uuid": "dc6ee7b4-e53a-4666-b7fa-5dc0df1e0f7d", "value": "6:HRYFJb/5sZOFI8C0CPBvIyc1yc54vVG/4xHn:HRYFJDpFI8CdxIhy3VW4xH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696549351, "uuid": "b13b05fa-11ca-4b34-b8c5-71fa53a8979e", "value": 207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696549351, "uuid": "5a795251-0312-4f42-8372-644006b763d6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549351, "uuid": "efacf13e-913f-4b9b-ab19-1c8ea6715dc1", "value": "client url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cd332ff-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491696, "uuid": "0a5e29fc-a6ea-45d3-90f6-c264ac9b9dd6", "comment": "Malware payload", "value": "40eaf88ac573d50e7c95cf77cdf3901b", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491696, "uuid": "d59d96b1-2c72-4897-b1cc-da6a6f26b40f", "comment": "Malware payload", "value": "bcf92e1a88f9418739ce5b23acce1618232de1333a5143c7418271f1cb5e7626", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491696, "uuid": "0298ed9b-61b2-4c35-9dc4-4ae307864f82", "comment": "Malware payload", "value": "3680a50b1a95b49465b0a3d005c9af7f60add6e1", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491696, "uuid": "f5b0c2ce-ee97-47bd-ad5e-91636e96858f", "comment": "Malware payload", "value": "75d0a11e855bab2efe3549386831d87cdf6661006505059197ce0bab5db217fd13a609ea8b772cb80a64e59f43284c98", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491696, "uuid": "47bf87f1-c89b-4be3-a6a7-ae618e757207", "value": "T168C60703A96AEFA9CCC5F9F4057B7A84F4A8FD5AC8583C9DF345C5206AE2F04952DB10", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491696, "uuid": "6d09bf07-aa39-479f-9ebf-d3291d839d96", "value": "98304:NMgNU4W591Cu9ShpyxSdt0G+nv94gJAwqyMHL+Gqs6D7MB5VMd:NNUd/xSp2vOAs7lG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491696, "uuid": "c880ed46-b5aa-4b1e-ad63-0bda0e78ff41", "value": 11964760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491696, "uuid": "d0bcc034-7500-44c4-b400-7e38d3cd9d9d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491696, "uuid": "158a438b-fff1-494b-98e7-31e8d84c93fd", "value": "bcf92e1a88f9418739ce5b23acce1618232de1333a5143c7418271f1cb5e7626", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5fd6318-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1696510690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510690, "uuid": "b088543a-01db-47b8-8729-0d9df3d452ec", "comment": "Malware payload (AsyncRAT)", "value": "85d3d194ec107f5b92a7d9e6a9d06ef0", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510690, "uuid": "66b37b5c-d3cf-4e92-ab14-1f5caf599e9c", "comment": "Malware payload (AsyncRAT)", "value": "be1120f9457a73543597e27c1eb132ce0f833d0ca62fe67adfe6674bf48e04e4", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510690, "uuid": "511e54ab-c361-4fa3-b0d4-2bc27e474377", "comment": "Malware payload (AsyncRAT)", "value": "a01792f1c7c707ed5dde645e47b564aec7e1f415", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510690, "uuid": "10c3b1fe-68e2-47a0-9f88-1501544aa556", "comment": "Malware payload (AsyncRAT)", "value": "5c43307ff4ca1a5063a4e3a7d9b28611d0045e89ee2e91863fa8d9b84d7b3e4ea2660616d8a2675aa61bc827f3aef776", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510690, "uuid": "5ceb07e4-44d6-48bf-a5f1-0bccc0e36350", "value": "T155764AC7FC5154E8C0AED37586665252BA717C880B2127D32B50FFB82E36BE46EB9314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510690, "uuid": "8c6c65ba-21c8-46d3-9e50-4e425db22753", "value": "85cddd6092e65c1a58dd1e6e9ab9fc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510690, "uuid": "76083848-c100-45ee-b07b-f6348e1908de", "value": "49152:+OIhiwisGrb/TfvO90d7HjmAFd4A64nsfJ3EL9aIwSD3QI1YkMpSo9Vu2CNRCebj:7dsU9rjCFZ2EH9gl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510690, "uuid": "6c9a632e-44a1-42e5-bbf2-a329e1e470fe", "value": 7230976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510690, "uuid": "a3b3b38e-ed9f-48c9-80e1-475681fcff1a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510690, "uuid": "97579a57-7155-49f3-b022-3e348bdf003b", "value": "85d3d194ec107f5b92a7d9e6a9d06ef0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2467e637-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pikabot)", "timestamp": 1696508244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508244, "uuid": "2e814787-6c12-4045-bffd-6681eb905e22", "comment": "Malware payload (Pikabot)", "value": "233224d90452d7e82e5e5de7ca0b5a74", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508244, "uuid": "e767cf3c-9048-4e96-bae7-6ecd10f313c2", "comment": "Malware payload (Pikabot)", "value": "be3f466bf9bb52547563899cbf6cb893b86549f08214c3fd3c1e93e913a9804e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508244, "uuid": "ad10c129-9c9d-4c58-a71e-18d3ae062804", "comment": "Malware payload (Pikabot)", "value": "79d3c971196e48b8f8168ae7bcd9a75b9556d6ba", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508244, "uuid": "6d288dd4-5dd5-494b-bc64-63d3788d7343", "comment": "Malware payload (Pikabot)", "value": "a06ce85b7a70b3ace8a1dfba21f31bf911ab848de95f644320b30272f26891a4ece6e95a03f527611f5ec883fcae7bcb", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508244, "uuid": "4a988836-c47d-43ee-9a40-8becd2528ef4", "value": "T12B9523805D39DE3D427C222C28AF1B5F72ACC9484554EEE76BE8BC6AC62FB52051707D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508244, "uuid": "caae7be1-ddfa-4f56-99f4-ad05d3f16476", "value": "24576:r5arfOW2FeTpfI6/oEVMfBPIgEyQrEy9ayeqsqnIR9jnaHMCZ2mWlD/DN5JTLTk9:cfOWisoEYBJhkIZgHfZ2mUdLkOq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508244, "uuid": "38480e2d-3339-4b09-9098-d6662d2f3df5", "value": 1913085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508244, "uuid": "234b2e4c-df35-4ce9-8bec-df5c9a555c16", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508244, "uuid": "6185e434-6bd2-4365-9131-18d89ec65933", "value": "PO_13670.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0ed8af0-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508453, "uuid": "b8396ea8-22d4-4965-9f0a-7a395f9c0d0a", "comment": "Malware payload (Mirai)", "value": "3a6575697b4a4803a296a7b22de154e2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508453, "uuid": "ef3a09f8-f60f-4f6e-b2b8-303db0f76bc6", "comment": "Malware payload (Mirai)", "value": "be42f3b6b042f56031963fa2288012ae4270bd180585b98fdf45dff6bfeea433", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508453, "uuid": "164e9deb-a565-43a4-b12d-80168656086c", "comment": "Malware payload (Mirai)", "value": "f77b97a73d9c9603a15efbe8a17555b3336f80a0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508453, "uuid": "6c94b140-b769-4460-a830-f3a041552d2c", "comment": "Malware payload (Mirai)", "value": "b8719272725e2f0f85c91deb3ff96895517071d729b31bd9f4369e0975f0efb50b2e271860dab7ad02d461617120c0d3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508453, "uuid": "fc638fdb-37bd-473c-b013-5159a7bd45bd", "value": "T16733FA8EB8029D3CF91BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508453, "uuid": "14300cbd-4c39-4322-8864-994195995f46", "value": "768:gduPBFnHooqR8qOCKq2cH4/te+TK806MMUVjzkfQXObHud2oGn:r/hqaJMeteqK806MHdkfQX6HuCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508453, "uuid": "c81e7a83-e822-4ea9-8b48-768783c9c00e", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508453, "uuid": "48a21da3-8782-4eed-9c7f-f91758c8d8f7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508453, "uuid": "02a22fff-3852-4498-9f6e-12e1bc939e5a", "value": "3a6575697b4a4803a296a7b22de154e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f8f5bab-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496801, "uuid": "401fdaec-ad2f-4f22-aa06-754a64fbc695", "comment": "Malware payload", "value": "a06000ffc1c013619b57fef2fa292e11", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496801, "uuid": "17d5c134-a759-4ca8-8e02-5fe540deb2c8", "comment": "Malware payload", "value": "c02313c35ddb49f960e02dd3422b5e9ffe4387c15ae291f9518006078a7ce29f", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496801, "uuid": "95611ef7-b93b-4b8a-9c0b-deddbb44e6e0", "comment": "Malware payload", "value": "7c619d7881bbcfc19ee6ec19b2701f470cef4e95", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496801, "uuid": "f3feb87d-197e-456d-b2b0-9ff8ecdc6492", "comment": "Malware payload", "value": "54485da8d10a58fbee56ffeb3c2158826bb0bc14750d0c3b8423ca162fb052803eb29a905280392f7dd9e409096bb5c9", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496801, "uuid": "b414d044-9f7a-4b6d-9cdd-c4c75a0605ae", "value": "T123E4E0E7BEE4937CD78373385E059C33A98E2DBA9CC6D01714732542A8548896BCA7DC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496801, "uuid": "3738c172-b059-47e6-b0dd-e714171212f6", "value": "12288:QpzLGo2h/uRBLPuHfEBq63Q9SnzQg35gGtI/s5iqL3OA+/qsEWBR6tMNJDhnbWtB:QpzCcR1P+oqQNzZ5XIUsq6A+yhqRItB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496801, "uuid": "03181f84-e1f2-4678-a0fd-903ea008d8a1", "value": 685228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496801, "uuid": "5ca36b2b-520d-4f05-900a-782e30700b90", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496801, "uuid": "9211b42c-d156-4938-b57d-8bcc56a6aefe", "value": "document_scan_invoice_00572.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a1992f3-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535258, "uuid": "1a5f3fcc-aa75-4447-83b2-39a53903b100", "comment": "Malware payload", "value": "d1761bd51f08057c193beb72642a3b98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535258, "uuid": "6b14d4ec-0440-4dd1-8080-0b89ed9da44b", "comment": "Malware payload", "value": "c0389d9264e5c5fb9c9c0b7cebd3ab7a9f044518d3fc9183896c9e81c09e695e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535258, "uuid": "3b36f941-83b3-4124-a1ee-bb51a692348c", "comment": "Malware payload", "value": "37d1ffce2b3b3c65aef9ff729472f78f13293bb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535258, "uuid": "4a8563c7-92ef-415a-be1f-c92b64187f0f", "comment": "Malware payload", "value": "538de1bf2efa7f6d38de46b3c32883be2e8bfecec26fea1c425959ff9a3605325e617f6e012616426af60e1e3b1ca937", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535258, "uuid": "234946c4-cf61-408f-b09e-ce99cb87774b", "value": "T1C5A533413ED685BEC6136330B1A9BB616ABEC31A43131EE387E04F195BB85C3C53A55B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535258, "uuid": "9461b411-f68b-4e1c-a5c5-b2bac318656d", "value": "1d0e3506c01cb61e9312cbea4911e92e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535258, "uuid": "fb506c67-6a09-46c9-8a78-d708431d1b1d", "value": "49152:UJGihWdOzS3LVCjfNqmfzohFxK/JLmampPx9t7gdijWLHv+p5:UIiuR3RKC8R6aCPx9hUiCDv+p5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535258, "uuid": "4a7e73e8-c3e2-4307-8967-d24d433030d4", "value": 2263563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535258, "uuid": "ef8cd623-e8fd-4c35-8fc9-798f6c2655f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535258, "uuid": "0e43cb19-12f0-49f9-8219-ffc94c1314e1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecb0dfca-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696507292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507292, "uuid": "01d843fa-113c-4c3e-8855-85445d107b53", "comment": "Malware payload", "value": "58be7b90030c0e7df3ea124240f4d710", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507292, "uuid": "f8b184d3-8836-4615-b520-b926b3eb0575", "comment": "Malware payload", "value": "c0f1508558e9989c9c7b5dd81b13c2d413aac0a9e154223d83ca331c13538060", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507292, "uuid": "198964da-b4c4-4264-b889-19b1ceb466df", "comment": "Malware payload", "value": "d377f04f7e91b7756cc8cb69f045103139b3522f", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507292, "uuid": "2d6ee44c-cdbf-4167-89b4-8e9040f7dbde", "comment": "Malware payload", "value": "ac4580491051029e2c1957e276859be95304c07a38f5d5d1ad2b96d9d7cc06d0b44eb14186ea76d4470006a6fdb4ce1f", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507292, "uuid": "bf4e7217-9bcc-4752-a08a-d34c37bb1d30", "value": "T17803F1FCF1F2262D4649971B064ED27AF1606132567CB26A9C1D23BAF7809F4CDAC5A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507292, "uuid": "01d57b95-0732-4af0-92ce-625752d39f0b", "value": "768:k8kbpGDzykRbvS5ukUOB5RrsawebGzw6f5KbDkyJ8AcKKkjW71umoMPN9+2g63oE:NkbpqtRbsfdB7rs/ea5efL+VRrRPjF35", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507292, "uuid": "f79283cc-31eb-401a-a33d-ca9b524f9075", "value": 41355, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507292, "uuid": "0a8be1f6-23e7-4922-92f1-e458a8bbe2b7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507292, "uuid": "73c67605-8198-4dd4-9d95-a96f723de22a", "value": "OI-039847721.IMG.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fbacb4d-6363-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498814, "uuid": "f23b0fff-779b-4bc4-b1e7-6185a975f725", "comment": "Malware payload (AgentTesla)", "value": "3fb7bce147739ed1d5f5c66ce8c01898", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498814, "uuid": "5ba0de14-55ff-4ab7-808f-e8ddc776cd29", "comment": "Malware payload (AgentTesla)", "value": "c0f5b22257f6ca8bd61739371c6431f50a5bd80e2091c30888046bf981b9f006", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498814, "uuid": "afe79ac0-2c53-4108-afd7-e86db580a807", "comment": "Malware payload (AgentTesla)", "value": "66f28bab101c3739bdbde7206560ed26df6a75e2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498814, "uuid": "e494f974-be5f-4b72-bbaf-c5afc8298505", "comment": "Malware payload (AgentTesla)", "value": "4963c74e531eeea6a9f1a135d8274dabcf3ee12c0b183324055a49533f02e15d106f7205cec1ff5ff9a8e34bd12f9523", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498814, "uuid": "b51c2032-64c9-401f-9521-46d0be7116d3", "value": "T16E6507037A7686A2E6499732D1D71E008363DD8273ABD60A745E33990933BBF9E07D47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498814, "uuid": "ba369511-0c44-4a13-b344-d419809815ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498814, "uuid": "a6817126-815b-4232-a4da-d54aad4e3a57", "value": "24576:iEsOpeXauVjTeGuW7wU/8+oN9Rho+DqW2CdFNchZRMMK:qRHpJoN9RhpPFNcvRM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498814, "uuid": "d6fab472-42ad-4b6d-a171-18e2968480f3", "value": 1456592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498814, "uuid": "d4d3371f-ee29-4740-93fc-747759941890", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498814, "uuid": "45a45662-4eb1-4bc3-a55a-7a2402f4fe90", "value": "QUOTATION_OCT9FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe129e19-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1696496584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496584, "uuid": "8e728b32-aace-4f76-9156-70138e491bba", "comment": "Malware payload (AveMariaRAT)", "value": "82326144e3732a30d567b5f3d9d28141", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496584, "uuid": "8b5a1242-ebc1-43af-93c0-e1a106f301c0", "comment": "Malware payload (AveMariaRAT)", "value": "c38523830495f1f95c51055749695f2de61a259a3813470ffa954ca48e6a19a0", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496584, "uuid": "dd2ba67e-4201-466a-906a-6360df34d782", "comment": "Malware payload (AveMariaRAT)", "value": "9dca6a4f1b3e9ffe5e1040d5bac3398a77b59032", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496584, "uuid": "252919e4-31ef-42c1-b0b9-15a3133ecc2b", "comment": "Malware payload (AveMariaRAT)", "value": "238c715d9b6d9a7315a5f138c4fbfe1560bb8f538e08f81d73c4ff0bf0343d54ecaf3cf70f0e801c155e351ea1615393", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496584, "uuid": "f89c1d4c-b608-42a8-a2d9-015d9e867d70", "value": "T1B5418E051BE60318E2B78B3DBCBAF2115532BD55EA13CBDD42D0D1882875225E476F2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496584, "uuid": "e5ea3b81-cbcd-403e-aa0c-2e520cd81d40", "value": "24:8i1iEdwTYKChWLy3ANPWkp+/CWP2+/CoF4JVetyHjr4I0WUGCGipK6+/CU7f2bqp:84i2WLJND0GVetyHjUICB82bq4J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496584, "uuid": "4094f199-1a43-4aa9-a3a0-87f560795451", "value": 2102, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496584, "uuid": "b5bfc4e3-ca11-4309-beb4-3ec8a35219df", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496584, "uuid": "d1b12821-1df7-4b42-9824-677e37ec8e7a", "value": "swift.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14b78ecf-6382-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696512083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512083, "uuid": "0d56b070-03fb-4c18-bb78-4e05a841925e", "comment": "Malware payload", "value": "29ae0ca6195e739bbac6a066b5e2b335", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512083, "uuid": "7414b12f-a606-495c-84c8-b8615a970446", "comment": "Malware payload", "value": "c44f3805cd4ff2ab58ed35844efd3cc1c6c5227b9a431111c2dbb5cd03f45caf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512083, "uuid": "c54b339f-3367-4317-bc13-ca5bf5d0f2c1", "comment": "Malware payload", "value": "394b5574abac3355152cd166a75ae9aff444c581", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512083, "uuid": "85b66ec9-11c0-4cd5-ba0f-16a404ca8c73", "comment": "Malware payload", "value": "8a1cd86f700eb7d83a56e8877e5dddd03f453b2698e4985e7ac66847be03b8de8bd6d3bceaf2657da7ec1af484e25e92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512083, "uuid": "9aac5bd2-22d6-492e-90b5-c0209a99ee1d", "value": "T14FF4C307BA4BC6B2E2491736D5AB1D08C379D983732BD70BF98E23A715033B69D49607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512083, "uuid": "1e935428-5e77-43c3-a3de-e70762547b68", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512083, "uuid": "dbc5bf4e-c6c3-48e1-beef-befb98597ae0", "value": "12288:3ie9Jqr4Q5q60KAwjw07HagEZax3pbiUh5a52:3/Jqr4Q5R0Kjw07HPEkx3pvza", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696512083, "uuid": "2f0bf89f-53cd-4f82-9822-138c3ba0cfe6", "value": 782848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696512083, "uuid": "5ac40061-0da2-4888-bcd7-1860ed197799", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512083, "uuid": "6b372439-e848-4fca-9261-6374bd020f17", "value": "SHIPPING DOCUMENTS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17899e37-63a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1696528409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528409, "uuid": "6c5199ae-d5d9-4f22-bbbd-fd224bc1e779", "comment": "Malware payload (njrat)", "value": "57c3a475d767158ab2d52e8c4d73ed6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528409, "uuid": "9ea963ee-b605-403b-967f-7d11fbb156b0", "comment": "Malware payload (njrat)", "value": "c45dd0c99ec19101a4d899916401e62ccca5e4bbccf5d23cdeb8780b7cfc8f6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528409, "uuid": "1acce553-7a0c-406f-83f6-a782b1ff0470", "comment": "Malware payload (njrat)", "value": "b4b4ed8c7aaa06f065b51d63e4d8681cf7736f4d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528409, "uuid": "ceecb4c1-480a-4230-b95a-44424dec5cd6", "comment": "Malware payload (njrat)", "value": "943581aed824baf080593dc94e89bbe3487f58be54af2904149a4bb345bae66e8a216c9ef29c7ae47500c3b5293fe071", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528409, "uuid": "ab22a520-eb93-4011-adb1-1e471d0a010f", "value": "T12F246B52B34A4B01E85819B5C5DF593403EAAFC71673F68A3E8C278D4E127A3DF41B89", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528409, "uuid": "d480126b-5b9b-4a24-aa44-fd7d877c504d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528409, "uuid": "969d5d28-8450-4775-9622-628a437d4a25", "value": "3072:QnQkhJnj7fe65YN23P8L09Kj0s2PG2mmgoF80IT57pkZsol/l28rIcTulrQQHME1:QnjXnjq65uQQ09pzu2woep1ydrI8s9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696528409, "uuid": "08825e5d-d042-4100-bd97-dcac75670115", "value": 210432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696528409, "uuid": "06dec3b4-9193-42f1-85b8-566602929f24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528409, "uuid": "9790d633-6f5e-4cbb-8853-a286bd67f3bd", "value": "download.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba89d5c5-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696522670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522670, "uuid": "dbc53736-0158-4b72-8418-75fb8f674cdd", "comment": "Malware payload (Formbook)", "value": "16604ff37d98297e95208cfe9598cd02", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522670, "uuid": "34d288f6-6ced-49ed-aca8-5e9021d2671a", "comment": "Malware payload (Formbook)", "value": "c48930931933be4b07dbba44ad519a575b26981dc726c0bd24d583f70357e3da", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522670, "uuid": "9cf3c5b4-620e-4454-a2f1-4c4e1366b695", "comment": "Malware payload (Formbook)", "value": "b78cd44c72e7135765d76f9afcd2327d97c4e841", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522670, "uuid": "3b391a28-9806-43d0-9f5e-a0f623be5467", "comment": "Malware payload (Formbook)", "value": "a452f506e8aba7919476ab0adf41f6aef7b61184e16d696e97961bdd5bf9082a76e098e99186ffb08c74f2895f35da2f", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522670, "uuid": "097d98a7-795f-4eca-ae16-acda9d86f95d", "value": "T1E654237402B1F8ED2E00B1C41D5D0AE4E076FD95BBD476BB55BA7EB9A21F86124013EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522670, "uuid": "09a1eeee-79fa-4e8c-949e-a80c3e180ff9", "value": "6144:yiRJvh8eirSzmYS5ofP4EAy85sr+JKwu8MBs3Bgr4pxmu0:JJJ8eirm/S5oH4EAr5lIwuVt4Hf0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522670, "uuid": "f8dbd3f4-fa56-48b4-82e4-a580385631ea", "value": 291327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522670, "uuid": "013ef7ee-049b-4c32-96b0-f01c661fed1b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522670, "uuid": "9784b5ec-ab46-44eb-94d2-1d4b8926a1c4", "value": "Changes in staff positions.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cb82c32-63a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696528391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528391, "uuid": "cf8d75d3-c1ff-4b99-b569-3df45713ccfa", "comment": "Malware payload", "value": "1edf0033ff3cd23d72bcec2d09410b04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528391, "uuid": "aba2a895-f4d3-4270-964b-8c1110a9edc9", "comment": "Malware payload", "value": "c48c025004e72306ea5c9f9a98dcc65f682a359fe0e00dc6229cf8f6a1b0019e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528391, "uuid": "96faaff2-9fd9-412d-9645-71ac59f74795", "comment": "Malware payload", "value": "6686e28b6996a50df5ab3c21d0378892f0a8fd46", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696528391, "uuid": "db4875fc-45c5-4a04-ac99-f5def4ac3d60", "comment": "Malware payload", "value": "a334882308efd749f88aeeec0b0853478f7dffd4bf117c122b225c9e6d60daeac08644507c3f9b5668208d14d315e088", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528391, "uuid": "c1c6c527-16ef-4849-86ed-a1f7d583ed10", "value": "T1B514DF213A91C072C49B51748C34CAA0ABBDB8757396DD97335827BF6E3069293BF247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528391, "uuid": "3a6bb2c4-e6e6-470d-8e82-22b462b49f2b", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528391, "uuid": "4301205c-8553-4615-9618-215d820b4615", "value": "3072:1s+QWiJ0hwWX4PoxLTAXav9vaaeHUa9Rl7K7CM5j3:RQ8wlPmTAXav9vaqKRl7Kd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696528391, "uuid": "abed18dc-973b-4698-acab-a1b8ab426ef5", "value": 197120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696528391, "uuid": "aa138c23-729a-436c-a86b-e07e12a07e4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696528391, "uuid": "aab4529f-0b36-4231-ab0d-3e6a039dce07", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d890d86-6398-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696521520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521520, "uuid": "ad93967f-babe-4392-920a-788d07a94e53", "comment": "Malware payload (AgentTesla)", "value": "ac1e4067e159504a3bfc2c12b1221d10", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521520, "uuid": "5786251b-ffaf-4ee9-b2f9-5f4d52ecf146", "comment": "Malware payload (AgentTesla)", "value": "c4b29cd7266136b56288230ab14f82baaa4b2196c402c6c994543246936005d6", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521520, "uuid": "09b54628-4439-4f63-9086-b3f9182ec35d", "comment": "Malware payload (AgentTesla)", "value": "16ba15bae450e54455b853d47a7389ef52c714a1", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696521520, "uuid": "03e670d2-2369-4f95-a8e3-ef09d5908a3b", "comment": "Malware payload (AgentTesla)", "value": "b1cca6276063ff3fdb306b57f59826aa101f2dc206856e52b71cbdfedcd3b3e84414286d4faaee7234eee62c442dd80a", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521520, "uuid": "a5d17da2-15d5-4a76-8938-33c0e8047346", "value": "T1C7E4016077FE8B26D8BA87FA0B34A4501372BDAF6574DA4C5CC6B0DE4925F020661F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521520, "uuid": "862ac536-a522-4afd-880b-9df1d0469252", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521520, "uuid": "419a72c8-132e-4d5c-af95-2eaec1ee63c7", "value": "6144:kiMNx3RDq/YUzsjq8wJZlTM+14wHUhpEwItPT9YX5dYjydCuBBdp4oHuovEZh01y:kiM4/jelrEDjYncyN7ppHnCj1M8u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696521520, "uuid": "9d8fb664-2c84-4ed2-b459-30f6ecebb641", "value": 677376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696521520, "uuid": "3fa970f3-327b-4d80-baa1-dc64f502bf3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696521520, "uuid": "c30a5349-26b6-4c9f-95b0-769c0663c69f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "228e7ae0-6355-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696492779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492779, "uuid": "e33605bf-74f3-47fa-8115-8c8bf08a5e50", "comment": "Malware payload (Formbook)", "value": "a51c6739472ff692b8a2c58b96cb8251", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492779, "uuid": "26eb8a90-0cb4-4d79-8e5a-c8e25ddedc93", "comment": "Malware payload (Formbook)", "value": "c4cd60f5488472faa0d33c0d84e607ac9764c8c38f6ffeab550e9a469629b612", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492779, "uuid": "21b05cae-1898-485d-9ff5-cb606d3cfb82", "comment": "Malware payload (Formbook)", "value": "80c432fb9b1d1750606647f26df840ce35863177", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696492779, "uuid": "5915ef80-d967-403a-a2e5-a01e3bd64332", "comment": "Malware payload (Formbook)", "value": "ef45eee953d98a327ee1cb7b937a6283b6ebdde356d5ab7c4df5379c96222af618508b3c57322e65b2c56a3272f83ed4", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492779, "uuid": "6f59aae5-3c0c-4a52-8fc0-1618f09e0014", "value": "T15054236EA329CD4489BF6158E17FEC1DC4740C221122734E4FA66C1C7BE8779E6E2E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492779, "uuid": "ac59b0a4-d541-4462-9be9-3ab86e22a072", "value": "6144:ly/KxlL6T6DyfxsQzdN5tI/Z+fECasvt+oDkeoLK4obkg1J/O1vo8WD9imdLXiqS:k/K726GpsQzBAZ+fJa6tlweoHoYu/QwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696492779, "uuid": "9ad28865-6cf9-4f6c-ba1a-9f6ff6f98fc3", "value": 296832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696492779, "uuid": "5d06ec72-6444-4733-862f-1190009ec611", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696492779, "uuid": "3bc67d15-a36d-42cc-9a79-cbc9076473f9", "value": "Order NLDB-078005261400.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7b73171-63a6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696527819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527819, "uuid": "974ac9de-0b8b-442f-9f9c-3a2d58f722bf", "comment": "Malware payload (AgentTesla)", "value": "cee3497a00f81f795eab4b3d6472f9af", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527819, "uuid": "d9c193b1-63b9-48e2-9b1e-b5c258161f64", "comment": "Malware payload (AgentTesla)", "value": "c5a0d7c96dcdc8a08af4c2284e35829b9f2e4de7c739c9ccb1866fb1728aabd4", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527819, "uuid": "ab6aaa0e-c2a3-44e8-9bc2-948c3b0029cc", "comment": "Malware payload (AgentTesla)", "value": "7735c5d05502af800ace7683305aeb17bdab7f98", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527819, "uuid": "5572786c-d917-4379-9dac-58835beffbb3", "comment": "Malware payload (AgentTesla)", "value": "0bfbc33b1aaa3ce02376dd55fc1c2fc3a45ba35757e805fdf10870f4d844cf3e9a18c556a5b4900760c7084040c224f3", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527819, "uuid": "effbae0a-bed4-49f1-b19a-0c94f0b7f6eb", "value": "T1C0D42341183E67ABA79EE8370AB8C6F631D4D4D2C4FF8D39E115B8B95595870EC020AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527819, "uuid": "15c453aa-d54a-4f4f-b4e1-792be5c0c158", "value": "12288:qKodurUw14JjvvmK3PsU0BOWpmtKDff2miUaBrVkYZUKxYHglm4ynvfXqlwM:logUw1kzaBO0rfUUirCYqHc6nEF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696527819, "uuid": "722ebd95-ff66-4f47-b17c-821ca2337f05", "value": 626562, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696527819, "uuid": "8b803de4-34ea-4831-881c-cb3546200ae5", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527819, "uuid": "d6ffcfbb-c241-441a-8933-a6cf6512838f", "value": "CourierShipment.pdf.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff63f3b5-639c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696523644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523644, "uuid": "164b7876-1453-494b-ac38-0a5c3d9cc2b5", "comment": "Malware payload (AgentTesla)", "value": "7f0e757077a1234b33e17b438bba3f4b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523644, "uuid": "9f9e916a-c6f0-43c8-a488-1cf7632dd2f8", "comment": "Malware payload (AgentTesla)", "value": "c6e6e4bb053a96fb740f20ad6d139c2502044ec6f06377e61252a14b4cba90d3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523644, "uuid": "fb757ef7-db30-4829-a28a-ae12ed42d6a7", "comment": "Malware payload (AgentTesla)", "value": "c3e61ccf1d6faf8f91c68d56ded4c3341d42c6bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696523644, "uuid": "80ca0271-8099-42b5-a6f1-07e810f00e8c", "comment": "Malware payload (AgentTesla)", "value": "f91f23b1832de67570e3bb6debd84dd8369fbab8c5d210c2d36014f3889332db166145df7c590592a4504b68e4ec2aef", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523644, "uuid": "8ff9f968-6710-4e02-9c26-ee75cc1f8edc", "value": "T15C05126527A99F32D13953F85DB0105203B9A86B6431D12FFCC174EA8DDEB740A90BDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523644, "uuid": "c0c58137-608d-445d-9167-8d9f2e711d89", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523644, "uuid": "d290ed96-b01d-4c26-8192-290bb05106d6", "value": "24576:6DL8HH7kz/+nuVFxqs3G6PhaNaQyFyyR0:OL8Hbkz/H+Ul", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696523644, "uuid": "ab9b60a1-2a2d-48d4-bab5-856699159f1e", "value": 832512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696523644, "uuid": "88752e49-db0d-4e69-9fc5-5a619af45a5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696523644, "uuid": "762c582e-529c-493e-b9e0-4b535dddc5a2", "value": "SecuriteInfo.com.Win32.PWSX-gen.15572.28396", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b15b388-6368-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696501035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501035, "uuid": "ea676b82-e424-48d9-b4c8-69f40d969a37", "comment": "Malware payload (AgentTesla)", "value": "0904117366945153f72c819979679c09", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501035, "uuid": "e93ea475-48c7-4af3-94c5-948356f8146e", "comment": "Malware payload (AgentTesla)", "value": "c71870668e949498421240ed94bbee1385a2f71cd3b8efd28656cacfa6966269", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501035, "uuid": "f52ad378-a31e-4263-90be-d2e14348392f", "comment": "Malware payload (AgentTesla)", "value": "e34a1993d0ed6dc65a2c41e8facf545ea9233e11", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501035, "uuid": "9511701d-d03e-446d-8a25-c1a4a7dd3909", "comment": "Malware payload (AgentTesla)", "value": "39e1f1dfb6d97bd4739452ca8ad38e3ec7f902ff2103fd43dcb50c59b2df21c163a3be03af82feb3f1de22331ee2a859", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501035, "uuid": "1c69c1a3-eba3-4fd1-aa0f-fe6bcd364645", "value": "T129F4E0B0BBC9ECD8F2DB69354CF9E5004662BD4B792EC64FBC01366C45B23821696D1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501035, "uuid": "4be2f307-a5ef-40b3-a06a-1a79f760e505", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501035, "uuid": "c263493a-f1c7-4834-b386-914274eb61ea", "value": "12288:XMYnQ3j67SESV1eXl8OhA90MI+MSZGmBO14JpprQr1541Mn+YcCOXCMzTO0+rVCe:XBM3HBk2phew1MCfXdvO14tPy0+zYe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501035, "uuid": "06c3da79-44c5-4aa1-9e6a-7073e8e9a892", "value": 737280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501035, "uuid": "5610068d-ebee-45d6-a0e6-26a748f4a55e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501035, "uuid": "f2dcc17b-1081-44e2-9de3-75601f400896", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8c26779-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497756, "uuid": "41f4012c-67f8-46bc-9450-aa46477d32b9", "comment": "Malware payload (AgentTesla)", "value": "5d035eb4655f84705ac429c87911a0fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497756, "uuid": "32d976d7-f99f-4a31-9094-a5dcb782ea99", "comment": "Malware payload (AgentTesla)", "value": "c7825ac17db3d7a4fca371b94a6bc4aa7d22e40bfa10e24b0c3ef063c82de7d5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497756, "uuid": "885472ef-d212-4a9b-93c4-a88fa689397d", "comment": "Malware payload (AgentTesla)", "value": "363bb3310956126c2639c8de861ef197228038b8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497756, "uuid": "0f478016-7b3e-40ff-9eda-b0c5b9615263", "comment": "Malware payload (AgentTesla)", "value": "33914d49a098ba8b345aa0bd6000ab603a9cdbceffe1bde54ce9fedea40f8f6531bab307a824d8d48af8b80f52cfac95", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497756, "uuid": "0d947165-d5a0-49bd-9936-e4c48ee60bf2", "value": "T1AA351827BE478BB2E24D1732F6AB4D049361FD83732BD60A798E33A619533679C06507", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497756, "uuid": "3ba75c12-3922-4d5f-840e-c7b156ed3a8e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497756, "uuid": "15920860-ac35-45af-bb1b-96b1850a62ac", "value": "24576:81BPVMt0TmdMQUdIrhQJBY2ZSTQwT3NEa3:GzBmcwTdEs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497756, "uuid": "5a1c6a74-22a3-4db9-a677-79c05acbfb5e", "value": 1150792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497756, "uuid": "4639dbe5-1b82-4be4-811d-6aeffd5802d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497756, "uuid": "de290dbd-6a21-4cb3-a6d4-11643cb6bdd0", "value": "IMG_Requestfdp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fc0749d-636c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696502707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502707, "uuid": "5a3ac7a4-1e16-4063-b859-9286d1bbdd50", "comment": "Malware payload (RedLineStealer)", "value": "5f8cf4ea066e2be12fad2f3b81b81375", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502707, "uuid": "f157b7de-8cd1-46d1-a373-458a1d312d41", "comment": "Malware payload (RedLineStealer)", "value": "c7e3c26c461f5736cb5c01e09d0ccc66b02905aa94bc87750b3929db58b0c3ff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502707, "uuid": "617d7cbe-1c95-4877-ae92-62189a240eab", "comment": "Malware payload (RedLineStealer)", "value": "1dcda958414d3bf6b83fb448931d0c7a3035a8eb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696502707, "uuid": "36b3c42e-7ee5-4e9d-ab1b-a410f542eeda", "comment": "Malware payload (RedLineStealer)", "value": "2effeb709adf504c3c4c61e7f5d99f4bd9bc9facc4d5d0a98fb0742546d60923ab277529250a4e3abb4daa1e5027a14c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502707, "uuid": "73cde4da-6bcc-494f-94ac-3f90ddadd51f", "value": "T1B5852343EBC48572D5F1233008F506C32D7DFCA56DA4826BA2E9E9BA2D62D907572327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502707, "uuid": "9e6bccee-dada-4c32-a5ac-58610dccd47e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502707, "uuid": "2b52cca5-a5db-492f-9bcd-226f9ed95250", "value": "49152:nEurLcbSf8bJOvn/7iapcL/R9llLDPA5StZe0:drIOSMHmaSJ9llfPAg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696502707, "uuid": "43f4a57c-ca61-4777-b1fa-0da7f6299862", "value": 1732608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696502707, "uuid": "0667f3bc-4b37-4605-8830-edc61127c2b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696502707, "uuid": "474c36ef-c112-48e0-8df5-61e53c7942dc", "value": "5f8cf4ea066e2be12fad2f3b81b81375", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b306bb6-63c6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696541273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541273, "uuid": "68bfa0ad-d5f3-4ccc-b06f-0555012efa02", "comment": "Malware payload (RedLineStealer)", "value": "b2c4b6f52dba816c4d30e77bf92cb7b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541273, "uuid": "455740bc-1d27-44c6-88ea-bbd20bca3ab6", "comment": "Malware payload (RedLineStealer)", "value": "c8238bd21dca1ea049a6a20deab11b4dbc7bc5862c991ba21da4494c4278ce09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541273, "uuid": "e899eba8-ea3c-4faf-ab51-d62fd2095db3", "comment": "Malware payload (RedLineStealer)", "value": "c89352109d0a5dc2cff83f4bfa759182af454d89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696541273, "uuid": "9ce23a79-a6de-41cd-88fd-59b17b4702d2", "comment": "Malware payload (RedLineStealer)", "value": "f9edb69a5b3091603eb8a74ec76afdbb9d256a71b61c91c547172e83070ef48697100ece79d54e75f8227cc5efbfbcdf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541273, "uuid": "6e4c5fe6-390c-412b-8e29-b22fe28138ad", "value": "T16B953322EBF94019D8F42B705CFB01870979F46EA4658B7233DCE19698F35D0A539B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541273, "uuid": "a48accc0-b5ac-4387-be7b-ee185d75640c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541273, "uuid": "e60f0af1-782a-407b-90db-fb1dec4b4183", "value": "49152:vzNG4PbcO+TPckOU+BnLBt0cQ4Px7rxTDswh3XKpMJ9wl9vDo+IE:hZj6TPckOU+BQ0jMw1uMJ9CDo+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696541273, "uuid": "5600872b-9f20-4623-8b7c-12c5828e1c91", "value": 1922560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696541273, "uuid": "a1800e01-5b3d-4fc0-a79b-65858a0a9d75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696541273, "uuid": "a48b6dbc-eaca-4a45-870c-fc376a5432a5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5dbdea4-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696507280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507280, "uuid": "fec81a6b-43b5-432d-8edb-c9615494a364", "comment": "Malware payload (Formbook)", "value": "723e0598f2c1517b13506ea1521471fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507280, "uuid": "55171027-6c43-4894-9675-3e55464acd67", "comment": "Malware payload (Formbook)", "value": "c8827b3385b4cfc8e31913a78e7e108ffeaa2cad099ccc49d4cb2c26edc5a910", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507280, "uuid": "3386684f-e3d0-48d4-a57d-ac5c1c60fc56", "comment": "Malware payload (Formbook)", "value": "499f19e81568b3a9ad11a69b1506cadefd06d9c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507280, "uuid": "9959ef50-0ac4-46af-a348-2e7d086f6f5d", "comment": "Malware payload (Formbook)", "value": "f5a8494a8125f05b227a7d07bb914c83846f52d90217f9f6621e308076a3e897d49dc3cef1dab1c917565f17296558bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507280, "uuid": "27f9eff5-ef7c-4496-aeac-d85b34eb1a5c", "value": "T198E4022077EA5F36D87A43FA0130450017B67DAF6578EA4C1DC670CF0A66F825AA1FA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507280, "uuid": "a7c4471c-fe07-436e-b22d-a07f13f838da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507280, "uuid": "2c2d0e7f-4a81-452d-b80a-bc76eed2741b", "value": "12288:4iMy/jZjSu/bAsWMEaH91sw4OHcfIhwEvoag4QbWS018uxmV/5aLEw:xLZjRDiRAYw4pAhwEvoxTRtQLE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507280, "uuid": "4a263394-cb6c-4a97-96c3-32b86c8b91fb", "value": 673792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507280, "uuid": "3d4a43c8-9654-4fa5-a80b-8df0804a5ba3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507280, "uuid": "81b72981-d68f-45b5-8f92-89f666925942", "value": "Indirect Standard PO_6400456813.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "034548ab-6356-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696493156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493156, "uuid": "0ff33669-9e6d-42f7-abf6-ac691042db33", "comment": "Malware payload (AgentTesla)", "value": "f7659e75c69e47b6fd42687ed60390d4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493156, "uuid": "426f028e-8c9d-4e9d-b513-15279f14e103", "comment": "Malware payload (AgentTesla)", "value": "c94c3741876b0ec763fa759b91c10d941c12626e84ef0d43c6c64cec7959f4f8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493156, "uuid": "43dc16e4-05f7-467c-bf78-d65f50571114", "comment": "Malware payload (AgentTesla)", "value": "ab96112413731eb7601bd5168c358334c81e9edf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493156, "uuid": "683b3850-088d-4ac7-8d76-25cd8c7d80fc", "comment": "Malware payload (AgentTesla)", "value": "1a9697f0a21883b011f60a1f3d93e6b79ab03c6fb86c78109ea8da58bd61ad0957e8ce3e872a8392520dd27b06385c3c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493156, "uuid": "98cee75f-9726-46a6-b110-f5bd52388b48", "value": "T16BC4124832644B07E66C16F74C379AD983794E573602FE592DE1B6CF6DB6B880224BC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493156, "uuid": "dc3c20b9-acf8-4110-8acc-144a70c19f26", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493156, "uuid": "4a56e1d5-4b99-4e4f-add1-3ebd63bcc637", "value": "12288:x8zS55mFzD8jtsA6TwAaRhF0ThzIfDaXworitkvpALaek6m+I2i:xf55qatsD8BRhiThz+DUpr1p+Nk6m+ji", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493156, "uuid": "f69a6f26-c32c-4502-8af9-b7d19b5e3ed1", "value": 592384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493156, "uuid": "a52c0832-ec22-48f6-a543-a731d9e5a8a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493156, "uuid": "f35f11ac-726c-44d5-95bc-26ac0639c24b", "value": "Payment Swift.pdf_______________________________________________________________________.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f57533-633d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696482694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696482694, "uuid": "50776200-b1cd-4b60-848f-269de093db89", "comment": "Malware payload (Stealc)", "value": "59db09162869f4770d65e6c8c483ae07", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696482694, "uuid": "02f98cd5-a1e7-463d-9aaf-8e81c32b1a87", "comment": "Malware payload (Stealc)", "value": "c97245effb055a3b948c2fb7120a47b944285982e5b46ce927f581df143fc594", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696482694, "uuid": "fb01cfd9-0cd8-490d-9570-ffa31dd9a5ce", "comment": "Malware payload (Stealc)", "value": "531e376bb4050e05c456873f6a60cdedac7ab3c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696482694, "uuid": "3f4acdfa-eceb-4368-8712-8ab39073a4fb", "comment": "Malware payload (Stealc)", "value": "1c2689eaaaa0134724d9c6f9f2833c7d8a688bed94f18c7e3bdb635425f183df9329016f57d8dcbebac1b91d67e48c99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696482694, "uuid": "d8622e7b-41f3-43cd-84d4-3f4b47eb715e", "value": "T1AF14CF213AE1C073D5A746358930DBA07A7FB86327B4459F33181B7E5E302D29B6A367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696482694, "uuid": "878e4f57-f8ff-4939-b813-cfe0dd097dff", "value": "1e2f614c1813ff4e3f2f3e784182dbac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696482694, "uuid": "af8bf523-c694-4466-ae72-179681d3235a", "value": "3072:hR3e9hlpiO2qLs/OFERt5JX5M40jpF5s/Vr:69JiO2H/Ht5JimV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696482694, "uuid": "75153740-ce4e-46e9-8758-62e68cbc7cd2", "value": 206848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696482694, "uuid": "41c755a9-80c9-43e7-881a-f287fac8bc0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696482694, "uuid": "4eeb359a-5650-44c6-8919-182322390635", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e33752e-639a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696522434, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522434, "uuid": "f2f1b3e0-7296-4fe2-b33f-3b4898fd3a30", "comment": "Malware payload (Mirai)", "value": "342cd95e1aa39917709c5333521cf1b3", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522434, "uuid": "b5f2d644-94d1-45bf-a618-9abbe4a17c5f", "comment": "Malware payload (Mirai)", "value": "c9dbe3eae11e8bc140a1fe105590a166b66a1c8c1fc396d366f22a996306848d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522434, "uuid": "870355b8-6103-44c3-8f5c-23f0c3e2d1d3", "comment": "Malware payload (Mirai)", "value": "8f17f2e97aa042ead23072d764441336adc035c5", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696522434, "uuid": "534b011d-ae9f-4f73-ba83-739c46019125", "comment": "Malware payload (Mirai)", "value": "d001247839fbf16fc3ff7a94507df1b636a7752a49390f2e2be374836818557baac02bb5430e92ca27f3e3a6edb59337", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522434, "uuid": "ec302289-5c34-4d0b-9a12-c785f523ba9c", "value": "T107936CC5F683D4F5E89304B1613AEB339B33F0B52019EA43D7799932ECA1511EA16B6C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522434, "uuid": "367f1bbe-40d6-4f4a-b651-55ced19af300", "value": "1536:xpmWc2AcighsZ82fJxfc5HD1mSsM8meUigBQ9TnkISGtAd80xZ:xpmX2riED2frf+HhmLVUBQ9kVT80x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696522434, "uuid": "389b1da6-0a30-49ec-9eb7-00c7511d3532", "value": 89576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696522434, "uuid": "fbb713f2-dec1-4dc4-942b-bacc184b8677", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696522434, "uuid": "0321eed3-8261-4efd-a55a-bad367200d91", "value": "top1hbt.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ee31cde-63a6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696527723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527723, "uuid": "941141fd-5cff-4f4e-8d3a-faf6768e953d", "comment": "Malware payload (GCleaner)", "value": "e6afc561a9f06a3ebf1d9f2d64583327", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527723, "uuid": "59001dc8-fca7-41c6-a059-501a2d6937e6", "comment": "Malware payload (GCleaner)", "value": "ca61a90899c2ae559f5b0ffd4cba6b68b8472ad22d582b2c9199626af97faf8b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527723, "uuid": "4422b118-28e6-4053-a8b4-b93d310d2937", "comment": "Malware payload (GCleaner)", "value": "3d636c72f4b6ba775e87e97fe5b0eca1ced80f28", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696527723, "uuid": "fd90f4ca-6fb0-4000-ae49-6796930e2c23", "comment": "Malware payload (GCleaner)", "value": "f11c240b47abde3c48c467c100ae08dfc20592201826e08792eeae48789ceb306bf19dd4ab325233952a2fe9fa32efcd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527723, "uuid": "54c058d0-f9b1-4f4e-bd5a-67f3efa3c789", "value": "T12544F121B990CCB3C4E75135C464C7A47B7AA8F197A7C947379826FE7E203C1A72B245", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527723, "uuid": "e0bb7bdb-d6ad-4317-8394-ca858db069f7", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527723, "uuid": "254945aa-b0c4-4de8-a639-ae17aa7aafd1", "value": "3072:RDMC7KF0cHn+ft96PjU+OvNngv742XPg0Vk/e9JS1VEQwfb08Pa8UXix2oRAHH5N:p7qH+SbUgUYPgH/wAHfcR2HH1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696527723, "uuid": "863fba01-91e5-4b36-96c4-8b5263c8d298", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696527723, "uuid": "58b58c86-a774-42fb-b911-c16d5a7e297a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696527723, "uuid": "edbedb37-2c82-4ec9-b640-c7cf696aec1f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f716415c-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1696510316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510316, "uuid": "a8ffbeb3-473f-450b-98a4-e2fe2d8cfdbd", "comment": "Malware payload (XWorm)", "value": "0ae9d4d91bde4d050f899f917a56048c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510316, "uuid": "a2672dea-15fb-4004-b787-48c824f7f0ba", "comment": "Malware payload (XWorm)", "value": "cbfb37a30549dfc3b45cb0619d9f810f8ea32c59e63aa91a21ab8d4192f74c72", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510316, "uuid": "5451873c-0927-4f87-81fb-bc059497e659", "comment": "Malware payload (XWorm)", "value": "148dd73b7a98df5a3990b016cdbed476e4320f13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510316, "uuid": "13560278-7e04-4a7f-a9c0-23f12894462c", "comment": "Malware payload (XWorm)", "value": "a125571becbf2fc15e8886018b3e1d4612bf81ea387b078c4dc930e060d69ac1ec9ea6a6337601fd160138e41277b7b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510316, "uuid": "8032d89d-8f42-427b-8070-db7156804f3a", "value": "T137E25D48B7958326C5FE5BF529B2E1020275B513CD27CF6E1CD889AA7B77AC14A403E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510316, "uuid": "10500c68-0131-477e-acd7-bfc317cf159f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510316, "uuid": "da89e8ed-bf4e-44b0-be4c-fcbb9ad51f97", "value": "768:gMzW03/EQupuLtpXn+Pd1IHZFl99QsOmhWbrelI:b3cQ0itp3+M5Fl997Om4yI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510316, "uuid": "1a0aa5d2-9a1c-41ab-bf39-3738d1c73452", "value": 31744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510316, "uuid": "4d4ad782-66bf-4acb-bd3a-b3c4b582cc3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510316, "uuid": "af15bfcf-79cc-4047-b005-77284cba0953", "value": "taskhosts.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c7af56d-63b9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696535907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535907, "uuid": "43752e25-c107-4012-8ab3-d91a7bc4bb9a", "comment": "Malware payload (Smoke Loader)", "value": "5a7b95cc1ab2b0baf5a255ea316af1c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535907, "uuid": "dc41a9d9-dc45-477b-bcd5-e8c50e78f1f6", "comment": "Malware payload (Smoke Loader)", "value": "cc4d763568a1fc082f9fa7c7f8aebf175aa86bf8f3c871eff075d61bf0406a5c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535907, "uuid": "ef4d3635-75cd-4f39-becf-5b614494ba45", "comment": "Malware payload (Smoke Loader)", "value": "35e79ac8135e548e51fbcc7446f3393313a88f46", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535907, "uuid": "e8161f7e-f223-4f63-945e-a50a6ab11ddb", "comment": "Malware payload (Smoke Loader)", "value": "653aa3fd3095a653b4f5818de212c8fbcdda48b96f7e9656df35ad2125242d3fe5158fce987c7e15e7e84d055314f9bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535907, "uuid": "8460cbdc-6640-4268-96e1-2f1d692bb29a", "value": "T17014D0F27A50C0BFC44B90758422FB606F69E8A14397C54B37981BBEAE302D197EF251", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535907, "uuid": "252f727c-d076-4563-8c95-f83a9954ac87", "value": "f7870f247b6310288a9657f261d28969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535907, "uuid": "b85afd93-5fde-4d17-9283-5d0858e704ec", "value": "3072:2u+WM//NzNg3OJ7yCgXefJipYm6qNLWUU9CMyf79522iS605NJ:yWMPPJhicgWm7NLmCMk952LS6w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535907, "uuid": "395b15bb-816c-439a-9416-a53486000ec5", "value": 196608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535907, "uuid": "cda1bc29-5fdc-4469-8a07-3cacbb07ad38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535907, "uuid": "b72e5288-11e5-4977-92fc-7b152b7c420e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e07a1766-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696535189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535189, "uuid": "604cacc4-2071-43d3-82fb-f013ffddadf2", "comment": "Malware payload (GCleaner)", "value": "4bc7e211b2498a8e2aa1c121986ce91f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535189, "uuid": "16e5a466-edd2-4610-99c0-74a048093efe", "comment": "Malware payload (GCleaner)", "value": "cc52ee754ae49718a49352cab0d0f4c44876e46241f7801aa3a911670361e2f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535189, "uuid": "0969c4b2-9dff-4887-b2aa-f60ee0fd06e6", "comment": "Malware payload (GCleaner)", "value": "54ce45ec57abe0a916241f5ed2f787bcdf3bccb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535189, "uuid": "ef180043-3509-4936-80f6-62a661593b08", "comment": "Malware payload (GCleaner)", "value": "003b7978c849c45ed4b2c19038b74f1626a71ecd7819c0cf8686f9dc92b9ea577e824b8bbea4203cfa1d90a719e0d1ab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535189, "uuid": "d467aa43-3624-47af-b1d8-85e7df85fd85", "value": "T18444F1227590C87EC44B92B98424CB9CEB3AF8615555C64B33A82AEF5E303D1973BFC5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535189, "uuid": "8d789475-0bff-4ecc-ab1a-c44529aa947a", "value": "f7870f247b6310288a9657f261d28969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535189, "uuid": "5e3a5d4f-de43-4eb8-8ee2-0d23536f6ece", "value": "3072:fR6fw3if25pKcZKa59hLlMG6jRjS4SfeZZz/8t67xpR34s9zDIh6J4I5bQxIbH6J:iwz5Mcc6AjRjKfkZz/BMsNtJxcxIK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535189, "uuid": "a58ccccc-88bf-49f7-882f-07c7354dca90", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535189, "uuid": "6d91d768-e8df-48dc-bc38-ff9d0d72b92a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535189, "uuid": "1a81537a-af24-400f-8d32-7dcd36434b9b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be9c3ffb-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510651, "uuid": "b4cf7514-97fc-4c22-aa15-a5f40cc8aa3c", "comment": "Malware payload", "value": "b219ec692346d74229edd33120aacb8c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510651, "uuid": "be26b8a2-8aa0-4dea-9a3f-045aa9903e55", "comment": "Malware payload", "value": "ccd0ebc38a478b111c1b7daf40e1f78cc39eeea0b35c6880a126417e58fe292b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510651, "uuid": "171aa9b6-b8f9-4303-ae60-ae63742a214a", "comment": "Malware payload", "value": "6cd869e8c1544bcc29b27c664cc86c8c3f112128", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510651, "uuid": "9d6aeb6c-9698-49ac-8b75-abbc8a3ed4ea", "comment": "Malware payload", "value": "1e88e59250985f373015519791bf9e3fb237460aa28bebf4160affcf10434c7deb3334cce69aede7955a7841977fc283", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510651, "uuid": "21e5dde0-2915-4d51-8a33-91a2a7b26f1f", "value": "T19445F15E730CB150DD1295379020CA7915B15D8AAFF0E41CBBDABE7F79B3B83011A26A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510651, "uuid": "85ea3a40-9e7a-478b-aa40-9c02c5776dd3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510651, "uuid": "c2b94de7-ddd0-4e35-b4ac-9597c956c4a4", "value": "24576:mQLJ4Uyrt7JJT8mXlnDbf7FhD+lHv0PTMbUkIaMUcfewz5:mQLqUkxJJZ1bDFglH8Ps6Ucfz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510651, "uuid": "4e5b4bd4-582b-41c2-8f9d-91db765ab86f", "value": 1221120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510651, "uuid": "619ef4e7-c471-429a-9b71-404d08cdbafa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510651, "uuid": "b339afed-d915-4584-a36a-d058ddba125e", "value": "b219ec692346d74229edd33120aacb8c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "976bc18e-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1696495123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495123, "uuid": "4f09069f-54d7-4c3f-b834-9ababf878117", "comment": "Malware payload (GuLoader)", "value": "6568bbfee04d28b65948d0fe1ad73654", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495123, "uuid": "d62664bb-344d-4b14-8fef-01026ec40095", "comment": "Malware payload (GuLoader)", "value": "ccd5cba7b4d5c35b3f8b94df5fd978e72f023293f3ee72dc9116fbb72478b63c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495123, "uuid": "558ce30e-19a6-4561-b9ef-f3aa7e22cdc2", "comment": "Malware payload (GuLoader)", "value": "91bcd066f3b5d79d6a943d02c9fe9cb140fc9488", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495123, "uuid": "956fa16f-f032-4e53-8b1e-321d023569bf", "comment": "Malware payload (GuLoader)", "value": "7aa237cc540ff35561aaa2bb3f8d6c8446678114b18ea8157968c28f0ad22d4d8ab7021e0bd7727d8e05a32817059bab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495123, "uuid": "5d234b01-1e01-4a80-98ce-4ef888834886", "value": "T18665331047B698C7D16002B456F69F3F7CA7BF51E8D876432FD9B7E66932402B424A0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495123, "uuid": "4facdf29-683e-4755-9cb0-e7dd1a0c14c6", "value": "671f2a1f8aee14d336bab98fea93d734", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495123, "uuid": "5e9dafc1-4eab-4cf3-adae-dd51a183f1ac", "value": "24576:bxKRQmiNMdweDnbdGNcvJWf2yKIkLin3fkm46kuwaZuvRAn0lVbb:8RQmzdweNhWf2/Lc3fk62miin0lNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495123, "uuid": "6eec31fb-2035-4192-9314-3c3dca70634f", "value": 1487463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495123, "uuid": "4269b638-a1e3-4d3e-8697-7bb25f68c5f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495123, "uuid": "030aea61-82c0-48ba-b099-a04b5ca4e72c", "value": "HGD0086568000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5a92ba1-638e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696517561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517561, "uuid": "9ef8a0db-a9ba-4812-a0de-f25180a23bc3", "comment": "Malware payload (RedLineStealer)", "value": "6f646ff6d4d99fbaf05ac50f23ea83d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517561, "uuid": "9fc526ca-91a5-4d57-9be7-7a62544c3fc7", "comment": "Malware payload (RedLineStealer)", "value": "cd48701fd8668bd73175d01d1efe064428d693a22c4ed57ba9369880d7520808", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517561, "uuid": "c399bcc4-6aa3-4afb-b3c7-a64ebcdc3160", "comment": "Malware payload (RedLineStealer)", "value": "50cdf91ad1649ca900d7d477189b71d2c7b7dc7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517561, "uuid": "ba04bf10-de43-42c3-ad4b-d5adf54b85f8", "comment": "Malware payload (RedLineStealer)", "value": "b4415ec5121c6657b14f79fbe80c6561bfd6018a8e87542d03ff691174625750bdd2704a46d25cd15f9530fc4513f84b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517561, "uuid": "03313d00-cd1b-4fd3-8488-1f896763f831", "value": "T1D8952B1173F95B99F5F30BB89ABAA615087ABC799F11C2DF12D5508E0C60AD08970F3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517561, "uuid": "9063d3f1-48cb-4ce7-9684-35cc15cae302", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517561, "uuid": "acd35ca2-06a7-4134-8406-0ef0c53f7ce4", "value": "24576:4GxY5KgFimILMhkVSjFgHdg2HO6a9DhvhWIBur7rXmAtf:4igFimILMhAQF8g8O6a3vsj3tf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696517561, "uuid": "08391f46-15d4-4b9a-af19-9b14cc432910", "value": 1928192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696517561, "uuid": "b1d6a4a6-d08f-41cb-9bfb-bf29c05c4499", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517561, "uuid": "518fa653-1274-4e29-a3f7-9b5a063c9ddf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61de554e-638d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696516937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516937, "uuid": "5a3f7db4-f22a-4ab8-af9d-033cc559041b", "comment": "Malware payload", "value": "3d41baab5029a22b514ce250df78da41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516937, "uuid": "81914a55-d834-44cd-8ca1-5a787c11e16c", "comment": "Malware payload", "value": "cd5d4901a0e19f75649f5f3a16e4e0e3ce13f354f624ed7b4d4e8c7559882553", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516937, "uuid": "e6558644-b589-4c10-9333-1b3d42a44563", "comment": "Malware payload", "value": "265e29bb3c0cfe8c81f5d0fd9553efb75ad8897f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696516937, "uuid": "173a6a4a-7255-4674-8174-3825f8be74c8", "comment": "Malware payload", "value": "68aeccdcbc4285d4a6cd13011743a7f9f2e6c5bf09ce07ce281063c9291d6837e9e64a0d5b74c4acbe77c8210c173cac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516937, "uuid": "bfbf37c0-9a2f-47f2-b744-e6ac4c345517", "value": "T17F458E0733E6C0E8DE6790F2C6255223E7727815173897DB64E0692DDFA3EA11B3A711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516937, "uuid": "b63bba57-f15c-42de-83a3-182a7eeba159", "value": "2004a5f6f543f8c26e144c1ceb66f943", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516937, "uuid": "2e7c4b73-df6e-4263-a72d-3486bbe46689", "value": "24576:2jdvkUZ0pDZe+Bczu3+ZO0IRR3wTkgr9BNpiUU11Wsp1Igj20wqH8:2jdvkY0pDZe+Bczu3+ZO0IRR3eFr9B/h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696516937, "uuid": "a726a985-8cea-492e-8aa9-c4d03c8d7d8a", "value": 1225728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696516937, "uuid": "e82d75df-c3f3-447e-90bc-202f0b645b61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696516937, "uuid": "3f366f95-2846-422b-be23-c21e1cad2f6d", "value": "Books.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f94b3b7b-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696498294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498294, "uuid": "735b5137-9d37-4b4f-bc2e-2b64e8aa8b6e", "comment": "Malware payload (Loki)", "value": "76bc4bbe16b32c956d0c8e4ddcacd0fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498294, "uuid": "2863238d-deaf-47ca-90ce-76edff1ba395", "comment": "Malware payload (Loki)", "value": "cd9597e967d133ab7bccae78b3f676595f0e15d7e92829fdefd794d98a6eba80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498294, "uuid": "3c2caa81-fc9c-48ff-8485-66a023f87008", "comment": "Malware payload (Loki)", "value": "78dfb3862490195e85ffc527248d39758b089791", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498294, "uuid": "ec29547c-eee8-4d14-b4ff-b07633de936b", "comment": "Malware payload (Loki)", "value": "2444e9fac9ca184bf664b7c66019447be57ff66b0c975752dad834f06a2c763a3b165f167e31bcea25fd2fba43502e14", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498294, "uuid": "955eec82-464e-47e9-b868-4ac0b6dcd748", "value": "T153B402A5B790F6BFC523D5358AA01D24A721343B935BC7469813109D9E8EADB8F207F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498294, "uuid": "e392e846-174b-4c2b-8488-b4f091da58f9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498294, "uuid": "8c4d1d51-e64f-427c-b0c6-39eccc9154d2", "value": "12288:Q/jRjLo7UJj5zy2b/XFAIkTJU076tUXljUSAN5qPHUB0:QLu7wueJ0rRI5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498294, "uuid": "8a924d5a-faa6-4033-a872-0f7c4b16062d", "value": 496128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498294, "uuid": "f5001db8-9620-442a-800d-35ae106ee4ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498294, "uuid": "c0161769-5386-4b75-b04b-5af6052a57b3", "value": "FedEx_773430901033.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2693f6da-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LunaLogger)", "timestamp": 1696498370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498370, "uuid": "d5099dec-410a-4363-821a-0d75251d18c5", "comment": "Malware payload (LunaLogger)", "value": "afc77f58c1d97803dd2398b0c364da9b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498370, "uuid": "ad1e80d5-5468-40ce-b2f7-2f50a84fb6ee", "comment": "Malware payload (LunaLogger)", "value": "ce18085b9f3e019d7d039b05cf21f9eabe459902fe65f7e72f3f381e97cb14cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498370, "uuid": "b86fefdf-6176-4508-b41c-856f18027439", "comment": "Malware payload (LunaLogger)", "value": "d7805314907c838f35dd0ec9749e0b8c6f5d06fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498370, "uuid": "50e9f9b6-ed43-48c4-9d92-f813beda9735", "comment": "Malware payload (LunaLogger)", "value": "a9fc2edbf958b6610f35d919e418fc88a0f1dc49d6813aea2883b3575df0f879007f901e0c4ab565c5c18d9c4e5867c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498370, "uuid": "18c70053-331a-4591-abc5-14e347da782b", "value": "T157173357AD3205F3E5F46339A40BC8645231F83183B4EB8683A9961E0FE7671AD76F90", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498370, "uuid": "f9e377d5-aa0f-4f1a-a4d9-2cd53ce334be", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498370, "uuid": "56b22454-874f-48f3-ab88-a6d4e4c53701", "value": "393216:Sh3nJWQDaLOPhIBRpnlPSa7QvS26Yz4zdChd872:Sh3EQMuhqpnlxMqWsJ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498370, "uuid": "372eb83f-35c5-4fa1-8091-a0696802d1f1", "value": 19602101, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498370, "uuid": "a3a498d7-ec24-4212-853e-4774a59b461a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498370, "uuid": "9656be18-a923-4827-a0a6-5bebef82ecad", "value": "SecuriteInfo.com.Win64.Evo-gen.12856.19549", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70d906be-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494629, "uuid": "4d59b0b4-c7bc-41bf-af1e-89f5b3df964c", "comment": "Malware payload (AgentTesla)", "value": "dff1405a739264d01f3cf6fb6002d7d7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494629, "uuid": "675de507-12c2-4ae2-9049-7e1b3841f97f", "comment": "Malware payload (AgentTesla)", "value": "ce24a12cd998a4e9efeb94297f8ab3e255040f3204b549f9d2890765490e3c9a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494629, "uuid": "f4ae0d79-811c-4cd6-a8f4-03f30ff4c2c1", "comment": "Malware payload (AgentTesla)", "value": "726ac25c939e9b86669812e4f3fdb60c220ac356", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494629, "uuid": "af3b9589-f722-45db-b9fa-6782b424602e", "comment": "Malware payload (AgentTesla)", "value": "4a2d1bea02b71fc3019c6a97b4db532cdaa2eb02cb13eec2076b0950e4e51976eae66f023d589955c7aaa34bb01c1988", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494629, "uuid": "62c5d210-54f9-4559-81dd-f172ecab6666", "value": "T188D412AD7350F6AEC627C67586A42C84D72268A7972FC247E493219D9D0D68FCF006F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494629, "uuid": "3c9259d0-56fd-42a5-8298-f343b1ab5aa0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494629, "uuid": "c5ef0ad8-4543-47e0-bfec-f6b57e79658c", "value": "12288:Kw/j2Yz3LGgH9wt2yApDJc+aj2Q6fHf4OBzNBSOGGAlP4IxwCsMXyDbzG3warH:PL2obHKTyi+q2ZZzNBSOGGAiINsV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494629, "uuid": "c91964ed-b099-4cdf-b6a1-854a34cfeed3", "value": 652800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494629, "uuid": "72939ee6-5c83-4ac7-9b87-432f9f2469dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494629, "uuid": "cdd25112-d616-4c34-9c2e-5a9294af0e06", "value": "ygM1KYafZtC6F84.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2446ded9-63c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696542604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542604, "uuid": "38801f1f-de53-4788-90bd-742a9f4f25d2", "comment": "Malware payload (Mirai)", "value": "25d3a36328d1a93908187856d8b9c108", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542604, "uuid": "ad1f6313-f489-4f2a-9eab-c40d153fe7ca", "comment": "Malware payload (Mirai)", "value": "ce4907e81fc3f28793a462cbad723d398ceffa6d98ff3bf1b070941d6392b833", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542604, "uuid": "493a4b7c-f26e-4a6f-9425-f561548235ed", "comment": "Malware payload (Mirai)", "value": "8156138f1194a3a4e91cb682637ad5a8f3466734", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542604, "uuid": "00b4e8d4-6496-413c-add5-c6d973a92819", "comment": "Malware payload (Mirai)", "value": "a1c252eb830297958e0a5c82a83c97e1a6f1cb62fd2afe034cb9ef8ec52984922902f7114444edccf4f0fbc550de0039", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542604, "uuid": "e347efec-835c-4b7c-96c1-1ca3697af573", "value": "T12E43C652B8815A2BC1E423BBEA6E518D3371B3F8D1DB3616CC111B24778952F1EA7B81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542604, "uuid": "598e0b63-7c2a-43a0-a148-b1cbbeb3e78b", "value": "1536:rL/BMZOlXxfoYfi0p25+DfaerBkeOxllulG9WkQxxd42+:pMZ2mFkfae+eOjl6G9/Ql", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696542604, "uuid": "4a31bb0b-c673-4606-834f-960721beb758", "value": 55608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696542604, "uuid": "402a0362-19e2-4926-9052-874c0cae25a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542604, "uuid": "10f5eeb8-aad7-4cd6-abd5-31d8d8ca2607", "value": "jew.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "542b68a5-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495869, "uuid": "dd5f9131-c864-49da-b40e-eed86be223ac", "comment": "Malware payload", "value": "e911176ea6e221c9932a077db8797f14", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495869, "uuid": "f003f3f7-d00d-4c6b-8925-f966d6ab8441", "comment": "Malware payload", "value": "cff808c8bb5015d61ee683fe6c36edddd56aa22d5fe4e21ac6ff9b0c4070a769", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495869, "uuid": "bc16b6ef-b600-4491-a9ae-dc1e1898ca50", "comment": "Malware payload", "value": "3c07aac5f7d2cf2e126264b0ad2c56f7812c7027", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495869, "uuid": "5ea4baec-e63e-4efe-bd5c-fa1d487fd36b", "comment": "Malware payload", "value": "13214836293b4a350214bc8b7a3ba7bb16ca9eef2e1c8ffbf4cc40324c7f871f05b98484624a4f2b18ec78bb59083172", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495869, "uuid": "7c209549-824f-4421-b45d-d2858c159695", "value": "T13B55E00F9414AB86D00D43F8BE233DA91E0E7F15A7C569DB15533B8B3E3066219DA2DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495869, "uuid": "83b49f03-1d0c-402a-8123-f9db964c50bb", "value": "24576:UWQmmav30xvZysw6V1AXZSwrZyqw6VGAXZSrIpLv+9xbwkgnEBLUVXfw9x:pQmmQ30LU6VqESO6VNE6+Dw7njVP2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495869, "uuid": "f2a58a6e-99c9-4833-8b2a-cb215de57186", "value": 1362432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495869, "uuid": "75e68ae0-9bc7-48d3-979a-bbb87eb78a3c", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495869, "uuid": "626ee3ca-9c60-4395-beda-dbf4df7367f4", "value": "PI.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e952b232-63b0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696532197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532197, "uuid": "4567a12c-3d9e-4b26-8634-bc3fd8edb239", "comment": "Malware payload", "value": "3c08828762a142e67b6b2a63ba84236e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532197, "uuid": "90359205-a845-44ef-b202-435851ed5af5", "comment": "Malware payload", "value": "d0d44473617c827906fb10fd9212e9ead8ec202d3e15e967441d328e798e6d47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532197, "uuid": "325649b4-9568-4869-b4c4-898a4e96ea88", "comment": "Malware payload", "value": "82337cae12f2c6b6d1d0770bf52b794bebe6a18a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696532197, "uuid": "8d60bd24-855e-47d0-a798-84c3a7f66afc", "comment": "Malware payload", "value": "cc2eab42193d1a77ab6f3dcff75069b52b7288f2428d6de37a4ffbb93cf8d50f821732040c04a4ebbcb68f964d6bf928", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532197, "uuid": "f07c397d-8cea-452c-984a-c88ef12ff9d0", "value": "T1B3C1E914539C8B32E57107B16CA3930063B8B7966852CF9F3DCC620F7D5A2D84A627B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532197, "uuid": "9864dde3-8cac-4f64-9933-51a46233b247", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532197, "uuid": "e89f2d40-200d-4e32-a641-f22a26201d22", "value": "48:6XXjZQaJRuDl5ditfzJCN8PqYG065Uwzw+PeLlz3tPnUM4+z9w4k7DgH0LPKD4vS:SZmdwI8rHcPeprtf4+z9wSD3BCzNt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696532197, "uuid": "6c673aaa-5a22-4457-be17-85d52443b176", "value": 6144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696532197, "uuid": "a97c22d0-26e0-4dc4-886d-d9309015f063", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696532197, "uuid": "fc0833ac-d051-49ec-9826-691b3a0542d2", "value": "Payment MT103 Swift 77890546122.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55636570-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696497589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497589, "uuid": "7000b88e-abc7-4e96-8ace-db06ce329812", "comment": "Malware payload (Smoke Loader)", "value": "df7820d62c50d88ac7bd11fbfdaee863", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497589, "uuid": "0218d632-3483-4693-b81e-925fc19a3ce2", "comment": "Malware payload (Smoke Loader)", "value": "d0d4c39556123434d9ea63aa64f4912575db739f34cb2498f4a0971f646d500c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497589, "uuid": "dd206e19-3bf9-4f45-90c9-7170193a1f61", "comment": "Malware payload (Smoke Loader)", "value": "895ce0bb58288a804304d29eda0f0780ae2b19d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497589, "uuid": "22740c3e-43f8-4966-80a0-af4894e5d161", "comment": "Malware payload (Smoke Loader)", "value": "e1c05e004e3fb47c64f75bd313ad28f01e6dd9287fdf0cae9c1ccbdb50967d95339ac2199428aff1f0c4bc82316dbc2a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497589, "uuid": "800c1ea8-6299-41a5-9b94-ede7d20e3397", "value": "T19514CE2135F0C072D7AB46318530DB60AAFBB873A7A4894B37542A7F5E303D29A67357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497589, "uuid": "f6408531-a609-4054-a37a-2f46537ddef1", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497589, "uuid": "6bf87e1b-4e62-40e1-b1df-b79917dfd930", "value": "3072:MlyD1FjVR/zZZYkp9p4ocBvM2188oQxqPmL8sj5RbYWVrw:MYRFTLZdp9KN88fxqPmLz7bjV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497589, "uuid": "5585db13-0fa9-49ab-9fbe-323eadc35d22", "value": 206336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497589, "uuid": "049e852c-f04e-41a3-825e-c2d014691d1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497589, "uuid": "09658881-9978-4f5a-a256-60cc571249fe", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1eff4252-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1696510383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510383, "uuid": "94f0a194-412b-48a0-9f81-2e4bed4aeb75", "comment": "Malware payload (NanoCore)", "value": "a1d4eaa6f0f151d604a1e6f79583ff88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510383, "uuid": "e35ab45f-7b72-44d1-a754-5911a9957003", "comment": "Malware payload (NanoCore)", "value": "d1f622488a88176e81cdb1cb8669f586803c2dff54f660ac72a18f0a1d27194c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510383, "uuid": "37834bac-b62a-4423-8b93-67d7e210e141", "comment": "Malware payload (NanoCore)", "value": "0388fa9634f697cf371cd51ee28654a19f051bee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510383, "uuid": "72e1f872-b9bd-4ae1-bc7e-f02b0311db2a", "comment": "Malware payload (NanoCore)", "value": "e6d6fef9ce71e57d530c50d04f1437a2da775b1a1fdfa462b739bc277433e46c38e874277945b1bf65bd51917e5394f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510383, "uuid": "2537e2cd-8228-494d-81ee-4ec26c37e530", "value": "T14304BE0427FE9A56EBFE0BBC64B142004BB0B4539953DB6F1D9850E90D927C46A513FF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510383, "uuid": "94ee8119-0229-4248-8811-22f79dd938d2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510383, "uuid": "e4c91a9b-3592-4d54-ab1a-a807d39308f2", "value": "3072:qfpQ+eycKYOl5xUP7BEhoGNSuFraxC9+JPQcU8gJu2JvVT0mLjqZ9NRbqzyxXNsE:qfpQ+vJKyGTs+tP0JSmLjqZ9NRbq+x9r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510383, "uuid": "e0aff860-6ef5-4d4d-8884-5ddc3a9f8d42", "value": 186880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510383, "uuid": "b6d5ea74-e696-4c1d-b57a-19c2c699a44a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510383, "uuid": "a87ab7d5-c03a-4568-a64b-ac225d2d9972", "value": "wlms.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7233f41-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696507283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507283, "uuid": "297daec6-5a65-47db-8879-a37954d782a0", "comment": "Malware payload (AgentTesla)", "value": "00d6e8123aa15d99b85eb2fc543c362f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507283, "uuid": "fce87eb8-fdc9-499d-b171-3ce6a8254f96", "comment": "Malware payload (AgentTesla)", "value": "d24f5d931264749838fcaa3865781dea677d9f6045795d6643bffa1d6d3a56e1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507283, "uuid": "f2bf7ac9-fb0d-4fdd-badf-49c5af596486", "comment": "Malware payload (AgentTesla)", "value": "76c098b9c96a160c4e2610f7f7bd3ae3cb347365", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507283, "uuid": "6d58b945-d49f-40d9-a5dd-75d187f5d456", "comment": "Malware payload (AgentTesla)", "value": "e69eaca88eb3b5e5f44f947a95873dae27c24ee35f1118698afce79b19d9d931463371b7b54d4260fc638c09e7f9db5f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507283, "uuid": "bc25045c-69db-4a4d-9351-301100bc537c", "value": "T1FBD433F87A09257DFC2D87E484829C5F98EA16483278D9118C624BECE0162BBF4275FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507283, "uuid": "c52a715b-ec3c-43df-a81a-3e2e2673d97e", "value": "12288:Jkz0Rg/iRKP1j49VhxkkDG6osfGvV6bKN90ACoF:Jkz0RWNE9VHDGftvVJEW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507283, "uuid": "e35f4b11-6842-4a92-8b40-ee40234f26c7", "value": 634522, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507283, "uuid": "e53bc446-c5c2-48a0-9b31-39eeb8e44abb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507283, "uuid": "e53e6f32-d234-4a24-b37f-349fa922414b", "value": "LPO.pdf_1.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "337780d2-6384-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696512994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512994, "uuid": "727a575f-54bf-45cc-8d85-5a8254929e5b", "comment": "Malware payload (Tofsee)", "value": "fffba64e48c56f425c1bb79ab695c09a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512994, "uuid": "5c403a3f-d651-4d1f-9366-77865b7ab32e", "comment": "Malware payload (Tofsee)", "value": "d25aafbe1092de5bdd2b91212e0c187836266b869235328da6c4f8e1f9310424", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512994, "uuid": "be2bac3e-d983-401d-8880-1571d3707a4a", "comment": "Malware payload (Tofsee)", "value": "9bbed4448befb8b314a1c6359644d3ed7f4e83e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696512994, "uuid": "3111939c-bb6b-4f12-addf-7a815a8fd8af", "comment": "Malware payload (Tofsee)", "value": "fe5da1c72bb65ca504e57934793fb1a8f12ed9bfb332124fede53a653f905eed9591bd3762d1039453e65273717ff165", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512994, "uuid": "257e2514-979c-4a62-acc4-4c64832084d3", "value": "T11714D0317990C0B2C84745F09420CEA07A6DB86297A5857F37682F7F6E336D293763E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512994, "uuid": "0dee26f3-7161-404d-8668-2cf2dd675fbe", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512994, "uuid": "6ab7952e-5ea6-412e-81a4-6ca44f5e7b1c", "value": "3072:zwD/mO4369uOxYxMOUW8nyJ9LpeDXC5Ax:cD/mB69DxYx5UW8nU9LpeD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696512994, "uuid": "cffd2dce-f0c1-4c6a-98a0-6cacfeba2b98", "value": 199168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696512994, "uuid": "c768d4b1-cefb-4b41-a12d-78e86016758c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696512994, "uuid": "566add38-d039-4d3e-bfe8-382a82be2733", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f5f8434-63b9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696535831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535831, "uuid": "e683a5ee-0e1f-41b2-9148-4e9d4a9d6088", "comment": "Malware payload", "value": "8fd8e85a8db28bf9cb98d339b6516e57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535831, "uuid": "2b3b7963-a0aa-42ad-91b1-13204ec18b45", "comment": "Malware payload", "value": "d292286a614b1c35f42ea04335bab20018d7f5e67451fcf653facef327a8721a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535831, "uuid": "90291b29-84a1-4566-8473-989859fa97e0", "comment": "Malware payload", "value": "65a1b52fffc4af77e3cdcf603ed15a5e5bf9e8b3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535831, "uuid": "3f075bbd-2ddf-41d2-9c17-52548321b3b2", "comment": "Malware payload", "value": "f53bf3756ad3a91a2c53f34cdf297e3b6898cb10ba89fef2fc66b18c1bf1d5fc4098d4eeca58f298faad72f325303f34", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535831, "uuid": "e7118cf0-f2b2-4401-b00c-f57834212fd9", "value": "T1F1D209193BB84926C4BC0B74C831961746F486032553DFAFDDD1A8DA9EE72E42A4CBF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535831, "uuid": "b5ba884f-c78c-4d66-b6a6-06f29e93a5bb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535831, "uuid": "12f49d71-0acf-45a4-bded-3c518ec9d43f", "value": "384:uSItl77FDFucYfKQCcTV/5pzp8OmqDCdRe8kGBsbh0w4wlAokw9OhgOL1vYRGOZ7:s77ucYfKQT1Pp6qqReWBKh0p29SgRn3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535831, "uuid": "9b924a2d-b36d-4dd1-89b4-0e34e84f2e9d", "value": 29696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535831, "uuid": "8f7d06d4-b577-4240-bcdf-f6d5efcf317a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535831, "uuid": "17299c85-ae46-4903-b072-8028793191ce", "value": "5Jk8N7qN.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4518036-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696508566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508566, "uuid": "f5c6b689-6f4b-411c-b4e8-483d6b8e2c07", "comment": "Malware payload (LummaStealer)", "value": "0edfa39bb38fdb60095f1cb3026af6ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508566, "uuid": "e1cb0803-0bda-4f45-b5d5-5e6ce442f98f", "comment": "Malware payload (LummaStealer)", "value": "d2cfd66a33c6f1af2eb403108a578962b599a77b5cea6b4a06726a3c60ae8bca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508566, "uuid": "335e9250-74f8-4de7-9dd3-cc2017bde1b1", "comment": "Malware payload (LummaStealer)", "value": "003962d544813800328c394b2b87a00b288d376f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508566, "uuid": "9a50f67d-69e8-4b90-81eb-dda782158f1b", "comment": "Malware payload (LummaStealer)", "value": "8c84e8d043e1321cdea27ad222974e5ab14ae6e733ceb58e8333e1648fc784afae67440a220b4e660e3259aa3a23dcb1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508566, "uuid": "ee1bfb9b-a338-4363-afe5-4e33e066437e", "value": "T172760163B0DA2471F8732A367892D432393E5C9CE04629A929F4AED7F472D0C5F4B791", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508566, "uuid": "968768cb-9389-42d4-9bb5-3ba92ffa30f7", "value": "6011984d7c1f1b97a34d7517a498bff8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508566, "uuid": "78cf0b09-c07c-43a8-9fb9-a52809b16a3c", "value": "98304:OZcZBwjotiAqIZZn9mUtdradTBrHJWGs2NyqeoNE/7SRYY2VymGu/m6zHAlA64TY:6jOpqIZv7STVHJack+YlGlSRRw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508566, "uuid": "51235ffc-cbbe-405c-9808-65a2c0b04076", "value": 7492482, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508566, "uuid": "ab8cc47e-440e-4aa7-a032-1dc108fe4058", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508566, "uuid": "73f1cb71-2ae4-4121-8924-9a1f07cbb42c", "value": "DLoad.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1ef1cb7-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498147, "uuid": "62f05330-aea0-4c03-add4-deb69c0103ee", "comment": "Malware payload (AgentTesla)", "value": "faa3afe5235932cd4f7867b2c182385f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498147, "uuid": "40397e09-d4c9-4d7a-9077-bb044fffbeee", "comment": "Malware payload (AgentTesla)", "value": "d31cf6f73f1b908e23652b6863e5562d58395fe823b93c0bbd82c26a4ec065b3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498147, "uuid": "6494ae03-9d19-4584-bf3f-50191ae5b71a", "comment": "Malware payload (AgentTesla)", "value": "84739d20f558aa0362198348bf194023244b8c51", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498147, "uuid": "8e460acf-9d21-4cfc-ba7c-6e51891709e5", "comment": "Malware payload (AgentTesla)", "value": "baf3e42756938a54a2645981f2dd0a78d60794dbc8b4cbd6c4a7f3ad0aaeeec6a38d6429a49cdfb0a6a91b645319efe6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498147, "uuid": "5bf57526-8cbd-49e5-8dd6-5a966da818fb", "value": "T156653384ACD697C9CDB607F048C014CBD67DB8FBA4B859A3B0A116EE9FC5BC06621D47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498147, "uuid": "d1a20511-fee4-4d5f-b332-30d4baf9ca58", "value": "e74c8ae3503a17604f2a2d84ae3389c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498147, "uuid": "a77722f6-1e21-461e-8451-7d1913e8b901", "value": "24576:tCz1FW0kZAN15lLuKXtAmXad32MbKOl+tZdCkeRrUQxZBM35hZ0w8z:tCxkc3LuktAmAmMGOkjBQ65hU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498147, "uuid": "88ebbf26-0897-4202-b2ae-e38f81414d97", "value": 1459936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498147, "uuid": "cbbf1905-5cb5-43ec-853a-28c2223c089e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498147, "uuid": "17166863-7632-4b50-a452-91059f46794c", "value": "SWIFTCOPY REF920019838910579011108311-PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "438bdd10-63bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696536643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696536643, "uuid": "c3356377-0cf0-4b76-971c-905230bbdfc0", "comment": "Malware payload (Amadey)", "value": "010c6689cc816300903e22be9401c2bd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696536643, "uuid": "b543c7eb-5554-4922-8ba3-995c493abf8f", "comment": "Malware payload (Amadey)", "value": "d3dbeb566a345597eaef0a236da6bd38028953a7da12309c79fce070a41448cf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696536643, "uuid": "7245a646-95bc-423b-8fb6-97d0d0c639bd", "comment": "Malware payload (Amadey)", "value": "2727409136107ec584abeb5d8f42984775b459c2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696536643, "uuid": "4dea7722-0cef-43c2-8843-b715d5a94e5a", "comment": "Malware payload (Amadey)", "value": "244728c1537b2c8bfa3809aeb3937a223394b9f66bec97b594fdffd5b91259fcd1d8c45b74b72831e23ac7a60c5b4189", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696536643, "uuid": "951ad8a0-fe74-4e85-b5fb-bfeb7d0e0ab1", "value": "T137953385EEED4562CDF026B05CFF0B932638BD510524E70B2386AD6D0C726C1AA767B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696536643, "uuid": "bbff8af8-b1d1-41e3-98b2-1e902c5984b7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696536643, "uuid": "88b6df83-7532-4fe3-8097-d8076ffd8660", "value": "49152:tkYvnQfZLOSrxZkRspocxsAzmjFqCFv48j9FR9W3eN:/vnQZ6SrxeRspvsh399p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696536643, "uuid": "ab54660b-c08d-433c-b161-0f4661b5e618", "value": 1924096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696536643, "uuid": "0d3d0df8-ad01-49ed-9f63-f8e05b9efef5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696536643, "uuid": "e479b307-a44c-4417-8fd7-e0fa14897372", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fd50862-638a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696515753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515753, "uuid": "cbe9394e-8e4a-4f60-bd04-9063e980c921", "comment": "Malware payload (AgentTesla)", "value": "775abdffe0c10754f96e4429a125672d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515753, "uuid": "2f00945a-88f5-4afe-a151-fd10577d720a", "comment": "Malware payload (AgentTesla)", "value": "d5fd934a84ba92016068ae11f3694eb8722ab14e83f7dd0de76f2fb5d87b8421", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515753, "uuid": "b360adbb-c702-4bee-af67-a38d091c4798", "comment": "Malware payload (AgentTesla)", "value": "34a5288c6d7602b70bfaa4d7fc65262a8519f399", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696515753, "uuid": "db8ddf05-6908-49b1-a38e-7428d6b8d4b9", "comment": "Malware payload (AgentTesla)", "value": "ea0b9d1ee72f650706d0655f2ea34172634f490113f43e4dd8170f28c7555353f7a356031ad6a68fb15bbf5b0c1e4b56", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696515753, "uuid": "963a2bd1-f885-4743-b1b2-245e7035a8b1", "value": "T1AE442323408AD8363764C9BB05E1DBC6007C027F6034AE65E9EB7FAAB315B795384C97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696515753, "uuid": "8e77c09f-fa0d-47dc-b7d5-70bc84fc952f", "value": "6144:Auk5u9Pfhwx0jdvCIDTVA1vPOIX/fWC4i87kRxD9y6xn0z7:Al5u9PfhwK5vCcTVMvPrPfWCh876Z9VS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696515753, "uuid": "33cce138-a583-434c-8fb0-e8f9f34fcb7f", "value": 270176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696515753, "uuid": "62d90d13-7d1d-45fe-ab81-13bc7de35f26", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696515753, "uuid": "4ba2b927-9fa1-45aa-b833-6c8b34c2c1e2", "value": "Invoice 005780013.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da8cfcc7-635a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495235, "uuid": "34db383c-a1a6-44b5-ac9c-6209813116a6", "comment": "Malware payload (AgentTesla)", "value": "2108686624430424e86176d7451c43de", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495235, "uuid": "af66b932-7eb6-4fbf-a723-04b098c7c1f0", "comment": "Malware payload (AgentTesla)", "value": "d68d71d52c874838f069a1892f660345393e323600a4dfc664a72b7bee2fe009", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495235, "uuid": "779a5796-bcb1-4cda-abd3-cda6fd5a21a8", "comment": "Malware payload (AgentTesla)", "value": "408bb88793c536abb13bb432e87d38a186531df1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495235, "uuid": "d059dda1-82ac-42eb-ae38-a1221f407790", "comment": "Malware payload (AgentTesla)", "value": "ba036253c8342478e78e9481a7514c3dd5730c47fb7a164d5091d78c9e4a9ca9ae2c00c0eef65a5a66f967f3daa20ac1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495235, "uuid": "09cbc075-84af-4b43-9c64-44c7779affde", "value": "T1A094231356865DFE557EE86BD5AB8473F2B87A7BCD007EC924A15B2222503CADFC0812", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495235, "uuid": "939cf6b4-365b-4d8c-92f7-5b7048c40403", "value": "12288:edf6YIyPIpZkvURsNZVchGCmpm/TrYuVWTbzC:epFPIpF2Zs2ps/kTbzC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495235, "uuid": "91ff367e-04e2-42f9-a0b0-55c60ec03c6d", "value": 447030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495235, "uuid": "b5f12a1c-6bd7-4052-91a2-2defb0992165", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495235, "uuid": "a7aad053-25e9-4d82-b128-f498f3e8ed9d", "value": "PO2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a78f56c-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494591, "uuid": "e561f9ab-eb9b-4376-87dd-197db352313f", "comment": "Malware payload (AgentTesla)", "value": "99e4ff48cf1939933e20e741ff65fc0c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494591, "uuid": "f6a8841e-a6ca-4653-ad0b-64acb33b9698", "comment": "Malware payload (AgentTesla)", "value": "d6f191b1c4d023ae1572b4eddd36b3448046596584f9ae6ab1329d6575695fe3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494591, "uuid": "339f8a27-5d61-43a3-8fd1-9414ca0771e0", "comment": "Malware payload (AgentTesla)", "value": "8c6f9bf3663ddcfe5d6d9b70744c283f40ad6815", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494591, "uuid": "604fc7f8-ba55-4c4b-9c9f-2cead8cb9db7", "comment": "Malware payload (AgentTesla)", "value": "a1a3e092acd83220f4d19c6ea04babdd383422d27624565a309c8ae49d63eb9116562577172d17c2d467cdaf49865f30", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494591, "uuid": "8083fa0b-d3ff-4b64-bce6-14b5110e5d88", "value": "T10DC4233E26296916E1CC77F6761FF4B1A60C80B372893657F731BA4D6E42A50CD02E0E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494591, "uuid": "2befa299-0350-499f-b733-37bb871b300a", "value": "12288:SrZcUxnkxg3ks/jCVMD2g9MhKGlJuPlW8aXeUSy:SrDxkGLsMD2DhvLuPE8aXeUSy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494591, "uuid": "6bb03344-9901-4512-bad6-5af8c305ec85", "value": 564911, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494591, "uuid": "16a9f5d0-cdef-42e8-80e4-98763c90a741", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494591, "uuid": "ea08a239-6d20-46b6-96fc-f2baff93b860", "value": "Doc.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "497b3815-634e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1696489838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696489838, "uuid": "5dee5abd-3b53-4e74-9ab7-1dacf088c9f2", "comment": "Malware payload (DBatLoader)", "value": "7d16de855b30b1c5f516d943f67c712d", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696489838, "uuid": "5d9e0360-aed6-427c-9899-7ab7f9261477", "comment": "Malware payload (DBatLoader)", "value": "d86938014d3a39bc15f9a1944ae84bb1572544f8e6e89798a706fc7e63b34642", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696489838, "uuid": "65cf65aa-7c45-4949-b95e-9c61a348cde2", "comment": "Malware payload (DBatLoader)", "value": "11e9db9795886e47725e2ee3b08743226f235ffb", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696489838, "uuid": "0f470c8b-7432-49df-a6f4-fac29350e1fb", "comment": "Malware payload (DBatLoader)", "value": "cbec81d4a257ede13673a2652dc298e123714e100974093ba55a870d19c91b6fa3069ebfb00b6b55de0d347d413d9016", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696489838, "uuid": "9a361191-e108-4600-9e3f-2b722dc58a0e", "value": "T14411CC4E5FBFF240414BD660D44C40765CC1A74F8200A6058A7D4CFA38192EEE06F67B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696489838, "uuid": "df5145ed-cd20-4f31-bd7a-50b5efd647a2", "value": "12:7XJdHMGIQx+t1utMKF6kj5SXWfbpkGmd7WHeeWf9RX9tVh/oBACLptVpCTC8xQ01:XU14Ekj5SX225RHL+A+37T2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696489838, "uuid": "5a8c8e6c-f2f5-4578-b6b1-d845c758934d", "value": 892, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696489838, "uuid": "f53939eb-6071-4eb0-95c5-02f659f3e02c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696489838, "uuid": "a354af31-249b-4bb4-86a3-e73191270976", "value": "Dekont1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "720dc710-6349-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696487759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487759, "uuid": "2fc24023-da5b-473b-9c8c-192445985428", "comment": "Malware payload (Mirai)", "value": "c50077086bc9d977d043e3894ed9af1c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487759, "uuid": "c3a306d5-956b-4167-b3e1-e1f0635a51f1", "comment": "Malware payload (Mirai)", "value": "d9d783f550e8627c50a10eca332856d5e807b5f96c6e9fae75d4095c4c5ec110", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487759, "uuid": "0f144918-0303-41af-93db-9bc7bb22874b", "comment": "Malware payload (Mirai)", "value": "9337e5760a543123584b0509b898c36bd5fadd88", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696487759, "uuid": "ede58ab1-e3d7-4a17-850a-f660eaf2a458", "comment": "Malware payload (Mirai)", "value": "9893eea9adf4ca5a4afdf72454b03faf9f0321502356cd67edcb45d75ebf6fd29920bdd0f3cd9a4773f9cb9278fea9dc", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487759, "uuid": "6fc59528-69e6-40cc-a4ce-645c5d4312f2", "value": "T1AFB34984F68780F4D40B0DB4806A733FCF35792D48399BAAEFE4FF55E967A44246910A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487759, "uuid": "51edde75-17d8-4c9e-a8fd-4e4ae2bf73b3", "value": "3072:DNCnGZBiSCRTU2jTXVRQxOshGu9lRTNtAF05FI6RkFMF0:DkGZBiSUTnTXzMhh3RTNt2qF0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696487759, "uuid": "fe960533-979b-42ba-937e-157fdd4889c3", "value": 114992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696487759, "uuid": "07278305-5e73-4dfa-9a74-9603ec2fdbee", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696487759, "uuid": "38f74e6d-52c6-4005-be01-e8b7f1f3e0c8", "value": "SecuriteInfo.com.ELF.Mirai-CCH.28429.10766", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1672f5e7-6367-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696500490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500490, "uuid": "1196eb6e-9ff7-48c7-b6fb-b03782adaab2", "comment": "Malware payload (Loki)", "value": "9dea827fa7667e44ad173d29729338fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500490, "uuid": "8b6e114b-47b9-41ba-be78-bb745e28a666", "comment": "Malware payload (Loki)", "value": "da5c8721b3c8624f2234309272d145894cbb0242281c5bd7cfa9e804842fc6e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500490, "uuid": "7f56323c-916c-4e2b-a361-8ac746cc8ddf", "comment": "Malware payload (Loki)", "value": "02ba5931718f606ecf1dd224cb4d5b490b5e1fd1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696500490, "uuid": "b6dad360-6f53-4aee-a873-8b43db6dd4bb", "comment": "Malware payload (Loki)", "value": "fae455c0af746516795048078eddbf296bcbcae898484c22c10c1bd61cfe2af8306edc03d86d4e9e2581637de2bbe925", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500490, "uuid": "b62711b6-fb1e-47a7-87db-125c6b393c24", "value": "T18D647D13B690BC71D5224A314E2AC2A5772EFDA1DE1867AB335C7F2F1BB00E1D562712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500490, "uuid": "ab835b61-75eb-4681-965e-ee70e8947666", "value": "5396cb3c2c0a90a20f01488724a0b793", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500490, "uuid": "114a1f0c-7fa9-481a-abb6-58272610956e", "value": "3072:6hUOZzbCxqf8O+gR2Z4jzraNPmFJpMjW2/c32XgyY3fkCFoY:0UOZnCMf8O+glzrOiEni2X43f9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696500490, "uuid": "881065a7-9651-493e-9b1c-551317a41c85", "value": 316416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696500490, "uuid": "9f7478a8-ff82-4263-a9c3-17ea48ddb864", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696500490, "uuid": "cbf260d9-e500-4883-8932-39c87c695b78", "value": "9dea827fa7667e44ad173d29729338fb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c6e7f3b-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696491507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491507, "uuid": "2bae06c8-6683-4595-ad1e-ff34a61f59c7", "comment": "Malware payload (Smoke Loader)", "value": "508fceedf38d3521e9fa7a5c0f711d76", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491507, "uuid": "529acab7-77ad-4c2b-a701-f6633895e381", "comment": "Malware payload (Smoke Loader)", "value": "dab65ddf9abb092aaf3fa22d50d9ca6312b97defea1265ce0ddb5f95e28dafde", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491507, "uuid": "a617125f-2a2e-45df-b249-2087a49ebe62", "comment": "Malware payload (Smoke Loader)", "value": "4a9fd96852dec26f1d496f2a2696cf3fbd577599", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491507, "uuid": "291b8cb0-d532-4316-a371-1d453cd24b16", "comment": "Malware payload (Smoke Loader)", "value": "ba4201a0e49c38b26827fbdacefae8b4e238f47c66ecea17e39357623295591087e9254cdbb2008dd9bd72ff401d6f40", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491507, "uuid": "f86ec050-d486-4011-be81-330329b4de21", "value": "T15D14C0213DF0C072D6A746348834C7A0AE7BF8636BB4859B2764E7BE5E306C18766357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491507, "uuid": "2c93b824-b263-4ed9-ad9c-6c215bb74d73", "value": "c7ce42f103eec7e3e471decc395f9d0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491507, "uuid": "6fecfba3-3e8d-433f-a12b-d8ef44a1bacc", "value": "3072:Ob3igD8g68N2oEVF4LKzoGEqYBOy9tZdU05wWVrw:cSgj68N2lF4moGEqYQ8VV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491507, "uuid": "b9b1b7c4-7ee5-46d8-8703-a94a25959cb6", "value": 206336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491507, "uuid": "4238f081-373c-4a46-8b35-86d6b0958a3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491507, "uuid": "b2dec5d2-d516-43db-8667-1a648200c6bc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddfcaef3-63ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696545063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545063, "uuid": "8e90479d-fed3-44b1-b3a4-11d65494e254", "comment": "Malware payload", "value": "8fd97f965a80abfec23fd1cb6b9f3cf6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545063, "uuid": "87274645-63a8-4063-bdec-eaf29370c68b", "comment": "Malware payload", "value": "db5b826657bdb58d6ec2956476f2702dfd6c51bb705e83934fb0ebc7b7a4ed03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545063, "uuid": "fcee653a-7546-4231-8383-584477ccb751", "comment": "Malware payload", "value": "c97b5dfb7c534cab31314927dacb337b501b6dbf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696545063, "uuid": "a0f861c8-5cdb-46da-ab04-4d87f90d53c0", "comment": "Malware payload", "value": "2e4888d4ee2fa24678d1ee292238f9fc3ea4d85ed8db34115ca732c597bb5d0b91df4db3c7fbdcc48d05ccbff358dd9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545063, "uuid": "d9462279-7915-4061-b634-3f9a35edbb9a", "value": "T16F173316B36118F6F5C0613A814AC924DB23FD5297F1DA8F0BE89B2A4F576D85C31F82", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545063, "uuid": "f36507a0-8476-4696-a9c1-94a09bca300e", "value": "20d446c1cb128febd23deb17efb67cf6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545063, "uuid": "50ecf756-d295-4c85-99dd-0736deabf071", "value": "393216:cZUdMdQntgggh0xOshouIkPstRL5sk5376RCed9sGC:cZUdMdQtggD8wouAtRL+LnS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696545063, "uuid": "ba655ee9-c219-4aff-af1e-c3423c8733c8", "value": 19622465, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696545063, "uuid": "f8774950-15ce-4779-b46c-07cb11ec8c82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696545063, "uuid": "fa8e8257-d176-4512-81b4-d293184ca057", "value": "SecuriteInfo.com.Win64.Evo-gen.19540.16600", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54312666-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696510901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510901, "uuid": "4412f70a-22b5-41b5-9f6e-612ec5548c86", "comment": "Malware payload (Smoke Loader)", "value": "d9b04e9898eea60690332514df906baa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510901, "uuid": "677f9477-9a76-4630-aa1f-a3b7b6c10048", "comment": "Malware payload (Smoke Loader)", "value": "dd3af4ccaf956ecae50e8e37cb7815de4348c60d5cc985b212739868c380b698", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510901, "uuid": "9cfaf862-013d-4bd2-b1bf-b6f32fb00bcc", "comment": "Malware payload (Smoke Loader)", "value": "b116f9aa33f01ac6a7dbfdf7f31a5f1ad9309112", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510901, "uuid": "5f2f0500-93ce-4684-8d41-d9547909a830", "comment": "Malware payload (Smoke Loader)", "value": "2dac2d0848a50da92490efcb47724154fefc218c560e87e860bd415ff4baa60fddba04459bd7957cc7f454b71516e698", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510901, "uuid": "e764dd77-f373-45ac-991f-4e27a90fb75e", "value": "T15914D03D79B0D073C84B80718421DA60BA6EBC225BA5898737981BBFAF306D29777355", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510901, "uuid": "fefcce67-0618-44fb-a67a-c791a4568f80", "value": "79de41fd9a8e567c644b0068a3bd1c4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510901, "uuid": "15a6fefa-e2ea-406f-b94b-7b3ffd5d21a4", "value": "3072:Y6KF3+9q0/u/lPBfb5j7UzCUgtkXs8tIIS5Bp:NKF3Z0/2Jfb54CztoslIK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510901, "uuid": "e94be742-c59e-415f-a190-faeda00ad1c7", "value": 199168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510901, "uuid": "4451a8f0-a8d2-47c1-b78a-b0f4c3da555e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510901, "uuid": "6f5a0988-2feb-4338-a81b-cadd3c61b4a8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4d92979-631e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696469483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469483, "uuid": "691cc7ee-bd45-40f7-9293-a4a50975825e", "comment": "Malware payload (Mirai)", "value": "0e47375168e900b3a96bee7f213fc7a5", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469483, "uuid": "7624eff7-1bd6-4b15-94a3-55ad09fa9580", "comment": "Malware payload (Mirai)", "value": "dea99f584f2a895dc2eb638ec9fad5141c90df7864357a892a11003b92c7453f", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469483, "uuid": "2b71faa8-6a89-4a70-904e-01cc9d515721", "comment": "Malware payload (Mirai)", "value": "6d748f65426a95ad61141d13b101e6f2d26fd73d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696469483, "uuid": "38202495-5b67-4d5b-ab55-e6d1476ad08c", "comment": "Malware payload (Mirai)", "value": "d8fd20d92665b310459a6b4cf3d5f8cac816877f656cf92bd80cdfbd066065b1f1e44869154e629253f22bc17f731d04", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469483, "uuid": "531c0265-b510-449a-adb6-d2534762748f", "value": "T11B03F1A5F4C500F1D3752EFEFC26CAC36A5D3D78A0AA92970605827E6EC088535F94E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469483, "uuid": "0a8a8893-f444-4bba-b481-f39bf40acd63", "value": "768:vkJ56p6b4bQr79+E2g6S7xUZ3tgYISdwFQY9JetC8dtsyjM1UJq3Uirbs:C4p6b4c30E2m7xUfgidXI3R1U3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696469483, "uuid": "6b571e63-e1a9-407e-8cf6-d0e385463cd4", "value": 41124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696469483, "uuid": "70651142-4223-4845-97b9-f43e859ffca6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696469483, "uuid": "ba2fb1dd-8f8e-426c-bd4a-85801ca22b8a", "value": "SecuriteInfo.com.Linux.Siggen.9999.11591.29969", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4b4bc3a-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491843, "uuid": "a546c5b0-bbe2-4221-a897-0052af71c06f", "comment": "Malware payload (Mirai)", "value": "0b293d62efbd05efdef085fe2d652d5f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491843, "uuid": "6d5fda73-a80d-4bd1-9263-67ee092f0e5a", "comment": "Malware payload (Mirai)", "value": "deb2ea2a8e35cdbf364551a128c983ecef8736b370ff205741330c4fa18f92f5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491843, "uuid": "e3c024ba-0a3c-41b4-a776-254bba81cff7", "comment": "Malware payload (Mirai)", "value": "64a52df0233875a3df82dc821bb6050c554ebe99", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491843, "uuid": "aca5422d-d43d-40d6-a143-0de5f1507952", "comment": "Malware payload (Mirai)", "value": "24782aa6bd5d5caefbb8a03b7e56bf1d63d3fc5a0a24c671dc925590d88817ea65a2d5454cc69e896995e6f2ff0e00f2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491843, "uuid": "93f85d9e-777c-45ea-8560-0f15882ffd5c", "value": "T1BED2D0AC466ABADACAAD6D7C62CE03E16FC1B045231CE54F273614C5B6E950BF44B078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491843, "uuid": "bc3e9667-1e6f-4257-a38c-e1a499c9ec1f", "value": "768:j1uUtLrVDsAp6tL/uLBhKtYO0uyHgzwlWZWJbKWUg:jbDs06t7uNItYO0VW4WZWeg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491843, "uuid": "b7b30aa0-78e0-4d0f-a7f2-0bd25817082a", "value": 30316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491843, "uuid": "bdb2c762-f875-4caa-be26-2959e2420fa6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491843, "uuid": "e574b77f-bd6b-44bb-aeae-e78eb7b09a1a", "value": "0b293d62efbd05efdef085fe2d652d5f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52a0ac64-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495866, "uuid": "3533e279-2a08-4708-8efe-dabf6b792c3b", "comment": "Malware payload (AgentTesla)", "value": "2743f7c049fd03e05e55b0476a537822", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495866, "uuid": "5d19fb6e-4751-49e2-b0ac-e0facc32836b", "comment": "Malware payload (AgentTesla)", "value": "e0851354601c6287a673d0a7a0580efc6884f32d841637aea3f7661f6fe13ab3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495866, "uuid": "92da27ec-a341-4c2b-8984-c29fa3b33307", "comment": "Malware payload (AgentTesla)", "value": "f9e59765f8c56d6f37b51e4395903dcb4565474e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495866, "uuid": "992e96f1-b7b7-426a-9afd-3e9d7af7f1c8", "comment": "Malware payload (AgentTesla)", "value": "49def1c98a1e96bc364b9ee34f93dd6e4055187e4c958f380c571dec66ee1d4e19b136177577dc52926e7a01dd4bceab", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495866, "uuid": "0cd44593-2b66-410f-b9c7-9e219b14fb68", "value": "T1F7351200F742863BD9266434D89598D782289C7E7A05EA4B32CBB31F5333FB54E7AC59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495866, "uuid": "a32b0f78-cadc-4d35-90d9-930004b9ee97", "value": "24576:9X8DK69PFohe9kFnuwA/f5+tLQGak8XMx7CO7yKJsC3DqiN/TkMCQ:aL9NohF4wzakUlO7yQaI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495866, "uuid": "65a0a8c7-db9a-4c93-a4da-c1b472129c7d", "value": 1127936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495866, "uuid": "3b02802d-dec0-444d-8c8a-24db67b1ee9d", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495866, "uuid": "69729aaa-787e-462a-8cb4-90f525517395", "value": "Profoma.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d4c8b00-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696494623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494623, "uuid": "129b1ea0-2f81-457f-80c0-e063ca17a4b3", "comment": "Malware payload (AgentTesla)", "value": "637a2bff96cb0faeabc84cdd1021c2a4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494623, "uuid": "b5bf4172-5503-4e92-ab54-b153fb55720a", "comment": "Malware payload (AgentTesla)", "value": "e0c15e6bd5b9f10707146433a776481a59b0077cf10478baf134d56fafa13bf7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494623, "uuid": "96a987dd-aec9-4a66-b61c-747d20ed1fdd", "comment": "Malware payload (AgentTesla)", "value": "28c3273fb55a9301caf9fd77a8a06d486cc3d6ec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494623, "uuid": "adb0ef61-aa18-401e-bc91-8bee3674b8e5", "comment": "Malware payload (AgentTesla)", "value": "4f5dc246c836b1353da0e00e7f27b97aadb15ab2bbda21d7203bf786c5b031f2b838801550668cb6d3bc748c7041f574", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494623, "uuid": "2506d8b7-4933-4c35-bc37-8effa647c429", "value": "T172D42313FCDE34EF4D1DF600BA0FE7E56A254739AF819066908B29E2F9B151E2979180", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494623, "uuid": "51717dae-90c1-4e20-ac7e-6ed35e062164", "value": "12288:OGWj2pxD0Idz25EiGSRpgZlr5xt5oAOmEnLyVuSeFkMS3mJDGsiir:ODuxD0Yz25ExSRurbwmEnB7SUN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494623, "uuid": "24cabb74-7be0-4c82-8f62-95e8cdad70ef", "value": 621595, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494623, "uuid": "d6aadced-3bdc-46aa-ae72-31d874bbbfdf", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494623, "uuid": "14a82091-099f-442d-9956-9abc4512dfe6", "value": "RE Offer Request.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acc2f1fd-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496877, "uuid": "7bdaa9ce-1be8-4db2-abd6-991a84064804", "comment": "Malware payload (AgentTesla)", "value": "a9d82eccf97b4d55724bde237c36d3fe", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496877, "uuid": "deb25d55-5d10-4417-8c42-c576b7f795f0", "comment": "Malware payload (AgentTesla)", "value": "e2276f55582ce34158660672facb8c1863009563233b67427683c7549c117b71", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496877, "uuid": "2950c8e1-d2c6-4b6a-829b-4d28e8436bff", "comment": "Malware payload (AgentTesla)", "value": "4998cefa089a71c4be29e320f61fe815589ab280", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496877, "uuid": "76470c0c-54a0-489e-8f91-b4b5cb5ed377", "comment": "Malware payload (AgentTesla)", "value": "5017c384a3cf8ba2641307c5b325b99911c5b596a1c631833ac9b38c08f8e700e0e0a05f3398defa831eecec96b97984", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496877, "uuid": "b04c04ac-d1b1-4a0a-98f4-9d837de10087", "value": "T183234BF1DE96150A444B26F7CC490C76C57A80BB443250327D9CB2AD570BB98BFBDA2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496877, "uuid": "4f9eae5e-9fa4-45a0-a61d-10bebe4b1e57", "value": "768:9gccYgMDW7qtAeFmWm38CArtT3hBVLGDZomhvMsfErF4HACvMOoXqdNElkF4TtE+:9TgM6mC/0tT3hB9gZbksf6zOowmlXxXr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496877, "uuid": "0efbb857-f9d0-458b-b368-c4fabda400ce", "value": 47308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496877, "uuid": "deb04577-992a-40c9-8344-4e5507652922", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496877, "uuid": "8e635f13-934a-4d95-95b8-5ba05a395a51", "value": "RFQ (MONDIAL FORKLIFT 0410023).vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b3b42ba-6388-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696514725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514725, "uuid": "a7102964-b54c-4a2b-b04c-7a3cd2ec9260", "comment": "Malware payload", "value": "5fc87f749c58226c05cbb1148e742aa8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514725, "uuid": "c2f75336-1829-4189-9767-1772675b8c3b", "comment": "Malware payload", "value": "e26d44d740b4edbd37fa6196dcc9171e49e711d8ce64f67aae36c4299e352108", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514725, "uuid": "fe9ea6de-24e5-4ef6-8198-707fba94d86e", "comment": "Malware payload", "value": "b78707fe3b2988cae0b03acfda42d02134bafb86", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514725, "uuid": "fbe12f28-f06d-4d30-a77d-377384cf1568", "comment": "Malware payload", "value": "c8df0f50b5b87a1834296fcfd8687a634619a422850b20e939b733ce3dcddea3ab665ae8a9a3c53f83765dbd4f24fae1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514725, "uuid": "6f2d2348-7ac6-4b50-8dc5-85a15a80a838", "value": "T1E115F1ADE9C17EABCE2360B7A0115EA644ECCC81AB22EB73C4875B37B25577C1C5B105", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514725, "uuid": "2705bb5b-2fee-4695-a419-6fcd0c060beb", "value": "07944ca6430eeaed9c02e603e65e3e8f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514725, "uuid": "1a0b2305-2d75-4f62-b1c9-4dd8bd16295c", "value": "24576:HOrDE+5FZ0sdT22UguL369RNoFPorl6vBX56IsbX:85FGsdpUgubSRNoFPoQBX56N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696514725, "uuid": "73c0bf47-7f93-4cc1-b5b3-414ac038c630", "value": 944979, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696514725, "uuid": "869aa3bf-0a91-4ec6-9083-f044815a3d39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514725, "uuid": "82e35b5f-6ac5-4ef0-8e70-8413e0e4fc22", "value": "UEdedsd3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa75f256-637d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510321, "uuid": "e05e8cc5-f289-43cb-981a-5174856f7275", "comment": "Malware payload", "value": "80f2e48f8ed0421996f8711644ef163a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510321, "uuid": "ab44a502-cbf4-42c6-8ff4-17be88039edc", "comment": "Malware payload", "value": "e30eb80a15e89bfa7461661979423647fd4657ff59b92497319b5bbae55bae0a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510321, "uuid": "258a6ca0-4232-48ca-9790-d5f4b6a303ca", "comment": "Malware payload", "value": "5d6265891886b5eb6c4febfbb9c8e28d5d6a5566", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510321, "uuid": "fe2f7d16-6ab1-49cb-a619-eba32f7e199f", "comment": "Malware payload", "value": "9a2539a47a7c2884a3604056eff13cdeedf3d0618d61357c6eb819a6624611b041ba15e14d931a573735c4386b63eae1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510321, "uuid": "d7b47600-1cc3-4708-b23e-e2b5193a81bb", "value": "T109723B08A2C6C753D4BA8B3151E70B919AB8E63E6A37475ED8C5573FDA033094826F72", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510321, "uuid": "5f160739-16df-4a72-a4d5-56bb174b242e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510321, "uuid": "e2352be8-45a0-4f62-bd66-06788dd161da", "value": "192:jxHuir11sEJQJr8mBNMGBUKdepk0KVOyghWsxu3zXxGaBZOvXTmaz1:jf1sEJQJCSUaepk0OOyd3zXzYK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510321, "uuid": "27ed2a5d-dac2-4039-a3eb-a63025de8000", "value": 17408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510321, "uuid": "2d2cc714-dc74-4a28-9c55-8ee631fbca25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510321, "uuid": "888e0174-6392-49f5-bb94-c9cd36e89af0", "value": "UltraViewerUpdateService.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fc5cfd6-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1696510867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510867, "uuid": "f3bdb97f-4441-494b-a21d-26251e05a5dc", "comment": "Malware payload (RemcosRAT)", "value": "ad58e282db11599e68068bb9855c25f4", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510867, "uuid": "c85bfff4-8dbe-41fd-a012-991c3e0aa124", "comment": "Malware payload (RemcosRAT)", "value": "e32a2cbc74a18c6807c21d5c8c72c5c315b9fdbf71792bb5f0feefb1ef61c509", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510867, "uuid": "ca343b3c-0211-4ccb-9d45-e013bd7239b5", "comment": "Malware payload (RemcosRAT)", "value": "3fc07a333170be93fab115e26c723b9d13cd0bda", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510867, "uuid": "54943d71-7acf-4b07-aae1-015748a7e954", "comment": "Malware payload (RemcosRAT)", "value": "f3975dbc780ebb00e07c6f7d3633181577555d27fb8fc7c7dd9a59b74dc402eaefdb4e18e069fa0c7acc86b1b505156b", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510867, "uuid": "e246836a-97da-43f1-ae56-166a2377e49f", "value": "T146235CB1DE981919490B27F7DC4908BAC8384177143210737D9CB3AE4A1B748BFBDA5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510867, "uuid": "195f618b-b8ad-465c-897e-d49c514bba8d", "value": "768:9GccYgyDWCqJAQjmWWOrCArFh33L/fQBJvo5YzryErAEHIp+dEhn4MX9kPAW78fW:91gy6TW+ZFh3b/fKJv+0+xlRxtwAW78u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510867, "uuid": "ecc3cebf-3d5d-409a-9c6e-21f00481a16d", "value": 47561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510867, "uuid": "f0ef4583-075f-4a3f-8cad-bf08017c246c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510867, "uuid": "c1248a4a-5612-4c09-a11a-13d8e6873a66", "value": "Cemp Srl PO 0510-2023.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53dfcf98-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496728, "uuid": "eb8070ed-9e46-46cd-ba61-9eab3d93d16a", "comment": "Malware payload", "value": "01bb514911db60fc31f6d69386da3d38", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496728, "uuid": "7fb02ec7-a8ca-4d3d-ab6b-6b6ba34c3850", "comment": "Malware payload", "value": "e38194a13643034fa727116587c3468a164c6e888771d6d98e8f14cf7de57835", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496728, "uuid": "f59a6197-55bc-4d2d-8893-520a09f1cf44", "comment": "Malware payload", "value": "68ac1d999b1b5502033ec4fa861c128098cb64af", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496728, "uuid": "3e849e59-29ad-4e13-8f6d-fc669a68bc96", "comment": "Malware payload", "value": "e3f956b0f26d7c03944c9184ef646be8ac35929b4b50835bddc732c2571287b94d51c7ed05995bc2568b49091428a2f8", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496728, "uuid": "401efb39-a978-42fd-8c49-d46df2c894a6", "value": "T129E42374C966080D87E65934A24A716A886D30FD5A77CAF0CABBC47C94C02F36B7F319", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496728, "uuid": "ecd46254-1821-4ded-a101-bf673b1ef3ea", "value": "12288:CIKMxqCQjjfrI75+ZkqYJ0Z4XfYk7IIhbeN1h3X76paal:CIK27StOE4Xf/q7Ua2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496728, "uuid": "2244c9d3-c12c-40eb-b3e3-fd5d1c1b795e", "value": 687881, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496728, "uuid": "a58daac8-e549-454e-8675-a1240244470f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496728, "uuid": "25308726-8b6f-4c26-b0a5-36e0960c8cdb", "value": "REQUEST FOR APPROVAL AWB NO 537-35615860.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb95d30a-63d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696548441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548441, "uuid": "b6b3d867-ac89-44fc-9e55-449cbee4491e", "comment": "Malware payload", "value": "72d152593b8497cb88a06c88c5f2f1e1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548441, "uuid": "9a860ae7-a293-4182-85b7-6bd18f9f904a", "comment": "Malware payload", "value": "e4ec1c84f56921422d84599061f5717fc91dd66e42f91a7b409ba4df788b5480", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548441, "uuid": "68ed6dc1-d666-4e8f-8829-ae1cfcdfd77c", "comment": "Malware payload", "value": "7f602387987731796e8b2cf87dfed46bb18fc82c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696548441, "uuid": "9c5e058b-2dcf-48fa-8ea5-9ccc42ba0933", "comment": "Malware payload", "value": "4bfa66f272dc934f5133fe245e1319b47c7a4846ab58da12667ccdf2af58408f0b495788170367130f327e452279cd8f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548441, "uuid": "cc613511-c7bf-4fb9-badd-fd70a6c36f78", "value": "T17063B81E2E218FADFBAC823487B78E259798339536E1C185D15CE9011EB034E745FBE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548441, "uuid": "71c2ffc5-2f52-4db9-9469-bf43e02abc06", "value": "1536:/9esV6tGfL+qf2Ytk4Cm+eCxv4jfHXjYL/st9phyJE+kR4qcAHA:/lV6IakaNv4THXCA9pQEf4qcwA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696548441, "uuid": "1423c6ad-cece-42f5-864f-53b0f47c7b9c", "value": 72848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696548441, "uuid": "b1dee8d5-0f93-4a93-b46f-562906ad6fd9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696548441, "uuid": "ae9db4ac-2756-4ac8-92e0-7e7a53108768", "value": "72d152593b8497cb88a06c88c5f2f1e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c8e7865-638f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1696517734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517734, "uuid": "88c2046f-350f-4ad8-a555-b6c1b9c66857", "comment": "Malware payload (RaccoonStealer)", "value": "56e563840a12f6725c08c20577b1e1fe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517734, "uuid": "c477731f-1201-4499-a136-2d5f73265de9", "comment": "Malware payload (RaccoonStealer)", "value": "e5ef66ce90e1cc6a203205bdeb1726c7f186bda08ad271856500f532d16c9bdb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517734, "uuid": "f0054b59-b86d-4600-8a1c-aa155eee11c5", "comment": "Malware payload (RaccoonStealer)", "value": "035dce15d993ce14de5d1ee81eb88637cfe322c4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696517734, "uuid": "584208d2-9253-4ac5-a891-573f776a3d15", "comment": "Malware payload (RaccoonStealer)", "value": "b1bbdac832075476077081d8973f6800842dbf6afc748e9fbcc4566f627ee0a4d6113df5ef88eb67a984eeb0e1ad59c3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517734, "uuid": "8d267739-f534-498d-bfb3-db26fdf42282", "value": "T1F314D0313E9DC072C8574135C420CAA4BB69B8E23B95888737581B7EEEF07D1A7BB255", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517734, "uuid": "d9f8a84a-cb66-42e5-ada9-581d9b1b3420", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517734, "uuid": "2099baab-a9c1-461f-99af-9171d9f0893c", "value": "3072:Y4W62B2tPTCEvN1QX247uYEJLO+AZCfsKJEd31E5g8T0:rW62KPTCEvx4SVXAZCfrJ231zf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696517734, "uuid": "9739460f-9d98-4cb8-8e40-1efba6c5ba89", "value": 200704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696517734, "uuid": "8bc66070-2adf-4f14-bf38-dfb3d02aa2a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696517734, "uuid": "fe807dd0-da07-41af-882a-3aaae60555e2", "value": "56e563840a12f6725c08c20577b1e1fe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45778a9f-6318-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696466639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466639, "uuid": "6abb16d4-1ff0-4fbe-a466-1036b36a96e6", "comment": "Malware payload (Tofsee)", "value": "9388dbeb6fdf9003fbc7ca159cfda275", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466639, "uuid": "9d08b2fa-245b-4f05-8409-b4eefa2114de", "comment": "Malware payload (Tofsee)", "value": "e6eba455a3dec3f3b4f52ec852f0335b4955b6508d9d6d6b90e9c21ab293cf0a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466639, "uuid": "32cd9d61-0bec-4c54-a259-36529fc871b9", "comment": "Malware payload (Tofsee)", "value": "ff1d836222240de90ad3d75a279d9cc565869590", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466639, "uuid": "7177487e-069e-4b36-8368-9fca366fc6be", "comment": "Malware payload (Tofsee)", "value": "7f3a741c171eb04576cf44e95cd11cad6411d36a147fe4ae2fe52993d678c6d7709eafaff87c0024bfa98093129a0437", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466639, "uuid": "2cc4a7fb-4c18-4c2e-8b60-ad0a62904270", "value": "T17514BE2038B0D072F66B85758430D664EA7BB8222B70858F37541AFE5EF36D18B663D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466639, "uuid": "ef159128-c132-489f-b9c3-02e612d4bc06", "value": "881c8bbf2c7a75bb8a09e79bbc8dfe29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466639, "uuid": "aebcb5d4-fd74-437d-a421-add74be11a88", "value": "3072:pRcFAhzF4JmYYa2Nurb9jNbpDp6JUmu5BkIs/Vr:MA/AZD3LrFmzI2V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696466639, "uuid": "5e222b67-ae7f-4cc5-9d08-3a09a9a82f08", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696466639, "uuid": "16bcc64f-fd71-4272-a890-c6e5784d7062", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466639, "uuid": "d83b0be2-d40d-4253-9c2b-e5a5fc78672f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fa7dc4e-6391-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696518678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518678, "uuid": "3ee3c20d-f6d2-490d-a643-7b494442adc8", "comment": "Malware payload (RedLineStealer)", "value": "b8f3a38f4e8d3ccddf65d7e3773b3ac2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518678, "uuid": "2201cd2b-0418-4da3-9148-bb031b5c9cfb", "comment": "Malware payload (RedLineStealer)", "value": "e74240f9fbac8f981723e4e160355350161bfccf4abdce906ddc4b0407e7b3fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518678, "uuid": "37e5267a-e7dd-4a41-a713-f0351aa29773", "comment": "Malware payload (RedLineStealer)", "value": "8ee0acd7a83a6b8b1d2ecfb7321a3e5ea5c72351", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518678, "uuid": "6cb0e664-5ae5-4bae-b04b-bcb32bcecccc", "comment": "Malware payload (RedLineStealer)", "value": "2a39a45b3424f6a76e1e05ca79057bba8accb2c901ca7469d83b2c7a5f4b29d21fb79b09bac5ab7a801496c1fafe5d07", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518678, "uuid": "0c57a094-cf31-483e-ba1f-3c798184d6a2", "value": "T1B995330265D89532EA742B7094F693D70B7AFAF28838A773A6015DDE0D727417032B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518678, "uuid": "f17205b8-b64e-4be7-966c-ad2f4690ed62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518678, "uuid": "ca646ac9-bd50-4a27-9205-f610c1e08782", "value": "49152:maQ6XHhMDlWZ8VCfGo5J/yKGiyopqKHn1Fkuxkwdvr:VdWZVCfXvwopjuuXd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696518678, "uuid": "f3d1d990-ccf0-46ea-9a09-26e95f30ddbd", "value": 1924096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696518678, "uuid": "52dee4ce-0d8f-4010-a209-2df09539c519", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518678, "uuid": "e7e97bd4-0683-42e9-9ebd-54cf3e43acbc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1641418-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491838, "uuid": "e93e1d20-7d7e-4c51-9593-8f1bb84a1b00", "comment": "Malware payload (Mirai)", "value": "d38a7a93496aae3ac901dc5b5d321376", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491838, "uuid": "174fd987-6832-4dc3-96fe-da81a2b80494", "comment": "Malware payload (Mirai)", "value": "e75ceb7a9c5d9ff42d76eff52b954fde5b68618a128022a9b4857d3aaa14f2c6", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491838, "uuid": "a22a625f-ad22-454f-a036-abde1a6e0d0c", "comment": "Malware payload (Mirai)", "value": "286bece436841f6524ac004f74c21bec9e900ccc", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491838, "uuid": "88e8cf5e-54fd-4c1e-974b-2c5fc2a708a8", "comment": "Malware payload (Mirai)", "value": "4e9166a354d52a5f025e28f0183e27af93e62eacc291a0b9c7d7dc68f681c0ad24152e85942b82a3014b3a25d8da0704", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491838, "uuid": "2e6f5cd7-2fa9-4db4-ae75-7ed6c682cafd", "value": "T1D5D2E1DFA9A7E930E0B6DCF154B6B6C0F5147012B2695E3F48C9698BC9D724C39309A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491838, "uuid": "bb664227-8c59-472b-9c45-9d0e5bb51ba2", "value": "768:lYSoXdJZgicCfmh2Ba0GC5pTjRzBZ9H+Kg6Sx0sP:lYJdJZuCY2A0RhzBP+KctP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491838, "uuid": "34c6be84-195b-49a1-b5cc-a9dc885f5d75", "value": 29432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491838, "uuid": "b487505e-e753-46f8-a316-62d947cca0a5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491838, "uuid": "fcd6e699-8e94-44cf-b868-db3dbe371157", "value": "d38a7a93496aae3ac901dc5b5d321376", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "343bab87-6363-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1696498822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498822, "uuid": "60c5b49f-1575-43d8-aeba-bea218a3f3d7", "comment": "Malware payload (AveMariaRAT)", "value": "ffd88dce70eaffdecac308687f807bc2", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498822, "uuid": "c61e03a4-f1fd-4878-8fb8-e1ce465dc508", "comment": "Malware payload (AveMariaRAT)", "value": "e7651909b816e2107f1cbb56ea36327aa6cabc5b46ef347d4d3a604c3127990a", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498822, "uuid": "764f7f2b-4f80-4e00-9af1-794c6ad50bfe", "comment": "Malware payload (AveMariaRAT)", "value": "5122b22918046f9e2655197db14298c2bc49f397", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498822, "uuid": "c9b2f547-540f-4e67-aadc-9f5421952306", "comment": "Malware payload (AveMariaRAT)", "value": "108feb6c556625902b3c959e7999444da8ad01d36f45745965ecf052704179a82d13f3b30c8e3c872e0f51be46c65a46", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498822, "uuid": "aa861b06-84f7-4b30-b7a5-00740967d653", "value": "T12E65E5027A46CFA2E14F1732D99648F88323DD82FE1BD7CBB449BF593932BA65905107", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498822, "uuid": "6e356857-31cc-46c4-a7cd-8f57ed6247fb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498822, "uuid": "1bb49f85-c8bb-41b0-ba8f-399026f7520b", "value": "24576:tGQkM1Mz7QhnOY7rry1baCpXfEJ8USn8bIpUdx/vno:X8pXfEGXWdxHo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498822, "uuid": "1e6acb99-0f6b-4b68-b6a8-19a7c8e5a3fb", "value": 1517416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498822, "uuid": "b2cb2c79-0706-47be-964b-5c1d019c07ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498822, "uuid": "fd4d61f1-ce60-40ce-a029-b12a6324973d", "value": "Payment Slip (SWIFT)\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65dd8dfd-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496758, "uuid": "85d3566c-b229-44a8-9cda-ecdb55ddbad4", "comment": "Malware payload (AgentTesla)", "value": "28a39a6d78220eaa32c48a793323ccd9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496758, "uuid": "922cf477-f16f-4aa5-ab60-9778468b5dfa", "comment": "Malware payload (AgentTesla)", "value": "e81548c41b95869f19733ffe6463bc9a2ca3998ca49da38862b8b71181b76b5c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496758, "uuid": "a1938b37-4408-4417-844c-e078bd931205", "comment": "Malware payload (AgentTesla)", "value": "3a7f53ddac31e50b50f44a68b71eb5b5c47d523d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496758, "uuid": "94649e2e-c70d-4ef4-af95-e4339548aff8", "comment": "Malware payload (AgentTesla)", "value": "4711c58deb7bc6eba93be367d48bfbfcf067c2d8fd9f022523a167eea8768310479a5c5cd0b0c12d14734a8c8bf141ff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496758, "uuid": "794ff933-cd8f-4716-80be-39b1851a93a6", "value": "T172E4233DF372BF4E5258EFF6BCD10175224BA1B885575B848888F29989F18E367DE240", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496758, "uuid": "0f3bd7e4-7419-41b2-b8a7-159db18a3832", "value": "12288:xCw8NKK5s+OhFZoqC/RTIkLTOUhAKt5ApqI8Cmz6hIdZpQED1dkErsk+O7TDAS:xCwJSsdhHkLTOUGKtW4I3hIdDjD1dk+9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496758, "uuid": "11822414-ee9f-4141-85c5-ff537d7b6e0b", "value": 700687, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496758, "uuid": "08e80191-de0b-44da-9dec-3ba45d721b84", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496758, "uuid": "d6694567-9d62-430d-a316-d392db298e6c", "value": "ME PHARMA ORDER.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df171232-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pikabot)", "timestamp": 1696511134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511134, "uuid": "2b3b5949-f08b-4a9b-95fb-4d7c461ef19c", "comment": "Malware payload (Pikabot)", "value": "b9ea993d4e8797077c71df9e062aeb7d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511134, "uuid": "bd17df82-d58f-4ebf-9ff9-a059b51a3c35", "comment": "Malware payload (Pikabot)", "value": "e8acb62436f9d96b711129c38892ff95cf19940b242ce048686f52442ead6ac2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511134, "uuid": "3ae79c6e-ac5f-400f-ad01-237e03ae0021", "comment": "Malware payload (Pikabot)", "value": "a1d6cbd8b43cbe6cd3487bca6f9960cee7793fdf", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696511134, "uuid": "49349dbe-f768-4415-a2c9-050859763aef", "comment": "Malware payload (Pikabot)", "value": "0bf555e0002131439ebd36fd15a542bcbed0e2767a0c45f86061b3393085ac9bf04fc65ba56e5e09c3a2634bbdf3fb96", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "ta577", "colour": "#2FEF4D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511134, "uuid": "cf8b1696-bf23-4a21-a8f1-8a52dc054802", "value": "T11A1623175F3D9FBF826C32AC10BF0F4E2AE44E4455056AEAA7F53C8A629EF102057578", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511134, "uuid": "a8fa1031-74dc-4ff7-9bee-cf34af6c224e", "value": "49152:bwMB06QKhW4Kg+k1QKf2E83llRe4t56Em0EOmWBDNsAvVEv87xEwYC33q:H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696511134, "uuid": "33e96f1a-a1b4-4a0b-a2dd-77dfe7d17ab6", "value": 4181408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696511134, "uuid": "17046a92-f599-4a66-9440-2d5f77bbf856", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696511134, "uuid": "71a6c599-e7ee-4942-8277-e420e60f0770", "value": "RE_432-11846.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86dabad3-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496813, "uuid": "4e619ed4-3c73-4e0b-9abd-4960de28e5fa", "comment": "Malware payload", "value": "1b472430ce6a6a9d88b63d750fedae1f", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496813, "uuid": "7446c6ac-77db-4b47-b55d-a7b66ea73019", "comment": "Malware payload", "value": "e8c4e6866a0dc25f11218aa6548dcd963ce10f7d0417d8cc5bb8f66e611f881d", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496813, "uuid": "ce30ca26-f6c6-4e76-8c4d-62ac5376337e", "comment": "Malware payload", "value": "813c1f3385b98c023299fe646783b9e134c61ffa", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496813, "uuid": "7a5a06f8-fec4-4df8-9397-71ef7128b4b4", "comment": "Malware payload", "value": "179bdf24377a68e83749c3773feb3304148dd9b65ff6873c0a2b4f5d4849e0f28d88719ef0477cc1430d910333015c8d", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496813, "uuid": "e06a2034-c7a7-411a-9716-463e761a274b", "value": "T13CA3B4EC7D4136CB750AF396840619E8BDDC7166373230662DADB6180ACE2D83B79937", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496813, "uuid": "3cb599f5-6290-4cfd-b984-29df5baced3e", "value": "1536:Icjc+5/JO4SgDFce55mApwns1X8NVPfSgX0yoqBATV56MBOV0FjAuFhftaSD7SE9:loQMgVgTfSS1COVETp7v9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496813, "uuid": "f2ea667c-ddf5-4f41-8ffe-4350ff6d1124", "value": 100081, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496813, "uuid": "daae68cd-7196-4a36-a100-ae90161eee4b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496813, "uuid": "c9ee4076-3a81-43db-8e8c-7b298cb5accc", "value": "OI-039847721.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "022569a3-6353-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491866, "uuid": "cbac17f3-8f1f-41f3-89a0-eab0e44f1f94", "comment": "Malware payload (Mirai)", "value": "ca512070de136d5cbd1d4edda89cc38c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491866, "uuid": "a37032c9-097b-4542-9aa2-7ed3619145b4", "comment": "Malware payload (Mirai)", "value": "ea3cc6e18dacb0d5e491b4fc1aa05aa5d98ad5b24927ffd405107ca3e02f5ea5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491866, "uuid": "19e5c378-0b50-434b-8853-3e2d9a2bad74", "comment": "Malware payload (Mirai)", "value": "5201a1902868cb94783842f1211f6df53f4e9058", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491866, "uuid": "28951abb-89cc-43f3-bc66-1c8887b251a5", "comment": "Malware payload (Mirai)", "value": "3f8e15bf1d0a3ce58ae8814f35ae77eaf3fd7ed41b129ac48f24de7a716b4a9e34328474a4e8185a5df3ecfdb9cccb22", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491866, "uuid": "279607af-4091-4d41-ae83-da5c4493a8ac", "value": "T1C9B2D0AA4F93A262C370207CA3BE8F53676786D4E2F625121A68A73DD71144633FC9C1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491866, "uuid": "9fb2b544-2d50-44a6-8762-b2a2d07b9d8f", "value": "384:4CGKXlJIDFUS0Mggks3aIrokYVos8a/YTCwTgYSHfOoC9YhymdGUop5hu7x:4CGKQFH0rs3zXa/8CxLHfDNs3UozM7x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491866, "uuid": "b15ea906-b9e8-4543-b072-2d326ec0c363", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491866, "uuid": "89af47fd-f524-4506-abdf-7b016e2f0700", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491866, "uuid": "0384abf4-bc24-48a6-adbf-cacff3e08684", "value": "ca512070de136d5cbd1d4edda89cc38c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "444fe9ef-63c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539651, "uuid": "ff41a0e9-02e4-4163-bb33-f58971f28fc6", "comment": "Malware payload (Mirai)", "value": "841b15e8c17594ac528c0135348ef57b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539651, "uuid": "96c661c7-2d61-4bfd-b6dc-be99ea1f785d", "comment": "Malware payload (Mirai)", "value": "ea813714f2bfe5aec970b34fe2964337661f3c8f2401221278ecd02b57a680eb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539651, "uuid": "0938836b-bfe5-4956-b5b6-86dede1d9818", "comment": "Malware payload (Mirai)", "value": "830363f1fd6c2ce6403651250fbfb5f23a56ade6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539651, "uuid": "59c773e4-997b-40af-89e1-438c111e34de", "comment": "Malware payload (Mirai)", "value": "6c208a34783df1266feae4677bc8ff9f65e9affafbfd0d1dc6f6c8ef688e2cc8eca8e75247e5c9635c99f94af4476b71", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539651, "uuid": "824d05be-414d-4aa6-9c5c-212e7a0cdf9a", "value": "T178D2D02CD94D7D05C6AD3EBA51CF96F5394CB0C0A35DE58E07668408B627A8BEC070F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539651, "uuid": "f7811d6d-d1a2-40b9-bce5-53d2d03e8f53", "value": "768:C1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNYlJb8WUt:CbDs06t4BEub4sU/MbU8At", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539651, "uuid": "51a42a2a-c223-419b-b716-7b0547118436", "value": 30316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539651, "uuid": "41b21e2d-6634-42ef-ac6d-63a29db993d4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539651, "uuid": "cc8dc407-b375-4ea4-abf7-dcc66d7f49d8", "value": "841b15e8c17594ac528c0135348ef57b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b78cce9-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WSHRAT)", "timestamp": 1696510860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510860, "uuid": "7b6a9ac5-dc60-495e-bb39-00a1f743d5a6", "comment": "Malware payload (WSHRAT)", "value": "d19a87919bbe11794fd20377182b5ea3", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510860, "uuid": "95977fb9-c814-4a81-875b-919dd4ac0838", "comment": "Malware payload (WSHRAT)", "value": "ea9cb59ea8cbd8d1d5f279d32aec457ad469e7e81b03d34d7c34e5cc52195aae", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510860, "uuid": "4a98aac7-e5f6-4d78-8813-274e9866c3ab", "comment": "Malware payload (WSHRAT)", "value": "dae311a5e72a0847636ca83c608048cab137fb6b", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510860, "uuid": "34473158-2baa-4950-9c61-8f58f2d10f80", "comment": "Malware payload (WSHRAT)", "value": "35c0769d9de8bdf67a7f7b8b8386a59750b73cc278e5a6fd61855cf7be384bd1bf9dca0eb58a607897fce319df2ce45b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510860, "uuid": "fca80d46-db7a-44af-be0f-001dfb087005", "value": "T13EE15ACFB4BC646C979D2EA764211AE47322161E58F713C04C89A5E3384F7187BE5EAC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510860, "uuid": "c007c5b4-6e68-4adf-962c-ae15d43bd9a4", "value": "192:4cvGDlrsAQBFbOUFjqpljw4YHpC6pl7n8hU+La+KAC4aEJUe5wedK:4GGDlrsVvFWvj3YHplpxV+LawC4aE2e2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510860, "uuid": "3a039ff5-fa59-4862-821f-58ba5c503f07", "value": 7346, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510860, "uuid": "c6cf98b7-f2bb-4861-b428-6106f74d9a0a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510860, "uuid": "4fe057c4-73bd-4fa1-971b-a386d9a4d8b6", "value": "Ref-23105_Payment_Slip.pdf.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "512b1c61-63da-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696549981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549981, "uuid": "3b86a5a1-56c2-480d-b7f2-ed5ebd5d71e0", "comment": "Malware payload (RedLineStealer)", "value": "afa609df1a40837b445b849bf2c38fa9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549981, "uuid": "e0e54fda-40b1-469e-96bd-a4123d3e73b6", "comment": "Malware payload (RedLineStealer)", "value": "eadfa96ccc8310d66e17163dca4825b97b5ca5d510faf53449a85caafdc66809", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549981, "uuid": "ceca2ac6-cfe3-4688-99e6-762a7b11f0aa", "comment": "Malware payload (RedLineStealer)", "value": "fdb7e282bb4ae52e01584a2012182dc00f740e6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696549981, "uuid": "fec80249-05c1-4b00-834c-82eea2c7a849", "comment": "Malware payload (RedLineStealer)", "value": "a50f563042fc52e5ecddabac3da9701142ff4fdad82b39c6f917e9001b84890ed3a2eaa3c00c11f258add31e7896537e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549981, "uuid": "c50b13de-54fe-48e0-bd15-b78a8da75d0a", "value": "T14B952347A7A4C463E8B953B0ACF31B9B1F353CA15A3D42BB3A4A5D0E09716D4092673F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549981, "uuid": "2770c7aa-6146-4fc8-805c-226da70fb80f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549981, "uuid": "b36f0e4e-3103-40df-b167-b41012208c54", "value": "49152:oq5qM4OTO/Nz4oRZ8mnl8s9gGSFZBIjyanymo6vo+L8GbOkU:pHK/Nz4uZ8mnWGSbBITyFOhbOb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696549981, "uuid": "5a30c7b9-5009-49da-9c73-b08c580aa9ab", "value": 1946624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696549981, "uuid": "e04c83ca-769d-4f11-8e5f-69653000be0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696549981, "uuid": "c5576d51-9533-4447-a1a5-1a5d157a6c70", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f26a68b-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696495485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495485, "uuid": "3f5e9869-fb4f-4e59-901c-51bc3d9a8d2f", "comment": "Malware payload (AgentTesla)", "value": "5cd7961c0c17a8355b54a02a0200f9da", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495485, "uuid": "34506948-b2de-4141-9e8b-fb1abe239370", "comment": "Malware payload (AgentTesla)", "value": "eaf700b1b00383680d29b2d5c226c5dcdf76f6493b608b6de66435cadf8e3f55", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495485, "uuid": "1a2d7acf-49f3-44fc-b196-bf91e6807902", "comment": "Malware payload (AgentTesla)", "value": "600f6ab9e8d1301ac8391905a6e4e563b7293bb5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495485, "uuid": "c84ba4ae-78d9-4deb-bea3-d979fa1c2161", "comment": "Malware payload (AgentTesla)", "value": "558183cdf1774b6acdc0cc3698c51efdfe1f9a602c38807cc4b261953307f1feaf6c368af59bd1e5e32735f7b2293927", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495485, "uuid": "2ab481be-f398-447e-8c0c-e20080d3c9de", "value": "T10AD423F9A90D9BCD6B5D6C4E2CED767AD1B168444A7528132D53522C08838F31EFF8D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495485, "uuid": "0bc403d4-8230-472a-b496-7068ed4135be", "value": "12288:4N0SkZcUDEUJ1nL0KHuf30GRboeYramDYQQz4sFqUL8Ti4FwIx:akHt907f3vbDTFqULYTt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495485, "uuid": "76b558f5-fe47-4a46-afe5-a6f0b2891f94", "value": 623499, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495485, "uuid": "94c02e95-8759-470f-9c38-2021ae2717bc", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495485, "uuid": "d45a5337-cffc-48e8-8841-115309722f80", "value": "RFQ-3037380388.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcf0408a-6360-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696497763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497763, "uuid": "2bd49c1b-3750-4cbc-864c-bc8561f32975", "comment": "Malware payload (AgentTesla)", "value": "5e9318419c43db953b6d1bd85452d701", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497763, "uuid": "249ff8b6-a387-4efd-a582-b7ff9c02178e", "comment": "Malware payload (AgentTesla)", "value": "eb1e06e44907439d39f4ec93d973a8555ba0c683eab4b94c1035cb0bdf10e6c9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497763, "uuid": "45253c01-356f-4989-9ca5-40b99edb7a2a", "comment": "Malware payload (AgentTesla)", "value": "f2bae12898c345cda9e5af6b0b48127ee0d3f9c7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696497763, "uuid": "e92980de-008f-4a46-aab1-95e72153540c", "comment": "Malware payload (AgentTesla)", "value": "ba42118d033c834d774f381e87779cdb5420a1dbe57d128f682a664df390abcf808cf0311ccaea45b40bfceef71a0e0a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497763, "uuid": "9b4a7b70-30e8-4471-9e66-f4179cb46493", "value": "T1AF351703BA478AE2F2491736D69BCF009365DD82732BD60B78CEB39609633B69D45707", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497763, "uuid": "629d6757-4e5d-423c-9262-63425a9bfa25", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497763, "uuid": "2c235ef0-9676-40ec-96fb-8b9e62cb5903", "value": "24576:hLgQPytLXin61MsTz8ov/8qGvDmCxrYCq+igRx:O7Nv/myCxrYCligRx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696497763, "uuid": "7604005b-08ee-4926-a630-2d5bbfe3396a", "value": 1150792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696497763, "uuid": "481833bf-6aef-48a6-a33c-99f15e493648", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696497763, "uuid": "cec20ab7-2966-4311-8399-92232eeaac4e", "value": "New-Requestfdp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb080acc-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696507209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507209, "uuid": "78c87d21-e6be-4138-a12b-f7df6c26b446", "comment": "Malware payload (Mirai)", "value": "7cefe43bc75f2c080d92832aaf8e837f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507209, "uuid": "5905a34f-ba4e-4345-a13a-0aa96cb15031", "comment": "Malware payload (Mirai)", "value": "eb45db3eb616f74ab7cfe3a830d07b6c09420ab37c117dd7ef9de5e02d3760aa", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507209, "uuid": "ce5305bd-3603-4ba3-9bbc-7015f1ff31fc", "comment": "Malware payload (Mirai)", "value": "7d1248afac371cfdfe4fd2e27ad85b180d46ec34", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507209, "uuid": "ba66ea07-d6de-47ed-90aa-b37daeb98963", "comment": "Malware payload (Mirai)", "value": "d664fed652a8885868bc55cdf6a0bacd7faf752907060b2d0c24456ec440f6a2f507874aaa5492f7e0fa32d6b50d001f", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507209, "uuid": "bdb18895-a303-443b-884f-6ba4e0a6fd97", "value": "T1C8A2D11572632E56F3ED1C3CC56A8357B9A70BFC80F5327669416620CD4D24A2E39B4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507209, "uuid": "b9072028-7747-428e-828f-40d1c04bde56", "value": "384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxj4AhymdGUop5hT:vvQn4j+ZO5fKAlxls3Uoz5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507209, "uuid": "108f170d-a4ac-4936-a49e-dc33fc03128d", "value": 22160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507209, "uuid": "b3ea8ffa-c8cd-4f27-853f-7b4567790623", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507209, "uuid": "4a9aae85-d6df-40a1-a156-aec2ea293d96", "value": "boatnet.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1e1ec14-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496536, "uuid": "bbccb09f-a377-44dc-bc85-1e5d0b196b21", "comment": "Malware payload (AgentTesla)", "value": "12ae6c3917414b2680de4955a35db4af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496536, "uuid": "4f119611-05fc-48a8-8119-36b5f9d685d0", "comment": "Malware payload (AgentTesla)", "value": "ebd35cc9a0267195acf06cc83407165b6dfb4ad0e1a9555af9873bdf38f24557", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496536, "uuid": "ba1770d3-8baf-451d-9db6-7682a80bf62e", "comment": "Malware payload (AgentTesla)", "value": "753b6003ca1079153626f542bcfd92d53eb70953", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496536, "uuid": "1ebf0764-f59d-4151-a935-48e013626acc", "comment": "Malware payload (AgentTesla)", "value": "c7caa368aa93a6785af57882e9edb5d2b3d2884be638ce891c6280f9714e85513f41c3d92955e36a3d459c20f176130c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496536, "uuid": "ac6d5d12-154a-467d-8425-30283b692862", "value": "T1335523012CE91A56F8BE6A308562B114DEB67CF3708163737EDCB432BC685875DC991B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496536, "uuid": "b166d17c-87f7-417b-aebd-88f0a834dcb4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496536, "uuid": "e090dada-8d3e-44ab-9c3d-e862b6f3e3d0", "value": "24576:LUMeevo0q3GVMlILkAR6z0JnJCzbEzW3MPUV0sxBi+CaXXiRRP+gaRhFmRK2mCxz:LUMeevoTxiLkAR6Iq8aR0gB+eNdOMdCG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496536, "uuid": "7702557e-e209-48fa-8294-612c3663ce56", "value": 1340416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496536, "uuid": "a599e22b-b769-4793-94c3-7af8cbaf9f7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496536, "uuid": "490f920b-dd80-44cc-a28b-e7c804c0386f", "value": "PAYMENT SWIFT REFHSBC029999018728929000187928311119281-PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c6135d4-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510378, "uuid": "9724e6b4-df2a-4b7a-b61f-974eaf4cdf4a", "comment": "Malware payload", "value": "7cd339f9be1417421acf8790c9738922", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510378, "uuid": "9dc6b263-641b-411e-b8e8-b84f0689e0e9", "comment": "Malware payload", "value": "ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510378, "uuid": "1d3ff424-6f6e-4e7c-a5a3-409bcb6214b1", "comment": "Malware payload", "value": "c25eff4d9d2d5b55f1cc4ffc623354004565e8b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510378, "uuid": "2ee4c793-f70c-4658-9e4b-dee1a722c68d", "comment": "Malware payload", "value": "b90f3e3e13879627166769d996a8ba33367253d2cc7724ade1a1b7fc1b2b72e8e67819f3d35d8e28a4ff119d9c97e5d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510378, "uuid": "14c377ba-e8d9-4173-a3f4-a5fcc224ac34", "value": "T11AD55A16AA50989AD3A28474CD56CA76D7723C1D43F642F331E4BED73B3BA913A36301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510378, "uuid": "2ec5dc33-8013-4a83-a8f9-a8ff9f4ef3dd", "value": "310b1cc8abef97edfcabf0ed406947cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510378, "uuid": "fe60c7fe-adde-40d6-ae58-5ef5c70b62ad", "value": "49152:vAOdl4d7NHNUb75uEEbOyYWHxL9X5zT/dPUAUA/JH:El8DFWHTN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510378, "uuid": "0c66fcdb-2ada-46bc-8e05-9c16549fc288", "value": 3011528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510378, "uuid": "41d6eeee-788f-4f05-81f5-59a084278a7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510378, "uuid": "eefd0faf-1275-4b8f-b68c-c451f8781d3f", "value": "winvnc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fab78d12-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696494860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494860, "uuid": "489db9d7-1b98-464d-bdad-839395507d7b", "comment": "Malware payload", "value": "7cff46015d598f660ece328db56effcb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494860, "uuid": "15ce4255-ae8d-418f-b004-d5462ee59dd3", "comment": "Malware payload", "value": "ecffedcfbe3fd35d9d1f7af13e619ae6a5bf7c87259afac006fea7771fdf3c87", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494860, "uuid": "f08023a6-d34d-45ef-9a05-64211869e381", "comment": "Malware payload", "value": "928a78db56ba95e881559697cf5dcffe30ae58a7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494860, "uuid": "1163c808-a112-4992-81fc-2edc543d8914", "comment": "Malware payload", "value": "5b6ccd91337541875cbd084415802c0cb8088e8cd1bda7323ccec2693c1f78504cc61f65cf228b3802b0461d1070332c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494860, "uuid": "db47f257-62d9-4e6f-9b2f-7a1fe3d24a16", "value": "T18FC5232339CAC313E3CF6736E8365540A96328B508D7C17DAE6F44A6A3D263D29DE714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494860, "uuid": "b7030fa8-35cc-4335-9207-fff18ca6f7eb", "value": "cbad123f0927fe971a43f41c1f8c20cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494860, "uuid": "b621b0bc-3f4d-4561-9424-be3e185829b7", "value": "49152:BdubI9C9/wFDCdJOIFOLFeiv/qOi5CVxQWGavn:BU+hDCqI83k4LNvn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494860, "uuid": "9df73715-b237-4472-96a7-ff863212dde4", "value": 2572288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494860, "uuid": "4292ec83-19ef-4f09-b8ce-3720060a9338", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494860, "uuid": "862562ad-0b7e-474c-a1c4-dd5865e7c67d", "value": "7cff46015d598f660ece328db56effcb.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d10b4e8-6350-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1696490703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490703, "uuid": "486e6914-f403-4793-a515-cef82de9d277", "comment": "Malware payload (CoinMiner)", "value": "01f66ee2a8ecd24538d146a504f42cb5", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490703, "uuid": "a4275a80-97fb-4734-94bd-daf8cd7bb975", "comment": "Malware payload (CoinMiner)", "value": "ed58046044e126ab8b740bd4d37aa52dd8eebbfd539b607bda4425e6cd3e8c66", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490703, "uuid": "cfa9cded-ba97-490c-bb38-248571bf6fc1", "comment": "Malware payload (CoinMiner)", "value": "7b42432d23765722ed876ae725341b2d70121a2f", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696490703, "uuid": "656eb51b-288b-499c-9bd2-cc6ec2238c3f", "comment": "Malware payload (CoinMiner)", "value": "b53b8ce59b779a90cb4f770a530ae14b56157b59d8710ccf0aabfd93713edbad6e3864447fb8d960218aa795af9589f8", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490703, "uuid": "bb2e4312-eb44-4e03-b902-decdf80f33b7", "value": "T19F46D038AAD7400BCD8D997FC863DD3A9EF70C410A734178A4859FAD8F17CD869A891D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490703, "uuid": "e2c6dd99-6314-42ac-99d6-4a706cea738c", "value": "0fdd3d21d2193b717f076a70dfaa659c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490703, "uuid": "669679e0-c898-4987-a4cb-d3142c35cc7e", "value": "98304:0z2qyW/nFFZqCRviPDTxr+Z5LAm+IEGc/+jZoVeYp8Ba+Pn5gLLJMYtwEFqmT5X1:YBnfYIRZ8nY+dMcHqU5X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696490703, "uuid": "86abb243-1c11-422b-9f36-bed70f51d170", "value": 5638184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696490703, "uuid": "92146e33-adac-4b37-90cf-b0a64707f466", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696490703, "uuid": "0b63354f-4284-4e3e-a17e-d3db1f977ab0", "value": "0ee4d15340837e26bed18e42753a157b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69dc611f-6317-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696466270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466270, "uuid": "caa3d62c-aa78-4fec-a7c3-df449aec877a", "comment": "Malware payload (Stealc)", "value": "2ce20139f2d2439aaa5b7678a858c6c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466270, "uuid": "974f06e8-4386-4d08-81ab-9711def68900", "comment": "Malware payload (Stealc)", "value": "edb2278969b5d26ffe68e461aa7c9873bfcb86823f928a9700a50ef420b92d49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466270, "uuid": "b20b0f21-0bca-4157-8416-7ecbd6fa0a48", "comment": "Malware payload (Stealc)", "value": "ae4b5e537bc47bedc6229853827098526f9d55da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696466270, "uuid": "c36506b6-c452-4ffd-ada8-af1aa7ee99ac", "comment": "Malware payload (Stealc)", "value": "f36e3807dbbecc1af277635e5c711d14bd66bc801c6154095f094e15402a920918eb5e7ac0ab573815b911162f9938ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466270, "uuid": "0ed5e1f9-f731-45f8-b081-9d6e29d3c8cf", "value": "T18514CF2135E1D072D1A38D3585F0C7A0AA7FB87267B5864B3374D76E6F302D1962E326", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466270, "uuid": "55eefdf0-dcb3-4eb4-8c27-9a8e7a156d89", "value": "881c8bbf2c7a75bb8a09e79bbc8dfe29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466270, "uuid": "0bf031bc-b811-4abd-976a-cb222f5dc37e", "value": "3072:fReUc91qQiuWIk7zb58McGV3kx5et/Vr:m9vMIwbRcGV3kKhV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696466270, "uuid": "aa11d3ae-3406-4512-afef-f099e7d213e1", "value": 206848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696466270, "uuid": "1465a55b-019e-4033-8d46-47e74889b995", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696466270, "uuid": "b68c10fe-836b-44eb-9d03-1e9f040c11d2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05888f91-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696535251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535251, "uuid": "01624e5f-135e-4ffa-9084-c45a3506b30c", "comment": "Malware payload (Amadey)", "value": "a12653b1c14a679ee38533d3bda8738b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535251, "uuid": "0ff7ea3a-067f-43f7-9b60-48af4555b96f", "comment": "Malware payload (Amadey)", "value": "edc49849947a973a3f5657673e3a650901671d91b6ce04dff732211a5ebf0550", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535251, "uuid": "5d44bb7f-fdf0-40a1-b8fd-d547505b5095", "comment": "Malware payload (Amadey)", "value": "28eec4007e5142524310b2dc583b7ed68d8bcb6c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535251, "uuid": "9bfe6fb6-5a4f-45db-92a3-e04a49088c68", "comment": "Malware payload (Amadey)", "value": "0beb53643f4773e367f72e1b85c8db31bca6782918dd845d3b36e41a6c8c2be096c2dd02d05b74efeca9b0198011e9d5", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535251, "uuid": "8e5fc499-4b28-4c12-ad8a-647ed722de91", "value": "T1638523432AEC8433E9F63BB158FB22535732B8758D64973A6992984F08F1DD4B53133A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535251, "uuid": "267c6458-a8c2-4990-8773-6a42446cab08", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535251, "uuid": "0065c7a3-e8de-40d3-8d13-64c6f0069209", "value": "49152:axoJTus+T3nvjlCzAU4G3EGInviL45YI8C/k9:3dk3nvyAUsnK4ass", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535251, "uuid": "625bafb3-5b8c-4dda-acde-2c4783062210", "value": 1722880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535251, "uuid": "94c1f307-a811-45e1-9c42-2668c6abc875", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535251, "uuid": "c5129b76-9197-49a2-9743-57ecab3e40c5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e1eca30-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510435, "uuid": "c8c30229-6e1b-4c82-bdc2-ffaaa3afb7b7", "comment": "Malware payload", "value": "551df88aca73716c9e5f46298ef9317b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510435, "uuid": "152d8493-909b-4df5-8cbd-0080d1643f4f", "comment": "Malware payload", "value": "ee81a29ad76171224344733c45a85b6a8c388d17f75e5227deb2f2d05331527c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510435, "uuid": "b6525439-3516-41d9-98b2-eb5f807cf25d", "comment": "Malware payload", "value": "d124cdd5f300d352ce0edd212643aa2f0b48d6e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510435, "uuid": "258dde32-c857-479b-9ce5-c07b2d106c4e", "comment": "Malware payload", "value": "b9af97f10206e7495a6aa6181420301b87f8ae0306216f4637ceb372345a05643c7388d1a52c680f9be3244d52aa8d5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510435, "uuid": "2bed984b-d707-40af-8f3b-dadabdac98d5", "value": "T15C842908265C25AEF1EB2B75003A95D1C953D37C61A8693DB6E36077B8B0FAB560C327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510435, "uuid": "c9fcb922-50e9-48bc-b3f3-9079e77d7cad", "value": "f707ada0aac189999ec6eb4a5a71dfbc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510435, "uuid": "c9a99772-91b5-4b02-adc9-a98cc86a6690", "value": "6144:jWbogNxnd25y2eifCz35Jfuu+OkPxatRu9+Uqpn7jfb5kNk9BXUpMX6SD5MfiOZ7:y1Nxnoiuu+OmatmSffb5kSw+S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510435, "uuid": "da08ab9c-4bb3-43d1-9471-08b96c3be7fe", "value": 401921, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510435, "uuid": "757913d7-bbe0-496f-bed6-ebc028c8a5e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510435, "uuid": "4eb58db9-9582-44b9-aabc-7b2570f499b9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fe085cf-637f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510841, "uuid": "fdbc1e62-bcfc-4bcc-9a6e-899f791d934b", "comment": "Malware payload", "value": "b287f3d2ae0870961063665b15484711", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510841, "uuid": "1b3e1d53-e8a9-4185-8fca-01b765714151", "comment": "Malware payload", "value": "eef58c7025fae2d8748c3779fc2f519e2db355480b56d3599e6ef495cec20cec", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510841, "uuid": "26862f12-83e8-4e7f-8e0f-3956b336b183", "comment": "Malware payload", "value": "34fc3f136194fea524b9e98c826793b48c14cad0", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510841, "uuid": "44ba0b47-a2a5-4692-a2a2-f7868d55cee4", "comment": "Malware payload", "value": "327f5215557624f6a7c358e14217eca0f000bd856e611b3b19749d14089b41d83142ea126b8eb1a0bfbd8b4d404b867f", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510841, "uuid": "e9f72fd1-5b46-4c5b-bc32-86e7018629f2", "value": "T19AE4E0E3FCD0833CC317B3380E41AC6BA88D29F9CDD5D15606B36845C556A886BDABD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510841, "uuid": "f60d9e3f-7d49-46df-9582-003fafb1a221", "value": "12288:FdWjVICEBAOZskk7LvPgM5BWifm6U378Tea2d0oyFE5jHz+R:FdeVICEDskigM5A8hG8TM0oyFE5jHz+R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510841, "uuid": "caa4b51e-1100-4944-b48a-88733ec7bf18", "value": 685147, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510841, "uuid": "2ea1d072-4106-4522-9057-89b32a08d621", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510841, "uuid": "7a965e5a-b1e7-46c3-b814-4b2d2e28b8af", "value": "faktura.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de8045d0-6390-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696518435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518435, "uuid": "a279da2e-aaa8-42ff-b8a3-b279f7679b06", "comment": "Malware payload", "value": "ea04c61145baf5b1109250df8335e5f6", "object_relation": "md5", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518435, "uuid": "ca764be6-bd90-41a7-864d-8dd6454369f4", "comment": "Malware payload", "value": "ef0168df054356efa6de64c7977e12a15cb709227e104728e1fc24c6108e7a04", "object_relation": "sha256", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518435, "uuid": "cb5b603e-b885-4a55-afc6-04ba8f25332b", "comment": "Malware payload", "value": "3674613ed33bf492b16e5f2b5528e4f1f0acb41c", "object_relation": "sha1", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518435, "uuid": "598e292f-71b9-4700-9d2d-6723ea511370", "comment": "Malware payload", "value": "54b0d21109ad82e88953ffda89a66b3281b8ae191cf149d6308cbb4843572b79d8c173aa684b104232ddb61ecc88f969", "object_relation": "sha3-384", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518435, "uuid": "764a99c7-ce18-42fc-891e-27993bbaf2a3", "value": "T1E434115034EEB04CF2E22FB71BADB1EA4F67B7B32B5A50AD601803465A12D41CE95772", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518435, "uuid": "62444acc-fe13-40c3-b432-608b2462e449", "value": "6144:tMsszssssssssip+zuN1MePdLcotzS/Lh:hMKN1MePdLcotzS/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696518435, "uuid": "8386df23-5c1a-48df-89eb-170e8b55eee0", "value": 233472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696518435, "uuid": "1c8f2ca3-c2f8-4ac0-a0a2-b97ce9d4e536", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518435, "uuid": "3f9f3664-9e57-43ef-b5d7-d21529dc44b7", "value": "ITB DOCUMENTS REVIEW.IMG", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2d5859f-637e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696510684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510684, "uuid": "6836b063-a154-4873-8124-70b4fe60f02c", "comment": "Malware payload", "value": "d7e53ee3d88be24714c36c1b22b05523", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510684, "uuid": "0926f986-418d-491b-9b4f-2893a7f8a048", "comment": "Malware payload", "value": "ef2beb7d49110b8c942f0852f374d9a757d04516d8a61c3c6bc0dbe297d4d0dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510684, "uuid": "d97558fb-6feb-4d0d-9e0a-f7ce76f3511b", "comment": "Malware payload", "value": "01dd5f7801bea5362fba4373cf0f3733c63fa27b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696510684, "uuid": "0ecdfa54-a30e-4f56-b4cf-3138a97f7101", "comment": "Malware payload", "value": "a92af370bf30c4dd4d6489c77d5398fa02808cf73658d381d72209b29e9dfae9da264cf3d2623a68c2ae21c9518fcc88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510684, "uuid": "0f50b176-533f-4f89-8922-18a58bc840ff", "value": "T18FE64AC1FDDB14B1EA072B3144A7627F67346E098F24CB87DA10BF69E833AD15932619", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510684, "uuid": "1cbc507b-070d-49f7-a02d-83e758e5914a", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510684, "uuid": "354833b8-dc5e-48d7-bc0e-009693c5ba29", "value": "49152:rsAjUwxpvoB/pe9auNGfGWDDmCYaf8RkZ668mtRIan7T/L1hCYshjKalRyNW1veX:rtQypvee9auMDzBNDpCH0zua", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696510684, "uuid": "d3fbd92f-3b47-41b3-8393-62ea8f48ee93", "value": 15109121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696510684, "uuid": "f4d3bf0a-0401-47d7-8e6a-3b2347f8895d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696510684, "uuid": "aca827a4-4b2f-415b-bd2b-b556086bff89", "value": "d7e53ee3d88be24714c36c1b22b05523.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5402d01-638f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696518017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518017, "uuid": "53902024-5fd9-4b84-b448-0563d30d39ac", "comment": "Malware payload (Amadey)", "value": "d4154e92b88b55d19fbbf513e39e3b47", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518017, "uuid": "7f625f9d-e836-4ffd-9465-a2327c738bff", "comment": "Malware payload (Amadey)", "value": "ef8bf9c6162630858e14294f8895439cd1819ce0eec4e9cc03ec2c18c1acb70a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518017, "uuid": "3a0704a9-41b6-4640-87a5-8f3b1d9fc6fd", "comment": "Malware payload (Amadey)", "value": "76ab271b887b668bdbd1b458a5cd13edd4b86660", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696518017, "uuid": "70de40a4-5f59-4111-8ccf-a467a48e328f", "comment": "Malware payload (Amadey)", "value": "1be7e191af6c3508ba0e1100b20fe8298531225a853cfe9581350e501707770acc9b8bf82a5535b75490d921ca5e781a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518017, "uuid": "f6e4ded6-4af0-406f-b168-548d9b250e49", "value": "T1C975E91176F95B59F9F31EB85ABAA611087AFC6ACF11C2DF1251908E0C31BD09970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518017, "uuid": "b3561efa-5a9d-40ae-b26f-566e7ba579fd", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518017, "uuid": "03747852-9715-4658-b79b-4017c08fa0d3", "value": "12288:Pr4D/YQvi8Iv71ZtBXtjxaslVndVmRQH9j4K1uTaO9X6a9Dhvht6gouDY:JQvi8O1ZtBXtjH3dVJdk6a9DhvhvD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696518017, "uuid": "fc71c2fd-4eb7-4ad8-a01a-c3318aa285b9", "value": 1703424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696518017, "uuid": "9150c20a-b1c8-4669-a006-05b938825cf0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696518017, "uuid": "282f91ae-7d2a-4ba2-95d7-6e968e5a97e6", "value": "SecuriteInfo.com.Trojan.Siggen21.35725.24863.21024", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c61f9955-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495631, "uuid": "11a2cdc5-194b-4c3d-942f-bb1fca390c79", "comment": "Malware payload", "value": "8ce2f866187d1993dbf4e0c850d112d0", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495631, "uuid": "94820795-82f8-4c75-94c8-15b489ebe0d3", "comment": "Malware payload", "value": "efdf5d9470d62b3e2bad4f44494bec8633861b9a69b2b4ea83664ecde7ea33f2", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495631, "uuid": "22329803-77c7-4340-b465-6d07ee16d4ca", "comment": "Malware payload", "value": "957e57aed77af5cd95e232bec8c4d55d31cd83b0", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495631, "uuid": "29c67e57-91b4-4235-b98d-3b0b097a852f", "comment": "Malware payload", "value": "3ece11a8d7836d63bbb01ad21f80db761b6e808eab66d8ffbd3603ca669550339fda07aeddea6ed8cab76efc0b81d951", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495631, "uuid": "7655b1e1-d60b-4e4c-ba72-5b859cccf56a", "value": "T14114D012B783DB2EC2C486318DEA8BEA6334BC109D1D9347752A772D3DBB214D6197D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495631, "uuid": "7d015484-6d77-4e83-8c7f-d2759f9baf68", "value": "3072:85XulxpvOEJW178sn0zifCY+CNW7i1ScG8BZDgQQN+7IbsxpvOEJW17g/:85elxpvfOApzmCjmlGinQJgxpvfOE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495631, "uuid": "866546bf-ebec-4e1f-86b8-fa9807a710ea", "value": 202752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495631, "uuid": "ec60c994-acd6-4668-82b6-963bea37a780", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495631, "uuid": "21fc4b46-b347-4655-911d-3001642f8f8b", "value": "8ce2f866187d1993dbf4e0c850d112d0.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "843f351d-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696496809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496809, "uuid": "70402b3a-8869-4d91-81cc-3e03a81344f5", "comment": "Malware payload (Mirai)", "value": "fe98bb080eb8808ae3df5e08e5722967", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496809, "uuid": "8eb99d65-1958-42fe-b67c-c661b2eeb9fc", "comment": "Malware payload (Mirai)", "value": "f2a9124492a657651bb8a748aebfe06d7cbd21f58a252200c626b79ab6f6e0c0", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496809, "uuid": "f566c81d-f0c0-4f8a-abd6-57957e1d6eee", "comment": "Malware payload (Mirai)", "value": "8b59a74c5dd67c677cb75f67044628c2fc9c8115", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496809, "uuid": "51021043-d8fe-419e-827a-a92c156501e7", "comment": "Malware payload (Mirai)", "value": "10c88aa124da4611821bbcc8542d3658e432aabb6af6496c230e8c643537bbb22a8e8165690038aa6a8e609a587d1fdf", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496809, "uuid": "0f69bf71-0946-4608-b7e8-39124deab7af", "value": "T176142A45EA414B13C0D327B9FA9F424533239798D7EB73069928AFB43F8679E4E23506", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496809, "uuid": "43680562-fa11-4205-9b55-dcce7b318c96", "value": "6144:WwT+C5RMVoaWKxCBwnEYG3NbbkrZSeM/R1PeV:WwqsMVoaWKxCBwEVNOSX/DPeV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496809, "uuid": "b15faf00-6b85-4b27-a50d-f5c6895d7b44", "value": 204202, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496809, "uuid": "46262f53-932d-448f-b7d2-e3165b2cdb27", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496809, "uuid": "5c5ba551-533e-4474-9277-f25b14dc1895", "value": "c554c83f1f15677be2a1964ff96be350f77f8bd8891a07f47d6dc06d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4dcf408-63b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1696535223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535223, "uuid": "d8170ff3-8cdc-4ff0-9103-e3ebeea64399", "comment": "Malware payload (MysticStealer)", "value": "911a7104bcacbc4405108414b06f0bd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535223, "uuid": "5b4273ea-ad51-44b9-864a-e61c99e272ef", "comment": "Malware payload (MysticStealer)", "value": "f33329dace9e36be98e7011f616d5ea01116f3a218c15d0d3427e422b2896edb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535223, "uuid": "1e663091-ec07-457d-85bc-988c7e8f224d", "comment": "Malware payload (MysticStealer)", "value": "2734f8ffe495bc4e83e92de3328b095e87db5bd7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535223, "uuid": "7f99e44a-02a2-4e52-b624-288452249638", "comment": "Malware payload (MysticStealer)", "value": "ba0a44d844840527322f42e26af40fbe6955c1d0c9aa5c9c5858744e84f32c0278e99e75818bd99a98a9be75c88f95e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535223, "uuid": "98006b71-771f-43d1-bb90-b9569fc5543c", "value": "T114852B1177F95B99F5F30BB85ABAA626087AFC69DF11C2DF1251904E0C21BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535223, "uuid": "127f386e-7145-4ed6-a3b2-96fae9385be5", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535223, "uuid": "e4927198-63f1-41c6-b491-9376e0441524", "value": "24576:NuJ4d8JGdDQd1PSdHzDc6a9DhvhCPo1i0:zdDQd16zQ6a3v4G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535223, "uuid": "f225d651-c9c5-4519-8e29-4f39ea087d3e", "value": 1839104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535223, "uuid": "80775af4-2e11-4deb-837d-958b56cb0f0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535223, "uuid": "fd1da168-3a34-4d0c-a066-803460392e1c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "132f3899-6363-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696498766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498766, "uuid": "8b80e179-9be8-4cd7-b23b-07c458301f1f", "comment": "Malware payload", "value": "f9b1b7d9405d30ad39754fe272d02fdf", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498766, "uuid": "628d12f9-d2ab-49ed-80ec-931dc4ac4ea0", "comment": "Malware payload", "value": "f45369ce4bfeff245bb11a7052ac1a91d9e8936a665c7b8f304c18cb43db3d62", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498766, "uuid": "efc494ca-1087-4035-985b-78febbf26fc1", "comment": "Malware payload", "value": "45ee75b6488ac534c8f63f07dd9f9158174eaf03", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498766, "uuid": "ee43a19f-4892-49eb-94fa-69eddf76fc75", "comment": "Malware payload", "value": "e533d1b39059769d91b743af0d065f4db6137140b0ac1fc3bd265ab68d2ad94764d81c38e01caa4551f1802065d7e80c", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498766, "uuid": "926e393c-d1c4-48cd-b3f3-cb1d95fa5b76", "value": "T1DE21081169F69224F2F3DB7E59BBA5518C723E4AEA11C62E01A1058E0A31D109D62F37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498766, "uuid": "5b17bf9e-8008-42c7-b691-e0ad43680803", "value": "24:8eH5wEAWuR8+6CIGfq2sCUGJCUGfq2gSCr2UMkWjxSCrs7dCZZm:8Gi38Lp7Ha7x2HLT4dCZZm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498766, "uuid": "131a379b-9f07-4037-8fc4-70ebba6ce8f0", "value": 1239, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498766, "uuid": "f8754639-d770-4b17-9ea2-e77ce483aa74", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498766, "uuid": "36d522e3-1695-410b-ae30-ef5c20869892", "value": "10ae7859bf797457f807ab60763ade36a26e7defc58242d210c7ce0f5415b0b1c2607531a39e022c0a0376d844bd1bc1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31131f1c-6363-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498817, "uuid": "27b8ca88-13d9-4091-bf4c-321a204fe4bd", "comment": "Malware payload (AgentTesla)", "value": "51c98b518c278c54d6b568ed9765fdff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498817, "uuid": "79c1e513-aa0d-4cdd-bbb1-5e0463f17837", "comment": "Malware payload (AgentTesla)", "value": "f4ec042b3b9d605d34a32d37c19a100e50f1ab5242f02f826d683ee6f742810a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498817, "uuid": "ac9d6f44-f68e-4186-99e6-0a926797d4cd", "comment": "Malware payload (AgentTesla)", "value": "aba7b6fc2706dd780b4b4b2d3e6644157da02850", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498817, "uuid": "5615f420-8314-47c4-8664-bc0dce2dc694", "comment": "Malware payload (AgentTesla)", "value": "5de4e6b4abc3601e4358e3c0ae5e426a2172dd5498ca1e4748ee11f7f10556506f4fd4ecc67f155e590c95b884ac4064", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498817, "uuid": "0dd2e685-9981-4f51-8ea8-3927c6a00ae0", "value": "T15F65F8037A66C6A2E54997B2D6DF0D088362DD8272ABD60A758D33550D333BE8F0F587", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498817, "uuid": "8879d135-168e-440e-9748-c0fe16aa9621", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498817, "uuid": "8ab5a4c2-083d-4524-bee1-bd0e3b0c1e0a", "value": "24576:W+E2QRJbVG5smA58WMkcqsITrVou74uwsuSQd9FimK:PZicfInVo4wsuxn4r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498817, "uuid": "497b2564-4225-4d7e-bfe9-daaa91a85208", "value": 1449936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498817, "uuid": "225eb2fb-7cab-4616-8640-49c31aab9de9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498817, "uuid": "1cdc966f-a668-424c-952f-92ca7ce42547", "value": "QUOTATION_OCT9FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2f332de-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696491814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491814, "uuid": "96d5a28f-1508-48fa-b1fd-8ffb5d3f723e", "comment": "Malware payload (Mirai)", "value": "344cf138ec0ca5bbc21b09e18303de42", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491814, "uuid": "2c96e5bb-8dd7-4568-adf4-26e4a44d0b02", "comment": "Malware payload (Mirai)", "value": "f532fc78aa1f5ffdb36835fc7a800851a5cebac7f6c67773fd0ffa192d05e303", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491814, "uuid": "79d8ce06-ffa9-4551-8691-4c33bae5d1c2", "comment": "Malware payload (Mirai)", "value": "a359db2bcca6ea15a9c2aeade99b41fef4d2deef", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491814, "uuid": "942af278-1146-4257-93e7-ca321b5000e9", "comment": "Malware payload (Mirai)", "value": "0219c6db7b5947c86e870df17b48d8540af69567c354197b3714a89e8effb15ce7d45f3a0ebd4af97f2eac673cb7cefb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491814, "uuid": "f0d20978-f98d-4c69-a421-882264d37d8d", "value": "T1FC536EC6B4119E7DF5CBE7BE84224D0EB821722150531B27BB6FFD83BD721A48946E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491814, "uuid": "ee27c969-7dd2-4089-9458-244919fcff07", "value": "1536:kPqRg0FGTbSX5xpLepSGomsF7QhOx2X/ZOqc/yA8R:p5VHs8I9cK7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491814, "uuid": "6710d383-c98c-4970-8df7-a6ee9528b054", "value": 66508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491814, "uuid": "9218f4ac-0ad0-49fc-a06c-96c01db83170", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491814, "uuid": "c23e83d8-7bf0-41a9-8ab5-1fd713c85c17", "value": "344cf138ec0ca5bbc21b09e18303de42", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7dd624f5-635d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1696496368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496368, "uuid": "f6646ce7-8f17-464c-a589-f8c81f3fb665", "comment": "Malware payload (GCleaner)", "value": "3ef99fba02debc2ef81f3011f86a1372", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496368, "uuid": "87bbd0a5-8fae-4a89-b3c9-187cd1877a10", "comment": "Malware payload (GCleaner)", "value": "f57dab60885da9213f24b4896129182cb29ad3bd7be194685b68d61e6357188b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496368, "uuid": "a7b4807f-43e6-448c-a1fd-2a22a7bc50fe", "comment": "Malware payload (GCleaner)", "value": "5b21a1779d69466f3a69623fa64c244f6b890332", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496368, "uuid": "15ce1d2a-42a0-4ede-82be-1c90a61bc2f8", "comment": "Malware payload (GCleaner)", "value": "1d040c0d454dc8388ec5f4d79d80403146950470956dde2a6187c8373650d10eddf0645742df29951d3b5d78246771de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496368, "uuid": "8899a42b-ac06-435a-9a80-13b6808aac59", "value": "T1EA54E12176F2C871D7B346B85834DA447E7FB8726AB5C48F3754066E6E213C28BA2317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496368, "uuid": "19c695e2-fb9e-457e-831f-33d509c3d9c8", "value": "7bf0c3cbf0d3960e40b75bc830477f17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496368, "uuid": "0d3f8b3f-cc45-4a5c-9ff4-272d2061d75a", "value": "3072:iwX3rFrz0c5qakoZLBP0xwx9bc82oO2SmQo38iC296Er621QZCjTX5ityt87hX9:X5rz35qakKp0xwXt2oOz2M57Er62Sty", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496368, "uuid": "e805dfb0-7972-4c66-b449-4069b410010b", "value": 285696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496368, "uuid": "fa04fc1e-269b-4961-85a8-a69cd9de7009", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496368, "uuid": "25eec7ef-c4ae-48be-8d38-98d8f259cd47", "value": "3ef99fba02debc2ef81f3011f86a1372.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04fe100f-63c3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696539974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539974, "uuid": "8c016722-833f-40b3-a02b-3acdeea5ba6a", "comment": "Malware payload (Mirai)", "value": "86c4c9acf9be58b80d7d94a8a6eb2e9b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539974, "uuid": "2ef60c52-04df-4c42-b834-1bb9747fca9a", "comment": "Malware payload (Mirai)", "value": "f68009f9d954844e4dfd08592efaee32ea2f0c150b59078b3f13b60d8ea3094f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539974, "uuid": "5d10f1c4-072e-4a48-9a69-abf667725413", "comment": "Malware payload (Mirai)", "value": "aea865d4576fb39a52d732d4e94d8c3525bf1305", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696539974, "uuid": "8f2106c4-1740-4370-9538-2d1e284ae2e9", "comment": "Malware payload (Mirai)", "value": "10bd2e112ca8354d2c442737240103fc9730f97be6b785af69a97ebe76f727504eccf9a89ff4b7a5566a788139e9f175", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539974, "uuid": "c830c7d9-223b-47f7-91a1-a97d5f1378a6", "value": "T1D6539FA5C5ACAE58C71441B8B654CD398723F408A5A76EFBD646C796800BEFCF0187F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539974, "uuid": "92336e0f-0c6d-4308-ac03-6f246606aafa", "value": "1536:PaAtVnz1/mUUNztiYmW6ihiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN0T0f+whWONEJ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696539974, "uuid": "90de0d07-e80f-417d-9e5a-b8d146f97f73", "value": 63772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696539974, "uuid": "2d54588a-0db9-4fe2-8523-227de8ec42de", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696539974, "uuid": "4b76e086-ca56-4862-8fd4-6cccc3434911", "value": "86c4c9acf9be58b80d7d94a8a6eb2e9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bf1ab6a-6363-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696498942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498942, "uuid": "49b849b1-fa21-4775-a0d0-e6346984f2e3", "comment": "Malware payload", "value": "8a28dffe612b26094c6e883fca8da694", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498942, "uuid": "c68dd0dc-b2b0-4b0e-ac93-ed3131e00799", "comment": "Malware payload", "value": "f6bf40e3d9bb4c7a09170e5e3bc695c925355e110eede8115fb8eb27ca85d5ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498942, "uuid": "75f0d2c2-b64d-42cf-a891-79cef2f5ea29", "comment": "Malware payload", "value": "731fbea100b7df5b8535f88630935bfdd17f84d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498942, "uuid": "eb086bcf-0b7e-4304-a07c-6e0edf7982d7", "comment": "Malware payload", "value": "f1b30097c63ec65daaf1ce2f6b347e131ccc28f99152d08f008693d172d35f8128f2bd793341882eef47dc0d775ba8db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498942, "uuid": "44120121-d558-44c2-94a3-4c83d1378349", "value": "T137C5E03FB268A53EC56E0B3245B39350997BBA60B81A8C2F57F0090DCF664711F3B656", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498942, "uuid": "21ed4b42-ffea-4834-98e6-848212249b10", "value": "5a594319a0d69dbc452e748bcf05892e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498942, "uuid": "9f49ae22-1775-408b-84bf-b61253802dfd", "value": "49152:Sqe3f6xMDdNd5rt/gLLmUKjwuJQ9iEpWHGG2J1:rSix0xYLk8SwTCwH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498942, "uuid": "9eefe3d5-09dc-49fe-a2f2-cc259d8f7cde", "value": 2534048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498942, "uuid": "a4e4ddae-86c3-4186-98ab-20e333f0d71d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498942, "uuid": "661bbd57-3534-4fb8-94ec-855850db7a24", "value": "File Parasocial.v1.08.zip ...exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25997adc-63b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1696535305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535305, "uuid": "ddeb6cac-5753-4311-87c5-f1b005eba4d7", "comment": "Malware payload (CoinMiner)", "value": "7af78ecfa55e8aeb8b699076266f7bcf", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535305, "uuid": "faa59a35-0234-4950-91cc-90fb514eaf19", "comment": "Malware payload (CoinMiner)", "value": "f7284ade2ca0aeb432cf1fdae5ab0c724f81d10b914f6d4c2c15ef0f60ff316e", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535305, "uuid": "61b32c1d-be55-44b6-8c83-1ab1530a0309", "comment": "Malware payload (CoinMiner)", "value": "432c9deb88d92ae86c55de81af26527d7d1af673", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696535305, "uuid": "70093168-8fa7-4e55-bf1f-d43fe680fbd9", "comment": "Malware payload (CoinMiner)", "value": "b7ddd9b5555e9aff319450b6fd6f06c1375e0e11895d952eb20eb643c92d5eee19caf1a168eba5d28b601524333c081c", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535305, "uuid": "43f5820e-7601-4bab-a98d-c4bba1786bf7", "value": "T13846D0C39015E81C8D7747326F0E8868386AE19C74FCE907E72E5A725325B632B39677", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535305, "uuid": "0481930c-42a0-4b0d-8de5-d897b853335e", "value": "cfc2f6e0ad47e701959f21a8d2a686e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535305, "uuid": "142809cb-c5ee-4782-99e4-3c2eb15beea8", "value": "98304:BqbZdlRakLa7Czy+JG87IlPEU0KQjvcnyEU:0ZdlRtLa7C2InBU0KQjv8U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696535305, "uuid": "5285df61-41fc-411b-9feb-084cfb7647af", "value": 5494552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696535305, "uuid": "63632c5d-6cf7-44e6-8a7c-09e250cd6b49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696535305, "uuid": "4fdc1024-590e-4c35-b119-78e6a0e8c5dd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a81cb9e-636a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696501758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501758, "uuid": "ca0e9c9c-749c-4cc4-a1bf-2b6373764647", "comment": "Malware payload (Mirai)", "value": "b41b940fcd11eb43358d5ab21f38c563", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501758, "uuid": "d4f6b435-78bb-41cc-b4d1-78c54463972a", "comment": "Malware payload (Mirai)", "value": "f8451e0bd19e4b1308c18ed952e50159f7926f5f689ff0b329769e5e7c0bbf3e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501758, "uuid": "f88b1fbe-2c95-4c41-bc8d-7a311f329237", "comment": "Malware payload (Mirai)", "value": "1a0581f22bbfb0782deb5c6adb49629eae391f74", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696501758, "uuid": "96436f64-7437-4bd4-b7c3-e44c98ccb4ff", "comment": "Malware payload (Mirai)", "value": "ecf460b9a5688444761b1e61638f0ba0b777ea7efe0adc67fde508a55f5015ed86e4448799dccc50e0f9cae4c7658c59", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501758, "uuid": "d70c089d-c6e5-480d-a344-bc710626c564", "value": "T10CD30945F8805F23C6C311B7FB5E428D3B2A17E8D3EE720399251F65378A86B0E3A546", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501758, "uuid": "f6ea4982-a1da-4234-9bfc-610305d29777", "value": "3072:P7Yt/9FDd1H8a4jA1B6iTOW9V02I33q/d:P7aTJlv4jEB6iN9VPI3Ed", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696501758, "uuid": "d7e2858a-29dd-4a29-868b-22ac01797bfb", "value": 135936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696501758, "uuid": "7c6fcbc2-6ef1-417a-a4dc-6a594c1d0f77", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696501758, "uuid": "3d099957-a72d-4fc0-b00f-3ede9cd3f174", "value": "arm5-20231005-1029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9d1a891-6376-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696507206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507206, "uuid": "395e5e39-2840-4645-bfb3-36f951e68f56", "comment": "Malware payload (Mirai)", "value": "65361f778e662fbda27c0338d6c49e79", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507206, "uuid": "0f1c4e78-0812-4391-9d67-68d55e4e13b9", "comment": "Malware payload (Mirai)", "value": "f850833f578a31d7be64cd7ae668dc51ab6544208fa0a8b1dad31415edad1dc8", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507206, "uuid": "1a635e58-4c1a-4cba-87a5-57b617cfacde", "comment": "Malware payload (Mirai)", "value": "bb28073e2c451c5b723469a90650c8145e389329", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696507206, "uuid": "8caeafde-0f46-4d35-906f-887b89b8b825", "comment": "Malware payload (Mirai)", "value": "c2bbbcbe6ff1f60c1710a5b43dead94bb27b2a3703b7aef589e182c34737afee8e7f7bfeb3904f8b04531e49247c24f8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507206, "uuid": "e6140a59-ba12-4c8a-88e4-069b2d25dd0e", "value": "T1E0230271880E8EB524303C76DBD59793B6F12AB1C5673013D6290B382F797231E5BE4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507206, "uuid": "79054280-3e44-4a7b-8b61-98540b06aad1", "value": "768:g/TYCoIxdEk+AxoTZAZHFeq8b3ZEsF9q3UELbUXfi6nVMQHI4vcGpvh:gECFd+A6YHAxi1LRQZh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696507206, "uuid": "72fe6e59-d796-4b71-80b1-26735dd44ef4", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696507206, "uuid": "9aea18e9-e24d-4b63-aebf-41bcc98207d6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696507206, "uuid": "64dbd788-8146-4590-8728-be3b155f0a97", "value": "boatnet.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acd4b459-6361-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696498165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498165, "uuid": "d06f4c60-d284-409f-ae4b-062df53a2316", "comment": "Malware payload (AgentTesla)", "value": "ddc8b07ed9d3d7e352f70f35c944e659", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498165, "uuid": "5c4cdbb0-26a8-4fe4-a205-80450db52777", "comment": "Malware payload (AgentTesla)", "value": "f94a62b2332593b4de3797cb1fb3127a682f2623d12e5f731157190526f6ef5c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498165, "uuid": "062d1ede-0766-4a7f-8f0e-96a7225409e1", "comment": "Malware payload (AgentTesla)", "value": "cf773ba9ad69bf21ed606ef099f2a4c84dba68f8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498165, "uuid": "780c6939-51a6-4e4e-a967-1448fddf4655", "comment": "Malware payload (AgentTesla)", "value": "ee13bd2ef5a07937122d55f6994d4a1ca5edc444efd4e02cfb84ff99671d38083edaad92b513ed50d50e9cc20618c2dc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498165, "uuid": "717ad5ab-e1b0-4421-8b05-58f230593754", "value": "T1D3052211363B1C33DD3D0CFE819612A547B04FA26585D7EB9ECE31E9A0F27AAE511287", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498165, "uuid": "4ab4c439-f303-430b-8e9e-206781338796", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498165, "uuid": "f9bf15ab-a892-45fa-b01b-e626a52b8877", "value": "24576:U7Ax5uP5y8dS0yFjh5UsApeQmMJ9xGtgMmhX:UMxA5yOS0Y951pQfoqhX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498165, "uuid": "f535170c-2554-4cdb-af66-c7dab8c51a61", "value": 816640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498165, "uuid": "2190cd86-e50d-4427-a33a-e181635c6257", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498165, "uuid": "81dec5a1-3da2-4f88-bfd2-1b4144e3c732", "value": "Sunergy Co order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc7c05ef-639d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1696524015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524015, "uuid": "c970176e-1b9f-402d-a2a4-a58a78de9482", "comment": "Malware payload (RecordBreaker)", "value": "73cf59fddb613a5381995e640546dada", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524015, "uuid": "8936196e-0f95-4171-a702-0a616ffde6b5", "comment": "Malware payload (RecordBreaker)", "value": "f9a45d572875ee0a26c6abdab26734199736e6d536a7abae0ccf901adf7c6efe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524015, "uuid": "abf620f8-81cd-4c7d-8ec8-2aca4694e8eb", "comment": "Malware payload (RecordBreaker)", "value": "68b0a2743344f3b4deed325783c36cb722a54224", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696524015, "uuid": "fb4182b8-199f-4e34-ae9e-fa14d93c9718", "comment": "Malware payload (RecordBreaker)", "value": "d8150c8d37fe1edf66d59096c26f9614ad163a3c8a2757355eac4135d6629fbf23e7b39b9b5a469160a88dc3ba890b91", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524015, "uuid": "6f8957a0-6878-4ec9-ab83-489c25bb803a", "value": "T15F75E91176F95B59F9F34FB85ABAA611087AFC6A9F11C2DF1251908E0C31BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524015, "uuid": "c1eb632b-1522-4f55-8f28-23fa9a7ffc4f", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524015, "uuid": "e3bc269a-e86f-48f5-b925-dd72d2f8a7a1", "value": "12288:lr55/YQvi8Iv71ZtBXtjxaslVndVmRQH9j4K1uTaO9X6a9Dhvht6iLfdB:iQvi8O1ZtBXtjH3dVJdk6a9Dhvh3f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696524015, "uuid": "b928f9f7-6c01-48eb-92e4-133ea767cede", "value": 1703424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696524015, "uuid": "a5eb7acc-c8b7-4267-bbee-19dcc07530dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696524015, "uuid": "4c840385-98b8-4f53-9b3e-380f7b2b18ca", "value": "73cf59fddb613a5381995e640546dada.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cae46f2f-635b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696495639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495639, "uuid": "aefd3c4f-f4fb-4c92-b181-337cdbdf63a7", "comment": "Malware payload (Loki)", "value": "93d7401a45b5695eebacb757a4bc68f2", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495639, "uuid": "2ffad83e-f6ab-400e-b790-05181437c7ae", "comment": "Malware payload (Loki)", "value": "fa2fc48f4d1662b5e5173965a80eed264d66ed5c22ce8ce56c536082073908ef", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495639, "uuid": "d8354aa0-25aa-4d6e-8eca-e86a5d09549a", "comment": "Malware payload (Loki)", "value": "050e7f299b7e2327be0b3a2d6c09a1fe319763cd", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495639, "uuid": "642fc4d7-e262-45af-a1a0-37154c8e3252", "comment": "Malware payload (Loki)", "value": "f8382a1e1c35eccfc753df504dfc48758913ec65fbf1e9ca221455a2ea0b4b9104fd04ecbf5d1408fad81fa205948a18", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495639, "uuid": "d3af1d9a-e08a-4910-bafd-80f7a52fe5be", "value": "T1DB45E0039904DB93C00D83F87E133AD91E0E7F19E5D5AADB14A37B8B3A35BA3095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495639, "uuid": "abf9af04-36b6-4f9d-93d4-d3e96ebc2d88", "value": "24576:2WQmmav30x6Zy7w6VZ71A+IZyfw6VWBBAT5NsbWUwHFpk2DM/yfhw5x:rQmmQ30qf6VsL6VGWTHY9/ypy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495639, "uuid": "94cfaef1-e813-4706-a52c-a3ab53573b71", "value": 1208832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495639, "uuid": "35b5dd05-c2a6-423c-b049-8e5893c9e524", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495639, "uuid": "9fa4c792-f763-4d27-a9f6-55f64a03021d", "value": "PO.0921.0019_2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a502ab5-635c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696495852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495852, "uuid": "d77bccd4-da85-430e-aa4d-5a5bf5ad432e", "comment": "Malware payload", "value": "374bc07b055a050698ca0fa5b09ae485", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495852, "uuid": "7faccb6b-f947-4224-af2d-738b4ae1d229", "comment": "Malware payload", "value": "fb0b447c4b377c4bf8e64f6473fd54a1d9434ad06c863a21233cd8bb112a1f68", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495852, "uuid": "b6e6531a-c153-4d24-9ee0-b728b73119fd", "comment": "Malware payload", "value": "3ed23e2fb72c484d64d70e1baccbed935560dfc6", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696495852, "uuid": "70bd743d-c2a8-4162-8b35-6702bf78638a", "comment": "Malware payload", "value": "01d2c6d57441c7a5e469b8d581dd7fea3541437f9c2d179684c63a82525006c75077aa8fb6511982a429c783d89f1656", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495852, "uuid": "05073be2-8c53-4018-a4e8-103dbe01d564", "value": "T176448ED373504933D398CB3956E34FE2932EFC2BAE1B46162305331ABA77AD455121B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495852, "uuid": "3946491d-d834-45cd-9fb5-c3c1d6625605", "value": "6144:18rmjPOtyoVjDGL61EfDlavx+W/IEU14EwSygNgpLnJPHCl7qg6mFdPEKb9jpppU:P5q1PHi7b66V9H0MYkq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696495852, "uuid": "b944fa6b-f258-42a5-bfba-84e659076c04", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696495852, "uuid": "287dfa6f-344f-4162-88c6-723ebc9ef45a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696495852, "uuid": "d3c6bb5b-6413-4eb7-b21c-5fea811f0182", "value": "Margaret Zwane Rosettas Invoice 03-12-2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28970d0f-63c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WhiteSnakeStealer)", "timestamp": 1696542611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542611, "uuid": "ff8581cc-242c-43b6-8eae-c5d970b66461", "comment": "Malware payload (WhiteSnakeStealer)", "value": "1edb8aa1adacda31bc98064b1634ddea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542611, "uuid": "0a2782d1-5808-4d12-9822-4ef5714906f0", "comment": "Malware payload (WhiteSnakeStealer)", "value": "fb33ecb0d51761b0bde6977c7ae7eec18fd4c326bd73f3f4fac32e9abfb18575", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542611, "uuid": "249398fe-f5f6-410d-b1de-9c808f8181d9", "comment": "Malware payload (WhiteSnakeStealer)", "value": "7dc5aee1dd577b61a41a5001d465f0606bb33618", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696542611, "uuid": "8e507e56-4f35-47ce-8221-5e0f167946ad", "comment": "Malware payload (WhiteSnakeStealer)", "value": "36daf2780b52fff4f3da3211aa378fb7a70b400f78bf5d67be7642ef09ee1e0582ed1c06785476fde13728bf4ad557f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WhiteSnakeStealer", "colour": "#B8CDAF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542611, "uuid": "14dca797-3253-4891-8242-5239193ff0b2", "value": "T10134CE1CBBD6FBA1E1AF55B54490536443308243A692F70B3DEED8A11FE23C25A464BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542611, "uuid": "876f24c9-c36c-4d0c-b795-1262285f2d8b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542611, "uuid": "9a05af03-a767-4527-a79a-be083b708c34", "value": "3072:GQ2NGV19gqU3pJpfYTCOoShKmECPTKBWFPkl6WQre9Q29bSHXGhrD9HA2AF+q73o:uGDCOoSEmkWeILe9z9bS30AzHe0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696542611, "uuid": "454fb1cd-8c84-4ad1-a594-0ba6cf0cf68e", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696542611, "uuid": "727f30c2-7ded-489a-8e20-5f9f7bfcf9e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696542611, "uuid": "0b968dd2-b27e-4a59-9c24-e307aa692475", "value": "1edb8aa1adacda31bc98064b1634ddea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95c79c5e-6379-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696508435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508435, "uuid": "7d127662-4e18-4ddb-97bf-05e04bdbcf8e", "comment": "Malware payload (Mirai)", "value": "3970e8a772c9a75b93b09265875b596e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508435, "uuid": "e3f0098b-31d1-4051-9937-c792321e0e22", "comment": "Malware payload (Mirai)", "value": "fb3cad277b8eb921f8cc0bb016a7147d40c7b31d55f253242bb5c1cb7fd8596e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508435, "uuid": "9e082eab-9433-4471-9cbe-c7f82ef518c0", "comment": "Malware payload (Mirai)", "value": "a6863fa668722c4b49d224678f9136fb94745376", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696508435, "uuid": "a6bac247-65b8-4f9a-8643-36a705088d70", "comment": "Malware payload (Mirai)", "value": "9106929fff29bd2ee2355ed800b06d56ba0d1cc0740ab63f205504f92023cee65d88f429b46ef32f4116e62721a546d5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508435, "uuid": "bcaf485f-9b30-4ec8-9345-251edb00a74d", "value": "T14482CF30619B75F5DBF14434FAADCEC6A71A0BF8D1FC32921659AB78894610211F92CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508435, "uuid": "14277329-4318-4412-9972-a7004ef22549", "value": "384:MjlzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMaavhymdGUop5h5l8:6/V0P6+kom0tVAoNvm+to1Us3Uoznl8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696508435, "uuid": "76f8a7f3-8c28-40a8-a6b8-edcf10fe3f0f", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696508435, "uuid": "78c67ec7-6e17-4d9e-922b-68441c13bd7c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696508435, "uuid": "6f5513d5-30d7-4bdc-9809-932e673610a4", "value": "3970e8a772c9a75b93b09265875b596e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "596dc167-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696496737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496737, "uuid": "6a3714a7-aaed-46b7-8ead-687b01d8cc89", "comment": "Malware payload (AgentTesla)", "value": "83eeefabbffbd97d45782f55dd6ed246", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496737, "uuid": "cab0b90f-cdb7-4ed7-aa47-9b252f2a5ab1", "comment": "Malware payload (AgentTesla)", "value": "fb515d3ef8a4e4a47487b5107d5cbc343a74cd56432e00473d6027f700f9f971", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496737, "uuid": "ef17cd04-6101-48ca-8925-19b11298da2b", "comment": "Malware payload (AgentTesla)", "value": "7b0e6024cedb9ac7a460b2971ad74d9e5db52d92", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496737, "uuid": "2eedbb2e-e4af-4080-83bc-653f55fbbbfe", "comment": "Malware payload (AgentTesla)", "value": "2daf57401004a3b1634a93ab45e3235c833c6cd65e5977563b7979f874ca4509b0c3ec34bc81080dcaa09fca9cf6614d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496737, "uuid": "946fda04-1aea-4ab0-a1de-da2dbf52a1ab", "value": "T161F423797193463E87BA637BBBB736CA324131CD35E5A395B8EDD3BD970D0882990012", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496737, "uuid": "cd3d2f85-8422-42e2-bd2c-38299e0cb163", "value": "12288:qeFC6yme9ozewx0CRFERpcA4g37ipJZaE2ZHO4UrubYa+M7bEwhrnbdHg6iHDrG:qeFfyNw+CRW+Q7YZaE2FZUCkglhrnhXh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496737, "uuid": "8ae124fe-5753-41e7-ae24-3ade1239e37a", "value": 728065, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496737, "uuid": "8423e68f-05a8-47a4-9e19-9f06c9bc9194", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496737, "uuid": "b7ef88e8-403c-43ac-a14e-3fef4c09b933", "value": "Payment Swift FRC000763 04.10.2023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56b971ba-6387-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696514342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514342, "uuid": "4615dd96-a567-48b3-895d-9f9a4d0c7773", "comment": "Malware payload (RedLineStealer)", "value": "66140b6c6b97d1c0c3e382102b2a19c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514342, "uuid": "b0fb47cc-b032-4d51-bd4c-f038c2037aa4", "comment": "Malware payload (RedLineStealer)", "value": "fb62036b2b3393d3e90fe8940e8a624e3ebeaf17a51f4650ff664008e5513fff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514342, "uuid": "cb154d1d-b696-42ef-bba8-c4c5e81e0362", "comment": "Malware payload (RedLineStealer)", "value": "574be618754fa12282364d46d72a955646bcf186", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696514342, "uuid": "07ff7969-3c5a-499f-bade-364632301782", "comment": "Malware payload (RedLineStealer)", "value": "745b0d3eaa67abcee1279dbe0871803ba86879b4f08d295aef09aafafe679fd7081d17c00b96bdb68ef1ad9297d97322", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514342, "uuid": "e11df3fc-8d38-49c1-8d6c-7da38982a0ff", "value": "T1A5952356DAD45422EEBA277069FE139346327FE15CB9839A32C1B58E0C712487B3077E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514342, "uuid": "8c23285d-5850-4ac9-883c-f2586e857a6e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514342, "uuid": "980a67d9-a4e4-4a1a-8b43-81283c68ff65", "value": "49152:FTCaDSHlyM2DKqNhHz7Pe/9P467kEYDfukGpuS:BCaDSFyVDdW/q67kfunuS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696514342, "uuid": "f45094c0-f67b-46b4-bdcf-6e9a3baf29f3", "value": 1921024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696514342, "uuid": "7c6f5b9b-3f8a-4ebc-ade4-1e7cde3ef90d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696514342, "uuid": "4902eb73-8eae-4281-b488-c407613fc338", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a877c467-6352-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696491715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491715, "uuid": "72d7f877-4750-46fa-9d13-33ea1a8ad3ab", "comment": "Malware payload", "value": "b29727b574b9bb1fe9eb30d548312999", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491715, "uuid": "dd6799e3-75de-4457-b485-8ac2a7ff6716", "comment": "Malware payload", "value": "fbc90db8e09ca074482821937887a366c9147ae3856e0da5e3ed23210a44a10e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491715, "uuid": "42fa5ccd-7278-4b34-9a3b-3e57b006b654", "comment": "Malware payload", "value": "f33fc8a2b2de988eabcbbcc6ef9b8fc9a1a050d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696491715, "uuid": "b0854fa3-b17f-4e36-b3b9-b8b3744649ad", "comment": "Malware payload", "value": "6739addfd9d13e5d326f55ce57da7d226e171544f0ca0daf113ee8a8d33e8cfa1fdab3a76ddc72dc0becd6ef85fcbd9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491715, "uuid": "955e3d6c-4e5d-4b7f-860e-92585371ff88", "value": "T1E3D5B0237AC184B7D2A34232585F737AA9FAD7700B3085C7D7D81A2D4E709D3663A693", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491715, "uuid": "035e8f6e-451c-46e5-8bdd-52f121b2140b", "value": "67ddeb62e2d3eba9e59c03db3f4ae9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491715, "uuid": "9dc9a550-fa95-4394-81f2-d5694a0d2cc3", "value": "49152:0m0JoXeEmGqVLPclSVOOKWcMyzXk1s8AjbapS0EnQ+fdbj7Vg5rlKPbs171w0Uhd:0m0JoX2/r7VXKWcMyxf1bj7Vbs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696491715, "uuid": "7107f1cb-a54d-4635-936e-744af5294e6e", "value": 2950656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696491715, "uuid": "916d77ea-d31b-4c5c-9087-b2a0b9cb01aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696491715, "uuid": "2ee247bf-6463-4b65-872e-06f1ddd58787", "value": "fbc90db8e09ca074482821937887a366c9147ae3856e0da5e3ed23210a44a10e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db6ee822-6359-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696494807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494807, "uuid": "50053a59-96f6-47d7-b95b-524a24aac512", "comment": "Malware payload (RedLineStealer)", "value": "db271fe34507c6229439100abf5458f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494807, "uuid": "78216cf9-cdad-4a5b-be70-eb1b3063c24c", "comment": "Malware payload (RedLineStealer)", "value": "fc43e409ca887fe8f98079100e54a442b7ab01a2743d7e195ba2c8358a1152df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494807, "uuid": "fcc29568-f3b8-4bca-81ad-efddd4014978", "comment": "Malware payload (RedLineStealer)", "value": "4f91ae85bfcae380a52e166041079fb10087dc79", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696494807, "uuid": "7368ea90-a6f5-4e54-90e3-c7c75ef61066", "comment": "Malware payload (RedLineStealer)", "value": "45180486a5aad21419710b164a8aee63db5f23e872393fbba767e9ab91cc9e4921e1413b811e7f250439a999b1fd35ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494807, "uuid": "e9311c69-0f43-4754-acfc-9b9da4d347a8", "value": "T16B851C1176F94B59F9F30BB966BAA6D1497ABC6ACF11C2DF1260904E0C20BD0D970B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494807, "uuid": "06ab15bd-6859-4313-9527-f67ce4c92cb5", "value": "2d720d38a8fbabead5b576804bc154eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494807, "uuid": "18901439-da84-4e8e-8002-b15d9471ee3f", "value": "24576:f8vuU6B2xlhtLiLdP2sN6a9Dhvhhn+edqjz:mxlhtLM2w6a3v/n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696494807, "uuid": "6cd20710-c3ce-4073-b812-f6f059cffdc9", "value": 1845760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696494807, "uuid": "8813db6a-8d56-4ab2-aa09-91729710a7d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696494807, "uuid": "5ca1f9e8-8e05-457d-8330-d967aa689759", "value": "db271fe34507c6229439100abf5458f1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2629befe-6312-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696464009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464009, "uuid": "d48e5f63-26bb-4612-aed0-c1b3994840bf", "comment": "Malware payload (Mirai)", "value": "1215abc7ad7819b5dd4b65650baa53d1", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464009, "uuid": "da01af76-42e2-4fdf-a18f-e86ebf007919", "comment": "Malware payload (Mirai)", "value": "fc44bf518cd59443d3738066a2025f4cd96d99947b7b58521f90931684d82837", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464009, "uuid": "73771d16-bf7d-42b2-aff3-3d069997acc4", "comment": "Malware payload (Mirai)", "value": "a9fc7982ea107be903404ce3d676fe23c5a78aac", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696464009, "uuid": "0616f5cf-7bd2-4a10-a451-385617071939", "comment": "Malware payload (Mirai)", "value": "39ae2996120c2bab9d5e43d9002d73581384ffb6a9bf5322a33852bcdbe9919f6aa1b8848439e5c73ef77357e8af109d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464009, "uuid": "7ec971d7-24ce-4abd-84af-bb63174c7a78", "value": "T14B530682FC81D906DBD4137ABA6E51DE33253399E1DE7207DD126F103ACA91F0DAB192", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464009, "uuid": "848ce4bd-f180-4742-96ba-dfffc143dd10", "value": "1536:8YHNGMHaqnltQ/SiUKB/4+GVqyClJtBO9JM2:8YtFHaqndKxbL+JM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696464009, "uuid": "cf823559-9418-4321-b870-5c3683204ed4", "value": 64040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696464009, "uuid": "1cce4cb9-893a-43b1-811b-54c809769595", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696464009, "uuid": "cd3beb53-ce86-4fbf-8dca-8954900ed620", "value": "0xh0roxxnavebusyoo.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73bf5437-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496781, "uuid": "c8efd360-e4b7-475d-82c0-c4bcc9cd7935", "comment": "Malware payload", "value": "9e600af903f452aa0a91374fc59ccb46", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496781, "uuid": "ab723a5c-aff3-42df-9d07-d253c7b3c0e8", "comment": "Malware payload", "value": "fd3c386426438714341927536308c47605c8c108ea1d6131b51dbd21399d1f3e", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496781, "uuid": "8f644144-3427-4d2a-b886-346aea96a360", "comment": "Malware payload", "value": "dcd30a36194aa098aa8872a7b4b56873b1b9004c", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496781, "uuid": "43bae72a-b398-4851-84a3-c8dfae149500", "comment": "Malware payload", "value": "287e74ebd6037d5bf9f597fde163fbc9006af22c2188890b660d16a019cb7c0c370585c1bed678cec6780f863de4b87a", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496781, "uuid": "7c640d24-1d19-4d70-98fd-604055774417", "value": "T1E5E4F0E7BD9443BCC35373384D519C63A98D5CBA8DC4D2161CB32842D598DB82BCABE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496781, "uuid": "8ede14d7-3f03-4ef8-8db6-59060fe72d66", "value": "12288:altT5a81+WehYCeU8CA5v4xXGI/ChBiBgMKLeAO7R85osO:sT5ePh98CMgXGI/I9LebR86", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496781, "uuid": "96d545e2-810e-4ff4-860f-5111646a7ba9", "value": 685298, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496781, "uuid": "f7a25bf6-d366-4a54-b896-e5b5af594933", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496781, "uuid": "752ea851-84ca-41e6-b3cf-f17f4dab28ca", "value": "scanned_invoice.xlsx.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7fe8415-63d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696546824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696546824, "uuid": "949508b0-787b-4b0e-86a4-f2aa0ab02f5c", "comment": "Malware payload (Amadey)", "value": "5e37c9149bd18a7bf2fd40140b129cfe", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696546824, "uuid": "c26f2059-3c18-4eab-a178-40844160a0f3", "comment": "Malware payload (Amadey)", "value": "fd42fff03752fe763d0e90f0c164ad376edaf3c24b7bc872c70ecf236ebf9f10", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696546824, "uuid": "92962b38-53b7-45d6-9240-69722d958e03", "comment": "Malware payload (Amadey)", "value": "0536555056dc6b6420f78c837a53c17adf2ff407", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696546824, "uuid": "fbec1796-6569-4cb2-8330-879a23b42f1b", "comment": "Malware payload (Amadey)", "value": "be97322293534e894560cb5fa51f7c211d78ba1e883896075697b8d2c6df800dfa66232febe046152c048a80a75a5aa3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696546824, "uuid": "dd1bf4d5-647d-49a6-a346-e244e76e7f29", "value": "T170952357E5D6B072C4343FB188BE06832731BDB24D79869B2350AC5E0971787A271BAF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696546824, "uuid": "de3a8246-0816-4d7a-8f6a-d2deafad003b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696546824, "uuid": "2b4b06cf-a5ad-4c83-a81e-c279e5cf6fea", "value": "49152:DkMcpiRfMeuhhdCdkEq4jbv/nV7zEV7T/u3Tn9:oMcpgzuh6kn4/kT/u5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696546824, "uuid": "57e0ade6-b943-441c-9fb8-d1b7e15f9c38", "value": 1924096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696546824, "uuid": "5dcced6d-a6f4-4e63-85ad-fa4f6c1c9383", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696546824, "uuid": "1592334c-4107-4c4a-825d-2243ce96eae9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c68f1c9-63a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1696525626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525626, "uuid": "42569cf5-c751-437e-93c0-7d6a564b85b6", "comment": "Malware payload (Mirai)", "value": "0c0d6d1bc526ba85009a4397aafb17a8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525626, "uuid": "cb6454c2-5376-4759-8cdd-bc2ef285da65", "comment": "Malware payload (Mirai)", "value": "fda1a1655550f0158de3742c87ed68e78aa5bccaa4546e8de39492fd1762f183", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525626, "uuid": "11196a13-8b66-4a8f-9046-a2da412dddd3", "comment": "Malware payload (Mirai)", "value": "c77be4ac7f0300d66905101801648ae61ab29483", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525626, "uuid": "3f6b6f0d-dbc5-4a26-b85d-639329178562", "comment": "Malware payload (Mirai)", "value": "6071d5c26a998c46318cb6519d819b3846d460e7fb5e6588edeb282410ab2b6b24bfd53ff20d17266e6addfa1a4c0980", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525626, "uuid": "3e885014-f04f-4ea4-b107-bab4c935f465", "value": "T18CB35A77CC6A6F68C255D1B0B0B09F792F63A58182871FBA54B6C2B54083DCDF605BB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525626, "uuid": "e43bbbc2-0d22-4820-b869-0ff92da8c909", "value": "1536:1a97/6/q0AmnCl3L9KklcCRfKIKRnLvW4PKafz8pWks7ty8kL/z6:1y6HCl3Zn+MCISxPKO8WL7t4Lb6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696525626, "uuid": "8a51a98d-c6b9-4ed9-afe4-9a0b3f8f3618", "value": 116544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696525626, "uuid": "f1325352-e20b-40c3-b7fe-a32ed36b6a06", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525626, "uuid": "feaf8dca-8e2e-4113-9a1d-6b319612b45d", "value": "0c0d6d1bc526ba85009a4397aafb17a8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc990fea-63bf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1696538672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696538672, "uuid": "2e53c8c5-c5c4-42bb-8345-189675c8e739", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "5619a2d76e86bd63d598f8118cf6fb59", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696538672, "uuid": "6b56f3cd-77b6-4183-aa95-1e2e620b304e", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "fdec386da63058475415d75ff5a0c1e94095cf3ca17ea25d542baf2d26f04fea", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696538672, "uuid": "822b40f3-131c-41c0-ba03-765c97f62d40", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "c2935688d4eb3b0d3337f84fe5eb699d5c15c196", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696538672, "uuid": "2eeb8a63-2093-4275-9a78-9d0cbc72be55", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "dc7459127cec68a1a5c7dd2ba860b4516bc8a894effdddfe02769c9d8b946ffe11d0368203c7ca5f9d4002f50bf9120a", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696538672, "uuid": "bf25c2f4-33e7-4cb3-92e8-7c6552f9d37d", "value": "T1FAC62234B4E1644EB6F74E42577D772FC1BA7B368BC9C45E1E6DA088510223CAD7CA28", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696538672, "uuid": "a540da4c-a914-4e31-ac3e-c609ee12eee1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696538672, "uuid": "18ee366f-9e20-4cf7-b742-19893db97180", "value": "196608:JG3adCGgsJsBFSmKAvVxaATV09BtBJ2MkkjcpZ6+ZzIJc0Dec3KQHooYod:JG38ChssHSIxt0ntBSm+Zsq0bH4od", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696538672, "uuid": "bb3efdc9-316d-4ec4-8567-c214c4c42266", "value": 12072960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696538672, "uuid": "1825117e-c53c-469a-8a8f-cb236c6039d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696538672, "uuid": "7f8f41f2-9b60-4025-a017-550184a4c5d2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7555b606-635e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696496784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496784, "uuid": "20a53e98-24bf-4233-ba2e-d949fadcfce7", "comment": "Malware payload", "value": "541319aa9638c234524ff42d8112f699", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496784, "uuid": "7453b613-b487-470a-bec9-608b53db53e6", "comment": "Malware payload", "value": "fe17d97137655583bc1e32136e3a5a94cb1e7f3c0d415cfd981e8856dffb8c3d", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496784, "uuid": "9b8f56b8-93bb-42a8-8648-5bf321d45eeb", "comment": "Malware payload", "value": "281899b7d51cf6922d4301027fc4d18a7e869812", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696496784, "uuid": "3f89b4ee-19d9-453c-b495-1d415207d0cd", "comment": "Malware payload", "value": "34c39622520a9fd1491e98da80813f3aa6e626e9c6b0f4e6976d8a9afc292c0d1a379a3d8064f82bdc6eff36854ee214", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496784, "uuid": "0095a8bd-99cd-47ee-a2d5-7e80e15e299e", "value": "T14F11442D6ED4C805DE97FCBC434AD83AAF6A0079148DC0530AD0F0860628D942E1FEC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496784, "uuid": "700d8a2f-0a9e-4503-8a5c-31e8090ec739", "value": "24:9kfGtkMqGyE4km6gsZkaR0hhGuHKy8qizi+xgSx:9JtMdbH6zd4f2Px5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696496784, "uuid": "8853577b-0d3f-407a-bad9-dfe8d40c85b7", "value": 1010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696496784, "uuid": "f7a78293-b2c4-495a-b603-83af62cde9f6", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696496784, "uuid": "9b89af2d-b6a4-426b-89f7-1a84eacbecc2", "value": "Test.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd55df4d-6355-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696493146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493146, "uuid": "8bc69f1e-5ba6-43db-9828-676b0b66c6f2", "comment": "Malware payload (AgentTesla)", "value": "dacda1d5c7b55e5a2c1c9752e20cd766", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493146, "uuid": "f8234818-6790-4959-a41a-773c030cd937", "comment": "Malware payload (AgentTesla)", "value": "fe23f7bbbba319058a27e9ccc6382117d5b1cfe76d55f8657d262dc91cfe4f9b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493146, "uuid": "1a35b91f-ebec-484d-9567-ca0e9d725e7b", "comment": "Malware payload (AgentTesla)", "value": "26c1433fbfeac67f8f76d0832da31c486b6bc33e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696493146, "uuid": "e254e8b1-52bb-4822-be8d-e182597c31af", "comment": "Malware payload (AgentTesla)", "value": "1c44d3c1059034222030b6131437dc9ba247361fae6e3caf3a2e7b99078fb1176904fa4952cb71f504c4abe81bba83a7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493146, "uuid": "0be6239b-742d-4311-899a-c6a527f3255c", "value": "T1AAC42342A2F6D6E2860D73721A97F34D91CBBA65EFF3C938FCA911C35C017588E502A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493146, "uuid": "a6118218-6509-44e2-bdd0-cfc07536cad1", "value": "12288:U5COMIcJA9XgZIzpIGiS1V4qLZ9e/XNVLFMmhHsd:UkReXrZ4kKvNV5zhHsd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696493146, "uuid": "80beb033-e349-46f2-8d61-27947c43994e", "value": 548933, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696493146, "uuid": "e01d9f45-f957-4e62-88ab-474ff666a9f1", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696493146, "uuid": "da61fa2f-4192-4b36-a69e-0d443f214390", "value": "Payment Swift.pdf_______________________________________________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a12b5eff-63a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696525633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525633, "uuid": "4b5062f6-aed5-4e24-925e-35085ea0fbcd", "comment": "Malware payload", "value": "eab50a6f9032de8b192dabb49fe19f32", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525633, "uuid": "17c86df6-3545-46e4-9309-5df2776f162c", "comment": "Malware payload", "value": "fe620c22d3d3179311a5b1d616fd0048bafc4866acc03023c974487607973e0c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525633, "uuid": "84e686ad-cee7-4924-88ad-8f7089b2d146", "comment": "Malware payload", "value": "7008341dabfba97dbcf371697d031315d956e0dc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696525633, "uuid": "dfa50e8b-fd69-4cd2-8bb5-683d23e190ea", "comment": "Malware payload", "value": "367e2f8021a9535a37b5d94c31f58d6a78740185cab7b96a4aecb94570d32b66216428d60be421e9572f2c48fca7c8c0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525633, "uuid": "29db1121-4962-4893-bb4e-ea009d7e3676", "value": "T117941221F651C0B1C45A84B54460C6BCAF79A9F19196E98F379837FF6F203C2E72B291", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525633, "uuid": "c2edd0ad-6e20-42ab-bfca-ce1444f4513b", "value": "046dfae6c2280fbc36820b8f28604732", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525633, "uuid": "f701ced6-dbbf-492e-8150-92a4e08e40f5", "value": "12288:iVimD+K4D8AMZ3ccoWQQSPwwtg8LcqBq:iVimJ4D5MZ7bvC9cqB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696525633, "uuid": "a8d3ab4c-6845-416c-a595-a75ef1431da4", "value": 411648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696525633, "uuid": "87b0d7d1-f5d3-4b7b-98a7-05d060f4b71c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696525633, "uuid": "a0eb0244-adc8-4d63-b064-131321aa6c2f", "value": "eab50a6f9032de8b192dabb49fe19f32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30513b6a-637b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1696509123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509123, "uuid": "fa033e86-c2aa-4ebb-aec1-a07a16c641d7", "comment": "Malware payload (Stealc)", "value": "a9fe0abb744939c6d83aa297ffdf42e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509123, "uuid": "029a10f6-df46-465a-a490-ac0468211cf3", "comment": "Malware payload (Stealc)", "value": "ff7547b91600bb68726a31813f5455bbd2ef232843fab4788d70e0791a3a0968", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509123, "uuid": "7f319ed1-ad46-47da-becf-790e14d45c54", "comment": "Malware payload (Stealc)", "value": "eb9ad8dabeaf3a70064e0a1ca3b35deb6f929231", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696509123, "uuid": "44f72f9f-9e30-49d3-972d-208576965fa4", "comment": "Malware payload (Stealc)", "value": "983c0f537d37d32c5ff41d703b7fca59499aac237505b1620d63230cea79d3dd23f950cba06e96efc955292575c0bbd4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509123, "uuid": "35c3303c-a6da-4e54-b388-e6cab08b8bdf", "value": "T19B14D0E139A0C072F44785358420CE64BFBABC629BA5864737582B7FAE303D1976B375", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509123, "uuid": "cbc4b460-4585-4679-8e86-9b8377fd1180", "value": "b2deb6462ddc9e096b1ba263bc3b3e01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509123, "uuid": "d4ecb781-8e0e-4ca1-82a5-7aaf04450b33", "value": "3072:832sDuggNyhpguGOUkSrIYAs+cuSbfEBpSN4P5oXT0:Y2sDSEhphArrARN483", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696509123, "uuid": "9f88f15f-6a6f-4fb7-9a03-379593aa9ce2", "value": 199680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696509123, "uuid": "1a5c8043-7b8c-4d14-9bc5-ad95f4a6f1ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696509123, "uuid": "79dfbde2-dc91-48a0-92d7-0905e210d273", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b240b12-6362-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LunaLogger)", "timestamp": 1696498377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498377, "uuid": "6e1c8ead-5a24-43ac-8730-8ad325d48cd3", "comment": "Malware payload (LunaLogger)", "value": "b6bc88989728f250b472d036a6b87a2a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498377, "uuid": "9e0b7740-8136-4f06-9ef5-dc3914af9318", "comment": "Malware payload (LunaLogger)", "value": "ffaf7e8680dbd96e059072461c257ec6457e8a04113144b827c257a79e462451", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498377, "uuid": "1b2767f4-5975-45cb-b6c3-1844536580db", "comment": "Malware payload (LunaLogger)", "value": "37c7723c8d662a73c1d069732ef79ce7133a98f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696498377, "uuid": "79458450-3806-489a-8bc5-b1759b21d69c", "comment": "Malware payload (LunaLogger)", "value": "75d60268642c24d91260db7b1a293dc4b0dd9ac305cfc80e6355c25eeca6cd811a4125205c8f69d77e1c6396bcfb1894", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498377, "uuid": "f4614c36-13a1-4f0a-ac41-7f07f965baa9", "value": "T1D2473303A67118F3E5D0623A804AC5149323BD5357F0E58E47AC9B2B1FE76B9AD32F91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498377, "uuid": "23e3a81f-e5c4-4f06-b83c-d22b2856fce2", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498377, "uuid": "f0dce5ee-faef-46ff-8eca-1f313855fc00", "value": "393216:Hh3nJWQDoYNLOPhVOshouIkPdtRL5J26YD76lCOd/V:Hh3EQMYduhwwouJtRLHWmb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696498377, "uuid": "460605f2-b59b-424a-b5fa-275d5e14a97f", "value": 25388075, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696498377, "uuid": "0a8fccc4-a19f-45c3-a05a-ef92f40d7001", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696498377, "uuid": "443df6c8-302c-4358-9829-93b6ba64f3a3", "value": "SecuriteInfo.com.Python.Stealer.1153.2453.22484", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }