{ "Event": { "published": true, "date": "2022-01-26", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2022-01-26", "timestamp": 1643241781, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "f3f1996c-aeea-4c00-ba40-695166dc8431", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68513b92-7ed8-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643222846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222846, "uuid": "ddb50dae-9eae-42ed-abeb-861946c02590", "comment": "Malware payload", "value": "5b2d51b6ab2c6225f3ff07b2df5761c0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222846, "uuid": "49d739be-ef4f-4c53-9a49-7c20c0363747", "comment": "Malware payload", "value": "00110c2e6a0a9041234d4f24b1f3b238b8d859871d6124fd3f6d88e3d2d7844e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222846, "uuid": "0c124e07-80b5-42fa-a026-c5bb87a94f5e", "comment": "Malware payload", "value": "d4f701379e2576fcf741d4537f7d1112ff7090a0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222846, "uuid": "0ec962f5-be3a-453c-bd9b-63352f88a8a3", "comment": "Malware payload", "value": "c5e21252e6dfa0e2ee90d91b7c2a12d89d6cb3af0f62a65b6c915c75fd1700ac4ee9161b047d18f03aab6588c44dbe31", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222846, "uuid": "19303de6-292c-45f5-b028-5a2744a80e11", "value": "T1A6157B67A07CC4E2F19C3DB5418AB30802717D12A9F6E19BEA8FBDC5E573A47D6041CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222846, "uuid": "99ae58b9-1b1d-4055-be80-81a488d792a4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222846, "uuid": "501c2a99-0f19-4397-8a2c-df5a8e9e39a3", "value": "12288:cJZGIm8d4v/vBjpsl0j5BTzC8zpjs0s8CwvvcsXelgWhZWjF8X+bYc:cJZGImbtrC8VMTwvRuyWhZWjF8X+bX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222846, "uuid": "a5bc7948-30d1-457a-be13-889c0c4742bd", "value": 943104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222846, "uuid": "f3909d3e-af4f-47ca-bb4a-5c81f806a6f2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222846, "uuid": "b0ccac00-2814-4081-bd9f-af3bcc4392c4", "value": "5b2d51b6ab2c6225f3ff07b2df5761c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e654dee-7e90-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643191879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191879, "uuid": "7265bb06-197b-448f-947c-d1a00a853b93", "comment": "Malware payload (Heodo)", "value": "a87ac4f999b220eeb06fb09b461b51dd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191879, "uuid": "13eb15bf-aa73-4e7c-a712-f39e9a81d3f0", "comment": "Malware payload (Heodo)", "value": "00e3ce3c796307bb75269a4b48d515f6657c11c226137ed12456786819a4cfa9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191879, "uuid": "cc42892f-046f-421a-9630-31e27e6effb1", "comment": "Malware payload (Heodo)", "value": "a2ffaf618bb551229d0f1fd114acda4678ba888c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191879, "uuid": "b3a4decb-9732-4fb4-819c-119fd3a6970e", "comment": "Malware payload (Heodo)", "value": "928d378fb21d533fcf2565b02eadfd5a3abf71c0ad3f9085301fc352f4f41b71a1b3c31edb92888acb9c0393ead04672", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191879, "uuid": "7388550e-ba3b-49d4-97dc-784ff6d0a4fe", "value": "T16105F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191879, "uuid": "204814fa-39a6-4340-93b2-c634e1b5200a", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191879, "uuid": "532c520c-17b6-4287-80be-ddbddded5aeb", "value": "12288:aA9e3OrvpgqjtQFecR6dddifiHxoB3rNd9CDr:blrvpgqj2Fe+Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191879, "uuid": "2fe86876-aa65-4b62-a209-3c85ec827350", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191879, "uuid": "be29c295-c9c6-4ea8-8887-15c62376300d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191879, "uuid": "2ab8fe79-236a-4257-bb75-eb2e88c831f7", "value": "a87ac4f999b220eeb06fb09b461b51dd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59c9e595-7ed6-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643221963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221963, "uuid": "a32bf3e7-124a-4945-83e5-3860d3673d6f", "comment": "Malware payload", "value": "b22c422490d71e6ca28c4535288a9807", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221963, "uuid": "ff10f41a-be4f-44d7-8c0c-67c228cd47d7", "comment": "Malware payload", "value": "0137f297f9c06d031c7d78a23651779ddf989dbdee290788104163cc02a35afe", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221963, "uuid": "01c17947-dafb-4a74-84c8-18f0f405a6eb", "comment": "Malware payload", "value": "e6c8ff17a78a9304be7c9825662492c03da56e47", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221963, "uuid": "b499be5a-dba2-4cdd-924d-4a8b2c4bc2d1", "comment": "Malware payload", "value": "7a09125267fceca010ea5419035ebac3f63ea61a29400a20739cedecc623684fe138f7c2f42c349e28b011951d2c0f8d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221963, "uuid": "a306ce06-d144-4236-85c0-5f45efc63035", "value": "T17D131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221963, "uuid": "30e62528-200e-4e84-b2a0-f7a296c3c59a", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221963, "uuid": "f5ec6827-411a-4894-ab51-133b94ef23a9", "value": 45451, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221963, "uuid": "5db9751d-26fb-43c5-ad58-47fd54acee3e", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221963, "uuid": "7f4e96df-d436-4d74-beae-940d71d1b9dc", "value": "tmpdonmse4k", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab41c3c1-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643198048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198048, "uuid": "1c6c07fd-0a49-4ba8-a133-15e2c7f70862", "comment": "Malware payload (Gafgyt)", "value": "8bf9d51f0f624bd6be680a6eb38fce9e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198048, "uuid": "22a7e0fc-1425-4128-9861-e463ad8ca59e", "comment": "Malware payload (Gafgyt)", "value": "013ddb770b3098871d6f03366c8a069e336e7de9207a780f1dca3534d74ba059", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198048, "uuid": "a899b46d-d810-43bb-bd7b-2333f4f87167", "comment": "Malware payload (Gafgyt)", "value": "484ac9010dfa84cc0f8783270b9544b8c7fa4a5e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198048, "uuid": "814b69a4-ab97-428f-9c81-922e0a22d11b", "comment": "Malware payload (Gafgyt)", "value": "457ba8421d3236d88d3ab7b9247c891f7e534309b63bb1a11d1ce54ed64db4f9238aacb1e0958c0ab655a09ac50393ed", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198048, "uuid": "d58df8de-0795-4a3e-bb9a-71c91c31b4e7", "value": "T15B044A05DA809B17C6E237BAF79B428E73239B5467D733058928ABF03FC27995E36015", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198048, "uuid": "4fac9c35-3661-4367-9971-886c8a391235", "value": "3072:sV/Yb/dnp+eQPGq+/nTCappbzHdQLpzcMbPB7D45hLSC3zVbYM/992qEmmw3Bq/C:++bCappbz9QLJbPBI5hLSC3z+M/90qEc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643198048, "uuid": "50a395cc-2a37-4bf2-8cf4-906eac5ab445", "value": 180192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643198048, "uuid": "550f29e5-bc9f-43cf-b7ad-bed2878eed24", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198048, "uuid": "87b7ea05-e1e5-4c01-ba43-031cfaebad72", "value": "assailant.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d96ced0-7e8e-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643191099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191099, "uuid": "696377f4-9f58-47b6-bbed-01e1dcc149a4", "comment": "Malware payload (Formbook)", "value": "77e85ad8891096baba68e44b43f2f820", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191099, "uuid": "6b976a11-16bb-45a7-933d-f003506cffce", "comment": "Malware payload (Formbook)", "value": "01622d3e6d14184769fc2b052e32588b7bbd86f5a61e511f395db4695d7018a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191099, "uuid": "16b5fbfd-9113-4f69-91d2-ff1b914a7a21", "comment": "Malware payload (Formbook)", "value": "11517a0e9f4c5f39170f8083436ff6156b5ecf7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191099, "uuid": "433bb265-091a-4409-8e14-2601bb84f45a", "comment": "Malware payload (Formbook)", "value": "ea121ec6f079b1526aa80aa8fe3acefff55b35a73c1177b69d6f6dad96b26f819e23dd5e4b88f2e8dc62a41d92d886ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191099, "uuid": "b71f1844-cbf9-4ee0-b17d-b6d053e6a69d", "value": "T1FFF4C01932E08134C34D383588E57945BB73F16BB8D6F974EEA2DA057FB9B846A00973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191099, "uuid": "3bd1dd18-79d4-4ce5-b5eb-bf1909f652f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191099, "uuid": "0b0748fa-fd29-47df-a242-7a783c075854", "value": "12288:JMJQ1m+uHwBEql+edct8ABObdprU2cMmHjs0s8bwb8ekK9tqB7H5eg+BXw9orZ9H:6DeABObdpdcMmMowQekRz5etlw6f7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191099, "uuid": "6b92b661-d875-4886-9587-d2fec09edba8", "value": 787968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191099, "uuid": "6e23b6c6-810a-4eee-9f41-dcb764779af0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191099, "uuid": "9d6bf5c3-6103-43ba-8581-bf9ccca0d4ad", "value": "LVpromo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ffa8cef-7e73-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179319, "uuid": "836736f2-b4a1-45f5-b315-7f9acb62042e", "comment": "Malware payload (AgentTesla)", "value": "e492c50cd36d96131c88f57b4ee172dd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179319, "uuid": "79ce71fb-cd19-486c-896a-b0799d200640", "comment": "Malware payload (AgentTesla)", "value": "026a99bf8b1f2517d3d4514425d7c2efa2b6c47b997b5cf178ca6b8643c8cef3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179319, "uuid": "99ccedeb-eccd-4bfa-9eaa-22f6c51ba53b", "comment": "Malware payload (AgentTesla)", "value": "7eb72a639e3f791f57d53c1286a07bd68bb9ade4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179319, "uuid": "19ab4bb7-d262-417c-9245-0c1f63a586df", "comment": "Malware payload (AgentTesla)", "value": "9449f0c47ec7675b66443000a097760aa4eea8728ff7b37ffc4cfa305c5c9c189f23ffd46d7266d6f7b3dbadbb8e387e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179319, "uuid": "7a6ad66e-d708-4031-a638-77aa0ecd5daf", "value": "T1FBC423008E61D572D67261D4BEB934DB80CB4EBDB84895ECD01A733E42B520EADF71E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179319, "uuid": "d0888694-d752-455a-a605-7dcac6e5eecc", "value": "12288:z5yRtlYa3Ve47f7O9OBaJiLUGO73spPO4CO6:z5yR3Ve47f7/6vT73syh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179319, "uuid": "6fc82b19-c164-44df-b7d9-ca4f529e5a45", "value": 592957, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179319, "uuid": "4f340fc9-8c52-4471-aaf4-98c042e51cc3", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179319, "uuid": "0e37879c-e069-4aca-bd5e-f09d27279308", "value": "WQENul5h8Hda92V.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9036c43-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "b39df431-b9c9-448d-bb94-d46440747492", "comment": "Malware payload (Heodo)", "value": "37e3eb49afaa2a9922b9b3d2f71de66b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "b8f2ba17-451e-4777-b52c-002db1df5f78", "comment": "Malware payload (Heodo)", "value": "02a83d5bd8cba93483ad9dd6095491108db77af6cff8bc4424e7711d03762a25", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "a8413541-bbbe-4c81-b646-d2e9b058145d", "comment": "Malware payload (Heodo)", "value": "ee6394b6b11fbdc27bfc31a8b80ce152c49b6f11", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "8c837751-aaf7-4d18-a304-3f43c13f5ff5", "comment": "Malware payload (Heodo)", "value": "fba7dc021ac7222071c59bffa74a33d1e4cf9f5a8fe61d0434c93ff0d81ab5cbe841c74cc3fd53d3646078c32f03a2fd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "8b496066-cd17-4788-9b92-2b45b54555f9", "value": "T1BED49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "68cb9c91-6e41-4923-8679-e973f7d6be6c", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "a28002ef-3fdc-4f3f-96e7-bd75fd714b5e", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmbOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mmb/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155578, "uuid": "fb2a9ea6-faff-42f6-96a5-2b50bae89dec", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155578, "uuid": "b64df887-a98b-4237-bf00-5d12f8e85597", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "6285a014-13b8-4aa3-96d9-c6745853ac30", "value": "emotet_exe_e5_02a83d5bd8cba93483ad9dd6095491108db77af6cff8bc4424e7711d03762a25_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7731e6e-7eb0-11ec-9275-42010a9c0029", "comment": "Malware payload (CoinMiner)", "timestamp": 1643205773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205773, "uuid": "9cd5e5dd-e140-4113-a467-420c8b509ed9", "comment": "Malware payload (CoinMiner)", "value": "55607abb3559307eb49f385b533bd5cc", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205773, "uuid": "ea7094f3-5d15-4fc5-a7ca-68e9b40bc9fa", "comment": "Malware payload (CoinMiner)", "value": "02adee7984152f979df726fbe389079d929611f385bd735a3df20fda7edaa483", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205773, "uuid": "5cabaff7-b452-4303-a9e6-d2863be6863c", "comment": "Malware payload (CoinMiner)", "value": "6936f5d0ca90bd65d5dff0f6fceae7de67fc196f", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205773, "uuid": "baac2193-482d-4352-abff-533ddf9a3e7c", "comment": "Malware payload (CoinMiner)", "value": "481d1d11236113e7cd4e3feae7a6f132c8694889f75f9c808540caad4cb3b668ffaff2d67a9e8733403c01db5221d655", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205773, "uuid": "2662a151-83ff-4d79-b4b7-e6b389d76087", "value": "T1CAB423D522C11ECDD79DB23E2958468FCC8F30ADC8E9EE6EA5D4D07936F1081694836A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205773, "uuid": "8d403b78-fcc0-4a66-b0c1-71220f033ac9", "value": "6144:C4Q+2F5wkXRz9VI3zqHs5DTzrOvltkVrX/Rv+smnAscefdwJ2oni9UBCealvsYW4:Clek7VIjqS/AttnfMznf81aW56jmi4E0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205773, "uuid": "415f2b16-a7cd-4ff0-b369-1e2ed2a270a6", "value": 524140, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205773, "uuid": "cf4d0284-ec21-44c8-8aa9-9536679d74b7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205773, "uuid": "1e8c5a7d-1e77-4338-b23c-6a3ab8de5fee", "value": "55607abb3559307eb49f385b533bd5cc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5da05b7f-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643213380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213380, "uuid": "004ba203-a7e7-4b1c-b03d-1baf5949c46d", "comment": "Malware payload (Heodo)", "value": "23cc3a562bc61806c82dbd4d014c41e7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213380, "uuid": "4c8bcca4-292b-49c0-9aba-27c45f6f5214", "comment": "Malware payload (Heodo)", "value": "02bbcb2babe122a55a129a662f8e559aa75af12ac2478d2dc311272118d58e61", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213380, "uuid": "f3f5323c-2687-4816-88a9-8d3d7397a966", "comment": "Malware payload (Heodo)", "value": "eb5cbaab782c7484235b839dedf516817dcaa740", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213380, "uuid": "141a8eb5-462a-4136-9382-17c402e766d9", "comment": "Malware payload (Heodo)", "value": "2489bd061c53ca2873e6c367989aa1b63fa391feba5816a843b7926c163de80d691110cde9f64fbb9199233cf6759558", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213380, "uuid": "ceb17eef-d216-4413-b725-48fd1b4c7d2b", "value": "T106D4B24D7F918F79FC5D017098CC8B7AA995E87B4A904F022ED6EA3ED5FB1424D18C0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213380, "uuid": "419ccba3-f96e-446e-a3cd-91f1d8393331", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213380, "uuid": "8546b0bc-db89-4b1b-916a-483b3cd92ff6", "value": "6144:KfUdJ9dhe5HjGo3OvwX0ddpgqjlfBtAkIeTInkHMPtdddGLfloHxoB3d:aA9e3OrvpgqjtQFeck6dddifiHxoB3d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213380, "uuid": "5a341b12-3056-45a9-91c9-11362bdcefb1", "value": 654688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213380, "uuid": "c43cb36d-581c-412f-80a5-7629d67cbd36", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213380, "uuid": "a1f30f7c-493e-4f95-8518-0711a232682f", "value": "23cc3a562bc61806c82dbd4d014c41e7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a97aae16-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643207064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207064, "uuid": "f695660f-f65e-47cd-9934-f761f95b2c01", "comment": "Malware payload (Formbook)", "value": "bb44941c0a3e7ee0e56005d6a3f874bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207064, "uuid": "28a2aa11-5675-451b-b4c0-2bc4f7cb42af", "comment": "Malware payload (Formbook)", "value": "02bfed3a2752173f23d3005a9b2bc6834b76f52b48e4e3598268be8ce5ee0812", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207064, "uuid": "7cc9a974-59fc-4551-9eba-1b4083dd590c", "comment": "Malware payload (Formbook)", "value": "296606eaaea2610e3e98196f56a18608564f1621", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207064, "uuid": "5b7a6881-7977-4165-bbd4-cb3381420ea1", "comment": "Malware payload (Formbook)", "value": "6c402ffb74b4cb99dc8fe5383e98136a0f6f0e7513710b9018a44fcf26204eddb9a289fb12f28062f871f2705bece076", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207064, "uuid": "31b9a74f-bbf4-4104-9881-5a0c7725d710", "value": "T170F4DF1672E0C134C39D2C3988A07951AF33F16B78C2F964EEA2DB457BF5788A614973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207064, "uuid": "84c988d5-d8d8-4ecf-b9cf-0f72fa049844", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207064, "uuid": "8a77e13f-9dbf-424b-86b2-187076e2123d", "value": "12288:k8dQ1m+uHw7aqlacDcNNSxkh9NmXD18rBsi+M3Hjs0s88w78kBJVEU2FWPFIHX3+:tXXSxkh9NmXD18Fd+MzMnw4kvyXF33wP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207064, "uuid": "30d91dcb-da69-48ff-b617-115047a62fee", "value": 773120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207064, "uuid": "de6aa943-674d-435f-97a3-f052f6993f67", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207064, "uuid": "70c24522-cbd0-43e8-ac12-02644103e66a", "value": "Payment Slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81afc7e2-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217735, "uuid": "707e83c1-883d-4a56-bc28-ca4b25f3eefc", "comment": "Malware payload (Heodo)", "value": "73ff2f76d708576576925501697a333c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217735, "uuid": "bef1f3c3-226e-4477-80ee-8c15f9f84f2f", "comment": "Malware payload (Heodo)", "value": "02c68d6e586e5865d36d9117984951546955747591f0a035014c05d9cb1ec79f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217735, "uuid": "16103888-11d6-4e57-84b2-4e535f37f778", "comment": "Malware payload (Heodo)", "value": "8166b591ef2ec02a4ba73df7ed5b3fe2170e33ce", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217735, "uuid": "3cff3685-9fb7-4344-aed2-c5f97816c620", "comment": "Malware payload (Heodo)", "value": "a515021298f3fc918457274c0caf6e070b795cf7846b820dab9da4dbb5554bacbabd56e2f0413570cfb2064bb0efe535", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217735, "uuid": "2edef364-2f34-4f36-a439-7b35f8d7411f", "value": "T1BD05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217735, "uuid": "b52158c7-915d-43a4-9064-b52383929a64", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217735, "uuid": "33b24180-e944-4258-98c2-3e2b45911703", "value": "12288:aA9e3OrvpgqjtQFecc6dddifiHxoB3rNd9CDr:blrvpgqj2FeFQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217735, "uuid": "468cd21e-640a-41c1-a882-0a0aaa4be963", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217735, "uuid": "f6f21ade-ee04-4490-b60b-5a694c2f0dd9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217735, "uuid": "018f6a67-0dc5-4db4-a90f-5e9710965ad8", "value": "73ff2f76d708576576925501697a333c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22b5ffda-7e98-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643195242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195242, "uuid": "ecd39582-bd8b-419e-87ff-5f3aa2b1a7cf", "comment": "Malware payload (Heodo)", "value": "bec841e3d4880dcd6be83b5a97ae1bdc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195242, "uuid": "9e23eac9-d366-42c3-a7b4-6092bed771e6", "comment": "Malware payload (Heodo)", "value": "030539c5aac059160d35a9adf5eb06ef81f5a8c1feebf39924b65c6c6711563b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195242, "uuid": "a4878c55-a885-48d2-b3ff-4a3fce670b56", "comment": "Malware payload (Heodo)", "value": "ae5de9d82591b5cd5775bfd5ce5574d272fee412", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195242, "uuid": "49770695-d294-4da8-b9d1-a9787109980c", "comment": "Malware payload (Heodo)", "value": "2d9af4d0326aaa50a35f94f0d0bace121fd1feaac104a2e2f77072aa1cffa47fa02a2e00fdfad6c383d08df85e5fdb6b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195242, "uuid": "c82d2773-7712-48bf-892d-27758750bc4b", "value": "T17905F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195242, "uuid": "74bf89e9-3e2d-4e76-9414-93b80dbf199c", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195242, "uuid": "ecade735-3e9c-4bf8-894a-354048217a5c", "value": "12288:aA9e3OrvpgqjtQFecJ6dddifiHxoB3rNd9CDr:blrvpgqj2FeOQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195242, "uuid": "9fdcd12b-f3f1-4443-bcc8-b744e03bf059", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195242, "uuid": "822b16a5-9e0f-4949-9b8a-a688073f40f5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195242, "uuid": "eb4d5886-e410-4918-9cf1-80b5c24b9798", "value": "bec841e3d4880dcd6be83b5a97ae1bdc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b151a2db-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643199347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199347, "uuid": "9cc1b4ae-31dd-4eb9-932d-02e5a0a4a331", "comment": "Malware payload (RedLineStealer)", "value": "7c53f92fe16abad98afd4d0044d57725", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199347, "uuid": "fcc66a08-5ff3-43e3-b96f-2332316600a5", "comment": "Malware payload (RedLineStealer)", "value": "036a6af7c59dafa52a82f22b6ddbb5a4e1f1757d20794e862d8fb5806e366dc4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199347, "uuid": "7cc01b92-e732-4e0a-adf9-192abf293eaf", "comment": "Malware payload (RedLineStealer)", "value": "ba372a7cbb7b7b064b349eb24073f97ad5de174f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199347, "uuid": "6e3846b3-bd45-4b9a-a961-905667f1f271", "comment": "Malware payload (RedLineStealer)", "value": "383b6e89000c3112437b55ab67f2d711e17fe313fe71b2b63dee402cc37e69ce03101be4ee190f6c5012476684e69ae7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199347, "uuid": "5059e5f7-2181-474d-80f6-0176e130b7f7", "value": "T1B6A4AE00BBA1C035F6B356F54AB9936CA53E7AE15B2450CB63D12BEA5A357E0DC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199347, "uuid": "b32e5cd6-b575-4660-86e1-7f298c1626e8", "value": "4bcde812b040ca4f517d950272a8fa16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199347, "uuid": "2e25cab0-3210-4a34-8a09-6c4b04c95290", "value": "6144:3m4V/JLXftkA524vYZaBlu9SEF5//L+1hnvZ8mtyssNoXqIhmm5oxBxP3cB8aZf:W4lAk2abgjF5//L+1hh8mtXl7op5+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199347, "uuid": "8d74873e-375a-420b-8231-e8c9014f745a", "value": 454656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199347, "uuid": "b74565bb-caf6-4946-a618-b84ff8184f44", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199347, "uuid": "f42f1374-8e0a-44f0-b045-fc65ffd0b5aa", "value": "7c53f92fe16abad98afd4d0044d57725.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7055fd8-7e83-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643186444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186444, "uuid": "6105f6d2-5182-4f21-bf7f-86dafb3d1b71", "comment": "Malware payload", "value": "02901d68dc91f57c25e3a4127c5714e7", "object_relation": "md5", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186444, "uuid": "ce21bb40-f764-4031-a02e-50b83c5ec930", "comment": "Malware payload", "value": "0396372783d1f988870e5ec532ccb3b1d5a5a8965f73a2b27bea23015febead8", "object_relation": "sha256", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186444, "uuid": "82acf3c1-340e-4a16-b041-42c99f7abd82", "comment": "Malware payload", "value": "29153e6d4b8707e309adc1fa55f7b08ed57353d3", "object_relation": "sha1", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186444, "uuid": "d7d2e4a3-2071-40b6-86e0-d01118b9272e", "comment": "Malware payload", "value": "07f32b83ab46292d26383e4444da1bb42dc51e0af158b7bbe37b547eb7f6d2a0e4766bf5f81354d9c71ece87e0780ef9", "object_relation": "sha3-384", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186444, "uuid": "293d1f68-2ea7-4da8-a504-b522b8a43a0f", "value": "T174E48D9AB783D4F1E1A341B9024BC7F20530A6266017E2F2F749FA7978727536F4A319", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186444, "uuid": "a06f4e71-6ad4-4f10-a767-39d76c86ce13", "value": "12288:ExVSu3hpIh4iLd701uZ4YappSUZG2+skDyS07LtIqHzf2IXWfyW5gO5ry+:EjSwhpIhrLd08ZdaSWG2+UdHzf2Imfye", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643186444, "uuid": "87efdda6-59b5-47ae-9eb5-527f44995469", "value": 662408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643186444, "uuid": "663bfc91-10c3-4202-a36b-d694e19c7922", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186444, "uuid": "d756a16f-65ba-4ae3-b09f-10d2a5d8996d", "value": "5566.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be3c8f9e-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177034, "uuid": "cd705d0d-ddab-43f8-bcef-5b209f41f5ef", "comment": "Malware payload (Heodo)", "value": "93603204e068902268b033b23726e7b1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177034, "uuid": "6fcc6dfa-6b04-42bf-ad9b-93d12a4f276c", "comment": "Malware payload (Heodo)", "value": "03ab46843417d992e2aa7efe1f37e68cae9d8cfc5ce37473736187008ef376f9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177034, "uuid": "9ad08cb6-96ec-4952-8ab1-67c29d579046", "comment": "Malware payload (Heodo)", "value": "074bbc60eb7c61588216b35fb0e8aab9a3dfecf4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177034, "uuid": "4b394099-6841-4b56-ad59-84ff9edf98b3", "comment": "Malware payload (Heodo)", "value": "9775caddd7f627e39bf51e4af4bf6acffc32f17a28bafb68bcb8543f6c6c1c77148d5bdb7fb7519b447a2d1dac0bd522", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177034, "uuid": "7e13a06f-02fc-4cb3-a0ad-103006b51e3d", "value": "T159E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177034, "uuid": "3f8f5f35-7cbe-46e8-863f-a3f97d97428c", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177034, "uuid": "6748253c-833b-49e7-b590-06fbee68c93d", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4l7NACHKm2tkJV8u:o87vGJzomxhwxbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177034, "uuid": "e0579af5-ae3b-4bab-bad1-812fe326a71c", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177034, "uuid": "487735ac-c74c-4e0d-a469-87e7aa03fde8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177034, "uuid": "7d8eba49-4d5d-492f-af7f-db53943b90af", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:27_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8823c974-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217746, "uuid": "a9b4b472-5f45-46d2-9a2a-b3106b63129c", "comment": "Malware payload (Heodo)", "value": "ba120570d5bc40a23d379b0cb7dbac70", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217746, "uuid": "a6c71e5b-0834-487f-a8a1-daaf36c029db", "comment": "Malware payload (Heodo)", "value": "04148c2807210212be015e008e23f54039aec8465ad6a48431f55a6023f6cb75", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217746, "uuid": "4d5cf595-e07b-47fc-83f5-450778665996", "comment": "Malware payload (Heodo)", "value": "fded477ba948bc8cdcf10bc08283c8606e896ac0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217746, "uuid": "b28aeff5-0451-49c2-b295-99a6dff58776", "comment": "Malware payload (Heodo)", "value": "5b56ef40f44ded8f95b1e861d86f2ac20dad50fee66e5bac2f1d6128da35a1f94bdd359fa2f1ac036992234e2eb47199", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217746, "uuid": "90776540-12b9-451d-af5f-4c9aea11d242", "value": "T15205F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217746, "uuid": "4cfd7563-8b50-4722-bedb-37ca95419249", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217746, "uuid": "3255193b-393d-4d08-973c-c9783c9bee11", "value": "12288:aA9e3OrvpgqjtQFecA6dddifiHxoB3rNd9CDr:blrvpgqj2FeBQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217746, "uuid": "879e4790-ad99-4aa0-986c-e907d9f2746e", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217746, "uuid": "cea6f119-da90-4222-ad38-1614c7fd9b0a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217746, "uuid": "fa414aa7-f4d5-48ed-ae49-d475a03f78aa", "value": "Dc6TYoDQD8NroEa.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf2e1d49-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643193357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193357, "uuid": "8061ae46-da13-4a15-9d31-1e111f64f345", "comment": "Malware payload (Gafgyt)", "value": "8e9843e3b73a194e4086f213b798e657", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193357, "uuid": "b1ba564c-b7fe-448c-8ec7-1c0402b63a36", "comment": "Malware payload (Gafgyt)", "value": "045103d59ee4dab9fe2b2779e114382c20a19a80b5a74c9018f31b9105f06ba5", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193357, "uuid": "440c8553-a122-4ea2-86ff-63f4ebd8b517", "comment": "Malware payload (Gafgyt)", "value": "768c5850c476ae0794fc4e238f3782fc556d5442", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193357, "uuid": "ef4d55d4-2809-4cd7-b918-bf43544c1436", "comment": "Malware payload (Gafgyt)", "value": "c6f90cba4deba92e55249b7e92756dad25ca177b5553aabd04a400d541b544c8881e294391a7fd2dc9018a9dbc6c0fa0", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193357, "uuid": "f3af8656-5fb6-4783-a129-dc5159ad5089", "value": "T17FE3E82F7B271F23C0C6507102D32232ADA9C7D434F952E7ADD16DAC6F1998834A6BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193357, "uuid": "8b799013-e2c1-43ad-8757-133410afdcb1", "value": "3072:COs5lGQP4UNPG+gphakiE9m/nDEC/WabQfn8:ChlGKldgphakiE9m/nDEC/WabQfn8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193357, "uuid": "59997604-2e30-4f4e-8552-5d5aa513a28f", "value": 154427, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193357, "uuid": "1908e17c-0c58-4cec-a828-8261155f8d36", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193357, "uuid": "3a6c78e3-853a-4cd1-b701-7cfca202c8c4", "value": "Korpze1233121337.sparc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "140a4457-7e80-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643184909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184909, "uuid": "22adaf5b-cd6e-4d52-b514-cd5febe45fce", "comment": "Malware payload", "value": "9a8b26328cfd87733a30cf3a899c52ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184909, "uuid": "ba3d9145-b50a-4304-9411-f73c82189acb", "comment": "Malware payload", "value": "0473e6ff120bab9fa26ef8c0037f9917df6ac59d1ce08ba0d08fabb1f2fe664d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184909, "uuid": "a14331c0-e939-40d5-aaeb-2cb8158b2a2f", "comment": "Malware payload", "value": "7ed4449b7b274fdf58c3fd3a3a2eac55f4ffe7ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184909, "uuid": "eca96ceb-966e-46b8-a6a8-67056caab235", "comment": "Malware payload", "value": "fe46c80fb166c8fa0bd74467aa0049d6d3b5e7e2e28cbe97a5c2dd9c21f9e1b347a488360f189da848b016adfb7ca235", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184909, "uuid": "335b8bcb-d2cc-4906-8483-f15a615dccd5", "value": "T1ACB49E823285DCDAD44329F258AFD56051787D9E9124C70D3783BB2BA5E734330ABB9E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184909, "uuid": "03cd596f-6979-4ce0-8030-b199aa466ef7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184909, "uuid": "b48e8262-467a-4677-9a56-bfe13894263b", "value": "12288:z46/ga1k1J4Ci2b1KTb0B2Tz7jfo7SiyyjK:z4ygae1J42qVrQ7d8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643184909, "uuid": "5421516c-1e3f-4b3e-9179-7cc1b283a5ca", "value": 519168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643184909, "uuid": "23465f0d-c9c8-4e3f-aaa2-dfb5aa6b722c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184909, "uuid": "40947a3f-4897-4186-b83b-d7fa53f526ae", "value": "SecuriteInfo.com.Trojan.Inject4.24879.16337.16023", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65bf111d-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226708, "uuid": "57712491-cc30-4102-927d-af558c055e60", "comment": "Malware payload", "value": "167002c2ca9ff52f8945df0c205fb9b3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226708, "uuid": "7e801f89-90d1-4a78-9315-0bbee5286f1b", "comment": "Malware payload", "value": "047a8d71be91abf10a8a6b0dbcf9ade6ab76b8793c315330c16b134ff2b64b76", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226708, "uuid": "b752a444-747f-47bd-bd4b-d6e5929e7f56", "comment": "Malware payload", "value": "141a7a1242dbeb545a944b7acee0c35f4499263e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226708, "uuid": "b880e642-04d8-4675-822c-b5334a3a0863", "comment": "Malware payload", "value": "75ec2193a18c59fb8b94a9938736790862cf1f7afdc77eed978d28b79f0c6c84adcf88beba352fb031d54480fe018a1c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226708, "uuid": "305c467d-bc7a-4b10-9e3d-381cab431a0b", "value": "T14405F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226708, "uuid": "4e2ad7ca-fe46-469b-9739-4534a4ec1f74", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226708, "uuid": "11e10395-d5aa-481b-9071-18f24611d716", "value": "12288:aA9e3OrvpgqjtQFec06dddifiHxoB3rNd9CDr:blrvpgqj2FeBQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226708, "uuid": "3ed22ebb-bb98-4ec5-bd56-1f87453c34b6", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226708, "uuid": "7333e296-f04b-46b1-8384-4a2ecdf5bd85", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226708, "uuid": "9673dcaf-b386-400b-b76c-6dcfa8507498", "value": "qreA8BDv5j166M2.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e509f271-7ecd-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643218331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218331, "uuid": "fce7129c-d46c-4713-8c41-969e1cd30528", "comment": "Malware payload (Heodo)", "value": "fc4002be87f8a4d59b643bd71e88cd44", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218331, "uuid": "4156e03f-1f37-4d06-b1a3-5975c5a334d3", "comment": "Malware payload (Heodo)", "value": "04b86d1b1d9dd145d5a2a74ba704014060c0911ac1a8593851d192a056d62ca8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218331, "uuid": "67c5d34a-1f51-4a2e-913b-b313c5a43e71", "comment": "Malware payload (Heodo)", "value": "ae2c7f829ca1046046d1204104eb911f529f93b2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218331, "uuid": "34b5592d-4dd8-4948-b7f4-e61d0d1487d4", "comment": "Malware payload (Heodo)", "value": "0f063621d23125560f3492e12a0456e06f4e7017e72aa6132f45f2e06740df62aeecbac37e6cf2f54a3d94278140cd59", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218331, "uuid": "e3b3f36f-df5f-4ea4-a366-eba98fc08fe7", "value": "T10AE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218331, "uuid": "0534a76b-0293-4704-b96a-c67b54fbc06b", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218331, "uuid": "96710b73-dfde-4148-b248-b89253e65ef0", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIXG0Bv1tgV:RpncLJZA2LwpJsNtZUWeG2Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218331, "uuid": "0817957b-fcef-46c1-84c4-81bdd90f5b86", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218331, "uuid": "bc547918-5eef-47f7-a5a1-d652bbe07c70", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218331, "uuid": "6908b0c8-863b-4ac0-9e71-0a77755ed8f3", "value": "00.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f796bd1-7ec5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643214779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214779, "uuid": "c391cac8-2972-4dc8-b91c-c0ef6432333c", "comment": "Malware payload (SilentBuilder)", "value": "ba7eee65a302edaa355be4e1bbd10e6f", "object_relation": "md5", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214779, "uuid": "5c5d393d-4b3b-4718-91ff-8120c4b8536a", "comment": "Malware payload (SilentBuilder)", "value": "04c66e1e8cb4a1ed5b104d8aa5e81c574c88f391bdef47ebb68d90cd41c9d7bc", "object_relation": "sha256", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214779, "uuid": "4bbf130e-37fb-425c-aab4-9041fb8d6381", "comment": "Malware payload (SilentBuilder)", "value": "e5f84b4154ca59c5d50ba629ca20052159e1fc05", "object_relation": "sha1", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214779, "uuid": "7997e19f-7d4e-4e4b-beaf-c525a225a8b0", "comment": "Malware payload (SilentBuilder)", "value": "204b8c78bbbef1ae9cfbbf962582e801afbb3449e3ba66ecc69947fd53e4a94eb48f9f7ff9ee6afeac109a0d5acfb72f", "object_relation": "sha3-384", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214779, "uuid": "85f83b1e-979d-40ea-b010-4158a58fe945", "value": "T126E3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214779, "uuid": "2ccfcd57-61b3-430d-b32e-dd07c6276fec", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214779, "uuid": "8be024fd-c9e2-4d2b-84b8-0df27a86066f", "value": 147354, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214779, "uuid": "098d11ad-6f5c-4e4a-bb71-f3ec6974530d", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214779, "uuid": "d7881e7a-74a4-4530-a2ac-19c7d7c4b225", "value": "9057_26012022.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74061dcb-7ecd-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643218142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218142, "uuid": "86e0d660-8da1-4d00-9753-ab4af77e0470", "comment": "Malware payload (Heodo)", "value": "d5d70a0a03bff096eec273065a3beccf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218142, "uuid": "aa92693b-907b-4e28-a1ec-f906354180cc", "comment": "Malware payload (Heodo)", "value": "04e77f3677d2e9750530e0408d1c612f3acba5cf76b9c18b0c363862c0c8ba44", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218142, "uuid": "ec07e93e-7d04-44f6-89f1-be8a3f29dbb2", "comment": "Malware payload (Heodo)", "value": "0859c5632c11d016477de4dc50f56fbc1e964025", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218142, "uuid": "0092b67d-5993-41bd-9a78-ece22c721b55", "comment": "Malware payload (Heodo)", "value": "1c2870ca91c3ab7d80332aeb414ea84ed8d98f329b0e923fb3d76103ebdb601f91aba2d434d140d44e6b5650e8e2bc4e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218142, "uuid": "37d0fde6-0520-41e4-8627-7e3570a58fee", "value": "T176E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218142, "uuid": "609be545-c761-4111-bfb0-8b801408e4a0", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218142, "uuid": "0af3c83b-36bf-4c55-b3ce-79400c9c1b4d", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orItG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGcOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218142, "uuid": "669f5adb-f718-49af-8d66-8fd854b37de7", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218142, "uuid": "70116214-50c0-42b4-bdd9-2a4bc87a6b20", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218142, "uuid": "f5121077-6d58-4dea-a256-d518ced20d71", "value": "kZuvXioDMu8qN9Z.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00f0ac47-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643223103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223103, "uuid": "4a9ef70e-f08e-4bd1-9b7c-7b6f7739126f", "comment": "Malware payload", "value": "86f2986ffbaffc57a45db9cb04ada565", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223103, "uuid": "e04efdd4-a173-4306-a1ed-43c321f0ee00", "comment": "Malware payload", "value": "052489531396ab9424b00d92954f6cb473078c4fefb018ae12d57efa5573cf98", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223103, "uuid": "d7f873a0-1633-4d90-89b3-bdce1b44f764", "comment": "Malware payload", "value": "1606999ef1b714ebaae35072fb3ce55775e63116", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223103, "uuid": "020efffe-a257-47ef-9283-8f34184a3591", "comment": "Malware payload", "value": "293ed70eccf274929c262a97e4662513cf94abfe7f8806d167ad22931475fe6bd80d4f09e54d3ae09cf1352d720ed00d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223103, "uuid": "7ec16c0d-f6e2-42c3-9199-d8172e6a2d5c", "value": "T1F9131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223103, "uuid": "4762f9ec-3446-4812-9912-8449b8cb8dbc", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223103, "uuid": "679da583-614e-4cc1-b97f-7a1bcdf0ca65", "value": 45294, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223103, "uuid": "167e5324-8423-4379-b1d9-7ed52ef95a4c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223103, "uuid": "d756c566-f1f6-4a90-a1a3-d11b0a44e1ce", "value": "tmpqh_kq3s2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30dfb30b-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643208151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208151, "uuid": "90cc0fff-2c4b-4d0b-8772-373b65231ebd", "comment": "Malware payload", "value": "4f646a08abe71a36801da70bd6177483", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "pass:9699", "colour": "#68804A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208151, "uuid": "db838164-9e00-4242-98a2-514929ea6415", "comment": "Malware payload", "value": "0544bf208cf90eb73153e24f28864021f602814f058a010cb49f736ab65557ef", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "pass:9699", "colour": "#68804A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208151, "uuid": "684e0271-8c0d-4e44-99ea-4508618b59ae", "comment": "Malware payload", "value": "5e52746bdd4748c39b463afc555872906c25e6a9", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "pass:9699", "colour": "#68804A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208151, "uuid": "cf867c4a-b466-4055-b219-20eafd4c24e9", "comment": "Malware payload", "value": "cd08f90e3f429948c0cf05c5aba3f1fd7c9adefb4bc8115a74c1cb3dae3f999b8e33ca0e59b82eb436bb560a1dbd00d9", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "pass:9699", "colour": "#68804A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208151, "uuid": "c39e4a87-f684-47b5-8c06-a8bf548316e3", "value": "T195B30219DB2900C55892B7E8ACBED33745D83BFAFC5F7B8C1004256EEA29C76D5249C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208151, "uuid": "634dba21-bd30-45ce-8ec5-9240d081fa40", "value": "1536:o4yBGbr/u5UxD9qyrCUwJEFPLPeJwAJqA/5eQbwOY+FFYJyIwKtw6XWcTyjLMwB9:JvkUxJqyWueGTARFF4yFKhXdYqFPLi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208151, "uuid": "1f9c7fa6-e198-4679-a0a3-76466b527c02", "value": 109565, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208151, "uuid": "c04fc0e0-3429-4475-ae0c-ee07a3ec6674", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208151, "uuid": "d01f0e0c-9792-4422-8e48-e48d31ba5f33", "value": "mal.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7bc85b1-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "f184bbdb-4e32-4711-8f71-e3fe9b1c3e47", "comment": "Malware payload (Heodo)", "value": "f18d5eabd047d394c19d3d5a6228c439", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "b4d952ac-5825-461b-8518-a479f9e359b0", "comment": "Malware payload (Heodo)", "value": "059bc233ef2448f42128465a6180a715c3a33eb1db9f4f42026bfe82f8d27d03", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "67703b15-8c6c-4500-a176-c3fdb0cf9d1b", "comment": "Malware payload (Heodo)", "value": "d3850c8e7cbe35237026b64d8fbc2cbbbe71e584", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "407a256e-590d-4ebe-90ea-cf4ec5b30fcb", "comment": "Malware payload (Heodo)", "value": "054142fb3359342f4585fda75f8ab9a26d30cade559ec14042d869f07187146681c6eff9728f849ad63f208aeda007c7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "3736ff70-14dd-47ba-9d44-736f05717a34", "value": "T1B6D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "b4b04665-f92e-4c4b-868a-ed07a485d10a", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "4517a110-a67b-44f0-8dbc-9b5c0165339c", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm4Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm4/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155576, "uuid": "81421392-9134-4bb1-b4ce-5109be06aee5", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155576, "uuid": "b2b04f90-2c72-4e2e-b4c6-906220fa6153", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "ecd41f10-358a-4627-8d99-19834d63242d", "value": "emotet_exe_e5_059bc233ef2448f42128465a6180a715c3a33eb1db9f4f42026bfe82f8d27d03_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57508edc-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643211222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211222, "uuid": "e7aba17e-c3e6-46ee-8965-e7e4c0818611", "comment": "Malware payload (SilentBuilder)", "value": "079cea79328a984aeba5b14fa048aab7", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211222, "uuid": "99cced85-ee34-4b6e-9a55-6d5b8a46ddaf", "comment": "Malware payload (SilentBuilder)", "value": "05b2f38ad1a6328fcb8a18287c436bb447f0366780143a9587a3a85eb8570c48", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211222, "uuid": "b0c3d2df-9f0f-4908-b635-5de735606da1", "comment": "Malware payload (SilentBuilder)", "value": "d401d78abc2501bd3582e3ba03c1d0607381edfe", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211222, "uuid": "a5332f00-65cb-41c9-aae2-c2745323d658", "comment": "Malware payload (SilentBuilder)", "value": "97465d34d19b3b124a454ea6e09dee48e8c3ea7b9e5c39c1ef1ca222b966e5790e0e6e08e879477c372a719f3b40939a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211222, "uuid": "4eb337b4-1adc-452d-921d-ca1fc810c0c8", "value": "T154131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211222, "uuid": "64bf2630-7426-404d-b795-27a454b46740", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211222, "uuid": "184f639b-3993-436d-8792-bd9f0625399a", "value": 44678, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211222, "uuid": "c16575e2-6e2d-4fb0-b1fd-adb7729ff194", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211222, "uuid": "f708b425-3c08-4d51-a391-bacf39e8bdae", "value": "tmpovaj6m0q", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fd1b56b-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "aa6cbad6-2df1-48ea-b028-61fa2f9a99f8", "comment": "Malware payload", "value": "3a4c569bec517f0a6c58b55b22ce85af", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "e151e2e8-91c2-45a5-91c3-cbd9619d694b", "comment": "Malware payload", "value": "05c31cd29da28b057d1b47bb3ce7b6e749936579490793fbd3fe014bd5ee16b1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "edec87f7-22c1-4974-851d-4f0ebf68c1cc", "comment": "Malware payload", "value": "8dd760bac54aa2bfe76378af18cce6b4ada2dfab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "55eab256-2918-4b2b-ba0d-1800afb709b4", "comment": "Malware payload", "value": "55fefedad4d82dd5bf10f68c20e0c9d5bc091507c5f61fd4f972f48c53075d0c4d860d7496fb77d3f1cf5385b1be2479", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "f7bed642-33d6-4b4e-b706-53cd2f95e33d", "value": "T12FB46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE7FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "457a88f4-d77f-48d7-9e43-9ea3614adf1b", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "1883e6eb-8b14-4944-8a98-3585888a9439", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdEUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQBcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232227, "uuid": "456f2659-940b-4409-8bf6-f51d7aad5b88", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232227, "uuid": "9420c186-435f-4e13-b997-6ed13a92bad2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "615c3144-80f1-485f-be55-f0472b93037b", "value": "emotet_exe_e5_05c31cd29da28b057d1b47bb3ce7b6e749936579490793fbd3fe014bd5ee16b1_2022-01-26__212333.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0cd80f0-7e5b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643169254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169254, "uuid": "be006d66-7bf5-4c71-81fb-0976e7ba2c4b", "comment": "Malware payload (Mirai)", "value": "9707f572694d4af6c6c2e752e4e91c00", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169254, "uuid": "f2d51806-5fe5-4f03-9a22-c78ce508e028", "comment": "Malware payload (Mirai)", "value": "05ecb200963ba955785ec6af8d8b8515a5deeba84b5bd3c435e77639792226da", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169254, "uuid": "b82573ad-bf5c-45da-a06f-46fc9ed86703", "comment": "Malware payload (Mirai)", "value": "7fb31eb399e59d6e80890e3bfc0ced9162cb5d23", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169254, "uuid": "7b22771d-cdd5-4139-936e-8397ad1d7756", "comment": "Malware payload (Mirai)", "value": "9e463daa30227712d0aaad0ef61757aafc66da8972d823e182ebca216304919b3c2fb531e41bc914d903cde11cc9b350", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169254, "uuid": "d3fe99a5-9b8c-411e-99cc-82efd4c03ecf", "value": "T1A8435DD5B800DE7CF997EBBA80124A09FA35721154A30F27A667FD93AC720564C2FD4B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169254, "uuid": "e0e96016-4081-413a-bcfc-c551d904b097", "value": "1536:zagor9Y1qsudIVP0OS6lCklnCyQDVYul68248b:B2sMIV3LBuHCR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643169254, "uuid": "32a57626-a90c-42c0-9bcc-3bb020291732", "value": 59740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643169254, "uuid": "9a773127-a9b9-422f-b7e7-c0c599868a52", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169254, "uuid": "1ae82152-0481-4eec-bf3c-58e73407110f", "value": "9707f572694d4af6c6c2e752e4e91c00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "268147e3-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193530, "uuid": "e8d6f632-9d0a-4eaa-96ff-f7297bc2cdc8", "comment": "Malware payload (Mirai)", "value": "7cca6ef055df44175c4a8762582883a4", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193530, "uuid": "9471d5b5-5809-4ebd-be04-b5aeab754366", "comment": "Malware payload (Mirai)", "value": "05f0976d316d866951d10c2c5a829ef1f4994f8ace710a0f613a231a4e6a7703", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193530, "uuid": "333f57a4-415b-4974-9894-0415f78984aa", "comment": "Malware payload (Mirai)", "value": "156981857ec7174167c6835e4e09b5c4bcc50286", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193530, "uuid": "9b5ee839-1f00-4bf4-aa46-7b1d74e156d5", "comment": "Malware payload (Mirai)", "value": "6180dbf3a5103eff8fe4598fc3ae07b7d1f5b979fb0c2215e2bd7e2bba9927eac5acb56e730d8a67ab9bd49d034d92ca", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193530, "uuid": "07662221-d325-4e32-b90e-fb010571a4ad", "value": "T1F1C32B273B231E23C0C9547102E31331FAB9DB6938B953D7E9D06DAC2F26A943456BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193530, "uuid": "95c41829-c43c-45e4-96cf-da18f5796001", "value": "3072:/YNa/GLBNPoQvphakpiQ9/nYEP/UnSQf/R:6a/ylowphakp39/nYEP/UnSQf/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193530, "uuid": "db8ecc3c-531a-4b5f-9d78-fb5f3f8394ab", "value": 126929, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193530, "uuid": "475f7c38-e225-4a98-944d-001192cf1e8e", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193530, "uuid": "0accc5fb-9954-42e7-b447-141ca16cd629", "value": "assailant.sparc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b1f81e9-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219872, "uuid": "d7490a52-17b8-495c-ac84-118fd99fed0e", "comment": "Malware payload (Heodo)", "value": "055266edfd9de6f348c31e8b8527bb8d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219872, "uuid": "6cc7ad7e-5fc0-46c6-9675-c57a8473aeca", "comment": "Malware payload (Heodo)", "value": "06174d7c6be6d971ab99cc2af18094a6383c5fd6b28a18e39e0dc6db5a4df4f5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219872, "uuid": "8ba70d14-a72e-43d1-a7b6-d23b90247edc", "comment": "Malware payload (Heodo)", "value": "8c364058646af4a1aab2cefb78ee1027c22da650", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219872, "uuid": "e17e6a4e-6a0e-4cb8-934f-51dabe798808", "comment": "Malware payload (Heodo)", "value": "fa6749903755488854d15107d3942d0d28cf0704baffd664da6d075d8f337e7cdfd9a384a96247ed054f2748039a10e4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219872, "uuid": "5f60bdd4-ee52-4732-9586-96a419546f8d", "value": "T17EE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219872, "uuid": "a150039e-ab7e-45f6-a920-639dfbda1f81", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219872, "uuid": "90d81e13-d030-4aaf-9ee3-3af8dd86fb33", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIwG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGpOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219872, "uuid": "76b2d66a-8086-4798-9f26-803b90c97a70", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219872, "uuid": "df591dc8-c299-44c4-86ce-0965b8f57cf5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219872, "uuid": "e4fbe967-4e0d-46f6-824e-2ae9556b3262", "value": "kGhFa.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6680f77-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210629, "uuid": "ec5995dc-7c05-455c-8242-498cb16151ac", "comment": "Malware payload (SilentBuilder)", "value": "77cb6ba308b5704780396ab87e90217b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210629, "uuid": "12038dd0-92a1-45d6-b517-04d030065159", "comment": "Malware payload (SilentBuilder)", "value": "063108f9db35d5c607d4e038ce7f2a219fcfe66d7868a0644c32f80c256078af", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210629, "uuid": "5659e441-137d-45cc-aaa4-1a5d258d1531", "comment": "Malware payload (SilentBuilder)", "value": "2ab74259a406b7e6f7b5779260db3fae93ac31e8", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210629, "uuid": "23063b64-4eb0-445f-b5c6-8d7cb97cd7dd", "comment": "Malware payload (SilentBuilder)", "value": "730e8413f0650d6b77450237e0917311a01390d4c17fecacb019e763242dd15f928fbef56fbcc42b303ff3e25a7bd87e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210629, "uuid": "314dd307-f027-4b50-8693-0fb91b1471e4", "value": "T1FD131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210629, "uuid": "d6c3c8ff-6b1c-4484-a5ab-daaa35a5576b", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210629, "uuid": "6b30d433-1b46-4a54-b35b-a6e750d04f5c", "value": 45541, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210629, "uuid": "41fcf4e3-73ac-4eaf-ac8e-5fc2d829dc9c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210629, "uuid": "5aaeb8a6-91b1-4597-a387-8d93b51fc1e3", "value": "tmpryw495y9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57ce9d78-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226684, "uuid": "7f026ceb-48c3-45c0-abb2-6b8a7fb97ca1", "comment": "Malware payload", "value": "3ad36fdcd52e0bf8060501f4b92b05f9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226684, "uuid": "01d2e2d1-39b1-4465-823c-d38d6ff87fb6", "comment": "Malware payload", "value": "0667fabc99dcc6f28aeb03f2e50c80c22312d645fdb593e8be97748d30859243", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226684, "uuid": "1eedffbb-f882-4ec8-8e11-4cc7a1955b21", "comment": "Malware payload", "value": "1dfa8c003a405ed579c049e5352cb81a8b832fd8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226684, "uuid": "70f2cefe-9173-416d-8454-4daa7a10d7b5", "comment": "Malware payload", "value": "b2dd61d2657c96436d610bef827f26ec5f8d0cf1be8ebc53377ecb59ab71f06d0e55b046368dafba8339e940a8f96d86", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226684, "uuid": "53658b6f-54ca-4022-8b8a-fd2d25627abf", "value": "T1E905F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226684, "uuid": "531c0394-ae26-42eb-8dd8-088a33fe166c", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226684, "uuid": "45a01592-4bb3-4b7f-ad81-8ffb788c41dd", "value": "12288:aA9e3OrvpgqjtQFeci6dddifiHxoB3rNd9CDr:blrvpgqj2FeLQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226684, "uuid": "3c1c55b6-a6f9-4e59-9ce5-3f590b0d1426", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226684, "uuid": "33b16ed1-c1bd-4950-96c0-0782618118eb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226684, "uuid": "85226a58-74ca-4fde-b723-9b18de43d294", "value": "r2J9jEpSzDLpV.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd44a510-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210534, "uuid": "571aca75-ac3c-4b9f-837f-6a8d15ec0d6f", "comment": "Malware payload (SilentBuilder)", "value": "ad3b2cd358f92dd42ee31f9721f52fb6", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210534, "uuid": "1d22cfec-92d4-4991-abf9-c188f7d212c9", "comment": "Malware payload (SilentBuilder)", "value": "06c3448a88573827a128b35f9d72f186ee341da6ca90fea659a0f075bde4f4c4", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210534, "uuid": "896919af-4458-4cb1-93d2-d70747e5f4ff", "comment": "Malware payload (SilentBuilder)", "value": "71d3d027b143e48438c8938bd9ba60522f8568bc", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210534, "uuid": "43f475de-e81d-47dd-9d94-6ca10cac46c9", "comment": "Malware payload (SilentBuilder)", "value": "f44b2fe4f641d673b2fb2d6448c915e587394839f51412d4ef74bf9f7188daa211fcfa9475cba7b2194cdde106afa61e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210534, "uuid": "70ea5781-6980-402d-826a-942e416350be", "value": "T121131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210534, "uuid": "a54867c0-9e16-4290-a627-38e9e0a869b0", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210534, "uuid": "a4f2ae2c-62e8-43af-bd97-209cf2258d6b", "value": 44572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210534, "uuid": "b57fd25d-9621-4429-a570-cb2176ddff16", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210534, "uuid": "0f6279cb-78eb-4842-b296-c68f4892a515", "value": "tmpz4_2il1x", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c78ac413-7eb7-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643208833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208833, "uuid": "2b5cef29-b2f1-40f8-aaf7-bb89d74aa8e1", "comment": "Malware payload (AgentTesla)", "value": "bba2b398eb5f40564232b48b3b038883", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208833, "uuid": "11cc946e-d3e7-46a9-ac57-67edade47fbb", "comment": "Malware payload (AgentTesla)", "value": "06cde74b22e1b7dfc046d636a7610f2985a18e78535be4e2ae6499019d3a6f4e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208833, "uuid": "f22c7e6a-9bff-4bc7-bd22-09bd29cf16ab", "comment": "Malware payload (AgentTesla)", "value": "fd7d6fa662194061883f1bbaef6931c1d9aafef2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208833, "uuid": "ccd24b96-c7e6-4109-8c2d-22ae76b3bec2", "comment": "Malware payload (AgentTesla)", "value": "d4e743b830c4455e6d249353b681bfa2933e406080292b8ed5ec1bc69b478ff6a0af865d653ec3e32f574011add0339b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208833, "uuid": "e40c6da1-0a3a-4e45-9db0-88096043efc6", "value": "T115A33AE8491C92F9E9B74E718252C6260A3D7FCAEA44F517358BF09B09733C1B531A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208833, "uuid": "4adff2ef-72d7-49a9-a1e6-2e789128eff4", "value": "3072:YdTwrBsmFU3GlPzwPtR/smFU3GlPzwux8:IE/lc/ls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208833, "uuid": "82b5ec4c-cd0b-41b6-99fe-2c3c1832802a", "value": 103440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208833, "uuid": "9ac6f526-5a59-4177-aca2-407c607fafc8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208833, "uuid": "a2cadf8e-44b6-46af-aad1-8f4ed80aea44", "value": "Zam\u00f3wienie zakupu -AR95647,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "daa9be2a-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643199416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199416, "uuid": "b5ad69be-47a1-43e2-b2aa-7bb0f76e8a05", "comment": "Malware payload (Formbook)", "value": "8874d3c953923c1dbc0f5493869b471c", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199416, "uuid": "5616bf42-5758-4063-93b1-af42794a9119", "comment": "Malware payload (Formbook)", "value": "06dfe3d2a7de63ffba2e7e6cc787a8f79f8cc7a46c3653ea4249360f36db4547", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199416, "uuid": "7cb1dbb2-265a-4c7a-ac45-1696c0a0124a", "comment": "Malware payload (Formbook)", "value": "e1f48e4b000421482b11c6a0672db0537f0eb804", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199416, "uuid": "f3914700-1c17-4d66-a872-a702466c6f96", "comment": "Malware payload (Formbook)", "value": "d4ecbc85d73efe2d972b8dbb115bd5f67009a02c2c13b8678c6b0abc29d057cc56ca63187477f29f878b02ed1483ccc1", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199416, "uuid": "17798f80-101b-43d8-b08e-95c24da54964", "value": "T188842334DEF98BA4E497943ED0165C5BF8440A1736DE12E6DA34F210F9BFC652A0B868", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199416, "uuid": "7c3b4ef4-0340-4d3d-bd23-552a4cc8d425", "value": "12288:STTnkJJ3b+ivSV9sVoT9ErB1RN7FxflAvK:S8/29piPn7ffJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199416, "uuid": "6457cbb7-ec4a-4b72-963a-dbccef827464", "value": 403225, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199416, "uuid": "16e858ff-817c-482c-96a9-380559489b7c", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199416, "uuid": "c7ba634e-1cfa-432f-abf9-cf9a542508d3", "value": "PO4534526726837.DOC.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e7f3e6a-7eca-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216871, "uuid": "280ddb59-3b35-42da-8238-0ffa71f96ad4", "comment": "Malware payload (Heodo)", "value": "62271ac3fd1e65788baada5f36fbd79b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216871, "uuid": "5f6ab4df-7fea-4150-92b9-48f224267ad7", "comment": "Malware payload (Heodo)", "value": "06e4252365b76a623df5683f80da96633747bb23ab82da340c6664ae991fa6fb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216871, "uuid": "e8d8d0b5-7eee-4255-b3c5-8d1a36af175c", "comment": "Malware payload (Heodo)", "value": "b94e4da86bd5f1174989d6a6280f89339cfbf0c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216871, "uuid": "9d607ea7-e7a4-4e12-b188-fcd308dda59a", "comment": "Malware payload (Heodo)", "value": "2074a19c8b5aebdd88c89d64c7fe8caf2251a5bb29eca054212140aa0df3d4cd837a93ebcbe2f809eef9f3f75ff6d5c2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216871, "uuid": "79c48774-ce66-4934-ae6a-c8ebfe88df32", "value": "T17505F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216871, "uuid": "a766b1ad-afea-499a-bd7c-72563563c65d", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216871, "uuid": "f57b7f21-5786-49b2-9b18-fd9c8970478c", "value": "12288:aA9e3OrvpgqjtQFecg6dddifiHxoB3rNd9CDr:blrvpgqj2Fe5Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216871, "uuid": "79250d11-fb01-432e-a442-efe796052b83", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216871, "uuid": "eda047cc-469f-42cb-a7bb-c4595d662c2b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216871, "uuid": "d2d95144-210c-4fef-b8fe-013b4d20f5d4", "value": "62271ac3fd1e65788baada5f36fbd79b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "651df0b6-7e7b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643182898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182898, "uuid": "6acbe4fc-d5d0-4a58-98f9-3207e8dfba00", "comment": "Malware payload (Mirai)", "value": "5033c1c1ff7a0edd99cbdf1463a34ae1", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182898, "uuid": "6c4f0848-7c7b-43a3-86b0-3c2120492ea1", "comment": "Malware payload (Mirai)", "value": "0706fe6c227e318486ddc8b4ef943e5e06a4b838a3d8d033a6dbdfeab24c3770", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182898, "uuid": "9d5a9fd7-6e53-4a82-a29c-ec3d7b8d51c9", "comment": "Malware payload (Mirai)", "value": "acbd1e30514d821c8685706891566e3e9cf9b73a", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182898, "uuid": "5ea20992-8432-4791-b9fe-fd352d3e3797", "comment": "Malware payload (Mirai)", "value": "86ec222df4148762cee619dab3a9ba73ca582023fd2de8ad7bdbd900b2d5b75d0b2c56fa9a378a374bac16f1ca9659ba", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182898, "uuid": "dc4dd446-63c7-4702-bcdb-7e0521c710f5", "value": "T1D3733B02A55582FED847C1709AFFD177D531BE9D22386A1E3BD4BE622E31D31263A384", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182898, "uuid": "3478e928-4864-43af-928f-4dba04855cef", "value": "1536:TqZI2b1FRnMlOB92Gd3e6Z3dYKtft0Tp/Gd86ur:eLpnnf4kx3dY3k7G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643182898, "uuid": "10ea1a97-00a2-4f56-a6b5-f4148a425698", "value": 74944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643182898, "uuid": "c6f3287c-a70a-4ee0-becf-486f1d0fc722", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182898, "uuid": "8ccaa212-4d4d-49a5-96fd-40b34ef616f3", "value": "5033c1c1ff7a0edd99cbdf1463a34ae1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82a4ce05-7e6c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643176505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176505, "uuid": "fe20b3f8-5bb9-4719-83ca-f3d68ada1e6f", "comment": "Malware payload", "value": "51205f6ca73745b97b77095a2bfd7091", "object_relation": "md5", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SharpPanda", "colour": "#8F90C3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176505, "uuid": "8870b690-1342-47c5-b8d7-6df5dbe373d6", "comment": "Malware payload", "value": "0752c24ded7cc434a56fdd10c4f2c45144ca53252192e21cfa4cee3a5ad68796", "object_relation": "sha256", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SharpPanda", "colour": "#8F90C3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176505, "uuid": "7436100a-809a-4a3c-87b3-df5c39c64fa5", "comment": "Malware payload", "value": "8bad3d47b2fc53dc6f9e48debac9533937c32609", "object_relation": "sha1", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SharpPanda", "colour": "#8F90C3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176505, "uuid": "f6ff0e50-ed0b-4832-94e8-37dda995214b", "comment": "Malware payload", "value": "5d5fe901df7aaa512a660d282583eea448a582e3f68a20ff9d188d7c197f833f9a5a5db59e8ef188dedd230d0b6485cd", "object_relation": "sha3-384", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SharpPanda", "colour": "#8F90C3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176505, "uuid": "86ab46c9-ca43-4450-b241-2e57f15ba2ce", "value": "T139535B8A23E000FDE563D67889B25E25D2B2FC065375838F47A4069B6F632D09D2E772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176505, "uuid": "0b57e122-2216-4096-ac83-996c9cc97b29", "value": "7d0375de41d71531a2cb38b64c4fb866", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176505, "uuid": "395bd3a4-3261-48ca-874c-45a94c64482b", "value": "1536:eFzIQrnsT1EIDjzDVwPQs3NahTWA9DiEP:KXrsT1EIDjvaPH3NahiA9DiEP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643176505, "uuid": "680a5dfc-9795-4712-9106-94dc4a289edc", "value": 60928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643176505, "uuid": "95920a34-4e2a-400c-91f3-940eddffc630", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176505, "uuid": "5e67fcd2-a663-4138-8fe3-36fb194ff0e9", "value": "SharpPanda_Agent.sample", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d5ba372-7ec9-11ec-9275-42010a9c0029", "comment": "Malware payload (Pony)", "timestamp": 1643216493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216493, "uuid": "a3984bf4-2524-4479-87d5-702b9c6c6124", "comment": "Malware payload (Pony)", "value": "6f1c40d0f30b8453a8357985ab30233e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216493, "uuid": "5966e407-67e3-436a-8a8f-3a923ab61023", "comment": "Malware payload (Pony)", "value": "075611f6051c9980217a1418dc95eae7f0a7f1b3bc47fcf93c2e76386f56e17d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216493, "uuid": "fdec4087-1fda-4aa2-9a16-332c0c7a5f77", "comment": "Malware payload (Pony)", "value": "3c28729ae31691ec7edc53195af2bf368fe577e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216493, "uuid": "3b54b06c-54aa-4837-9e9f-da76f5be04a0", "comment": "Malware payload (Pony)", "value": "899511f47461cc7bc3e5365b598aa7cf4cc62c2c4eafffd3e90a4546a7481601f5d2471fb77ad80853132d1ef8069568", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216493, "uuid": "4386d71c-6f1f-4717-8de5-08f3ba6ba019", "value": "T162848F9CDF880B28FEF35D30DB015A0412B0AF9572219E5B97B53C653BAF9A2741396C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216493, "uuid": "7a0901c9-122a-4a23-98dc-29c35821aea7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216493, "uuid": "00e50d3c-8cba-4c8f-9d42-d83fdefcaedd", "value": "6144:TVk5mRV8IcS03SUGeQg3z3RVlQlUUrGXlvvc:S5mRViWgDBPQlUUruvvc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216493, "uuid": "cd4fed0b-97d1-46b0-bf38-510a88976405", "value": 374784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216493, "uuid": "73b74f8d-a151-4943-9acb-da190cd838bf", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216493, "uuid": "5d6ad803-a824-4858-aebf-59b9d68f4f81", "value": "075611F6051C9980217A1418DC95EAE7F0A7F1B3BC47F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdb7d2cc-7e59-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643168471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168471, "uuid": "492c8da3-317d-4446-b5b1-cc2ccc66a7fe", "comment": "Malware payload (Mirai)", "value": "30b7b58b8788b68dfc54fed8e6a43283", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168471, "uuid": "01a04e55-f53c-4ec9-b5e6-a023783ff49f", "comment": "Malware payload (Mirai)", "value": "076d32ce945d2ce71a022beccc91a2a97f5b33a7d807c6435fde49d5f5a7979c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168471, "uuid": "b4ff50f7-7a02-42bc-93f9-475649843781", "comment": "Malware payload (Mirai)", "value": "54ac6addf5c73aab0fc3d16b0321a0d7cf613acc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168471, "uuid": "b20f9ff4-7ebc-420f-9bb9-d8a2bd1e752d", "comment": "Malware payload (Mirai)", "value": "3044bc876e73a18daf26670eae1e4ceb8700068e91e5b18956142a69e785257fed608753b3192fe610ee73a5de7bce4b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643168471, "uuid": "fcfacedb-8780-4cad-a0e4-71b0f05c3c44", "value": "T174234B41761C0E47C2A65BF4293F27E483FEE9A020F4F588260F9B968175E73518AEDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643168471, "uuid": "74a27284-b087-4ca2-8c1f-d204a36a3764", "value": "768:30FAcluoIyzlzRHeMRsF1pAw62aK7WJlAC5AkAO/+tVABUksr5u7e4EN:3QIcRHrEAw62aYqywZ/j/sQ7I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643168471, "uuid": "c2e69401-898e-4772-92d5-71f5a37362a8", "value": 50092, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643168471, "uuid": "485c1258-221f-4a47-a26e-0960f1f030c9", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643168471, "uuid": "98ead52f-aad9-4777-8b56-415bb0704c5f", "value": "30b7b58b8788b68dfc54fed8e6a43283", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f083388-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643206054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206054, "uuid": "b9941b88-64a1-4d07-abc4-3e7caf982412", "comment": "Malware payload", "value": "fd497df5fa4613a0e671bb346d3a4357", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206054, "uuid": "76aeeecb-fa6c-46c3-9ec1-a2563d5b5aa4", "comment": "Malware payload", "value": "07a0d67fc961bf41ec3b272876301d67391306cdd5b03b6207b90f2f3f6328f4", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206054, "uuid": "5cd3a5f3-e897-4600-89c9-094d7879ab57", "comment": "Malware payload", "value": "b3ca60457dfea479858049af3d4e59db441a3ac0", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206054, "uuid": "c8f4991c-d3ab-499a-af80-4a2b4ac2a6fa", "comment": "Malware payload", "value": "8e54fee3b59cdbc0060b8464aaea9c86a5bee319f0b63beb8c2e5752fe31cf762d7ee97313f538dcbb75c97cdc02fa7f", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206054, "uuid": "be15cd7c-aae0-497a-8170-77ecfcbfe6a8", "value": "T154532995BA96D95AE5991B350CE3C6EB7336FC011E6B87073284F36E2E752D0890370B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206054, "uuid": "5c726685-ad22-4fd2-9e2a-2d81c8a64ae9", "value": "1536:tDsQlYkEIbSkKBEqEXPgsRZmbaoFhZhR0cixIHm0JlHqfq2mGOwm3a15qjA:ZhlYkEIuPm3fNRZmbaoFhZhR0cixIHmH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206054, "uuid": "cfda5e73-61de-4c9e-bd64-80781b3299af", "value": 64512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206054, "uuid": "1625ca05-7946-44a3-8ea6-b6625dc84277", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206054, "uuid": "5ca0b0bc-53d8-4266-9fa3-db44ec509317", "value": "00102909.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6fd2e74-7ec4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643214362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214362, "uuid": "ac5e024e-a3ef-48fe-937c-40921edd1445", "comment": "Malware payload (Heodo)", "value": "6f3f56b6c7ff0b5cf342b71b87ca4215", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214362, "uuid": "e9f898a2-f836-4343-a896-ac14c8525cde", "comment": "Malware payload (Heodo)", "value": "07ac2ba6fdc6551cdcbac89524d746874c766864f216a6ebd4093a3d7242d4e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214362, "uuid": "5e813bb7-8591-482d-ac95-ee0b27ed094d", "comment": "Malware payload (Heodo)", "value": "59a7f8ea10102ca48f10d4b1bcaacb1ba727d0b0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214362, "uuid": "ef491612-ea3c-4ed3-8f91-c15aa469cae1", "comment": "Malware payload (Heodo)", "value": "20f3c0afce197cc21937cd6ab8caa63ceb3cd433e55846d0af5848db263227e33fea39fbfd288eddb268d41bb5c017ee", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214362, "uuid": "a2b77c43-6f2d-4e68-ac68-c64a27318e4c", "value": "T1E605F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214362, "uuid": "974a59eb-25f7-4dd5-b27c-085dc0713efc", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214362, "uuid": "797f62f9-f0ad-47ed-af7b-81ec5b9c2186", "value": "12288:aA9e3OrvpgqjtQFecY6dddifiHxoB3rNd9CDr:blrvpgqj2FeZQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214362, "uuid": "531f14e3-cbda-4bfe-ba08-dd93ed274d9f", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214362, "uuid": "4dbd4f3d-5ffb-4ea8-9587-12d282c93a4d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214362, "uuid": "9f4697c5-1124-435c-966d-db1dd4cecc7a", "value": "6f3f56b6c7ff0b5cf342b71b87ca4215", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "156330f8-7e79-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643181905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181905, "uuid": "91b4a8bd-58e4-4dd4-bf60-2c7623d2d80e", "comment": "Malware payload (AgentTesla)", "value": "aabd31125fa90165b3410406828e8409", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181905, "uuid": "7ee90441-107f-4334-b90f-c713db2325d9", "comment": "Malware payload (AgentTesla)", "value": "07f269acde20b63fff1ef9460485bc7e4de31ba8fdfd03d42688d5c37c2d82ca", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181905, "uuid": "dfea72fa-24f3-4f72-86a3-72d67d4fc179", "comment": "Malware payload (AgentTesla)", "value": "f78e853a6dc35c3ffe49c9cab8102c8172bc848d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181905, "uuid": "d03c3cd1-0333-4317-be94-047cec368e7b", "comment": "Malware payload (AgentTesla)", "value": "9bee765470bc6249f572c572cf6737daf7296a4217cebb8419922dbce60ad44293fcfaa916657407b50cc73bb3a23758", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181905, "uuid": "f68d7fd8-f2a4-4cd7-96d3-35906dc00a31", "value": "T12405D01632E0C134D38D2C3588A47505AB33F16F78D2F964EEA6EA467FB97C46A01973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181905, "uuid": "27b24aab-15fb-49c4-af7a-f3e52a55fac4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181905, "uuid": "158feca8-065d-4201-a209-35cbddde6dd6", "value": "24576:xkSGH3ICPmGBbIG6l4OzM6MFwgORTrCBRim9ZOjwM2H:xQH3ICOuOzMRagcUim9ZOjta", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643181905, "uuid": "8a3c26c5-dd6f-43cf-8e27-b9386deba2de", "value": 834560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643181905, "uuid": "f14af749-9f3c-439c-af82-65832835bda6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181905, "uuid": "6539677c-7f76-46f4-a5a4-e2b28f5aefaa", "value": "Payment Advice [UOB].pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9896eac-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220003, "uuid": "2f6c92cb-c980-4827-ae48-95968dda5c1a", "comment": "Malware payload (Heodo)", "value": "34d0adf6276f3aec55ae28bc4cfbc104", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220003, "uuid": "3af12197-e728-49a0-ac07-b92c4c0cbdac", "comment": "Malware payload (Heodo)", "value": "081a26c4a69f35ce8756f9b20bbc5e65c60ee632e59ac0350f9fe26f09d8f2d6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220003, "uuid": "d0d71dba-1428-459e-9616-c7e79809fdd9", "comment": "Malware payload (Heodo)", "value": "42817cb8cde61946c0811078036974a26ae54c8a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220003, "uuid": "35954a98-c717-4208-b08e-7cdc79d1d606", "comment": "Malware payload (Heodo)", "value": "1ac2f70d7856369b5cb042787b8f78b3199bccc54f70c30ee113771ca0165ff05159d7ced96250a22813d7f2dd8b75c8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220003, "uuid": "5f8b74f1-ce71-4ab8-b62e-dfa2ac190ac4", "value": "T19FD4B24D7F918F79FC5D017098CC8B7AA995E87B4A904F022ED6EA3ED5FB1424D18C0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220003, "uuid": "27bf3125-bfb0-4b67-8695-d19849468f84", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220003, "uuid": "83cad8d4-7e79-4a7e-8996-84f371753372", "value": "6144:KfUdJ9dhe5HjGo3OvwX0ddpgqjlfBtAkIeTISkHMPtdddGLfloHxoB3x:aA9e3OrvpgqjtQFecd6dddifiHxoB3x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220003, "uuid": "55a1f15a-59c9-4e2a-9c3b-b3b7de218441", "value": 654689, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220003, "uuid": "668edae1-f879-41fc-8997-6a3bd4bb62ad", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220003, "uuid": "27ca4306-fbc0-4e49-b5de-fb030492f084", "value": "34d0adf6276f3aec55ae28bc4cfbc104", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f59ac0f-7e5b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643169225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169225, "uuid": "e8737fe1-f4be-4319-b140-616412498797", "comment": "Malware payload (Mirai)", "value": "095761e35ef2f92be7b44dc7ae10c4b2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169225, "uuid": "12fb788c-2cc2-4ecb-ad16-04a889e1081f", "comment": "Malware payload (Mirai)", "value": "086e9987298eee96a0caa236c20cd256dcbeec9656f384dec8371cf9071ce3d0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169225, "uuid": "58020291-bd5d-4583-b701-570c874c3834", "comment": "Malware payload (Mirai)", "value": "72f7462de2c011a4169fb46ff15b5d056c9fd7a6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169225, "uuid": "5eacbdd1-f70d-4783-92ae-0a04e5594c81", "comment": "Malware payload (Mirai)", "value": "9c0828394276f0997d481b7363259241b34513c499709cdce4973cb98024672dfb28c9e527ca420fada07cb93fa8a1d2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169225, "uuid": "e778123e-2d6a-485b-86b9-37be2af67e27", "value": "T1C9630845B8918A15C5D513BAFA2E118E331763B8E3DF7212DE106F2077CA92F0E7B952", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169225, "uuid": "c9829f8f-778d-4e02-8146-055eca46b28d", "value": "1536:eRnWyjFJ4QLposD+mSDHV3p7nxczK6rY2Vy6qfGEMrO51aL8IOi11hbZWn:2qQ1Jim4xp1czKoV4fGEsOC1hbZWn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643169225, "uuid": "0ed1abd2-407f-4bb5-92b1-ef261d6b2f40", "value": 70936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643169225, "uuid": "0a923e95-8c3b-48d7-97a6-754969ad0c8d", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169225, "uuid": "40d75db7-0d05-4a99-a6b3-96b3bd1d35cc", "value": "095761e35ef2f92be7b44dc7ae10c4b2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8489621-7eb7-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643208780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208780, "uuid": "2593fd78-d561-495c-8b17-4d596729b772", "comment": "Malware payload (AveMariaRAT)", "value": "3ea713d26d0a61f8fde5c9cbe89cda2d", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208780, "uuid": "88ea9027-9259-4061-a1c9-f7f92ce4dde3", "comment": "Malware payload (AveMariaRAT)", "value": "0876ab4aaa41547d00d39279a669155415eb4e1383d8eb3fa9a7ec53af25f190", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208780, "uuid": "f12fe1ce-64fa-4cf6-bf13-e31004b717ed", "comment": "Malware payload (AveMariaRAT)", "value": "d50830666e8bd86155ea47e63003477c5ddc59db", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208780, "uuid": "acab0556-8239-4265-a928-328008b1b3fd", "comment": "Malware payload (AveMariaRAT)", "value": "22beab34d785472116e294e0c3c55ce7a47a13c983e7a6d36b80490e3e0e6ad672e08cc3a5e6e044ee8d8d5869dd1b07", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208780, "uuid": "f8d4fd64-ac95-40b6-8486-9dd0918be425", "value": "T18DF2C43ED9EB88D7CB8686FA767097400FD381126E37578A3055B185683F730AB1DAC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208780, "uuid": "bb4993a2-80a9-4e5c-93f1-06996671aca7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208780, "uuid": "6d7d811b-4982-45d6-884b-7a3f5bc6d56d", "value": "768:p5uD61Qj1u4oZEIf6bk7kW0Jph2oZU1ZdWNJq:px1QJdoNf6be7qZe1ZdWW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208780, "uuid": "6160bedf-6b56-444f-a496-6eb6e6edad50", "value": 36352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208780, "uuid": "d01154c5-43bf-4ac6-91ed-d6f7bc36b279", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208780, "uuid": "986b3ae1-f01d-4b33-aacd-950cdc4bb9d4", "value": "PO - Drawings And Specifications Sheet_pdf.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff26ca2a-7eb2-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643206779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206779, "uuid": "37bd73d8-e7cf-4897-804f-14e6457881de", "comment": "Malware payload", "value": "1cc9d765d376602536e8713be61a82a8", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206779, "uuid": "d663a6e2-11ab-45bf-be5c-30c29d9c2afe", "comment": "Malware payload", "value": "08b87aeca29a06a257a3f4b70429fa1ba6bff10ba0f2d92519a0b6b1874ab2ee", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206779, "uuid": "b43c307f-ac80-4011-a29d-16cc0dae5a04", "comment": "Malware payload", "value": "408db9900906262797d46b17839fbfd470b6b9c7", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206779, "uuid": "163d593b-945a-4d7e-a8aa-189346b2d99f", "comment": "Malware payload", "value": "eb5b3254d81884b6b54591668df4da35a5626c901712edc9e8e7fef715ddccb8e29fd7e7c0891ceb59b4c3a9e24b573d", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206779, "uuid": "cd4aa954-bef4-4899-882f-60a25ba09f5a", "value": "T17445AE32F2C1D477E2B326384D5BE7E5A925FD109D2465473AD82F4CAF35A803A262C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206779, "uuid": "0e642506-eabc-4115-b9c0-cf1f75ca3216", "value": "24576:LcFe5OYcVUUsjg6P6W5AlAKv3GBgFH6gT2Gkk4TU+LTCtx8kYA:LcYOYcVUefMgp6g6TTPLTkx8kYA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206779, "uuid": "54c5613b-2655-4ced-92d7-6973fc683f9b", "value": 1209856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206779, "uuid": "20ee872c-e51f-467d-9d6c-b3d6938af769", "value": "application/x-msi", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206779, "uuid": "753d83fd-eefb-4d9f-a801-745051cce14c", "value": "Arch.EndesFac3t2601.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a5ef44c-7e86-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643187578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187578, "uuid": "1559e163-5c97-42ea-8037-4aece1966f06", "comment": "Malware payload", "value": "24aa0791b90529130c00e842c67e0017", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187578, "uuid": "623f004d-7df7-48de-ad46-76a15c8f24f7", "comment": "Malware payload", "value": "094c5bdd350a0f2a9108ff23e6835e1a892170f23b573cc6dc6d829c4b079374", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187578, "uuid": "c4b7e445-a9a0-4b0d-8811-caa265f89783", "comment": "Malware payload", "value": "ec18edbe0a7d4e0c28e0ba925789966ef8cd1771", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187578, "uuid": "c25c61f6-727b-4c47-814a-f823731bcefe", "comment": "Malware payload", "value": "17abc6a5a7f78b28695333009d9579fc83b4a5f769f8089bea5c8331bb07414ff54dfc42db2308cdf8fef072fd1e79bf", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187578, "uuid": "25080584-8a52-46b6-b9ad-9db966fc5e61", "value": "T12B014EB166BDF281C603326110CB8A00D16C1B934184FE833A70CA10F8DEAB886FC8F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187578, "uuid": "d2a370d6-8938-48b6-9366-1d6470976453", "value": "12:IXjjInA06Fe+MJMd55n2im4YJg5uamApxDu9i/TjjkOWQ/cOFdAsZBU9GgB8V9fU:0Wb6FrNIyIaTDu2jjipOFdAgBUMguZc1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643187578, "uuid": "ac3f7550-87f8-4226-be37-eb379ab75765", "value": 673, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643187578, "uuid": "10afe321-7f6a-4ca8-9f67-698cce1c2a26", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187578, "uuid": "a9b8f713-2ab2-4fb7-bf2c-37d9f58a9804", "value": "ps.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "975875ea-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230227, "uuid": "3d05a135-403f-4d3c-9e57-ad0833b26188", "comment": "Malware payload", "value": "614ce9f9f217bac594b8e3a0051f84f6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230227, "uuid": "834b50e4-a647-4545-af1a-0398f2c57ba9", "comment": "Malware payload", "value": "0975e3951da66c660f6f9487a944482466b1cd8bfe8a4b1ed41c4666a38b4037", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230227, "uuid": "e49b826b-530c-4969-81a5-8245f2052b79", "comment": "Malware payload", "value": "6e63cbedf1043b300b044fab3211c4eb71f8d138", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230227, "uuid": "4ed26f76-7d13-418e-a766-357921c55cd4", "comment": "Malware payload", "value": "3fd404f3ffe24444b5b1ba3dd2a155276e8b56a26abe09183aa5ba8f4ffe709b3fc1dc7e61636e53e743e50af3e6fed0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230227, "uuid": "8152fa17-bdc4-4901-a3ab-6e4c1e9997d6", "value": "T15CB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230227, "uuid": "d89831f2-6dde-463f-a01b-a2692f1567b9", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230227, "uuid": "b09ed2ee-bcbe-4bb4-81a6-6b203c8f871e", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8P9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgy0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230227, "uuid": "d3fa329c-f4da-4067-bd47-310c494b2718", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230227, "uuid": "d691db39-79c8-4a91-a5fc-a4044a3d7142", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230227, "uuid": "f1a63918-15ab-4107-b344-657fdb267731", "value": "614ce9f9f217bac594b8e3a0051f84f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09df82be-7f04-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643241586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241586, "uuid": "df47a5c4-0399-43cd-8f4e-42a121da35dd", "comment": "Malware payload (Mirai)", "value": "9b66bda57e08aba037d4334a9c86b375", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241586, "uuid": "24cb3fcb-f2d7-4f11-b9d8-cd404e9abd9e", "comment": "Malware payload (Mirai)", "value": "098debf1a92e2b16f578ad78d83a8cf8155d5d3fff64e057d106efbb31559e46", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241586, "uuid": "d5c6d4fc-35b3-4b26-8c69-ce5f74d7bb31", "comment": "Malware payload (Mirai)", "value": "69201fd112308ee36a3b035c2b562e7a8066dfae", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241586, "uuid": "f16ebd18-3f41-4b25-b832-508647a61597", "comment": "Malware payload (Mirai)", "value": "56a0e6865412e4f2911a4bdad6ad6e4c2c2a8436562b964943fc906434ce3309acfc2059936553bed16e96573e1993a8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241586, "uuid": "6af59d12-ea59-4750-a97c-0c084b6036d4", "value": "T11313F20881991A85DFF8DE757DC99F8022BA5FDB31648FB0257A52F3494E4320786EE4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241586, "uuid": "41b58219-10b2-48c1-b1d1-cf8f817eb103", "value": "768:+xVfR1NMJ+u2/S5ThiT24h4MmYpOgp0s9VjQQpTBpF9tFBWbez7O4uVcqgw09X:+bfB9u2/z2jcrzxdO4u+qgw09X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643241586, "uuid": "2cd620cb-481c-484f-9aed-28b51266dcb8", "value": 43172, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643241586, "uuid": "7c27f859-62d5-4935-9752-44a8b5a9a090", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241586, "uuid": "41a72a9c-e494-4c39-9e42-360701e68db0", "value": "9b66bda57e08aba037d4334a9c86b375", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f01da9d8-7ead-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204606, "uuid": "9ac55e3c-79ef-4c83-ba68-ebd1ff70703a", "comment": "Malware payload (Heodo)", "value": "6cfd581836c82ec7a8a968dba5bfd970", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204606, "uuid": "0ddcb3df-538e-49b0-b594-8df2385c0681", "comment": "Malware payload (Heodo)", "value": "09bb94e5f9b315294796c497a6a01e089c7557c47c5701c07726b963f1db31e5", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204606, "uuid": "ab9fabcc-359e-42d6-b836-d7487bc611d1", "comment": "Malware payload (Heodo)", "value": "2d1eafb2c0db4283ea225e23e89336b63c46fc63", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204606, "uuid": "9d08ef76-8904-4328-829f-e7ccab41254f", "comment": "Malware payload (Heodo)", "value": "96b3e8e7d78e7b92b710ad5b0e5649ca383ca8f249ff2a242856a97ba38cc4c23560274cf4812ef780383fc85adbfe28", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204606, "uuid": "46c3a4a9-5ede-45ac-b002-ed4e05b1fe9d", "value": "T165D36B65B5C5E9CAC70523350ADA8BEA33676C479E7603C73258F30E1DBB2909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204606, "uuid": "d2bc84e4-7231-4036-a2e6-de6036aa8610", "value": "3072:PcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg5Gx0G:PcKoSsxzNDZLDZjlbR868O8KlVH3jehO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204606, "uuid": "01cb8b11-3593-47f0-81dc-49763959be71", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204606, "uuid": "d8faed83-5af1-48fe-a9a1-728a9a6e269c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204606, "uuid": "bb8bca4f-2445-4cee-9ed2-f243e136d0ad", "value": "Form.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b94a32f-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643193270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193270, "uuid": "b9d976d2-13e7-421f-975d-6bef32aa2fe3", "comment": "Malware payload (Gafgyt)", "value": "7fa92956fd1eb710d02d5cedf11b6755", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193270, "uuid": "5069f672-1512-4cfd-bd1d-435812f6cb07", "comment": "Malware payload (Gafgyt)", "value": "09ddfcf128c85f6e502586f49ef8fa3ddedfae2e9572afa6c4dfd27cd6859aea", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193270, "uuid": "1b57578d-d761-455f-b10a-9bd3b39ec2a0", "comment": "Malware payload (Gafgyt)", "value": "ca336376aa49f0d930d5ce2ce171019b1278f1a5", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193270, "uuid": "5b29231f-c336-4d4e-8983-e117200d2400", "comment": "Malware payload (Gafgyt)", "value": "c48f13ec32c5d2d14633f0c57dddc9f7a7f63d7ee0ceef4f7a73963295667545b6df31c1c6fada515c798e43c0f0943f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193270, "uuid": "bf4f9b01-744e-4652-9c1d-3162c819ff6d", "value": "T167143A05DA805B57C6E327BAEB8E438D732347A867C7330549389BF43BC2B991E76461", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193270, "uuid": "38780937-266b-4fcb-885f-f394c946ef49", "value": "6144:NKa4qaXP7HN97R6l9k5hLbZOiSM/9DSmBwKBIe8X7:NKa4qaXP7HN9dQq5hLb17/MmB1BIe8X7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193270, "uuid": "687de426-cc5b-4a26-9c67-5c5eedd8b20d", "value": 205249, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193270, "uuid": "c82e8514-6828-4085-a801-d2dbfff5624b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193270, "uuid": "28946ddb-f1f1-451f-ac1b-a1557c332c5d", "value": "Korpze1233121337.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c91daf0f-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "18d1aec7-c8c9-4733-9245-eb564eb2bcde", "comment": "Malware payload (Heodo)", "value": "b20153e9ab3f609bf9167bf5f752f0da", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "63a2ee40-cda7-428a-97b7-a89bcff93efe", "comment": "Malware payload (Heodo)", "value": "0a06f2887c306edceebd6ab5d8ec248b4a1f06c113bf15c34d3811864242061e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "5d36cd88-68d3-4c83-ac1f-71668b8c75c9", "comment": "Malware payload (Heodo)", "value": "934ded4428f0140661eaf3016dfc5d5ba53c86e1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "51f703da-226c-4926-a7e2-994614969ea7", "comment": "Malware payload (Heodo)", "value": "fd49bab92ce046d013a2d5f57a58885a63757a3cf41412bc0313427d519597653efc886ad2052d0dc3e8bda96e2d390f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "30dadd0a-50a3-4897-9e40-08541389cf1c", "value": "T123D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "63540c53-02aa-4f22-ad6f-e6908bf1ca9b", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "e4470b95-9fc0-4d9b-a79a-561499b2e2d2", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm+Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm+/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155578, "uuid": "11a97542-dff2-4e0f-a04d-921b14109393", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155578, "uuid": "e3c1197e-4b0a-4ff8-ad00-72fd135ff900", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "45832261-7ca7-435f-a824-7fcf7c0d72b9", "value": "emotet_exe_e5_0a06f2887c306edceebd6ab5d8ec248b4a1f06c113bf15c34d3811864242061e_2022-01-26__000605.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c1e49bb-7ead-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204304, "uuid": "abbbb2c4-e9e3-4c22-8960-56de91c76b29", "comment": "Malware payload (Heodo)", "value": "b1c7aecacd9f51d7c78a21ff52b7e632", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204304, "uuid": "22fd6792-5aec-4dde-9615-6801fff7d0bd", "comment": "Malware payload (Heodo)", "value": "0a76e765f168ffcffcaa34e22606d43e167103fc77179b39628edf5daf4c40e4", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204304, "uuid": "93ee4b86-87ea-4e63-a012-e32ac00754c7", "comment": "Malware payload (Heodo)", "value": "3df91402789ecdd5f29033a70ef2ea5c089a5b6f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204304, "uuid": "c1378c17-42d8-4ca6-be52-c70a2aa51de7", "comment": "Malware payload (Heodo)", "value": "56f8e0b5c582fbdd183c784e9037ab59f14f33ac1204b5163f348eddfe849ee5bc79c28f6c55ff3b82363c5c817184d4", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204304, "uuid": "5aa0f842-4a15-47e1-a7c3-5a88d4d8837d", "value": "T18BD36B66B5C5E9CAC70523350ADA8BEA33676C478E7603C77258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204304, "uuid": "ac884b00-3348-4102-9f0c-d63f5291d915", "value": "3072:ocKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg5Gx0q:ocKoSsxzNDZLDZjlbR868O8KlVH3jehy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204304, "uuid": "1f1ac8e6-8924-4b5d-aa21-a86749c7a395", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204304, "uuid": "9ac8066f-33de-49f0-8973-a82d2e252e92", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204304, "uuid": "07814692-1825-4ae3-ae9a-3c9828bf3416", "value": "GJQ-010122 YRRG-260122.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc85acaa-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643207123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207123, "uuid": "a9513af1-0916-4f4a-9caf-dac55f37a797", "comment": "Malware payload (Loki)", "value": "82272ce9dbb3aa32de053eec374dad5b", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207123, "uuid": "b424a5d4-197a-4070-b0a9-2a84e2c5b7d2", "comment": "Malware payload (Loki)", "value": "0a7c658eea9e2038f874c0f5b0cfe41f079d77a4d909a57bcf68908e392ace7b", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207123, "uuid": "c5c93ad8-afb1-4915-a36f-d85546fdaf76", "comment": "Malware payload (Loki)", "value": "ff47f687988d78406a1ae455f63bc72d9b87feba", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207123, "uuid": "63f84848-1363-498e-ada7-14d52b7c365e", "comment": "Malware payload (Loki)", "value": "c0288ef3947f226ea961e7103abf7e61088895223e238610938a43d95dac50f57fa46db84e41f8d16ccf8d776e0b2e38", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207123, "uuid": "9318890d-6961-4662-aa1b-5c1791f06fcb", "value": "T18FE4CF1532E0C134D24D2C3588A07965BF33F16F78D2F964EEA2DA457BF9B84AA04973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207123, "uuid": "4cfbb315-403d-4755-8848-3a5b64717339", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207123, "uuid": "b07fa703-93c5-48bc-b52c-96b5b56d3044", "value": "12288:NtFQ1m+uHwKOqlqAfcfXm2xXhb3rLozFSr0F+MRHjs0s8DwiaUgv0+lHA0CWM99u:rf222xXhb3rLozFSq+MtM4wLv0+lHAvN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207123, "uuid": "6afa1a41-1dcc-4357-86bf-61fa83b3b5dd", "value": 695296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207123, "uuid": "8fc69a4f-2b75-4938-b1d1-2411beaf3a6e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207123, "uuid": "e084fae6-a251-434f-89bc-4a5ced9f145c", "value": "DHL EXPRESS Tracking-Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26b3fd61-7ea5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643200832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200832, "uuid": "03d1c32d-01bf-47e0-9589-e470cb9e3e1b", "comment": "Malware payload (Heodo)", "value": "1e1eb02a13314984d93c53231ec9a983", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200832, "uuid": "2125b817-38bd-4e3c-a42f-d125a00c0e2e", "comment": "Malware payload (Heodo)", "value": "0a89557141efdde14f342832bb3b6d0f4027eed72f50d921bb90565f5dc908ba", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200832, "uuid": "e61dd15e-8cc8-45de-953c-30d34ac3a1b8", "comment": "Malware payload (Heodo)", "value": "70791b7d989301bfe878a60bd178d2fd1836abb9", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200832, "uuid": "af143f73-0377-4c3d-be53-a0c604031e74", "comment": "Malware payload (Heodo)", "value": "aa7b03d7e1a9d2de1bd828db2cd80730e92bc1373ee544f3584407341e9e3e573a96131e04def97c366882c597534d3b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200832, "uuid": "76c8af7f-0371-44c8-ba6d-0e65068ed4ff", "value": "T1DFE3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200832, "uuid": "2feca142-20ed-4948-a6dd-fc8d7342a1cb", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200832, "uuid": "d90e2e69-aff3-4882-8382-c02f5d2e97a3", "value": 145417, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200832, "uuid": "bc38f6df-80b8-45de-82fa-8d3184d01884", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200832, "uuid": "afe2da9a-0039-44d1-9744-8a038e489b79", "value": "untitled_92950764094.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c25f80d2-7eb0-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1643205818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205818, "uuid": "9c3dbe4a-5324-4ef4-9221-5b9572fae5a7", "comment": "Malware payload (ArkeiStealer)", "value": "728ea8a079304738242507b06624250b", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205818, "uuid": "cb9c534a-9636-48b9-8657-4af240f22c57", "comment": "Malware payload (ArkeiStealer)", "value": "0b32637010737e98ee8d1eb73537d7747d870e44e4c5e17d7ea562cf71605da8", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205818, "uuid": "36b0abd0-a058-4bb2-b9b7-b153f9e0e35e", "comment": "Malware payload (ArkeiStealer)", "value": "738d80874e0d46f910482c7291eb6db07692de23", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205818, "uuid": "b7257e55-6ca8-4b5b-be65-a0dd8b8ec7ce", "comment": "Malware payload (ArkeiStealer)", "value": "ecdd6342921028afd6781f5a6e3aaad990e43895da236e7ae2c5b78ac063b83e8bde391dfe27e5c526633ddf4016eb34", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205818, "uuid": "59894b1e-31ba-4b7c-beb2-397573d5afb6", "value": "T1EF747C10BBA2C035E5B752F4057993BDA53E7AE26B2450CB63D12BEE5A346E1DC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205818, "uuid": "21dc43e6-ddab-45ec-8148-759a7986b231", "value": "4bcde812b040ca4f517d950272a8fa16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205818, "uuid": "e1023b87-8a0b-4fef-b846-93a5e58d8929", "value": "6144:L4O7yHoYtraK2DFyBda9zpoFCpyD7J6uZFDp4Y40a2p5H:L4S8124PkVoFCpyD7JHFDp4YX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205818, "uuid": "decfedb4-5a72-48c1-89e6-9d3dd63c9969", "value": 344576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205818, "uuid": "04e2cf2f-7b2d-4bee-8543-a06d8f999720", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205818, "uuid": "a785fe9a-3838-4cff-a3f0-7a88be10c8ac", "value": "728ea8a079304738242507b06624250b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77242873-7ed7-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643222442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222442, "uuid": "64bef9d8-2a79-40cd-b617-6817c255f381", "comment": "Malware payload", "value": "bb87c34bbbe1714df21612ac7252f7a5", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222442, "uuid": "66b1e141-c3b2-4e5c-8ee9-150b8fb4624c", "comment": "Malware payload", "value": "0b7a53a6cd925bad870da2818605ef8b8ccc486201f033bff75bdd07dad3854d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222442, "uuid": "516d2563-925a-4ebe-ac2b-2899a7a201ac", "comment": "Malware payload", "value": "6d91c84c57bb26c807059ffc3215f2ae3bdf5cd3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222442, "uuid": "9873ddeb-fa5b-45b4-a4b8-48bd55710919", "comment": "Malware payload", "value": "0a887a164933b02c0fa4f39f6cba8ce1a66b8522d370ef579abaede18972c90975a03934a58fbf96bce6972c917ff54e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222442, "uuid": "18cba63d-1e0c-4bb5-9880-48443f32c63d", "value": "T1A8131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222442, "uuid": "480f94da-2daf-4194-9cdb-5a112759af94", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222442, "uuid": "91ecf293-f867-43a4-adb8-3af317aaf26d", "value": 45330, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222442, "uuid": "9402bc2b-e45b-44a8-b093-b57d77fda336", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222442, "uuid": "d57808d6-8049-4826-bf7c-5f06174dea60", "value": "tmpg544_j3g", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c5f330c-7ece-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643218505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218505, "uuid": "710f33b7-7142-4e4d-94ca-2e922943163d", "comment": "Malware payload (Heodo)", "value": "766319f8da62cdab2ca008a18b47e13d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218505, "uuid": "2bfab5df-321a-4e9e-99d9-a9b2a5b8b355", "comment": "Malware payload (Heodo)", "value": "0b8bd2465b9aae9184fd5413d685ca5a78a95faf4eb5d1422a6ece9cd4a17b0d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218505, "uuid": "a78ed1f9-5827-44f6-8b9c-df8a6c9707ec", "comment": "Malware payload (Heodo)", "value": "0d5b0262532070fe4cc9897796798794ce0b1cfd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218505, "uuid": "8e3fbd71-70f5-44c4-bd7c-6871a760968b", "comment": "Malware payload (Heodo)", "value": "640c5ed9e069b18e1c7266e662e5ab08317ed4e65acd31acdeaa33bb5a6b0c496b8668a62fc1a747dfeb105674fb5748", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218505, "uuid": "1f37a3a0-06b7-4982-b569-1fc0dbf49a70", "value": "T10805F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218505, "uuid": "4a9b65bc-bdc5-4ee7-84e4-dda21d168ad3", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218505, "uuid": "a752973c-e9e2-4cf3-b7e5-2b20ffc3b285", "value": "12288:aA9e3OrvpgqjtQFec46dddifiHxoB3rNd9CDr:blrvpgqj2FeFQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218505, "uuid": "d8f7f8e6-e938-4eea-94ca-33c805bf49b2", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218505, "uuid": "9c277031-df70-48b5-b3e2-5f77c7cbe6c7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218505, "uuid": "3547f647-22b9-4b9a-adf0-75689ac8994c", "value": "766319f8da62cdab2ca008a18b47e13d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83c1b6cc-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220745, "uuid": "5350619a-1444-4b43-b3ad-0229dbc38207", "comment": "Malware payload (Heodo)", "value": "b01531b18d6a2d9c60f3f07384d10b32", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220745, "uuid": "da0ce41e-da99-4f2b-9ea8-bf247af50b38", "comment": "Malware payload (Heodo)", "value": "0c1330925d7319b88fb1d3da5b8a1fcdb5ca3cb81942fb514eab897b087aa772", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220745, "uuid": "23b61047-4a98-4342-8112-061fb0896927", "comment": "Malware payload (Heodo)", "value": "49c2dc45d0d45897e5c53ceba4bd7e2cda825ab4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220745, "uuid": "8a643125-eb0d-4c22-9c63-f0564b8f8ed2", "comment": "Malware payload (Heodo)", "value": "00abb2e9188df3a8c177d1d769de8a8a05b3430fd5ef1aa83c2197da4cb2fcfa390bb67590e390e776aa5c25681a1d0c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220745, "uuid": "75e3e61d-3d99-43fc-a660-04241bb9dd08", "value": "T12E05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220745, "uuid": "519855b0-cbb0-4888-93cb-a8037d12838b", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220745, "uuid": "2411abdd-69f7-4506-af2e-0a616b0876d8", "value": "12288:aA9e3OrvpgqjtQFecf6dddifiHxoB3rNd9CDr:blrvpgqj2FegQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220745, "uuid": "f6db5501-d5a3-45ad-9ff7-c56aae1039d6", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220745, "uuid": "590f0aff-a5f2-4fb5-8e97-ef496210be8c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220745, "uuid": "2efc3b22-5764-4b16-b34d-db028c09309a", "value": "b01531b18d6a2d9c60f3f07384d10b32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0af3bcd-7ebf-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643212338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212338, "uuid": "98d976d8-b82e-40bd-9d5c-5b2714e0615f", "comment": "Malware payload (Heodo)", "value": "5c4583d7127b3d9f78f634231be19a94", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212338, "uuid": "186a8e2c-217a-4bc0-ae61-910a350fc076", "comment": "Malware payload (Heodo)", "value": "0c29fea543b4992f563195439035b7c5891abec1377512f63630f16c458d6bbc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212338, "uuid": "7d8824d4-0071-460b-9fd5-3a9e917a3784", "comment": "Malware payload (Heodo)", "value": "ea6eff6791567f7eaf2a715de5e7926b75158b2a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212338, "uuid": "cc88fd43-14fe-4c58-a16f-2e47ee547b7c", "comment": "Malware payload (Heodo)", "value": "13eafdf84a517afa08d8ed23f75d24ec31a885d0c5f37a43bf6db868a6b20c5d309cbe09926803e1979e0c1f92987648", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212338, "uuid": "ee82c431-0462-41bd-9947-f18acb1841f9", "value": "T10905F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212338, "uuid": "95685c0a-e745-434a-93cb-446d46acaf5e", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212338, "uuid": "1587eee4-4c54-4d44-b289-c7d218c68221", "value": "12288:aA9e3OrvpgqjtQFec26dddifiHxoB3rNd9CDr:blrvpgqj2FejQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643212338, "uuid": "214baac5-ea5e-4c95-af33-eed52611ac9a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643212338, "uuid": "e59e8f7f-d97a-4b01-b1b1-1c78637d5dfd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212338, "uuid": "56709e78-449c-43f5-8762-d067dec76b20", "value": "5c4583d7127b3d9f78f634231be19a94", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71dcc711-7ea8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643202247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643202247, "uuid": "91f9e29e-7a89-4438-b876-4a96649c9ae7", "comment": "Malware payload (Heodo)", "value": "f1bc82b56492687dadbe675315a3599c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643202247, "uuid": "9438e010-1859-4e46-b51f-971560a46848", "comment": "Malware payload (Heodo)", "value": "0c62be4126ce198df52ee831bdb4da78ed81c993be22edb27452b216b7266465", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643202247, "uuid": "0a4f626b-f313-4e72-9855-04850287b530", "comment": "Malware payload (Heodo)", "value": "641f417ee5d12e93fe4799394a49bb31b58ae023", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643202247, "uuid": "fdfc1da0-782c-4ba5-b5cd-1cc0cbf6c69f", "comment": "Malware payload (Heodo)", "value": "fce14355ae23204b090f93d1648eece0cb134e112c401e8e66539988ea9f632538a9a07af06291775584b60107569f91", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643202247, "uuid": "73cfdeb0-d965-4904-abc8-6b86021cb2d0", "value": "T1DB05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643202247, "uuid": "29bd7bef-3043-4a30-8512-b63d65f34485", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643202247, "uuid": "c4dcc439-9624-402b-9fdc-d252cb686a82", "value": "12288:aA9e3OrvpgqjtQFecg6dddifiHxoB3rNd9CDr:blrvpgqj2FetQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643202247, "uuid": "fdda7a49-5767-4f88-9814-6bcf40147b82", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643202247, "uuid": "ed6bf3ff-7845-4471-a131-6bb0312964d6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643202247, "uuid": "b9c58230-6d31-49d6-bcb0-56c35b5f8c33", "value": "ssd.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7435643-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230361, "uuid": "49f4ed75-93ed-4c3f-b8bb-a73b71d6bde0", "comment": "Malware payload", "value": "5b718066db00437e3ddf9f73a710a0e6", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230361, "uuid": "636691e1-3c46-4c6b-a8a5-876ba09dc717", "comment": "Malware payload", "value": "0cae489c75f63ecf6f328c71f2f3736e093b3a4842e923baaf000910bdcf3dbf", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230361, "uuid": "706cb4b9-047d-4adc-99b7-b6cc190cb793", "comment": "Malware payload", "value": "cfd6dc6e0a352d766ee52713a8285c1130c1ce7d", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230361, "uuid": "2a4ea9f2-74fb-4a5a-89f5-a898472c6b21", "comment": "Malware payload", "value": "6062a470665bf54c356f9f50eef7d09f6b53c0a8f374a90d08023ec212f4e30d1a8a4c3c9b65aa1d17af56f8b8226e98", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230361, "uuid": "d1cf91ec-243f-4947-b35d-60f5ad6543fa", "value": "T1BF65013761B38E66C96FC73C47B0E66C4F689FA2961BF26C2454315A8972E074F08C97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230361, "uuid": "b12ad42c-0327-426c-a38a-8e1a3f4a9748", "value": "24576:TijA5ELaOjpOk6NnehzLFCgTrc1zKViGWIANSCqCmURrOrSO/qfJYOW1:jaLaOjhyne1d4171NNSCquRiFIJYO4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230361, "uuid": "f6346780-0982-4077-9602-a014cc97ea80", "value": 1490218, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230361, "uuid": "8c7221fa-433c-4d73-8162-325a0601b89f", "value": "application/x-ms-wim", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230361, "uuid": "4d3d97dd-8514-41b7-b485-e1e794c7a783", "value": "DHL tracing Number 7682657721.wim.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "595a2802-7ebf-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643212084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212084, "uuid": "e5ccfa0d-d925-462a-a93a-f04f875bb27c", "comment": "Malware payload (AgentTesla)", "value": "67baf087d0efbcc2b78f2aad8163ce6a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212084, "uuid": "36861617-ec40-4310-b6cb-499e0f70ff07", "comment": "Malware payload (AgentTesla)", "value": "0cb50c8e7774367d142d3a11793ede6d1999768e5953f8eb4df88569ed28ac34", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212084, "uuid": "a0427513-49b9-4b25-b42e-5df995ce7ee1", "comment": "Malware payload (AgentTesla)", "value": "d5e484bf1eb6c658b1e38941921f57bd110459f4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212084, "uuid": "3eac363f-9ab3-44eb-a192-ba43a3c9dc66", "comment": "Malware payload (AgentTesla)", "value": "a74b046bd9f929be1c09eaa2feeec2dc987246b4368d181e899687a741693c96d468b7adcc2fa07ada63e57e969d59e6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212084, "uuid": "cd85bb9d-bf44-486b-a599-64d3bc2ebf74", "value": "T1D8D4BE1423E95540E276AA745AB4F020933375375CF6CE3E0A9C148E0BF7FA4BA59F26", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212084, "uuid": "dbeb7968-cf6e-46f9-b451-a5ac14adcba0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212084, "uuid": "b426c9a9-f152-4219-af37-1ed9025eca25", "value": "12288:2AN+txWbGEsPeCMafWVwVcDH0uXrVJp2XRhzOl9mvVshZ:2AoNPTMafWVwEUu5UvVs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643212084, "uuid": "c8fccff6-5d87-439a-9941-02e82aafcbdb", "value": 629248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643212084, "uuid": "b7718f17-4e29-4141-990c-97e29aa576a7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212084, "uuid": "27f2bbfe-7b6e-463d-bd1d-5f4f14b9a4a2", "value": "Quotation 20222601.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "feed1762-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "44e3faa0-9c48-4b94-aaec-4d877175c3fa", "comment": "Malware payload", "value": "cd4906b68178be09df8bc83be2dae1a0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "27fc2d52-675f-4d97-98af-908f7b08d6fd", "comment": "Malware payload", "value": "0cf9e34aab1347b8ccdb5efe2b68ea5d0ef1afe69dfea3769bfd5421a22e6334", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "8cbfffac-fea8-47d1-89df-f207ae091261", "comment": "Malware payload", "value": "8d14d88f22b56675b45176371bd55329641fe0a0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "ab121448-ead3-45e5-bf90-52ffb4480ad0", "comment": "Malware payload", "value": "50d43fcc1b1c7235ae8e434226eaca14a18886783dd3095331e355ea662c6c1f55a694a31e905ea7ebfa8e734f00704c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "c1cad0d8-9e40-4c55-8daf-e059dd6703d9", "value": "T145B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "3c301c55-436f-4bb6-92ee-e83bff780c3d", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "3c9d296f-874f-4c77-a3cf-58a382d47c25", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8Z9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgA0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224817, "uuid": "1c18a443-6a94-4ae2-a23d-b025ff3137af", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224817, "uuid": "8bf4f42f-6865-48b7-a436-15c5b8506f1b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "d6ca9305-c3de-4c3e-9658-f54880327d74", "value": "emotet_exe_e4_0cf9e34aab1347b8ccdb5efe2b68ea5d0ef1afe69dfea3769bfd5421a22e6334_2022-01-26__192008.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "174d1c5f-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193505, "uuid": "0897e7c0-1397-4e3e-b6b6-114aa32165c2", "comment": "Malware payload (Mirai)", "value": "717565baaa90f319f05da9556c496541", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193505, "uuid": "e0bda63e-2cee-4b89-8a1c-b40c96120e64", "comment": "Malware payload (Mirai)", "value": "0d1a492cf76db43202737a1ec0c568b661085bfd25a7b4335783c723e738ed57", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193505, "uuid": "e114ed05-9104-4245-b120-82b230f05094", "comment": "Malware payload (Mirai)", "value": "4bee16298da0733aa623f9056f35a1bb8d47264d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193505, "uuid": "6f878828-58e1-4296-b42f-a1b1cf373bc6", "comment": "Malware payload (Mirai)", "value": "bee7622e78a82b1838922a47864f0ac88964aeaa80b4e1ae856fe59a3a010f70440d8bba84c2fa87933ed7c878e182e9", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193505, "uuid": "ac34be52-cc7d-4642-8958-f49b016f3fd9", "value": "T1B9C31A97F800DF66F40AEA3605D70B25B630FB710E531A72A35739A69E362E47827F41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193505, "uuid": "6fe3ea54-3ae5-47ca-8ae3-443d1142561a", "value": "3072:Cc9QXFndlLyqiMwtAR+dICycKGJ3QPs28rmvI0PDGnSQNER:Cc9cXpyqiMwxycHJ3OQrmvI0PDGnSQNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193505, "uuid": "0df6e6ae-5f21-4402-b030-c77782ab115d", "value": 118302, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193505, "uuid": "52a4b519-b727-41d8-9ba4-25665335f8fd", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193505, "uuid": "0de888a8-ef6b-4f36-a2e7-0673cbabaff6", "value": "assailant.m68k", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8fc645a-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643199386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199386, "uuid": "19ad0595-84af-4a3d-8a87-d05969ae71d3", "comment": "Malware payload (Heodo)", "value": "e046f95647064c754e46d26bdcbfcd82", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199386, "uuid": "00f7d096-8a3d-46d3-95cb-3070c36c71b8", "comment": "Malware payload (Heodo)", "value": "0d2ff213d604cd6f48c07c41d82840c38dc4e233ae3ec0324c0d02b1806cfeba", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199386, "uuid": "dc1c9cc9-3ebb-4793-82e9-826a7c5631a7", "comment": "Malware payload (Heodo)", "value": "e99356ecca43992496ab3c118dd8b6bd2de6c415", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199386, "uuid": "384d5ce9-acfc-4c8d-bba2-103e8e5bf95d", "comment": "Malware payload (Heodo)", "value": "816ea181c5c4e658aeab83937b3b41105ebd7bdc9a2fa19b02079961e249ae7a7a420a49feff2d23e4d44b2515cb3111", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199386, "uuid": "366347e1-69e2-4ad5-9163-8a1b947ddd5a", "value": "T15FE35A6576B5C9F6D60407B10AD2CAFA2327FC739E5603E33198B31E1FB91509AC26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199386, "uuid": "c9e66d56-aa6d-4487-9778-2a9023d2fa54", "value": "3072:H7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIKGxk:bcKoSsxzNDZLDZjlbR868O8K0c03D38X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199386, "uuid": "4517b840-42d6-4de0-ad02-e7b5f09f5924", "value": 147456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199386, "uuid": "9d8196c0-7176-4caa-8ec5-e65fd8e27fa2", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199386, "uuid": "9a099fd2-ac19-45bb-906d-024afb307500", "value": "Doc-7166.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f02db698-7eaa-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643203318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203318, "uuid": "3f1c357f-cb5b-4853-a2cc-28dd53457428", "comment": "Malware payload (Heodo)", "value": "ff9a3f6b855d9783fdd6d7ebef505c5d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203318, "uuid": "bcd35a66-2bfb-48b9-9b9d-6c6cd2e60a20", "comment": "Malware payload (Heodo)", "value": "0d4e2d8aa682727ceda9ca7820965e7a2c87a7812e31abbc30d3eb7b43c9ac56", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203318, "uuid": "e52d0bc3-0cd3-4d92-b600-312f09088b3c", "comment": "Malware payload (Heodo)", "value": "1d108c9cc8d7303d5a88b90a160c115bfc3e1d71", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203318, "uuid": "3995ad8f-d627-4dfb-8ce9-37f67ad69d7c", "comment": "Malware payload (Heodo)", "value": "72d9a3c252479d98a1a2f3ddc3fc3def25d8304918ceca28276d0cdacc0919bed78cb2c47a4e98b15c451e1a8e60ee6b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203318, "uuid": "fb209812-7bb6-4773-af3a-1d4fac9019ef", "value": "T1EA05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203318, "uuid": "51c6f6d4-dd4c-4171-aca4-72a431e0c147", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203318, "uuid": "62e3dbd7-2526-490b-b9a1-fd3e8586a973", "value": "12288:aA9e3OrvpgqjtQFecO6dddifiHxoB3rNd9CDr:blrvpgqj2FefQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203318, "uuid": "ebeea443-327c-4510-9619-bbfb84b59c64", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203318, "uuid": "b3af552a-721b-4de9-8da7-2600f7cd0693", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203318, "uuid": "82ad8567-a43a-4346-bbb8-875f5f4ade63", "value": "y0vHGInzn.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84e51259-7e85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643187246, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187246, "uuid": "89bca8f9-980a-4b19-bf5d-68e591ea6c2f", "comment": "Malware payload (Heodo)", "value": "8743d207aa0996653f79b82cdda984ac", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187246, "uuid": "3dea78d2-2e20-46c1-8fab-8810cf7b841e", "comment": "Malware payload (Heodo)", "value": "0dbb477b2c4eada96c948639249d8cea9957a87864fd62b22b33701a3b1b8139", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187246, "uuid": "1f973575-0c7a-4700-8881-a35b8a8d421c", "comment": "Malware payload (Heodo)", "value": "7758405c7a254ac01b8bb503d9f3decc8fef94bf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187246, "uuid": "60a34c8c-70cd-476e-b5da-31cb223deaf2", "comment": "Malware payload (Heodo)", "value": "129a286630c71e9c50944bfc6fda6dd51296c54e0ba56b1bffe7e306813374251500541f1fef82c3217078f04049fbe6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187246, "uuid": "aa9c1814-8ec8-4d73-be18-83e86b0ed344", "value": "T1AFD4B24D7F918F79FC5D017098CC8B7AA995E87B4A904F022ED6EA3ED5FB1424D18C0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187246, "uuid": "2e5dab2a-cc25-4b76-b6d2-9ae9591fbc6c", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187246, "uuid": "8e1edd6e-ff26-4a3b-ba9f-a86e78f45c13", "value": "6144:KfUdJ9dhe5HjGo3OvwX0ddpgqjlfBtAkIeTIkkHMPtdddGLfloHxoB3C:aA9e3OrvpgqjtQFec/6dddifiHxoB3C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643187246, "uuid": "39ced5ec-36d3-4802-9d91-59fa9e37cf58", "value": 654693, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643187246, "uuid": "9f244217-715a-4b8b-a110-053f3acade50", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187246, "uuid": "fb8baf6f-c918-4cf0-9187-37854c016030", "value": "JJlhD.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "769976c2-7eb0-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1643205691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205691, "uuid": "9f549fe7-6931-479d-a89a-7d1ad6957ba5", "comment": "Malware payload (SnakeKeylogger)", "value": "9ebb6aa6cf03ef1726e9d7ee63184374", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205691, "uuid": "1be72bae-ab92-495c-b17d-db3d357aa034", "comment": "Malware payload (SnakeKeylogger)", "value": "0e883a43c6e138e5aa3e08ba3df3474959d583bb8b3b31899142b9d9d143c480", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205691, "uuid": "b2280835-85db-4b30-b376-cc856c793a27", "comment": "Malware payload (SnakeKeylogger)", "value": "062a84e957165d80362564e8f7c4aaf0f435a1c3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205691, "uuid": "c0a96fd8-baf2-439d-b2e6-56fff39b7103", "comment": "Malware payload (SnakeKeylogger)", "value": "288acacfc2e084f27811509efd09ce94f123358ec6060fe6a59342d556eeccc389a2d92fe15af4a5800e055b72bf86f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205691, "uuid": "6fc53a53-885d-43ff-8d72-f3f21a348afa", "value": "T11C45D06BF049C439D19E497240CFF40E03B5B883AECBF59A3E97F5857661B869A0520F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205691, "uuid": "a8e7f9e3-f214-40f6-adca-ff809476c291", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205691, "uuid": "1f574e4f-d6ef-4735-befd-7c93ca08871a", "value": "24576:OHjkJghboG3MVw2UJSp9/YZj3fk5xVJdO2dZDuAV3vhzq0:MvboG8q2UOwZ813Rd9f35z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205691, "uuid": "7635431d-5336-4ea5-a040-fe7ee3de599c", "value": 1210368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205691, "uuid": "17073e90-71b7-4087-b6f3-1213671e4e29", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205691, "uuid": "5f1024fd-4752-4969-8434-bdff333a7607", "value": "XDmHj4gXobA9hD8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68affec5-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226713, "uuid": "97f596d0-5f06-4444-96f3-203043ade7e1", "comment": "Malware payload", "value": "201a75533e813778f5278f107505b384", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226713, "uuid": "d9901b3f-97db-48b2-b325-7a84ddb1acb3", "comment": "Malware payload", "value": "0ebf44ed5f0614c08d4e5f25fb08cd33fa5ec7baa6a5c9c4c19d41dbf3e9df08", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226713, "uuid": "d1d5a1e6-39d4-4b83-9aed-0dfca7ad9d51", "comment": "Malware payload", "value": "8523f543412b6f628011b748543f9de462229185", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226713, "uuid": "9f7758bc-4e76-4269-984c-4d83e0470fd8", "comment": "Malware payload", "value": "d0d8005d3b40c9c984c4868d25488ffdb1a7a2f0e4847b1b713bf6b123deb0ec3a6bdf835c11baa6bd578ba983a6886f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226713, "uuid": "453b474d-c567-4321-bbdb-0b00a152b10e", "value": "T11754EF1E1DB857E1F5BCE7798953491002EA2CC376942243FBEB7D1DF63AE21BA20512", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226713, "uuid": "adf26388-ce77-49de-a1c3-176689888bef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226713, "uuid": "b4fecaac-9be9-418e-b364-9ee2c973eda8", "value": "768:MMqwYNVrk9nVsWUtC4jECwcJvzsedMyIVQ4Cqz783rigpV+pxGxlkTnGnTP:MMPh9nl4HwcxzsedMyKQxqH6vqMP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226713, "uuid": "5f736575-772a-40b6-b45a-1e4aa070cf2b", "value": 285696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226713, "uuid": "8e449289-ae87-4498-ad2c-cad17daa3610", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226713, "uuid": "add0e845-2da1-4664-952e-4feff3b87ab1", "value": "201a75533e813778f5278f107505b384", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cd1862a-7ed7-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643222263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222263, "uuid": "6898c8ce-a085-4c69-bcd5-b73ce917d412", "comment": "Malware payload (SilentBuilder)", "value": "8a03678fea047bd7b6cebfc49acd7bbd", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222263, "uuid": "68572ddf-5fff-4a8e-84e0-e275eed8f9a3", "comment": "Malware payload (SilentBuilder)", "value": "0ed69336f05147ebd670e4f0df7630748aba6280c90860520148cb395cff81e3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222263, "uuid": "bc9d24ee-6ae5-41ec-9e2f-851e93a7e2f8", "comment": "Malware payload (SilentBuilder)", "value": "02065be9cae3dceb7b130a6747ea9f28882f7b22", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222263, "uuid": "4b639fe2-1707-4b3b-aa05-9a07ea8ec8ed", "comment": "Malware payload (SilentBuilder)", "value": "020648d54ada8daedf73bf0e6a2c6edc8a5dc3db4301574df54e56b8442c36d60f615db4e26e4fedd961106d6420c5fe", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222263, "uuid": "bb4e70b6-e999-4ce2-a337-10bfd2e09ee8", "value": "T1D7131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222263, "uuid": "460e5858-3be9-48c2-a5f5-d639e51b7505", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222263, "uuid": "edaa5724-f755-4143-af62-eeaf8f182dcd", "value": 44804, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222263, "uuid": "2af2add4-9cad-4cb9-a108-edf2153850b9", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222263, "uuid": "5ce3462a-390a-4c17-9fc1-c0665d4a8d1e", "value": "tmpjs6bmfj5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15ffef7a-7e73-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179329, "uuid": "518f1bbc-9cc4-4845-a02a-ca12ed4c821c", "comment": "Malware payload (AgentTesla)", "value": "aab50e618aaf50bcc13ef8a186e10439", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179329, "uuid": "181bbd49-9c55-4fd0-80e1-72243137702a", "comment": "Malware payload (AgentTesla)", "value": "0ed8910cc64ad51cc5a240b4670a3745d293d65660992babab8378fdda276506", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179329, "uuid": "09556102-0ace-4c35-b2a3-08fa5e28e13d", "comment": "Malware payload (AgentTesla)", "value": "277601e97ea7668092344030f57f1d34414e549e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179329, "uuid": "6d684772-e66c-4eee-a44a-5fba1ac70f70", "comment": "Malware payload (AgentTesla)", "value": "dca4daa49449ab79d4d23d3bddb4e496dbc6163c3a3b34db78dd068cf5eb0dd751387896a2e3cff19c44ae1b71d152d6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179329, "uuid": "c719bbf5-54ef-445b-a076-7149ec5accc4", "value": "T1DD05DF1532E0C134D28D28359CA07915AF73F16F78D2F964EEA2DB057BF9784AA049B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179329, "uuid": "f2f4e06c-4245-40d2-9968-6d622739ee0c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179329, "uuid": "62d6145f-81dc-453e-b6c3-ea11f97d50a8", "value": "24576:yIfvxYxUhbH8JDKyx+MvMlwkCe4rfFdGFZ536q:y3fx+M061FdGB6q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179329, "uuid": "e4ec79d5-258a-4b30-9f51-025d180063bf", "value": 842240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179329, "uuid": "c55e8964-5dc6-411f-b8f3-a44376cae8e7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179329, "uuid": "730882c2-0958-418e-b329-a03e924ce8d6", "value": "WQENul5h8Hda92V.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ebc84b4-7e8b-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643189652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189652, "uuid": "81d469d1-2a2b-4f8f-9772-f4986993cb3c", "comment": "Malware payload (SilentBuilder)", "value": "f7685205209d20037b23024cd5432d9b", "object_relation": "md5", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189652, "uuid": "7b464e3b-7d47-4418-91e0-d208dfa98e27", "comment": "Malware payload (SilentBuilder)", "value": "0edcedfdd03f2b9d317a856d67ac7530ae2397a46cb8b425964f87a4e35cc46e", "object_relation": "sha256", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189652, "uuid": "4875659e-9c5b-4bcd-addd-92ffa7f46345", "comment": "Malware payload (SilentBuilder)", "value": "eac735d1aad0f0823d3d436681c94368f0f75070", "object_relation": "sha1", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189652, "uuid": "5505ec57-49ed-4840-b3b0-fe1db404b0e9", "comment": "Malware payload (SilentBuilder)", "value": "8715719b336777f498c18f2d2ed9dddb62aeda0a57c2a6fc526c0b4716eb4f3bbe1e762ed14466152618bf18a35c4f76", "object_relation": "sha3-384", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189652, "uuid": "bd1b37ac-7947-4edf-8334-920a82f8055b", "value": "T1F3E3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189652, "uuid": "36289341-cc0f-4963-8ca4-6a917bf246cf", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643189652, "uuid": "c7b41254-b29a-4730-b4da-74ae9d4ce28d", "value": 145952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643189652, "uuid": "231de367-d0a4-463f-9a03-b55f03989ebd", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189652, "uuid": "ebc5b1e4-fba6-47ca-86f6-bb7b9d488685", "value": "informe_2601.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "526e0284-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643206918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206918, "uuid": "8935936e-ad3c-489b-9144-ddb5fba486af", "comment": "Malware payload (Formbook)", "value": "92b67cb176744fd1a838d80756625e60", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206918, "uuid": "9f6737b4-42ef-4ae1-b7e2-151c80baa1a4", "comment": "Malware payload (Formbook)", "value": "0f385166ed62f22a599c3dcf42b4860445dc09f17875b34d6345066eb310336c", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206918, "uuid": "759c7e02-3307-4dc3-8feb-872c78421f24", "comment": "Malware payload (Formbook)", "value": "8458b7312c15debf7fcaf6235a9284584fdfa3c4", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206918, "uuid": "8247f4bd-3f65-41fd-b75a-9a736da20dd8", "comment": "Malware payload (Formbook)", "value": "1e96aa9f5652f5085ed93d1ea5a5af4f0c9df13624a8f74d80d90ed52be7d0d89724f954b19ca9409d64cbca11c6481b", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206918, "uuid": "1b2329c1-0b22-47d2-bcca-5546d4a16b29", "value": "T1F014126CFC2E455BFC276B750759A6FD1274AD94C8489953E2CB3BF8C43881152A8F2C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206918, "uuid": "4a54e50d-c91c-4fc4-ab9c-d32a0c6f022c", "value": "3072:DX0iyU+6pxr8SMRF8ykuzRzcLHWHcVM7GVwI471xhhOuO7SUQ:1y0m189ci28VM7GVwT7nhc57E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206918, "uuid": "0eeec972-a390-44c8-8526-f97b5c6d98e5", "value": 191832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206918, "uuid": "5f1d12d6-b01a-42b9-830d-b99adfd0d798", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206918, "uuid": "0017dc21-71a7-4bd2-90d0-cf0c69a10818", "value": "QUOTATION REQUEST - SUPPLY OF PRODUCTS - DTD JANUARY 2022PDF.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9dc845a-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177430, "uuid": "2e1177d6-382b-4951-ac0b-878961e0a15b", "comment": "Malware payload (Heodo)", "value": "2f7b903ea5ac35e3c0f4ffcceb00879e", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177430, "uuid": "c383f8a2-e0b1-430d-a557-d657fe8fffed", "comment": "Malware payload (Heodo)", "value": "0f5d70d653951694aacfdbae441a87340e2689247cc1dc79852a86d5c8e7dd2b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177430, "uuid": "1f635795-7a31-46bf-b3c2-2bbffda84f6b", "comment": "Malware payload (Heodo)", "value": "af235fe395a9ecb56d89644dd681dc318b486fe2", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177430, "uuid": "787ddb07-79e6-4644-80c5-9ad54afce693", "comment": "Malware payload (Heodo)", "value": "17a432c4946947c272d3bc7d210b3d1fe4e4ac9ad3c97ba4bd2712dd226674a0ada2ab8f66353ca9258ad47f87f32191", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177430, "uuid": "f3f7d15b-cccb-425b-9697-231644d425c9", "value": "T13E33E0AFE5B1397BD225C17DD92C9391F44EA2151E88F3C92D90FFA59202792069E3CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177430, "uuid": "87d68af7-05cb-4414-a201-2a72454aa5b0", "value": "768:n4OjmfxV6sbaLX8iWjzwxmCeOG2S6DaqmBVZKNAxalvxnvy1OA16Oiiiiiiiiiib:PjmfxVXAiozeO0XVZKyalpvyR1bZXwS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177430, "uuid": "7ee7ef73-db82-42b5-aa61-f0fff8e681e8", "value": 50688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177430, "uuid": "d02b8464-832a-48e0-8d13-272fa633b090", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177430, "uuid": "a39753bb-897a-4d10-80d7-6e67e23c7482", "value": "emotet_list_ioc_cronupTue_Jan_25_11:56:12_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09df3032-7e78-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1643181456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181456, "uuid": "89bb86c8-e59f-4985-872c-ec21090e21cb", "comment": "Malware payload (SnakeKeylogger)", "value": "ac80dd85230e498bbdcd1a2edbe4870e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181456, "uuid": "dc249043-6f89-4032-886a-a225d2024c4b", "comment": "Malware payload (SnakeKeylogger)", "value": "0f87382751e7503b16926d190a8d7fbfcb66abf5d60f192eb58e0b334cf369cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181456, "uuid": "e1f60357-dd80-4611-9cde-09f5ef393d73", "comment": "Malware payload (SnakeKeylogger)", "value": "c1d8a06e4337e0552438f27addcc2e2eb3ce4c46", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181456, "uuid": "9f9d853a-373e-4070-873c-a699565a3fcc", "comment": "Malware payload (SnakeKeylogger)", "value": "03c1223b6041326cb720394e29b74adddb8541162e99f84cd0cd8ef1cc6fb812e465b18e20197f13d454906629c4a708", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181456, "uuid": "3dbf9cc4-26d4-4954-85b7-c3f915ff0922", "value": "T119F4AE6BF84DC83AC19859B650CFB10C47B0B883BDC7F5AE7ECBB5096651B42A90650F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181456, "uuid": "cd5fd344-2ed6-4b16-93ca-bf66d0e23b74", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181456, "uuid": "e777c68f-2fe7-427e-9fd5-edb7cc552f7f", "value": "12288:xMtdZV3xwVx8A8HpmySq51+vqmDs3xWB+pjs0s8PwmJ0t7l+/vXql5twy1K:xMtbdfXyVgxWBCMKwzt7lHtwy1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643181456, "uuid": "979868d6-1443-4ec8-a98d-df7027fb290d", "value": 794112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643181456, "uuid": "b1610353-74c5-43a6-87ef-32ca7f87ebfa", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181456, "uuid": "85b69c99-0243-4940-8e9c-0add11bb4308", "value": "swift..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96c18b33-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643211328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211328, "uuid": "2f4aa0f5-5bea-4aea-ab74-7532ff363fab", "comment": "Malware payload", "value": "2da9c1895867633adae59c713c9cf389", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211328, "uuid": "a3c6dbee-d7db-4475-a5c5-ceadd21a0488", "comment": "Malware payload", "value": "0f96be9090a1804707d66b9e06ae4b5ebec6db8632323999af7530a046371850", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211328, "uuid": "f61ce992-5dce-492d-b991-a07751336e6d", "comment": "Malware payload", "value": "14033f0c1883cebb78200935e4d76eecc936a61b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211328, "uuid": "6a221ff7-f00d-40e5-bfb2-8a1eff1f3d5c", "comment": "Malware payload", "value": "f1858e631601461d636971bfaad619976728a38729ea43c337ca3dbc0563bfb956f4c72acd10ed849e55edc2f6fc3a6b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211328, "uuid": "b0cbc4ee-dbd1-45e5-85d3-7cd8903f4d7f", "value": "T17565EF43180C819F9867D76421671D97EEF87E47F2C84E1ED1E428B84AEBDA674CA04F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211328, "uuid": "a202c8d8-0f76-49a7-b15f-b068527fd4a2", "value": "24576:ca1QHwgJMrQqj/wAc6QORNx2nAjwkaqm0GV9igWwlnwXQBwfalj21X4GtZ+FdnZ6:oH5qloBMR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211328, "uuid": "155f094c-c768-4bfd-b6ab-1192801fed92", "value": 1474560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211328, "uuid": "a443b7d7-3e49-428a-9bdf-912a118e2127", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211328, "uuid": "0e7321ad-8800-4a3f-94f0-3a2ff09d3ac8", "value": "2da9c1895867633adae59c713c9cf389.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a02634cc-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643203613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203613, "uuid": "3a65f9ec-31e1-4125-b3d2-84bd7aa2504c", "comment": "Malware payload (Formbook)", "value": "2a7891d958327a9c60b079ee3d487fd8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203613, "uuid": "f036d543-9e4c-4f7b-a3a7-9aaca1d1a24b", "comment": "Malware payload (Formbook)", "value": "0fcca302c4bcf8f490650685b46d1ea92edcb126aaf959c4b8ad0897511ee7d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203613, "uuid": "dee83a12-e422-44c1-9fb6-d33c111a7362", "comment": "Malware payload (Formbook)", "value": "fd828cc4ac3c2e8dd0319b146c0886677543c5d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203613, "uuid": "f9583036-e091-4254-8427-c2595b58c383", "comment": "Malware payload (Formbook)", "value": "bef9bd66b69fa2c54c7bcc23495b00586267d5fbb45ccafee79633cb9e14a0d50521fc50098e465d7dedc9ae3c2d314c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203613, "uuid": "72760291-e7b9-4da4-847b-d30f9c9236ed", "value": "T123256B27B03ACE2DC14B0871428B78A94FEDF5C6E5C6A1493BEEB5C670D8BF5560418B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203613, "uuid": "07b53422-d5b0-408c-8fc3-04ef6276defd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203613, "uuid": "fa2125c9-de9a-424a-940f-5c4361c6ca69", "value": "12288:RVNLEeeDV9rjk4YjClKAD8MkqaQbpjs0s8Qw7EQ1D5KV/uEsZ4FBc+9ytv2RYYW5:RVlEeeKYaQMRw7EQ1a/uE+G19yrYBo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203613, "uuid": "f1ef39a2-e4de-4b20-a21e-9c90bf43b798", "value": 1031680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203613, "uuid": "6143a81a-59ae-45e9-910d-2fa5816b2bb7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203613, "uuid": "502a3947-afd6-41ff-afa9-d5bf434cca88", "value": "ORDER_26.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b7ad6b9-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225348, "uuid": "7dca1961-eea2-4061-8009-00021cc42ad9", "comment": "Malware payload", "value": "a6a8664a8339467b063a0f3be372186b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225348, "uuid": "aef5b65f-73e9-4576-8cc8-d6804b468b4d", "comment": "Malware payload", "value": "0feaeae2eedd0d0db37e3f4bef74c9b01eb3d9f65c07e34fad5e57b25f5ff017", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225348, "uuid": "9111a11a-91c9-4606-b963-09e4d03c8f27", "comment": "Malware payload", "value": "95ee2e3e6bc0b9b1ebe133cd01ff82bf8a49e024", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225348, "uuid": "2e83247c-4834-4e74-80ec-b741e142a40f", "comment": "Malware payload", "value": "2fb39da00920bcd8d60dabdc05fd72f8dffc0ecc6500e89a849eb2bcf8157d25bc95e1861e0de025036ca7cd107a7dcc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225348, "uuid": "e59a462e-34b7-430a-bb07-6f0d486f8948", "value": "T18805F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225348, "uuid": "62f4c44e-0b21-42d7-8dc0-85c78c849a6b", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225348, "uuid": "20075e04-6b6a-4a05-a11a-04f4e95c0bfd", "value": "12288:aA9e3OrvpgqjtQFecM6dddifiHxoB3rNd9CDr:blrvpgqj2FeRQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225348, "uuid": "26a5d9bf-390b-4139-86b7-cc7ac9a1a624", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225348, "uuid": "55c78984-2d33-4df4-80f7-1f775730aa41", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225348, "uuid": "3926fb7d-56a7-44ce-b1f0-91e9577a79d6", "value": "a6a8664a8339467b063a0f3be372186b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d0c49f1-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643193165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193165, "uuid": "7ec4cda2-f7a8-490a-be02-e9ae11d47f65", "comment": "Malware payload (Gafgyt)", "value": "5b02ab1b493cc1aa43532dee603d217b", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193165, "uuid": "0977945d-22f1-4620-95de-a58d79675c01", "comment": "Malware payload (Gafgyt)", "value": "0ff38e1b5387a9979c62d4b3d525e6a347679b5fd12ef0574e988ae5f4461f84", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193165, "uuid": "619f9976-ada2-4f5c-b459-fa96e949cd06", "comment": "Malware payload (Gafgyt)", "value": "5535b9d5c7aed559e99f1c48796f52c9a4776183", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193165, "uuid": "6ee7bc5b-5e97-4e47-ba33-f84e3f24979c", "comment": "Malware payload (Gafgyt)", "value": "f049ec3cdf731e1e23876d08376a98e72337a7832d02d24f4eb2e70164f755e0835b37cda5ebb34c863f2e361d4a289c", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193165, "uuid": "e1a80eb5-88b9-485b-bfb8-8354b625f24a", "value": "T1A8E30604E8485767C3E367BAF79E438D772216EC67D333115A3C6DB42BC2B982A39560", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193165, "uuid": "fcdfc0f8-a7d4-42d6-84a2-07533128a060", "value": "3072:pEDfcOlkmQCnoV1RqIlssKp3VKcxYN/5hLArvgy2x/ojdQQkhM4ZAvR8:dsd3vYN/5hLArvmojdQQkhM4ZAvR8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193165, "uuid": "2d81d526-e317-460a-bc71-f55d668b4d8e", "value": 150790, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193165, "uuid": "8bf70408-eae0-46d8-93fc-b9f9f23412c1", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193165, "uuid": "2d15a0bb-9dc4-43df-b05f-a56b8a3c8199", "value": "Korpze1233121337.arm4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08b98843-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643203359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203359, "uuid": "5f4b5c5e-e068-414c-a3e2-8df4f633b56e", "comment": "Malware payload (Heodo)", "value": "128b22a74f684be60b8f9924eeb96261", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203359, "uuid": "f9d2cd26-245b-4905-8d6c-08d4cf55cb8f", "comment": "Malware payload (Heodo)", "value": "0ffac167d2d0ac0cc817559da7e02c02fff5754f7963a76903fa57e146f80338", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203359, "uuid": "708ce77a-6c55-4334-a3cc-987a76d6d7f6", "comment": "Malware payload (Heodo)", "value": "a9659fec433b7dc28d3c56021400212eb3ded818", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203359, "uuid": "95b13d92-6b5b-482b-92f2-5f67b39efbba", "comment": "Malware payload (Heodo)", "value": "cc31c5f734c9d03100fda4455d84df20a05e71409d978391cf050fcb8249207e4f710715324460e6cd7b8e1460baa665", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203359, "uuid": "f497acd7-761e-47ae-93bf-7d0b45fb7410", "value": "T11E05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203359, "uuid": "0cd9a2da-8954-433b-b114-f47d45855c39", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203359, "uuid": "9e836d24-c6fc-41a1-95cc-18dc842dc4d7", "value": "12288:aA9e3OrvpgqjtQFecc6dddifiHxoB3rNd9CDr:blrvpgqj2Fe1Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203359, "uuid": "f32c467e-a052-4b56-89bb-82d244c5479e", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203359, "uuid": "db841c37-c0ba-4092-baf7-f21914d58f2f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203359, "uuid": "6ca6c5b1-2573-4217-9a02-38cb68558417", "value": "4M16JDwtEMh.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c536554-7ef2-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643234020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234020, "uuid": "3524e12f-32b4-473f-a534-5312b6401eed", "comment": "Malware payload", "value": "788c478897b02b06d6ddd27cc0563787", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234020, "uuid": "572130ff-c628-460f-9386-db203ca3e98e", "comment": "Malware payload", "value": "103fe1a863492b490b926330d62068243802f19ee36e56891a77b05c7afdc691", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234020, "uuid": "72e01eae-3261-478f-9acd-3082acdd9bb2", "comment": "Malware payload", "value": "9c6d3ecd57bbd237bca3d09ad6cb062b7c461aea", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234020, "uuid": "b1e206f7-d344-493c-b64a-1c886b54d0fa", "comment": "Malware payload", "value": "0669fc290e9304ae17c42063ac4f74fda686333958fbbf72aef0aaa7a2db67012b9ae8e33492cbc54be6fa9f0879364c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234020, "uuid": "e4492b48-043c-4782-ad52-bb9d9847b3c6", "value": "T15CB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234020, "uuid": "0bf13c7b-bd70-4e70-98ef-d80d6bdf77b3", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234020, "uuid": "a2a7eece-0dcc-4d08-a2bb-866ac2d995ce", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8F9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgg0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643234020, "uuid": "e0345e6c-79d6-459c-99a8-fec542a5e110", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643234020, "uuid": "463b9dfb-df03-47ac-9041-fa3445adbcfc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234020, "uuid": "3b1b3850-bcf0-40c2-989c-5291247591bf", "value": "788c478897b02b06d6ddd27cc0563787", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc1f4c61-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643193352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193352, "uuid": "5003005a-1a3c-40bf-bddb-e4862c5af208", "comment": "Malware payload (RedLineStealer)", "value": "8a22d0c2ca9db6d58495bb87df521949", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193352, "uuid": "703a45c7-b942-436f-95e7-7fcecaca9d0d", "comment": "Malware payload (RedLineStealer)", "value": "104f89105ef08c142b992dcc9915d4e0284529bfb6f07f522bd0d805800e690b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193352, "uuid": "13308ab6-68b4-48ff-b176-530a1374b689", "comment": "Malware payload (RedLineStealer)", "value": "294e946b60efc3ed1283e6aa576906e833abc0c3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193352, "uuid": "8e745f99-9364-4ee5-a8b2-727cf83afdbf", "comment": "Malware payload (RedLineStealer)", "value": "1b9f557dba49b21af3f2023cebeb1c54dc29051f56eae36df1cc4dd644dc05cae291f0e3e14e3adaaace3327c6f62af4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193352, "uuid": "1b3a39f4-1545-4cfc-b1d4-e3a4ccbeb776", "value": "T10B747C00B7A1D035F5B712F849B993BCA53E7AB16B2450CB63D16AEE56356E0EC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193352, "uuid": "42717b65-4c89-4c2c-9b21-157fd5b3840d", "value": "04a163d3ee35887696fe3625c3dbe935", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193352, "uuid": "3b272c23-ad66-4f3a-8187-ddc6141a0a6f", "value": "6144:9liK7Lp57e5/DIIcqB7LzHIqwcAdRbLAJsdWvhqUplcxpqecwItzBS:9lnbmbJr1noqwddtLDYpwWebT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193352, "uuid": "5702caf9-4372-4f01-9b4d-d82d204981a8", "value": 341504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193352, "uuid": "b86c5126-6627-4e12-82e1-2271557aafd2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193352, "uuid": "e30e7fb4-41e2-44f5-b508-b95370e01483", "value": "8a22d0c2ca9db6d58495bb87df521949.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3037064d-7e97-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643194835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194835, "uuid": "35761fdc-c6f5-4c66-a9d7-dce0364e8cbb", "comment": "Malware payload (RedLineStealer)", "value": "a8142674753978634a4b0346e569d72d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194835, "uuid": "ff435106-fd39-4acf-8788-371b93dd0681", "comment": "Malware payload (RedLineStealer)", "value": "1054c1a2a737517afc2409053b018e9a421e841ff78fe71faf031e9fd1a97dc1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194835, "uuid": "d161d326-5e28-4301-b488-43845bf384df", "comment": "Malware payload (RedLineStealer)", "value": "e52588b235df5cdaeb782fedf5d46845355c3310", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194835, "uuid": "82bdadb5-637c-431f-b652-86c1665eb6e2", "comment": "Malware payload (RedLineStealer)", "value": "64af59f84af12123e69cea9d7aa69092c6301af52df92001ddf6b72b86bdbd384330095eda4528abefde3575037c5ad1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194835, "uuid": "12f50f0f-c861-4314-8222-42b0aa4c6bc3", "value": "T1E1A4AF00BAA1D034F5B712F45A7593BCA93E7EA25B2451CB53D52AFE56346E0EC3230B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194835, "uuid": "b0753a61-1927-40a9-bd0c-7c2f56e827be", "value": "57f1d018b3b215761fc2fe4109612642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194835, "uuid": "abcdba68-7bc1-40af-939f-a0378e6c3aa1", "value": "12288:RufiJcq2Tdj87Yt53F7ycSkEtrK/zpBtcq:Mt5YYt517WkEtW/Cq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643194835, "uuid": "cb842257-185c-44cf-b270-ca276217f138", "value": 454144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643194835, "uuid": "47151bed-4019-4cb0-be41-47232abb10ec", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194835, "uuid": "420ea857-29e3-4044-9af1-ec349c262972", "value": "a8142674753978634a4b0346e569d72d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd021e57-7e8a-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643189542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189542, "uuid": "9c286e7b-3de7-4fbb-ad87-f9920cc878de", "comment": "Malware payload (Heodo)", "value": "e0e84ddc8953f752adf3142f2e43dc55", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189542, "uuid": "8d2bdea2-4138-41f6-ba07-573146b96cd1", "comment": "Malware payload (Heodo)", "value": "105a417a332106b998f5163285e5505a642c9803999f13a0722b2995de2777e8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189542, "uuid": "341bbf05-7e5b-49a2-9c3c-4f6c7b5e68cb", "comment": "Malware payload (Heodo)", "value": "51265a156a17edd8ff2ea0ec75a5967b9b25171a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189542, "uuid": "2fa1e97b-984b-448c-a108-53cd96044fd9", "comment": "Malware payload (Heodo)", "value": "f59e03d28b2e5864456f7503b16d2d10d56c6461be083fee047fd8b16668f629cd109e01710cc3211baf80bc9496b770", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189542, "uuid": "42b0899e-e478-4b44-b68b-4455986d0179", "value": "T1AB05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189542, "uuid": "82310085-f911-47b6-839f-73850094297a", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189542, "uuid": "89e8c684-4c1f-430a-bdea-f7d9cdb1ee65", "value": "12288:aA9e3OrvpgqjtQFecA6dddifiHxoB3rNd9CDr:blrvpgqj2FetQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643189542, "uuid": "a3296aac-50d1-49aa-91b3-7d64565cd4ae", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643189542, "uuid": "06989c19-5ddb-4bd6-b680-4f962cdd0bed", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189542, "uuid": "8534860c-20cd-469a-b966-6e244d348b2d", "value": "e0e84ddc8953f752adf3142f2e43dc55", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce621a2c-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177062, "uuid": "beee3a44-36a3-4266-aa36-bbd0d33c2490", "comment": "Malware payload (Heodo)", "value": "9e1871bcbcd796898e9bb5b1f38f8a28", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177062, "uuid": "6a545aef-aa7b-458c-bc49-b96198c89a32", "comment": "Malware payload (Heodo)", "value": "10a3b6af5895971df6b0b2f59961756b09e75e34f8a56ab8b86d3227ada26150", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177062, "uuid": "b778c228-55be-4ddb-8a0b-0e9c27e50e97", "comment": "Malware payload (Heodo)", "value": "b8f34c820b18b06b2eaf532679625b16b6618feb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177062, "uuid": "cb37b20e-69fd-44c2-b7e9-061b7de219d8", "comment": "Malware payload (Heodo)", "value": "0eaf79150e8f95c8a5abd49a9329e844cd4c7bad869166b24455221307dd383c91189e80836debb780669274b219e1b1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177062, "uuid": "92a2c138-ee79-44a8-9848-752b28ab8331", "value": "T115D49C2233DCC8B9E0AE1D3D290297D523E8AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177062, "uuid": "c18936f0-7d60-4678-815f-f1277311a467", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177062, "uuid": "e7bda5bd-abc6-48ab-8812-451ab967f1c3", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm+Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm+/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177062, "uuid": "973b7b4c-3008-409c-a8cf-61e5f438194e", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177062, "uuid": "852a5f4e-ba74-48ff-ba04-8d93addc9efc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177062, "uuid": "185eb8a2-201d-4da6-9bbd-4d73c4791dcb", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:46_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "accbf2a9-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177005, "uuid": "8379e0f3-a03a-43d4-bc0f-27c06c459732", "comment": "Malware payload (Heodo)", "value": "ed5cae32a3022b05cdd7e71fbd60e92c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177005, "uuid": "647a6e1e-8687-452a-8cd0-b41d4abee10c", "comment": "Malware payload (Heodo)", "value": "10ee631e59d20920cb45925351c5cc5403dde2f06bdc87cde5f093ddd7c7472e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177005, "uuid": "18678fae-a6f3-4713-9ee1-d31727571624", "comment": "Malware payload (Heodo)", "value": "0928481ae43475e36973733da51fa1c4cae5ddd9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177005, "uuid": "c2bff575-ef18-4548-af04-7b40b87a87a4", "comment": "Malware payload (Heodo)", "value": "3efb466ddaf7a2ad095cc6b63a7e4bc30ddc5023bdb06f73824c2553cd82f01e13ed7d2cc3e9475308215b6d55adf929", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177005, "uuid": "08a0ab7b-b36a-4683-b9eb-ae432385afd4", "value": "T1DAD49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177005, "uuid": "19ff3ea3-98b0-4932-a928-74cea0edcae5", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177005, "uuid": "1afa46d0-25ee-4a28-ab69-f78ed35bb905", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmnOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mmn/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177005, "uuid": "a34ad870-0515-444b-8e2a-fb4b7522f43f", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177005, "uuid": "657da847-0751-4c59-883c-7221caf172e0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177005, "uuid": "741ed72c-2d13-477f-b7d6-e7100bede9f0", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:03_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4eed2d38-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225381, "uuid": "765ab7e4-847d-4754-bf9d-30c68a7bd076", "comment": "Malware payload", "value": "82d2a9b610dfcc0302060eac0732e096", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225381, "uuid": "4974d8cf-4abc-4733-a746-4f9276ff6f62", "comment": "Malware payload", "value": "1102042a12642a1f0583c4768b7cc615a8a3c012f53faba74c21388778157752", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225381, "uuid": "604c0902-a994-45ab-9de1-3f5c86299e43", "comment": "Malware payload", "value": "3a73d70e025dddc8ae6ab67b9ffc159fcc91de1d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225381, "uuid": "4b635f8d-ca4f-4356-8513-624c5b4feef2", "comment": "Malware payload", "value": "68e7de8fc0918800d942530685e3bf5d2a6e9d92191b15cb9dd1627f57bae292b2b9d76d9b918e28d82c349ae8cfa854", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225381, "uuid": "68fe2161-8b48-4a02-8a68-221b9105d11e", "value": "T12205F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225381, "uuid": "f7d31fef-1abd-41eb-927c-a3fac73e8d6b", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225381, "uuid": "b2a154ef-5672-465c-9f07-b6343371db62", "value": "12288:aA9e3OrvpgqjtQFecR6dddifiHxoB3rNd9CDr:blrvpgqj2FeyQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225381, "uuid": "640637e2-0af4-4159-aff3-25505b4b1a5e", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225381, "uuid": "3529636d-43b3-4763-8018-8dc8b4e24df9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225381, "uuid": "215f0b49-62c7-4064-ad84-1d59e598a2ae", "value": "82d2a9b610dfcc0302060eac0732e096", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b120f510-7e98-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643195481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195481, "uuid": "1e3afad3-c10f-4c41-b26b-a10ee39ff0a3", "comment": "Malware payload (Heodo)", "value": "1103116cbb4ba9d90e44aa2612916fe4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195481, "uuid": "7745a3c2-5c59-4e3e-937f-392601524dd1", "comment": "Malware payload (Heodo)", "value": "115dcdd9207900e1fdaa0e5089ea029596d3da345e34ebfc5fbdaa6dd78e57dd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195481, "uuid": "6bbca5b5-6f7d-44e8-99df-c16e8ea64662", "comment": "Malware payload (Heodo)", "value": "1c0a37e9441782a3fe18143a814821d9d4055354", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195481, "uuid": "250cbbbf-36be-4f80-b67f-c4210474a564", "comment": "Malware payload (Heodo)", "value": "f5c25406b3e34d4369a7f83dac06118d224712f6c9d4c08cadcf22312ee2528a007a8e1680cb65eaaed7195bfa008683", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195481, "uuid": "965f372b-9a46-40f4-8f0a-660b6aae056d", "value": "T1F105F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195481, "uuid": "c9b79d8d-b495-49ac-b51b-39f616cd25ee", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195481, "uuid": "7481eea7-cdde-4569-aed6-164741362296", "value": "12288:aA9e3OrvpgqjtQFecG6dddifiHxoB3rNd9CDr:blrvpgqj2FeTQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195481, "uuid": "7a8b7e6f-0ee2-4e1f-88d4-534f35f985dd", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195481, "uuid": "ae69c470-3345-4898-ad03-7e09de4c9e6e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195481, "uuid": "3f54e451-7a9a-4a83-8b68-dedaaa5b4ff4", "value": "BoDSs7MrmhytYnFDSBA.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a60d304d-7efc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643238412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238412, "uuid": "c9a592f2-498e-468e-a7ec-3e6deae1bbe2", "comment": "Malware payload", "value": "5415e1b69d9b1f4860b1275daa147887", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238412, "uuid": "a4b7d060-ab0e-4849-aabd-92d3be3327d7", "comment": "Malware payload", "value": "11704222e56bfce363f1abd54952527743d8865106de50f31e26cb83a0a81852", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238412, "uuid": "624c9384-2c1c-4ce0-8874-650f504bd493", "comment": "Malware payload", "value": "d8ffb1be0aaf71194679be790608317f6979be54", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238412, "uuid": "27c59b9c-7dd1-4a2a-a93d-9138020ad080", "comment": "Malware payload", "value": "0023a552d2ca3e3507b9be8923bc671e7f7101b74130b3ba9071c7ae086a374eca69b825c638df4475a6c9168ffce84d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238412, "uuid": "7d7e8a2b-e2cc-4ce1-8095-8e7778940aed", "value": "T1DAB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238412, "uuid": "9448bfb7-31b8-4c1a-b392-c9a296e74b60", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238412, "uuid": "e3710a7b-fddc-44ca-9ec7-81387ee6b36f", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8K9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgf0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643238412, "uuid": "7a7ff21c-f6ee-4524-8c51-4306964f9ee8", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643238412, "uuid": "f02c2cc9-e11d-41f7-8bf9-80aa0693f104", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238412, "uuid": "109b1307-1394-4a06-9606-6ab26a0039f9", "value": "5415e1b69d9b1f4860b1275daa147887", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d2a1680-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208118, "uuid": "87b3d61a-7e54-4e66-9ac3-352cf8863657", "comment": "Malware payload (Heodo)", "value": "d7cf40482ed486b4f5dd5fa7ecfa1e06", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208118, "uuid": "c2d14dd0-fc43-4b46-bc8e-2b7a98ec8c12", "comment": "Malware payload (Heodo)", "value": "11a1fa95bb836b0e6e9cbd0323705cc3be1b6297c2ae9c65add9df5f4b05e613", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208118, "uuid": "4bc42722-d698-49f2-97ba-113eb0d9175b", "comment": "Malware payload (Heodo)", "value": "ba827abb8055dce93fd3f6ef564a76fa3fe1d7c1", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208118, "uuid": "2d3bbbe5-2472-438a-b675-bc2b4fae449e", "comment": "Malware payload (Heodo)", "value": "51c41cf107f58489ad720778429c9a9f7f829c73d56104f4b35beba04a39175358f1e89f44ccae006faee56296191e4c", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208118, "uuid": "04b7eadd-0eda-4bb8-8935-5a1552bfcf71", "value": "T1CFD36B66B5C5E9CAC70523350ADA8BEA33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208118, "uuid": "4513da61-1661-470e-a653-40dd3122aa3d", "value": "3072:NcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0L:NcKoSsxzNDZLDZjlbR868O8KlVH3jehU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208118, "uuid": "25fbb5d7-4806-4380-a4c0-2aa145fceafc", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208118, "uuid": "85dc3c45-9917-4679-99c9-666f110af47e", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208118, "uuid": "22020481-431f-475d-9331-f3732d5b20da", "value": "Expo Lists.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d39f8f0e-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643223456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223456, "uuid": "b583c06a-f0fa-42a9-b695-d289dba75292", "comment": "Malware payload", "value": "962810f0c4d9467e036c8a9b667ff978", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223456, "uuid": "a13fb9bd-5e26-45d0-8063-abb0fa08f592", "comment": "Malware payload", "value": "11a85a59c858bd5dbcb6d17fe55dbb02405ed8a8c1ad13acaef042f5c6d80ba3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223456, "uuid": "ddeaee01-b7be-4e93-8b06-b738f2fb70a8", "comment": "Malware payload", "value": "76f6de9a245fa2ab53cb59cee0baf06d9dfa64fa", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223456, "uuid": "065b9002-421a-4aa3-9fbc-1e879db14f06", "comment": "Malware payload", "value": "9586b1f739c0cbd8a716cf4ddd8508151780e4161dfd29a0039fdbc62ad067bffb4215f4eb65978cf0e52c7264022bf1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223456, "uuid": "8431a6fe-d602-422c-95e4-35ae2b7e7b71", "value": "T14E131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223456, "uuid": "8219c129-2731-452c-9f74-475d5b07f05f", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223456, "uuid": "410a8c14-2498-4083-b0d4-5fe6e6f32461", "value": 45263, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223456, "uuid": "c3e20803-b765-4141-9ff6-6b66e144ad28", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223456, "uuid": "08ccea5a-e3e3-46d7-8d5d-eafe0e0152a4", "value": "tmptyx80hn3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "862f86d9-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177370, "uuid": "819c5b1e-c7a0-46f3-b212-a7d2e08be7e3", "comment": "Malware payload (Heodo)", "value": "1b64d26eb0cf6609572a807862e65226", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177370, "uuid": "35164d5c-7a40-4b2b-a57e-be0012bb30c8", "comment": "Malware payload (Heodo)", "value": "1244c5fc952df8484a832b63da31ed157c5cd9a35b7058d863d925912def05f8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177370, "uuid": "d23f64f9-4055-41a9-870f-e347f59c7d00", "comment": "Malware payload (Heodo)", "value": "72bf5e7c73b970a64ef7dbbd5fee75abab1a1e44", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177370, "uuid": "94a86706-5577-4d51-aa1f-857534651121", "comment": "Malware payload (Heodo)", "value": "f7369fc4a81110b249becd5f7626583673ef5ebfa7cdde4d18ea3394daa8238a160b0a937a5f31bf1cdb6ecb391c6835", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177370, "uuid": "fe788c8b-699a-4d4c-9c97-e85ba99f81cc", "value": "T1DED4B011B2E2C07AC1AF0175595297A973F9BE90D9FDC247EFC06A4F5E315828B38722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177370, "uuid": "8aecc1e8-37d5-45ac-84f1-8f4fe95cdcbf", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177370, "uuid": "eda592d0-5426-4448-aa2c-12acfc3e8abc", "value": "12288:vClISqMT89ornPmGZtn5yzrDG1ywIdO3D7AfojAxOBnVV0KOFD3EPO7:vmTWornPDryzrSywIdOz7AfOAxsVZOFZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177370, "uuid": "37981d24-d778-45d1-b3ad-063018ac7dc1", "value": 634880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177370, "uuid": "e611072e-b3ef-44fb-918e-96fc13a40414", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177370, "uuid": "71136553-2bb5-4d7b-b56c-df96a3dac7bd", "value": "emotet_list_ioc_cronupTue_Jan_25_11:55:32_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbac870c-7f03-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643241562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241562, "uuid": "72f4343e-d747-44bb-b931-710e622cbacc", "comment": "Malware payload", "value": "0b84f018e5bdafe7320d7bb36ba761a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241562, "uuid": "b8c436f1-c4ff-420e-97a2-30be9903efc2", "comment": "Malware payload", "value": "12b47df297bb7a166f1aea740da1968fbffaf4c08ceb9f90e88b7db7bb2d6fbf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241562, "uuid": "c459704e-f82c-46c2-8102-5d77d6c4512d", "comment": "Malware payload", "value": "9f2cd174fe066d6a973a02776fb60a23763fecc8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241562, "uuid": "ab088b20-27f0-4414-8312-93746da7ad9c", "comment": "Malware payload", "value": "2ad5a6f775683fbbe68a5330872d5085981d57de35c4bb77f1a2a4290a128366719058db544be93e05d4f17bbfba003f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241562, "uuid": "627f228e-f61d-4dd9-b70a-ac3632fb312a", "value": "T1DFB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241562, "uuid": "21fc3a5d-7b03-4311-888c-2d294136d6bf", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241562, "uuid": "d69fb8c9-0587-4184-bd7e-5f27fd5b4394", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8I9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgB0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643241562, "uuid": "566e7088-65af-4c37-8697-3dbd7eb25832", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643241562, "uuid": "de070615-8389-43ce-98b8-b5322d86a9ad", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241562, "uuid": "7c53663e-4e5c-4f0e-acaa-f2d1798f73af", "value": "0b84f018e5bdafe7320d7bb36ba761a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddc4d256-7ecd-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643218319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218319, "uuid": "6fa12159-3106-4eab-bbef-7c4b81bd971d", "comment": "Malware payload (Heodo)", "value": "eeef2c3bbf82e65e93e695b237a20c14", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218319, "uuid": "82187707-ef0c-4ff5-b62e-901fd215af48", "comment": "Malware payload (Heodo)", "value": "12d30c2d8cb6507d0fd1bfb83504b8fb64c59bcc30f71bbf619abef7fbd828e2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218319, "uuid": "3d156660-08fd-47ae-80ee-85321707cd98", "comment": "Malware payload (Heodo)", "value": "14de48c3cc39312f278097ff7a269b00a87a4243", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218319, "uuid": "d3bb27af-e7b2-42a0-aa4c-6063b2f264c1", "comment": "Malware payload (Heodo)", "value": "6dd7749192611b1498a79978b59e4b56c7472bfecd00352d8455761576cf1915aeab86ee805de81653abaaa528d7f4e6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218319, "uuid": "8044bc9f-5462-42fd-ae0a-836f5bc41478", "value": "T16BE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218319, "uuid": "208e5268-51bc-43af-8d84-a713b02edf31", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218319, "uuid": "451d4a84-e9d1-4b0f-af11-ac03f7f7bed6", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIMG0Bv1tgV:RpncLJZA2LwpJsNtZUWeG9Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218319, "uuid": "b09cfbde-30f4-47bc-8064-11dbc73844bf", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218319, "uuid": "af4dc2a8-2362-4d7b-b371-3948babc01b0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218319, "uuid": "525e0017-bdb0-45fd-af70-832bd4542aa5", "value": "PKKOVBsay.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f9711e0-7e86-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643187640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187640, "uuid": "d82476c0-ed34-4346-a29e-3d2c818a6627", "comment": "Malware payload (Formbook)", "value": "28273f7b22cd7d7625539756195eed22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187640, "uuid": "8159098c-44fa-4caf-88e9-46666882180b", "comment": "Malware payload (Formbook)", "value": "12dfafbf527adac369abdc31bfe9756517c70b2216a12ef4f4772eba15eaa2e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187640, "uuid": "1e8af60f-18e6-4ca3-b427-dcfe00c45947", "comment": "Malware payload (Formbook)", "value": "af5b5b284248e26a77a471374afe38434d40cd7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187640, "uuid": "83b15b8c-c2dd-4724-85e8-32e2502cb182", "comment": "Malware payload (Formbook)", "value": "7f48be691468c631031ddddaa1f0ab7ffca35c767a36f9270772945b2fc40bffede31f56ed8afe67f22f742528b8054b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187640, "uuid": "e8d45d31-ad8c-4149-9586-11c2b8265a99", "value": "T135333D42CAA20363D6A557B274D396C30BB1700E18E0C9ABD8CD709A4E9F3467597FDE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187640, "uuid": "8914a3d9-33fa-4e5f-9009-86682a5ceb01", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187640, "uuid": "961f894b-5b58-40e7-b359-130310255b58", "value": "1536:HkN3a/eHUTQQQQQQRBdBgN6b5/2kWSC6WLrowQ:EN3a/eHUTQQQQQQXdBft/2YWLrowQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643187640, "uuid": "06561e10-ddf0-4329-aa83-4de9af2533ef", "value": 51400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643187640, "uuid": "50bd9ead-9899-4c46-9a88-3d1ea4178857", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187640, "uuid": "063a190b-ad92-4198-a007-2e3100330d79", "value": "BANK SLIP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef65f174-7e90-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643192149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192149, "uuid": "85d778cc-8ec6-4199-9f2c-c3369768d53b", "comment": "Malware payload (RedLineStealer)", "value": "75fe7753bef6b871c2a6dc3f93f1728b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192149, "uuid": "def217ca-bede-47e9-8459-f754d4748354", "comment": "Malware payload (RedLineStealer)", "value": "134949c0d8ad2cecfbd8ce165f94499cbc06e05171caeb3ff2cd4575e73dc611", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192149, "uuid": "b7324c4f-ffc8-46c6-be04-9889ee2b621a", "comment": "Malware payload (RedLineStealer)", "value": "8e3febdb613d852c3415d924417d4277c012a071", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192149, "uuid": "c9eeedf4-1f80-4122-b1f0-31c2bb97416c", "comment": "Malware payload (RedLineStealer)", "value": "76467c3c5763ac02a4432dcf8e70878daa27396c591fcbb225fea558779b476b9677c56119af3f287595ac39d77b0885", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192149, "uuid": "d46775db-5e95-4740-901b-2272eb89a649", "value": "T106A4AD00B7A1C035E6B712F4467A93BDA63F7AA11B2451CB63D52AEE47346E1EC3131B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192149, "uuid": "4f5db767-e601-46b4-9c46-83f04a76d6fd", "value": "04a163d3ee35887696fe3625c3dbe935", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192149, "uuid": "66a60a13-f719-431d-8999-d9fb9dc1567b", "value": "12288:KlknLVxZNapsz7iaQ7HdJodRO/xeRtvSac:0upMsz7VQZJofO/xeHSa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643192149, "uuid": "d2f3af3a-b867-468d-949a-c23c8c5ee85a", "value": 455168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643192149, "uuid": "4e0efa57-591f-48e8-8401-33ef1b4766f9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192149, "uuid": "f579e0b2-b422-4ff0-98b4-bcbd74a0e346", "value": "75fe7753bef6b871c2a6dc3f93f1728b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06bfe493-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643188753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188753, "uuid": "18ff189c-b908-4907-ba2f-25e29ccc9bee", "comment": "Malware payload (Heodo)", "value": "de00b827303d33ba07f7bee1966a13b8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188753, "uuid": "e04bf2a2-c409-41a9-99db-2b0cf32f361e", "comment": "Malware payload (Heodo)", "value": "1380e7a019c1b6a0c63a2365dcfb4655921c244c9d2d16b3b5b0e9648b18a7f3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188753, "uuid": "bdde0ec3-4ae7-448c-9f7d-f6964b221859", "comment": "Malware payload (Heodo)", "value": "a7b005cb5a815d3edb012e06ded15433145facdf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188753, "uuid": "d93c40f5-7deb-4d96-ad6c-ff020f9e39b6", "comment": "Malware payload (Heodo)", "value": "d15215c71e173e51f34a728f20bbfc60b4740d4a891c844d9be2524505865ef10c19c1a9331618a60c6014e3c16e1b73", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188753, "uuid": "63274357-b46c-41a0-bb44-ca656529a1d8", "value": "T10005F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188753, "uuid": "ce75d0c3-8cbd-4c80-aaef-6566e8af7586", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188753, "uuid": "e6f6c7df-ac08-4656-b417-aaa54d61da66", "value": "12288:aA9e3OrvpgqjtQFech6dddifiHxoB3rNd9CDr:blrvpgqj2FeGQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188753, "uuid": "c0d70299-5a56-4ccd-96da-74b75c8aa4c9", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188753, "uuid": "273c45e2-11cf-4ccb-a2b9-23b7b46c5ce1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188753, "uuid": "f617b8a1-3ec6-4b27-b849-0fe5157d1038", "value": "de00b827303d33ba07f7bee1966a13b8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "514e350e-7e86-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643187589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187589, "uuid": "0e283b68-04fe-4756-8a66-95fac9818bc0", "comment": "Malware payload (Formbook)", "value": "067e3e5b267e1c65a9e633ee3c3bd3d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187589, "uuid": "a62b06f2-52f1-4391-ae38-abb5926c7337", "comment": "Malware payload (Formbook)", "value": "138885bb6b68014d53469fa9ce85505960e780a2953c13d4bee23d87f0db1563", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187589, "uuid": "064500e1-c05a-4021-a7a9-b4eee879ab06", "comment": "Malware payload (Formbook)", "value": "3d0ef11080a29070a41f7b97c64cd04f45a147ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187589, "uuid": "8b6cb9bd-0e5f-42c1-aebb-219d907aab76", "comment": "Malware payload (Formbook)", "value": "5dfb497f35123e10fb84009f8a2710730c846d35727cab1382dd56889114823ba1cab5c8d1fc5febdb360665fe3209aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187589, "uuid": "e67da7b5-ebb4-4f19-8f57-541bff4eccc4", "value": "T17B94F1690EFEC8CAD70666F949F6F3BAE5ECD7E03D12030363221DA9BA187DC5580591", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187589, "uuid": "ab262c82-92a3-48c4-8a8a-f3e7fddc5cbd", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187589, "uuid": "da96426a-55a8-4233-85f0-9b89cde740a4", "value": "12288:b5TdQCTv+lMxyT+b29L7DS4M+lzxJnQxiLQTT:b5BQc+lMxiyYTM+NnQxiETT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643187589, "uuid": "0f52329c-03e1-41b9-8a06-6e40bdc9bc1e", "value": 441633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643187589, "uuid": "e44226fc-d1f2-44bc-aed4-bed8d1dd1bbd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187589, "uuid": "d7f62e6d-92b5-49c5-a44f-bf2e12119f98", "value": "SCAMPMT.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4444161-7e72-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179138, "uuid": "47974db7-627a-4a27-9bba-01d1f73a9aea", "comment": "Malware payload (AgentTesla)", "value": "61880df88602efb17374be0d1fff9a0b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179138, "uuid": "a3c42d1e-f32b-4f50-87ec-0a37ea9aef60", "comment": "Malware payload (AgentTesla)", "value": "13a317d1db19c2f0378f7865ae4fbef137148987d7bd0848e55be95f880505be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179138, "uuid": "5346efe3-0bd2-44b9-9cbb-fed8b22af0ed", "comment": "Malware payload (AgentTesla)", "value": "1afa624a4ff59d120ae11b8c3fbcf19e2a831e34", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179138, "uuid": "46d9d622-8721-4099-a52e-b7d3928ad566", "comment": "Malware payload (AgentTesla)", "value": "56f68808b5cc59e6e16db68f0af1f4999fe284b9d38c1a1cc8e6274d088a238c288247c3ab5b5dcf3b42fd4435da4b3b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179138, "uuid": "2dab85bc-afc6-48f7-a244-106436e1a3b1", "value": "T13B842370A236BBCBA8057C92CAD141C557BB0CF7463E4495EA826F2EC8732AB7195770", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179138, "uuid": "f5d6cfc3-e53e-4fa7-b959-c2a965eb3e33", "value": "6144:SKl0ROFOYbsv7qmGZNpsc4ixMJA/ubzZJSn0HzUcPA7LB6hiEHfnMgshZcl9gpoU:LlkY2cf8S3gZJvYLBcJ0gQ6cU/Hu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179138, "uuid": "9f48d335-dc4f-4c8a-abd8-bf8e44dffd43", "value": 382590, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179138, "uuid": "4e83ebeb-18a8-477f-8ff7-a8a5a12b8ef4", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179138, "uuid": "7d440cc8-881b-4917-bab1-529026519f8a", "value": "Bank Slip.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffd9b000-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "31a6f382-4e82-4a7c-b77e-4a0e375436b6", "comment": "Malware payload (Heodo)", "value": "1c6fd2689a729b39e1ab87d4909b652f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "3a66c050-a329-48e9-8252-e65d6c3d455e", "comment": "Malware payload (Heodo)", "value": "13eba8dcc033fbba21728515f8141dd98ddf19d8a9f080d6980709bf3ab43a4d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "3f6a0a33-a430-4e1a-b8eb-2308bb5087c0", "comment": "Malware payload (Heodo)", "value": "93da926db760c0d8faf714b3f6f3d76f1aa44aeb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "56931ac6-2d32-41ae-925d-0286fae31c40", "comment": "Malware payload (Heodo)", "value": "1fa773bbdd54f579595391e9b04c0d8beab2137d320b3d6de01bfd450f36717ca72c8f9a365e584fa941362e5de4ea90", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "98ed8d76-2419-4049-b918-4961ae3b6818", "value": "T1F8B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "2c72a8df-4b97-40ad-afe7-f1da54fb3175", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "29e39252-1d05-44b1-b99f-69ffc011c441", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v879clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgO0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224819, "uuid": "2ef13858-8b0e-4ce5-8711-6710195c2144", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224819, "uuid": "a6f73c16-e317-4c5d-9f94-ed5fa5c20b9d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "58441453-a9fa-47e3-b60c-67545c95c07b", "value": "emotet_exe_e4_13eba8dcc033fbba21728515f8141dd98ddf19d8a9f080d6980709bf3ab43a4d_2022-01-26__192009.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1870e293-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643210257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210257, "uuid": "ff6c60a1-d4e9-4d22-903b-f68ab960610e", "comment": "Malware payload (Heodo)", "value": "72f92440c2b8aee7643939d16e29a286", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210257, "uuid": "77bc74df-0484-4304-9e90-a34f06d60ce1", "comment": "Malware payload (Heodo)", "value": "13ef8b2970689386119819a5b3bb2a332e94b4a18154c7a002c6a805f4ddd9a8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210257, "uuid": "5c8c6088-2f9d-4c71-b16f-06d5d2f5b8a9", "comment": "Malware payload (Heodo)", "value": "5d276020d6a6b9f5654d968834f65fb8650b137f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210257, "uuid": "04d56acc-b772-43f5-9cdd-42f33ebfff32", "comment": "Malware payload (Heodo)", "value": "07e6c2e4883dfcc9ec1fbab9d021b1b45880219f21b23586faaf1ff6592527d26c6f7b9869e6af00a7cd7b13e82501b9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210257, "uuid": "87834dbe-c9ec-4cc9-aa0b-39b52841b333", "value": "T1D4E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210257, "uuid": "ebc99372-cd47-45fb-87d0-a3370a8fc94a", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210257, "uuid": "406d30e2-e94e-409b-b7cd-3b8c0f40ccd5", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orI9G0Bv1tgV:RpncLJZA2LwpJsNtZUWeGsOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210257, "uuid": "5ace7791-3aa8-482b-b248-ffcafd18b4bc", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210257, "uuid": "687af3dc-4ddf-42b1-b5c2-1954aca50bff", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210257, "uuid": "23e69c3d-8dbc-4553-9e46-af0edbf37e82", "value": "72f92440c2b8aee7643939d16e29a286", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c107843b-7e8e-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643191213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191213, "uuid": "26393d8d-0d6f-4a05-8741-1c234f2218bc", "comment": "Malware payload (Formbook)", "value": "f7b4878d83da4d4939368e5158bf2bb0", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191213, "uuid": "0cf83f43-d5ea-49a1-9382-ca8d516536a2", "comment": "Malware payload (Formbook)", "value": "142827d15901c524c28ba06f1a07edb391d37d2bc29e4bf4c2d3d8aacc5db307", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191213, "uuid": "b40910f2-05e1-4af4-9d3b-aef6e3dfdcee", "comment": "Malware payload (Formbook)", "value": "f09b8d22c2a836d8e8f5aca3800a791baa8a17a9", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191213, "uuid": "8f212e7b-6524-4170-a1f3-2d217c247525", "comment": "Malware payload (Formbook)", "value": "ba68f7e4ab54de695fc92dce810bd926db8163d52ba09ba94b6e0cb9100e01b95dd0eba8de328984e9c87a80c75b94aa", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191213, "uuid": "d7ac62a6-faca-41e5-98ae-3a86b4a57e40", "value": "T1B71412411B0E8690E6512AF95F2BEE2245DACFD5E80EA4EE6BD53308EF398135845373", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191213, "uuid": "8e636a24-106f-4197-b2f0-b5edaa94ab20", "value": "3072:mXqwT62G93QU9LLsif2hxpr1CGeybUyZfogWfUZZL5FBLbOod/s7e7:AqshMgEc5jC3ybUCfoffU3LpKA6o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191213, "uuid": "d667a0f6-0fa3-43f1-bd09-357ec0d3ed96", "value": 191912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191213, "uuid": "87a10777-3219-45bc-8d88-c18394b98532", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191213, "uuid": "751d6721-c481-43dc-ad3c-e9c5c7fbb7a7", "value": "Invoice.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68691df5-7e51-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643164865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164865, "uuid": "d325c38c-58d4-4937-9138-2d6dd7f7d254", "comment": "Malware payload (AgentTesla)", "value": "48558c570cc264385af3183cc8189fa0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164865, "uuid": "fc1b26f4-0e9b-477e-add8-9d5b71a5c86b", "comment": "Malware payload (AgentTesla)", "value": "14645de2ba8f02437e54f44ed5ccb792c4f0222afaf163ecc5c9179a552cd3b0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164865, "uuid": "707a73b0-e643-4a0d-858c-ab00df54d91b", "comment": "Malware payload (AgentTesla)", "value": "88180dca86bcf3b1a57678e51bdd923d467bc4e6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164865, "uuid": "505563be-2f32-4aa3-b82f-657c2f3b47c8", "comment": "Malware payload (AgentTesla)", "value": "c8a0ee2dd21f7d88397eb65ebd16d2167e8a0b85f12ce72ace4d7e47a7b44376bfc8d4f95b73f489e7b7f4a64e55fb2d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164865, "uuid": "76e2515e-0f54-47cd-99e5-75c7e5f43aa8", "value": "T15505D05932E08534C28D28399CE075007B73F66F78D3F968EEA2DB457BB9B846640673", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164865, "uuid": "3e360057-c1b5-40f0-ba71-019bf38dbdaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164865, "uuid": "04d6c48d-9c04-44bf-a89c-4171c3bf08b9", "value": "24576:usi6A8hDzVkHYWvkHV+MbMEwuSVMp9t1JT0c:uMdV+MIRuTp9t1JY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643164865, "uuid": "0c389b51-725d-427c-994f-034874ecaf4a", "value": 829952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643164865, "uuid": "06097094-4b1f-4dba-bcbd-ddea11ffd676", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164865, "uuid": "af72fadc-497c-40aa-a26e-168913434fbf", "value": "TELEX Swift Copy - 4225355535536536_2022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d8deed4-7e57-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643167477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167477, "uuid": "a22970d4-efde-45a5-b974-eff3afe9bf35", "comment": "Malware payload (AgentTesla)", "value": "163caee2f5d44a0a3514f177bc5ce906", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167477, "uuid": "29cd64db-3294-4b0e-a69e-535e63328022", "comment": "Malware payload (AgentTesla)", "value": "155384822f540c0f7128313e1b8cebd64da5827dd60fa3d125a60695b12f7a42", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167477, "uuid": "458b34bd-2cc8-41ed-a242-5229bc5d617c", "comment": "Malware payload (AgentTesla)", "value": "fe3d9e3e0826fd436f2c18dfdc2a4eda37a1353c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167477, "uuid": "1dd1d111-ebbd-4247-88a3-9e1ae871b3be", "comment": "Malware payload (AgentTesla)", "value": "dd3f2d9a9ce685a0255a5118461ac30a9235dc88559dacde668fd31c0edb998c4e7816d713750a7bd38cb582870eeddf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167477, "uuid": "c3e2b837-21d1-474f-9efa-c2501e21c8f2", "value": "T1AFD429F93631A1BDC42BEC3ACBE41C98DF41386B4B9A661140A7097D982D497DF1C4EE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167477, "uuid": "34c33cf3-d871-4d09-aed6-230f7195482d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167477, "uuid": "7e0ee081-1c92-4e4e-8fa8-b2c6af2fca05", "value": "12288:3wYUyfsSLgNJvmdBQXcBdKf18hW/ADsGpjjApiNrkk:A/QcTvcjAgNrkk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643167477, "uuid": "456e205e-59bb-4ca3-b07b-deebc990cfb5", "value": 617472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643167477, "uuid": "8bde4463-fa49-43e0-9113-4bedb8f39053", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167477, "uuid": "9941b55c-7055-493c-ad95-90d1e6d09d93", "value": "Bank Slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18b17ded-7e98-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643195225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195225, "uuid": "195b4dcb-f33a-428b-b323-39f27f1a018f", "comment": "Malware payload (Heodo)", "value": "ed0689d2104474db330ceebad75892ed", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195225, "uuid": "561ff411-51b3-467d-8865-8b59ac285783", "comment": "Malware payload (Heodo)", "value": "15d22fbff8df1be5e375f8fabb0ff6a2f9e809ddee8d892957adc06e65fe9d67", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195225, "uuid": "53ed15cd-f900-4dea-a773-e86004ce7983", "comment": "Malware payload (Heodo)", "value": "4ea2dab903b64b8ae231dcaa855d1b11fcc432b4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195225, "uuid": "16021cb7-23ef-47c4-946e-608b5e6d4733", "comment": "Malware payload (Heodo)", "value": "960d435197575769d7b42b752bfecac96dbb908673e1c9adf5dba23c276dc34f22c4b07bbecfc7d888447c3dbdfedc03", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195225, "uuid": "9e305a8b-17a2-4145-ac19-8c5b579831c8", "value": "T18505F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195225, "uuid": "94944e4f-b74b-4788-8736-8af731f31df1", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195225, "uuid": "8c8498f3-e8c1-4cbb-9600-21139cc127a1", "value": "12288:aA9e3OrvpgqjtQFecB6dddifiHxoB3rNd9CDr:blrvpgqj2FeCQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195225, "uuid": "d432a5df-fea2-44cf-b4f6-1015f3897993", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195225, "uuid": "c244069d-8ad4-43c3-8ab2-a67450beb303", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195225, "uuid": "a6abf374-fc0f-4270-8fcd-280cfab2458a", "value": "ed0689d2104474db330ceebad75892ed", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5a126b9-7e8e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643191247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191247, "uuid": "45508b25-2923-4fc7-8dc0-d207dfef73b8", "comment": "Malware payload", "value": "ec2cf26a8118fce3df4e2f2da4abcbb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191247, "uuid": "cb6b28b8-2c19-4996-9066-453b9f8f345f", "comment": "Malware payload", "value": "15fe769f9fd063077318401e3ca85c5fe07caf310e4af08e6ed0953c74098a03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191247, "uuid": "eafbb633-81a3-490e-b611-0a4b10c56dfd", "comment": "Malware payload", "value": "b7d21de4e5975208f8c85d689f3586f378500b89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191247, "uuid": "8ae9624c-c1d0-4004-8d54-408edddc9f51", "comment": "Malware payload", "value": "b206d10f3ea0bd392e6dadc5e2f210ef644c965b653b027aaa40c7cf370f9192b9f6da3a81332261b9d2c7933251ed69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191247, "uuid": "2fb6acc9-90e7-4703-9222-939f028cd150", "value": "T16A166E12B344713EC0AB1E3A9977EA989D3F7B712A16CC1757F40D4C8F35A406A3A61B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191247, "uuid": "1761b4fa-3d67-4e44-a1d8-c6d686882472", "value": "44efdabd27e88d61a61648c6df699b56", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191247, "uuid": "2d7fec02-68a6-45f0-ab41-5ef8c59dde5f", "value": "49152:8ixyJ5ogBXSjhx4QSjl9502MkxX0HCf1OFU1rhwFrTjTAdhiqfhifAE:zxyJ6zhoHxX1f9xhQXwXEf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191247, "uuid": "af6ccd80-435b-4148-83c8-083090e4ce2c", "value": 4356576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191247, "uuid": "5ee9be67-a914-450a-8909-b36d27f4c7d9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191247, "uuid": "1b4ba0e7-4f49-4fcc-8b71-b5443f46d321", "value": "Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50e5e534-7ec7-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643215506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215506, "uuid": "143eb5ec-0418-4b23-a01a-7812a8d22ca7", "comment": "Malware payload (SilentBuilder)", "value": "98cb562df45c2f5167417b7a8bf4b732", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215506, "uuid": "ebbaa31f-4516-450f-929b-755106cda89b", "comment": "Malware payload (SilentBuilder)", "value": "166c5ac2957eb026eff8bc7f7adb58c5fd163127c7b17549b950140a48d769d7", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215506, "uuid": "21a8e0a3-669d-44e3-8e75-1d1c9d27e28e", "comment": "Malware payload (SilentBuilder)", "value": "fd22fcf26c3978cd862ffdb80ebb15ea54cb220e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215506, "uuid": "7620c2fc-000c-4a4f-aad6-eef2fe76f3f9", "comment": "Malware payload (SilentBuilder)", "value": "6eaaa44e74ecd7277b0a9614c113233bce7ba8d2e0276f9038aba35fb2ef8abd65bf4fe309d73dbe5490cb5e60744207", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215506, "uuid": "831057d9-289b-4ed0-88b9-63d9ac58bd09", "value": "T1F3231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215506, "uuid": "35dc181d-231d-40b7-b941-bab5a6718e16", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215506, "uuid": "f3b1772c-6c62-44b9-96c9-88b9c6f54335", "value": 45658, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215506, "uuid": "2925031e-90c1-49f1-afc1-d5332263df03", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215506, "uuid": "c544e00b-4228-475d-b590-148c08220199", "value": "tmplxs8z2de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6df4c156-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (QuasarRAT)", "timestamp": 1643206106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206106, "uuid": "bb914bb5-1045-41e5-b583-05040cc4f9e6", "comment": "Malware payload (QuasarRAT)", "value": "9d2126bc8b33bc2fac4e5d1bded0cd45", "object_relation": "md5", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206106, "uuid": "74174e79-b545-45ec-88ee-3df1e951499c", "comment": "Malware payload (QuasarRAT)", "value": "16a64ebfe7b7969a53a002f9ee6793bacb53d3d46562f428a6176c21bdb65dcf", "object_relation": "sha256", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206106, "uuid": "06a4a8e0-588a-4ec9-8f52-e9cddbfa5a81", "comment": "Malware payload (QuasarRAT)", "value": "bb36f2204e7fd7257d528e5b2ce66478db65c271", "object_relation": "sha1", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206106, "uuid": "0e4674b5-fe5a-414f-ab88-e5af0865c702", "comment": "Malware payload (QuasarRAT)", "value": "3d219a53281004f9a90d9cc252b0dc051317d55b88cdb4149f928d6376613820483b59d7f428761d2af531288dafaba7", "object_relation": "sha3-384", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206106, "uuid": "f77d4552-3cc7-4c77-bb56-e16767a1b921", "value": "T120E3AF913A80D556C56843700CD6C3EEAB37BC556F7B4B0F3598F32E2EB76A0990361A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206106, "uuid": "5a936d01-6a37-4bf6-8d26-72b9ac560a3c", "value": "3072:RrxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAZJhWo1BU3tQ/vdyb781h3vsv9l2pkXo:txEtjPOtioVjDGUU1qfDlavx+W2QnADI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206106, "uuid": "484df0a9-955e-44b9-b33c-efb3010eb9fb", "value": 146432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206106, "uuid": "691ccb06-07a3-4932-846f-8c02112308aa", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206106, "uuid": "dda3f235-f6c2-410e-9a41-ff18a3b7c266", "value": "DHLAWB5032675627.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "239785b4-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193525, "uuid": "a47a337b-1d1a-4a45-bb9b-ebe7db3209a9", "comment": "Malware payload (Mirai)", "value": "2982c511eb4870210a0ed1c1a21681ff", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193525, "uuid": "04b70644-b312-4435-aecb-23a0e9776f74", "comment": "Malware payload (Mirai)", "value": "16b12a664b6428971a4ab6f9f841a29a5084109ca22ebea940fd2746cc416fab", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193525, "uuid": "ce5dc09d-8c79-4200-a883-e42abd95ccf0", "comment": "Malware payload (Mirai)", "value": "adbe9593081201dabdf0380c5f7c9e0107e26471", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193525, "uuid": "62b56a21-b128-4e16-a934-50ed620b5785", "comment": "Malware payload (Mirai)", "value": "652c50ef46dc3a1037ac916beec4bd165811c411834a2c11cb85a30e833700e949fb2eb55a1a3952ed275c0644cfa595", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193525, "uuid": "44ac67dd-614b-4d3f-be07-762b0ee01617", "value": "T122B33A0798615F77C045ADB529AB5530072BBA120F4F1F9AB57CAAF4074F8CEB40EBA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193525, "uuid": "3e8a6d91-98f3-4aa4-9441-061a3ecd8018", "value": "3072:moNToIWzKoFIon14S5hLwDecr68LkY0Px9gQNfR:TNUz2Ej4S5hLwDecrfLkY0Px9gQNfR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193525, "uuid": "98c7171b-38ed-4bcb-aaa8-d4bcff0eb1f5", "value": 108419, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193525, "uuid": "1da43ad6-581a-4b41-b1d6-d09162eabf64", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193525, "uuid": "f5bcf28b-35e0-4b3b-98c7-c866a3a79483", "value": "assailant.sh4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41e04f2c-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "ed9d9fbb-dad8-4cfb-8149-123aebf71ff0", "comment": "Malware payload", "value": "da5e69141fcd15467c9251b474b1f1b0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "b7c668b1-e35e-41b6-af6b-129702a78ae5", "comment": "Malware payload", "value": "179f1049cbb6f451078bd5660f8cfe5260dffcd90b75281b8c6889e9881c8718", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "d796aa02-220e-43ff-9aef-13139001f06c", "comment": "Malware payload", "value": "bf9327bb46cbf890c7b2ec97743856ac706b1f6d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "74000386-b5c2-4d3a-b0f1-29a46e097fdf", "comment": "Malware payload", "value": "37146f9d17624dabc21da3b13303150872b7906acc3c5f3b6b9a00f2cde53874b2fff1b22706c19300df33c495935e99", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "07767dd2-d9f0-4a7a-a4db-fdd9916c60f5", "value": "T1DAB46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "9d5c0752-c6cf-458b-a1e8-d187fa81a4d6", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "f9df3b0e-3241-44c0-9ad5-ceb333f55a96", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdPUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQucGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232231, "uuid": "a460b48b-05f1-47f5-bcf4-d048d0a3392c", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232231, "uuid": "37adebd4-d255-4239-bd94-ae4f17d94d43", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "b79b1e29-b84e-46a4-82c6-529a79051de4", "value": "emotet_exe_e5_179f1049cbb6f451078bd5660f8cfe5260dffcd90b75281b8c6889e9881c8718_2022-01-26__212337.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8413afc7-7eca-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216880, "uuid": "d7877ab8-9db4-4c7f-aa90-c5a5317ae74a", "comment": "Malware payload (Heodo)", "value": "d461441800e6fa041b208d2646aac8c2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216880, "uuid": "d22f355c-a0e6-4e05-a37e-100cce6cc255", "comment": "Malware payload (Heodo)", "value": "17e0da332fe70876342280f3521004dc1d576f463987e612e0f6e837bb6a8ff3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216880, "uuid": "db38ffe3-5651-4124-9906-41b3eeee35cd", "comment": "Malware payload (Heodo)", "value": "ee386696abf4de0714e878883f5d985f2eb67e43", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216880, "uuid": "7b695520-96dd-4547-a108-88bf18a0c132", "comment": "Malware payload (Heodo)", "value": "8866775b9962eed22a7a5d91e609bbfff8d122f45dd65d8d74b124ddb9a2aede359aa95eaf390c57013924d345f0c2bb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216880, "uuid": "0b695ed8-9e8c-4bcf-9419-4c367133e8ef", "value": "T1BC05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216880, "uuid": "d7d75c7d-35c6-415c-aca7-6b88252b4995", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216880, "uuid": "f28c2d1f-a974-48e0-85fb-883ddd681d3b", "value": "12288:aA9e3OrvpgqjtQFecJ6dddifiHxoB3rNd9CDr:blrvpgqj2FeuQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216880, "uuid": "1f95970e-3d71-470c-a6f0-f36ade6f2107", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216880, "uuid": "fa11677d-f60b-4b92-82c4-ca1348c7ee50", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216880, "uuid": "9898b2dc-e176-4f1a-9ccd-67f0aca9eeb3", "value": "d461441800e6fa041b208d2646aac8c2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59297d6b-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208218, "uuid": "59d3933c-620c-4537-a542-68548df468be", "comment": "Malware payload (Heodo)", "value": "fc4dee9376911ed02a5d3793d82c3c3c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208218, "uuid": "752d08f5-5cf9-413d-821b-bbb1c894a91e", "comment": "Malware payload (Heodo)", "value": "181011ca64db7fceae1fc9dc9e012235acf96fc5af5400a432597d1948b88d49", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208218, "uuid": "2309c6f0-d66d-4471-aaa9-4d39c7b17bf3", "comment": "Malware payload (Heodo)", "value": "49d4f38d6e356346bfce015cd7dc871f0757f7d3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208218, "uuid": "c74758cb-4939-417a-8934-1a8bc8f586e0", "comment": "Malware payload (Heodo)", "value": "593273960b754f389853a90f109729e9bff9ad64d4822024465277f9aff58e2573d2421d45d172d00de32b022e571407", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208218, "uuid": "78e9c110-e03a-43a0-bb07-35a004070bb0", "value": "T17CD36B66B5C5E9CAC70523350A9A8BEE33676C478E7603C73259F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208218, "uuid": "7f4f5ef2-7414-4e97-b0b2-d446f73df439", "value": "3072:PcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0U:PcKoSsxzNDZLDZjlbR868O8KlVH3jehP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208218, "uuid": "f414cdf2-181b-41c4-a900-f421f25e890a", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208218, "uuid": "e680b386-5ce6-43ba-8a5f-2f116cdfb3a1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208218, "uuid": "9a48b680-1e34-476f-bce5-bdab366eb3f9", "value": "check copy.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dbdf1cf-7eaf-11ec-9275-42010a9c0029", "comment": "Malware payload (Hydra)", "timestamp": 1643205112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205112, "uuid": "87ce16b1-75ba-4092-96c9-98f775695f50", "comment": "Malware payload (Hydra)", "value": "552a6c1803259e63e0f92a2aee1ea908", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205112, "uuid": "8e4521fb-5280-48e6-b3e0-e7c7c2d3aee2", "comment": "Malware payload (Hydra)", "value": "184ea57eb7c01ce4de824c21a8627065ad7001dd09c849663e3ff5bbd4e554fe", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205112, "uuid": "b35792e6-4ef8-42f0-ab63-f4532e342c98", "comment": "Malware payload (Hydra)", "value": "ab06fff42099e35c1ee128cda7d36db7105f6d56", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205112, "uuid": "2c930039-cd85-4c3b-8e64-1e77f1f3e20e", "comment": "Malware payload (Hydra)", "value": "e1af1cd4fad7289475856cd85de78edb27eec947e93d4ff5ed68997576b0b834737fa5bfeafc9c029b8f37130f80a69f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205112, "uuid": "bf56a177-3713-40a0-9312-0abc25268c90", "value": "T10A76338F88446451CD9F6F3384C3C090A0605D8E91960A4FD4E53626DBBBBEC67BBB97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205112, "uuid": "ca7fe8c5-66e4-4e7c-be0c-df28e709f359", "value": "196608:O5X1Xgh4MipY3lchSCDzrV1pfdTUGQPrMh/yNu:O51fMiklchSo5QG/2u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205112, "uuid": "16bc78fe-225e-457f-a7fa-d49edb69ace4", "value": 7249640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205112, "uuid": "35be73a6-9e6e-437a-ac2e-b3ac191e1390", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205112, "uuid": "5491e5ff-ea9a-4666-a158-bb453d42037d", "value": "psk.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4633556a-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643211193, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211193, "uuid": "7116dd05-e7a3-4dc1-92dd-4c2e9238725d", "comment": "Malware payload", "value": "ea36e3acd780acaa3b0dfbafa647ca9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211193, "uuid": "4a61c7f7-838a-45db-8771-ab08453b8bd7", "comment": "Malware payload", "value": "18b301a38db4cad19930fa8d9c5332977962549de44948e51fbb422ec2334f3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211193, "uuid": "97204730-104b-49b4-9014-cdebaf0e10c6", "comment": "Malware payload", "value": "ac0acb7a90431c43da9de348641606c44c104db3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211193, "uuid": "07102f5a-b640-4482-9939-39bd934b9723", "comment": "Malware payload", "value": "6971286531c2ad285268c7d65e0550a4edf8944b085b716a0103e6c56ed778038b9a235dd1a54d7a4294e07a6ecbc9ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211193, "uuid": "d2365ed8-4be3-4c05-93d3-0daf6a212436", "value": "T10E95E18423D92B54D1EE1B33E9F47B218BB4F939E7AEDB0F10501969488679BEC04763", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211193, "uuid": "cc6eff23-1a37-4c94-8786-1f8012ce5a8b", "value": "49152:FjTXzzhRueYZcahwNR7p/ZZL5+7NLWjxL:JzueYZcaa/7ZV+7lGL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211193, "uuid": "8d98c7ad-6b6e-49c3-83d0-4d51d6b810d2", "value": 2004023, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211193, "uuid": "31b11218-372f-434b-ba18-aa33ebd4778a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211193, "uuid": "096866d0-162a-4dfe-ad71-7b00a567e104", "value": "ea36e3acd780acaa3b0dfbafa647ca9a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fa7c1fc-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643211155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211155, "uuid": "a6914275-62fc-4c17-a813-694e249ce5f2", "comment": "Malware payload", "value": "f29de2023c0c4afc697acbf2ad086c7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211155, "uuid": "49e16098-bae9-4b05-bf51-3c611ba1a3df", "comment": "Malware payload", "value": "18cf205a8315504cdb766b93e6f4d34ea286af5d41b0663d64e54b26b4171d3a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211155, "uuid": "6c1842cf-cb51-4d1e-b134-12779013d80d", "comment": "Malware payload", "value": "b1bf3f76748a187c9d15eae11d1d6bb53aa310ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211155, "uuid": "45136ef1-13e9-426e-bb7a-27bb6bf2367f", "comment": "Malware payload", "value": "dd35bee1aecfe0304abafbd12ca4ce9ebdb003e9e7de6be89e826298bbaea0b68d98b15d05c9cf7a6181ac6fff9d0292", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211155, "uuid": "cd4d6436-d59a-4ee0-adc3-47b1f1445457", "value": "T109663331E596CCF1D9A511392664F626A9AFAF302E20C74E134CB06855F3781CBE8F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211155, "uuid": "b1133063-148e-448e-8c78-095ab00c5d5e", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211155, "uuid": "0a95a054-8dfe-4975-9113-85dcfc20fc8c", "value": "98304:2lCZZk/Ydm8IEun9OFWZb2rgD7gDTtzOaqrAqGGrSc7Fo6NZRAJF6vinS8nmx8ZS:SCgqAb2MvgDnqrA327fRAJlnSEmukH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211155, "uuid": "9039df2c-20b2-4b89-b709-cfeda50f1fb6", "value": 6840430, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211155, "uuid": "332b18ac-cd73-4a0a-adc1-ee95841601d6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211155, "uuid": "97d6c408-c03d-450e-80b1-ccf1f0e31c24", "value": "f29de2023c0c4afc697acbf2ad086c7d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be62f07e-7ed6-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643222132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222132, "uuid": "985c678a-b3d3-48be-92f2-2739cb374a5e", "comment": "Malware payload", "value": "2c672ede697c4002913316f2e5c35541", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222132, "uuid": "7efc1062-4d68-413d-8c90-8cbfeba48dd4", "comment": "Malware payload", "value": "18f985ce5e445ac7af5e7b95643f33d6cf2c4d5d195a5063b4f1137ad1f63b7c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222132, "uuid": "c6e2167b-d318-44f0-963c-5b615b251957", "comment": "Malware payload", "value": "dfdf52cd3e722d3e0f1bcf66e57221ddd865cfa9", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222132, "uuid": "bcad8099-f4c8-4869-bb85-bbb400ec5780", "comment": "Malware payload", "value": "0e739f6c077d751806f43d7942f001774abc444618eb1688ce314946bc157840526d7f58b3e05ef3e2471c3b793e0464", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222132, "uuid": "121d51bb-066b-47b3-a5d2-bb2a7e956e49", "value": "T176131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222132, "uuid": "113c2c68-2d19-44c6-b7f6-1973fc090165", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222132, "uuid": "32848515-deea-4da0-95c7-69824010fdd8", "value": 45359, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222132, "uuid": "a55234dc-95e4-4b65-9700-524d9890b85c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222132, "uuid": "a49a7c34-5667-4d4c-8aed-dd2c2d05fa78", "value": "tmppy69w6z9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f8a4937-7ea2-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643199639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199639, "uuid": "d4882698-a576-4ebc-b661-1fd8055c0401", "comment": "Malware payload (RedLineStealer)", "value": "2cca70300e75df503f6676803b470383", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199639, "uuid": "1157a68b-7904-4280-b488-6f225c00db44", "comment": "Malware payload (RedLineStealer)", "value": "191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199639, "uuid": "53216f51-2d49-4c2c-b0e6-4011e7647e26", "comment": "Malware payload (RedLineStealer)", "value": "7de77087c0dd09612acb8aa97025c9aa495e64f3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199639, "uuid": "541a1ed7-af6a-4152-83f5-7301a6ccd87d", "comment": "Malware payload (RedLineStealer)", "value": "39eaf65b79fa3027e51835abff4fb2de384720ed30d59a96b79820c3b6563b62e3a13d38cf887c2417f24712d3bdeb4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199639, "uuid": "36ef3daa-f046-4958-aacc-c1b604617e47", "value": "T162A4BF10BBA0C435F6B722F8467A976CA53E7AE11B2450CB63D52AEE57346E0DC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199639, "uuid": "c61031dd-0617-4795-953a-8a35d656af53", "value": "4bcde812b040ca4f517d950272a8fa16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199639, "uuid": "e2d00139-bc5f-472b-a3ae-b395fec243fd", "value": "12288:L4VE/2dIkD99jf4sCsf4SOpFwzIOiZo+DPcH:MuUB9jfdPANpFwUOQ/Dq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199639, "uuid": "cf5edea1-efc3-4a99-8451-0adb960fd051", "value": 454656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199639, "uuid": "ac3f7c2f-35fc-4705-8657-37149fce727d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199639, "uuid": "537ce5c3-c95b-432a-ae3a-c275641e3460", "value": "2cca70300e75df503f6676803b470383.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "243e1b86-7edb-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224021, "uuid": "22154e71-c709-4a34-a0fe-6953fe838431", "comment": "Malware payload", "value": "d8b1b7e55a9cf911dff5688c7479fea3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224021, "uuid": "d19f7672-491c-4be5-9182-bb49f2cddc2d", "comment": "Malware payload", "value": "191fdb9deba850987212e3ac80c7b157a09ef150ce7f15d0f22563d18fed6009", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224021, "uuid": "c0f0040d-51b5-42a4-8970-8583abca1c84", "comment": "Malware payload", "value": "486cc2986219a68e31e8346de7db77b5da20e145", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224021, "uuid": "988db943-dd6b-41c8-9609-4636a50b24cf", "comment": "Malware payload", "value": "1569d22db19a13e9a46c882540f30c6c4195f5bff7b8d827d782c6af92a0628e0dfd89156610e09de97c6f766041361e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224021, "uuid": "b7c60a2f-5b81-4da4-bd85-7c44c60c4cfa", "value": "T145E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224021, "uuid": "d836f172-9ffb-4d56-9a95-a94399ddbde2", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224021, "uuid": "428ad7d7-15f8-4233-a62f-5e7edb58efef", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIuG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGHOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224021, "uuid": "23ac861c-7701-4398-a2ab-530dd6afc1d5", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224021, "uuid": "8ddd98c8-24ec-4f34-b0c2-481df8eae6aa", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224021, "uuid": "65ab54d8-64c1-4647-9ddb-36e7cb38904f", "value": "3e8nPPXloVT.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf2dbc34-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643198081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198081, "uuid": "0b251e4a-6dc6-498c-a9e4-fd1e89d449a4", "comment": "Malware payload (Gafgyt)", "value": "c13cdb97b611b29455c98b47dcbd74d0", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198081, "uuid": "caa8602b-8e49-43fc-b9bb-264ec3f5a8bd", "comment": "Malware payload (Gafgyt)", "value": "195a225b8e579b7b8bf3e240683bee83842eb17dedf4ce72f642d8b7ed5d54b1", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198081, "uuid": "4410f762-5770-4e4c-8111-199187607fc6", "comment": "Malware payload (Gafgyt)", "value": "a843804292438deeea1184e2acc35c70c7c03a00", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198081, "uuid": "d5e08ec6-1f32-4bb7-b129-807f040a81b9", "comment": "Malware payload (Gafgyt)", "value": "e36e9ede6cd86e04fb01142cd0c5143b6811919f4e54a8de979848e4db41c2cb338ed59e576c2e5319b376583f192ac4", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198081, "uuid": "c927b9b9-3ab6-4d23-abe6-def665b98ade", "value": "T181B36C176692C5FAC08342B92BDBA1618823F67D0B36331773D5BDA43F158CA6E6E740", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198081, "uuid": "e4c25a75-fa3a-45b1-96cf-e20a85054f54", "value": "3072:Ft2nlia9qRBFZm4z1EYfcbJIphawfWJv03CKPCNVOXinYuM8R:gsVm4z6YgKphasCcFPCNVOXinYuM8R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643198081, "uuid": "8c42b127-4843-42af-8ec8-9afd8374c4a3", "value": 112336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643198081, "uuid": "b95be331-14dd-47c4-9201-96ec5b5abca8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198081, "uuid": "febf5cd7-be4f-411d-9b33-33978871a3b6", "value": "assailant.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74d2b5e3-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155436, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155436, "uuid": "02972167-8807-4213-a4d1-f0e5009ef19f", "comment": "Malware payload (Heodo)", "value": "65ffedba883e76f24e20b413e5761386", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155436, "uuid": "36d7b85a-4bae-4f38-9d62-7b26c1ce5624", "comment": "Malware payload (Heodo)", "value": "19692a3c97bb888eb65a3a72178d1fa633b04a6d11a7ec6ed53ccd9dc0344e04", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155436, "uuid": "8e4009aa-86d2-4461-affb-f06bed6810f4", "comment": "Malware payload (Heodo)", "value": "9cfed3937763e68980c01d365d5f659332945805", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155436, "uuid": "81a4b861-4283-47b5-b53c-915c513f9959", "comment": "Malware payload (Heodo)", "value": "b4fddaf7da21e237d30e2c7c9ed2b9074f7fad02ba27178d2eb6977bf41a4ea910a5d0e35aebbd9db7ef21c9635b134e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155436, "uuid": "1ce3385f-422b-400f-9d50-b3f321d0919f", "value": "T159E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155436, "uuid": "fc53c421-0e66-4d68-985c-1fc766882b89", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155436, "uuid": "b78bb3dd-0d5a-4ad0-b2ac-be1f3d9d95ec", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lqNACHKm2tkJV8u:o87vGJzomxhwqbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155436, "uuid": "f9f8a049-555d-4281-99b6-5a8329ccafd9", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155436, "uuid": "8e4d1ca6-94fa-4d40-9f74-290f26ecac97", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155436, "uuid": "c4713d0b-4fa9-4b3d-be10-03c4cc5f5389", "value": "emotet_exe_e4_19692a3c97bb888eb65a3a72178d1fa633b04a6d11a7ec6ed53ccd9dc0344e04_2022-01-26__000333.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87cb22a6-7e8f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643191546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191546, "uuid": "48f3c3ec-83a5-45b6-b106-f152327da80c", "comment": "Malware payload (RedLineStealer)", "value": "5f9dd5e1d6c9b2ed5d9b820960a33ef7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191546, "uuid": "51634454-3fbf-43e6-ab98-016b2aad99d0", "comment": "Malware payload (RedLineStealer)", "value": "19d4a09d26dc6107fdc647ae31678064c8438cbe307c59ad5d18bb4968a52bf1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191546, "uuid": "d04c255f-66d3-42d1-9c25-797cd0fa530f", "comment": "Malware payload (RedLineStealer)", "value": "ab637511deefe5e11c352f8a808057d15c96a105", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191546, "uuid": "63c582c0-4213-4382-99c7-e48bd255d318", "comment": "Malware payload (RedLineStealer)", "value": "3c4b6e77e23c755080dfc57b3c3a2bd7153aae130a7e68a552c449628161225dc8c92eb7396c0d0bcb7a45f862e6cad1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191546, "uuid": "c93eacd6-0952-498e-937a-dc06ed322ba4", "value": "T1B5A4AE00ABA1C434F6B716F449B993BC653E7AB16B2450CB53D52BEE5A396E0DC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191546, "uuid": "69a42f6c-f091-4e39-b5d4-bb0bd4733e9e", "value": "04a163d3ee35887696fe3625c3dbe935", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191546, "uuid": "c45d2f98-e873-4714-b903-efc675b76135", "value": "12288:S5i8DhubsnVD0V4zPv0pTzPGkXEb97Axs0I:wtuy50KzH0hz+gIw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191546, "uuid": "98c22ee5-21a1-48af-9bf3-684b6e94ecac", "value": 454144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191546, "uuid": "38b7aeec-f53c-45ff-8c80-e0477d7ef535", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191546, "uuid": "f110b4d6-bb7e-427e-b27c-d583bbce4d51", "value": "5f9dd5e1d6c9b2ed5d9b820960a33ef7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9391d20-7e67-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1643174449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643174449, "uuid": "920bc38f-df2b-4e21-aea4-7a365aa2244e", "comment": "Malware payload (NanoCore)", "value": "4bab1b0e7bbb12d6280a75eb3475b45b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643174449, "uuid": "24d13155-0c0a-43db-9447-d4113dda54fd", "comment": "Malware payload (NanoCore)", "value": "1a4032263b7f92e02d65cac6f7e483c1897dafb8b9c47937758fec3da22f154c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643174449, "uuid": "061fa444-d494-4df0-b1ab-7ea9ff9d336f", "comment": "Malware payload (NanoCore)", "value": "2c6da100c498a0862cafc338b7570ad3714c716e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643174449, "uuid": "0100cfa1-5e97-442a-bca7-3c3a560cb67a", "comment": "Malware payload (NanoCore)", "value": "3c710f52e9c99e318b6084b56585f8c48d16255c66611ec9f405d283e7ce722ff4963147ca098fa7e16eb07340516571", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643174449, "uuid": "ea16ecb0-dfee-4e09-b9af-506124a55531", "value": "T1D605DF1632E0C234D28D283598A07915BF73F16F78C2F964EEA2CA457FB97C4A614973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643174449, "uuid": "0a9c1e64-ddb6-4258-a794-8acf45d089d5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643174449, "uuid": "c493e971-fbc7-4152-bbf0-98e0b30fabce", "value": "24576:2P/qWxHh73mHLVtSsb+MCMaw2JgKhxFMIpydM3:2V4b+M5r2Jd5p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643174449, "uuid": "7d79cd60-961a-460e-87ae-6efbdcb068df", "value": 825344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643174449, "uuid": "7ff3d93d-ec28-4e9a-b548-8b9db1028776", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643174449, "uuid": "d75922f0-9818-413f-8c6b-7eb680589c40", "value": "Revised invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09751b29-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177161, "uuid": "465cc4e6-2724-4bb8-bc07-725032559478", "comment": "Malware payload (Heodo)", "value": "fcaffcdb1043612681084fb00b8ae29b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177161, "uuid": "31ae2696-761b-497e-a726-eb4dc57a44bf", "comment": "Malware payload (Heodo)", "value": "1a6d9fd174dd33bb4b4b9ce1a45b2e9ea8ba27374e06d4044dbe3ae2e2c7283b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177161, "uuid": "cf85693e-557a-49a0-b897-12f56f9949e2", "comment": "Malware payload (Heodo)", "value": "e5e2388ad3ad882de6c2dce7346a213b35789ec3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177161, "uuid": "da383f8e-2fe9-4a37-965e-84aefcdc2e62", "comment": "Malware payload (Heodo)", "value": "75cc5af341fd0064054953711268ddbbad7eb865388b679a123f9a6a2eaa831e2ad2624244f52c16d800cfff86ac9b05", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177161, "uuid": "b84618a5-45a4-45b6-b770-01558d69a3f8", "value": "T132D49C2233DCC8B9E0AE1D3D290297D523E8AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177161, "uuid": "d1d37f21-5d2d-412c-85e9-2f4b689e3c93", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177161, "uuid": "aa4e715b-305a-48f2-afa5-e3a53f34143a", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmvOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mmv/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177161, "uuid": "fdfb9b3f-feff-4779-93e0-5508f99d34fa", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177161, "uuid": "4036dc09-d62c-4a39-9e93-d857dfca9d8e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177161, "uuid": "867fe50a-1699-40b4-bcd5-89a17407e340", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:49_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90c2ff70-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220767, "uuid": "3e1af630-144a-4c77-b8bb-f6449192f9d7", "comment": "Malware payload (Heodo)", "value": "095e2449057e9acbc7f7650f39921ae0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220767, "uuid": "3f3d4c4f-bcc6-4151-898c-f820a3839956", "comment": "Malware payload (Heodo)", "value": "1aa9d2659dca414deffa5dedd23994aaac96e47e748328aa3dd20fb3916ed7c6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220767, "uuid": "afa12c9e-a7a0-45d9-ac52-82cd45e42584", "comment": "Malware payload (Heodo)", "value": "09dc29b5e27a82a1af205bccde2af465d9a796cb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220767, "uuid": "f05608fa-5e2c-473a-b0cd-3c64aeae71fa", "comment": "Malware payload (Heodo)", "value": "dedfc0afeec1e8a3d9a070938d607593b16f905a21d56a5e86b1075734eb50bc347ed306aa0c8e1dda35ba66edb66653", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220767, "uuid": "1afa6083-e5b2-4be3-951f-5077bf51334f", "value": "T1F805F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220767, "uuid": "d6eb7cf9-a986-4b29-a579-3643dc9269b6", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220767, "uuid": "c506e42d-fced-4b2e-a4f8-3e744b40a3d0", "value": "12288:aA9e3OrvpgqjtQFec26dddifiHxoB3rNd9CDr:blrvpgqj2Fe/Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220767, "uuid": "1fbc74f9-9f62-4c67-af62-e2993429e739", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220767, "uuid": "70f4fe86-12a4-4c85-b9e0-d8c718985614", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220767, "uuid": "710ea722-888f-4c2e-b81e-503cf3698986", "value": "095e2449057e9acbc7f7650f39921ae0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f10adfd5-7e57-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1643167671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167671, "uuid": "fa8fb1dc-1de1-490e-934d-d236dfc6a653", "comment": "Malware payload (Quakbot)", "value": "6af5f9812b14cec19c4c5261d1218e1f", "object_relation": "md5", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167671, "uuid": "989135c4-ff94-4c3a-b4da-1b9d238c1667", "comment": "Malware payload (Quakbot)", "value": "1acbe4e81cda51f404d8454574259072603d7ee4c10c4e7fe84dc58f109ba0c8", "object_relation": "sha256", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167671, "uuid": "792c3c3a-951f-401b-a6c7-ee9f96608b5c", "comment": "Malware payload (Quakbot)", "value": "e04c87ffbfbbecca7d1650c1aff77c3749bd9e9d", "object_relation": "sha1", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167671, "uuid": "454ce575-8ba9-4dd2-8243-8fecdcb86b15", "comment": "Malware payload (Quakbot)", "value": "4b35bda700743f2886ae99498063a45a0c60d9e9ba6287d5492ad24ebf91bd9bdbb3fef157320e29422df9462eb234ce", "object_relation": "sha3-384", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167671, "uuid": "2f7ac1e5-9eb4-4ef7-b713-affa4fdad577", "value": "T16BD39E27D8299D43C168D77CFF030EEE2B092645A45179EB05B12E4F3F722A34E9E159", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167671, "uuid": "0d075bef-e893-4612-b66f-5975d4f147c9", "value": "3072:Oum2LEhWYjnsCbxKljNE5gKmFOi+uaE7O6Cf:W2ohtrsCbxKljDKmFOi/7Ox", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643167671, "uuid": "9190e353-8ba2-4cf9-beb3-3dd514e56218", "value": 132131, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643167671, "uuid": "34a51ced-a928-4b4d-92d1-ff62a17490d1", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167671, "uuid": "f5885d3f-79ce-4840-a582-123c927af0d1", "value": "uu.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4a5d5c8-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643207110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207110, "uuid": "01040459-4e79-48f0-8e98-8e4aba4ce5d7", "comment": "Malware payload (AgentTesla)", "value": "6ad999bab7716a717b8f7791ee0a5b6a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207110, "uuid": "69071165-260a-4036-9370-dabdba7b6d5e", "comment": "Malware payload (AgentTesla)", "value": "1b2a20896a6c444a54262ee586d8cf3b5da25c93d12527d6e7eb23053ee87974", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207110, "uuid": "21682289-7841-480b-92e8-2f8370091cd0", "comment": "Malware payload (AgentTesla)", "value": "d01e5578ca3ff06ad5743891dcdd81bc374070f1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207110, "uuid": "1e7ce5ea-763b-4358-b2ab-5c7dc1f4748c", "comment": "Malware payload (AgentTesla)", "value": "bb4a3f07af20e7cd478a6853a1bf72f88bccc763505493378b0d8c2c3ceafa77f7fc1eb4616d31348cc33031730f37cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207110, "uuid": "c83dcc3c-ceff-42c7-a3c3-fa42a34e2d7c", "value": "T15554224622C488FDF52206B17A335A32E376685523530E5FA72D0B7F3F36386BA19207", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207110, "uuid": "7291dc46-c745-4639-9e57-4868af70ec9f", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207110, "uuid": "89876abf-99e8-4233-a299-1901e8f0c2bd", "value": "6144:owsTAS9tAyIq/hckHWv6qyc8xfNaga/uNDF2KFufJ:QJAyIAh/U6qX87aru9F2KFuB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207110, "uuid": "cf0f63f0-e5f4-4139-8c2f-36667b53cb7f", "value": 279320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207110, "uuid": "d031ca5c-78db-4b57-adcb-d966cac9c422", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207110, "uuid": "79ae1e38-537a-438c-88cd-dccfafffe587", "value": "6ad999bab7716a717b8f7791ee0a5b6a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "240b8af2-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Mettle)", "timestamp": 1643188802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188802, "uuid": "214fb866-b8d7-44a7-8636-2a259c43317e", "comment": "Malware payload (Mettle)", "value": "933c35338f0b20b014666e2421bbd66e", "object_relation": "md5", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mettle", "colour": "#D545E5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188802, "uuid": "2caff529-b983-4a1f-bf62-cf0cf687ff0c", "comment": "Malware payload (Mettle)", "value": "1b2c451d012b5943ca619935a014a4b67c686e902a8ce1852bf90ae00480fc03", "object_relation": "sha256", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mettle", "colour": "#D545E5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188802, "uuid": "7e7fc962-33f6-4fe4-b08f-b45dfa9a601c", "comment": "Malware payload (Mettle)", "value": "c2a4b585acb92c12008b7fa648c3cc2c9a706af8", "object_relation": "sha1", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mettle", "colour": "#D545E5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188802, "uuid": "acc249d1-11c0-49d6-bb9c-7b8d609e1687", "comment": "Malware payload (Mettle)", "value": "7cbdfafe408a535c0ec8b57ce40b78ae7c40730556c60d91bf4bb7218c8136067f8f76f7aef9470ab0e809f051d458a4", "object_relation": "sha3-384", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mettle", "colour": "#D545E5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188802, "uuid": "5b5a0f49-3d26-4330-a90c-a44a115e3d15", "value": "T1B5256D09FA43D8B0E272A171058FE776952198354123E4B7EF5B7E7CB43A3219E0D36A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188802, "uuid": "4703ec13-6133-41f2-a358-568fdd08064c", "value": "24576:V+5E/OdiR07mfcLLHExbjylYmXuDIotoz/ZqrTzc7Wmr5v:+tjTubUcM+Tzc7V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188802, "uuid": "00086802-30d9-4155-87ef-89a893befa2a", "value": 985291, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188802, "uuid": "9b5891ec-d010-487a-892d-00e51dbfa51f", "value": "application/x-sharedlib", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188802, "uuid": "0e2ad064-5188-450d-84b2-afa51aaf613a", "value": "1b2c451d012b5943ca619935a014a4b67c686e902a8ce1852bf90ae00480fc03.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7a2ff97-7ec4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643214390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214390, "uuid": "96d86026-0d4e-4ef6-8e76-6e757500bba2", "comment": "Malware payload", "value": "40d6b018a817c4ea9c3c6592fe8cbe3e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214390, "uuid": "34bb918c-8353-4374-a122-5f587988ca93", "comment": "Malware payload", "value": "1b5b546ac8182e2bda1d9b5590c61d3f3f601908a8dbe339339218e9b0541a09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214390, "uuid": "0c71b605-574f-4102-8c4b-5c5bbf1f2773", "comment": "Malware payload", "value": "a0426f20071da442ec52dcce2171a7dfb84dbf2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214390, "uuid": "f3f2a52d-0fd2-420e-8abe-2aaf155672e1", "comment": "Malware payload", "value": "5cf8f264eb540aefa795584b8b306a79dfb4420fc1184c872cdcc9ad2b07b537bb47cd2395572aa87bd52256e67d996f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214390, "uuid": "e56c573c-a511-4bc9-afd4-b983845e2cbd", "value": "T1AF163302B1C684B3E6325C365DB57A1E583C7D206F32EF9BA3B4AF4DDA706809125793", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214390, "uuid": "d233bc3b-206c-4c94-84b7-2d8daaddc50d", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214390, "uuid": "3ffabca6-24f4-4abd-a7e8-be04c3256024", "value": "49152:ma7A+yVZvBM11QOx7x5t2hRbnLStwC8cXfO8umDZp/+mHUL2M1Ma36V9ZiMgmZs3:mVDOJx5IpLe2UMmDZp2mHrM1Ma3mmuWZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214390, "uuid": "cfd62584-6f91-43bb-9030-b6b7c18d46bc", "value": 4302212, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214390, "uuid": "4172fa99-516e-42ca-be03-5f6d5f05432f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214390, "uuid": "ded5116e-a72f-495d-8bf4-89dacf71ec33", "value": "stop-ransomware_win-exe_1b5b546ac8182e2bda1d9b5590c61d3f3f601908a8dbe339339218e9b0541a09", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d4d07b1-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225324, "uuid": "9bb20302-aafa-44d1-a936-530c3aa2ce0d", "comment": "Malware payload", "value": "40d8b70eaa267057f2c0c5dcb8c71182", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225324, "uuid": "dfee2f45-f411-4236-9664-848f31c7bfb1", "comment": "Malware payload", "value": "1bc08cf51d985ebe62a3dc90df2e19d5652408993cfeb65d45012ca4668af15d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225324, "uuid": "ff152313-1dec-4a5d-83c8-5ff1de10476b", "comment": "Malware payload", "value": "5bcbdbad5e7402cbf5c121984ceaa509a1271da2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225324, "uuid": "16c0b9e3-b8af-46da-8478-9f211454455b", "comment": "Malware payload", "value": "f3dff55521d0ad583932c7c37c4244ba81202cb15be83a72a8b55fc8dc5b79918bd7d883d18e2580f5db708ea0f314ed", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225324, "uuid": "e7ddf31a-31db-434f-8d6f-d0e3de2f424b", "value": "T11305F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225324, "uuid": "44929174-a128-41b1-9153-a44f00e665db", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225324, "uuid": "cd9a73dc-9cf7-4005-8c7f-bc82ae8feee4", "value": "12288:aA9e3OrvpgqjtQFecP6dddifiHxoB3rNd9CDr:blrvpgqj2FekQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225324, "uuid": "19dacdb7-e7d1-4df2-ab11-3a330ed02caf", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225324, "uuid": "980c7699-1b99-4f47-acf8-64a38c505044", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225324, "uuid": "f4db4188-c941-4168-a72a-55c5d1e4c281", "value": "40d8b70eaa267057f2c0c5dcb8c71182", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4bcffca-7ec4-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643214492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214492, "uuid": "c7bcf6da-4edb-4bcf-9b6d-e8d936f154d7", "comment": "Malware payload (SilentBuilder)", "value": "e48fd81d2f30dce7f4f44ed0629d4ccc", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214492, "uuid": "00c9e6e4-5f3b-4cd1-8ea8-d2dd103c4392", "comment": "Malware payload (SilentBuilder)", "value": "1c9f820f626281b7ae8f4f474a04f2455004247281810acbf91e07d994a0abdc", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214492, "uuid": "429dec1d-68af-4a4c-98a0-f047328821dd", "comment": "Malware payload (SilentBuilder)", "value": "b528ef12a7c55e53b46fa36c05e1ebecb7c2a4e2", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214492, "uuid": "1558c2c9-7bfa-4fd6-ab25-cb7891c88fa0", "comment": "Malware payload (SilentBuilder)", "value": "48599d8ed618681bcd7bd311314a83406404cbb084faf4f3c13dfaaf6f4377ce21b86ba98fd6e6a3b2e3586dd13d921e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214492, "uuid": "f20721ee-7ad1-46ee-8f57-48ebcac0a760", "value": "T176131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214492, "uuid": "3cf91a09-266c-4bde-a8ee-35dbce3b4048", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214492, "uuid": "ade15be4-17fb-4152-b652-5d27c5c639ca", "value": 45105, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214492, "uuid": "c07ae91f-dc40-4f54-8bb3-ad7ed4524c49", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214492, "uuid": "c2ba96f8-9197-45cf-8b80-223621a6661b", "value": "tmpsf4lzez8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6796f1ba-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206095, "uuid": "2e877dd0-4f5a-4c60-9e97-2abbcb0ac5eb", "comment": "Malware payload (Heodo)", "value": "44a80312c5bf3572ad1e78e232814b48", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206095, "uuid": "de73c801-4abc-48cd-8a22-bd7f79c3d216", "comment": "Malware payload (Heodo)", "value": "1d161a1214de60db6096aefc67e77c0b6ee2afcb999f6267b70f6e7805253d15", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206095, "uuid": "bbd2cbd0-676a-402b-b199-81e4d8207294", "comment": "Malware payload (Heodo)", "value": "906d6e712caa48b5576dabfcb363f07308637d24", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206095, "uuid": "27ed5aed-22e9-4ba4-9965-71f72007c56e", "comment": "Malware payload (Heodo)", "value": "48194826af7920e6fc8237c96c83eafb353936e437579973c68c4819b3756bf835f79de27859b409ef17bc99b948d4c6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206095, "uuid": "7c9bda42-5cb0-4d9a-a590-23b288bd5661", "value": "T1C9D36A66B5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206095, "uuid": "ccf10620-a18f-4c3b-9f7e-998f37b79a0b", "value": "3072:rcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0P:rcKoSsxzNDZLDZjlbR868O8KlVH3jehI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206095, "uuid": "003b5422-5da7-45ce-b4e3-1287b4f7c908", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206095, "uuid": "1c6c407d-88a3-452f-935d-7bf173caa12b", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206095, "uuid": "420b0d38-b260-4871-b198-9c80bf2f248e", "value": "INV 0000075602.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dff3c134-7eb7-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643208874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208874, "uuid": "6f33db2c-9f8d-4833-897c-efb62890a7e8", "comment": "Malware payload", "value": "9664bdc62a35fc89bb4eb777f6b652aa", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208874, "uuid": "93ab8dc4-d279-425e-9a33-2e80c0f40ff7", "comment": "Malware payload", "value": "1d976698dd96c2c21442f985770262fabbdd080e82e9c78b637242c9b20da8ce", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208874, "uuid": "693dab42-d2c6-4264-9ff8-38406709e5b5", "comment": "Malware payload", "value": "92eee201da1dd8102791d9b87837b66c5ec5fd54", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208874, "uuid": "0186d6aa-843d-4e96-b897-c2e9eba9598c", "comment": "Malware payload", "value": "4c416b600bec7e42c9a2d6b9474005bffcebf377c4f25c848899e8a63c1bed6fae1a90863d46a629e94d768e3b002a10", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208874, "uuid": "d41615c5-e9f0-4d61-93c7-baded898278e", "value": "T12FF423D635566FA15173F80ADDF09E86F9342BF3A86589D4C450ECC04CACFB884E7A91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208874, "uuid": "c85fb0f3-f207-42c0-93d9-7b311791f1f9", "value": "12288:IgXw3ltexgAvvgi9Ke/Wsqvy8mFacJsoKjcrqLriI/0ESTFFrI1AyT9icEZZX:GvPAv4i9K2WvvjmvJWjcWLqTFFrOAQop", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208874, "uuid": "0b4c12d6-d53a-41e3-97b3-6cf7670a771c", "value": 781684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208874, "uuid": "3641fb96-1099-4393-9f30-5981f4c2b5d9", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208874, "uuid": "5f910390-0646-474a-9c5c-3e482d2e1a31", "value": "SHIPPING ADVICE#2022ASEAN (2).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7bddbed-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643207142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207142, "uuid": "90318eca-a59d-494c-b732-8ffd5dd15de9", "comment": "Malware payload (Formbook)", "value": "f8debe5896816bcd423808995957a655", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207142, "uuid": "0f93e939-ca68-43c4-ab64-fee6823b80f7", "comment": "Malware payload (Formbook)", "value": "1dbc3cfe6ec8d60d09a82351d49935068b5e8b94d1ce7de9f83fe3f990e9c69b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207142, "uuid": "771db41d-184d-4bb7-acf6-ca82f9b0283b", "comment": "Malware payload (Formbook)", "value": "9415bcf1caba627ee0a8c757eb621716bf3689a7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207142, "uuid": "d058f09b-5592-42ea-a2f6-f4fb100d8ceb", "comment": "Malware payload (Formbook)", "value": "d2754e7d3fcfb3fa58ac55b83af297f60d80d2ea9662a7578728087194d1f02dcc3adadc78a4dae598efd87b3e48808c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207142, "uuid": "13201e58-2e8b-4ca9-92a7-f824969a4cca", "value": "T1C044127693C2885FD8029731267797BED3F8A7851E8024933BF11F37966104BDE19BA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207142, "uuid": "b4f63edc-5a3a-4c41-adf1-01155fd0fcc7", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207142, "uuid": "09382ad8-49cb-4ac1-bb9e-ae104b1fff62", "value": "6144:ow0MnTtYYAhUCGhOHAd53gs9YBPBCpvXv+kVzADjxQMoD:4oTtYYKUtZGswPB6tsGMoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207142, "uuid": "9d57c276-074b-4beb-a225-be625d648ed1", "value": 253416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207142, "uuid": "c170e9d1-ec33-4aad-86e2-0b5cdba59a7d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207142, "uuid": "67be19d1-5bf8-4c8a-94dc-1ee67594a68e", "value": "f8debe5896816bcd423808995957a655", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ebb20b6-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643211207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211207, "uuid": "bd1abbc1-d412-4cf4-945e-435065f51814", "comment": "Malware payload", "value": "b309c880828d41ec2aff57196e39745d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211207, "uuid": "11f4db0a-a537-4562-a23c-24dad57d44cd", "comment": "Malware payload", "value": "1e154fb1ed3dd25937cc87ad22e2ba345fad2fdc6f052deb1636cd369998cad5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211207, "uuid": "95b6badc-577d-4949-9d82-1a4d1e39efea", "comment": "Malware payload", "value": "0dabcc90b91fdba99d23ca40aa6e3e7515229f20", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211207, "uuid": "49ecdd50-75a9-4e95-ad0f-beb940dd007a", "comment": "Malware payload", "value": "b06d1d8ed75dec8f7f1400be2e89166610aeff5c62ef23dcd602a057bcc6fdeebdf2431f249936fba4ec41b53a8f8711", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211207, "uuid": "3d44269a-4cf8-40c2-890c-b1bb60b5e173", "value": "T1A245EF43180C819F9867D76421671D97EEF87E47F2C84E2ED1E428B84AEBDA674C604F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211207, "uuid": "538b7064-7f14-4ec2-b014-0d1b3f68692e", "value": "24576:Ca1QHwgJMrQqj/wAc6QORNx2nAjwkaUm0GV9igWQlnwXwBwfaljN1X4GtZ+FdnZw:wnEKFj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211207, "uuid": "999b035f-a17c-4268-8aa6-51e7da4587ca", "value": 1277361, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211207, "uuid": "5b980a77-00d4-4465-840c-c46daaf7f9a0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211207, "uuid": "0290d8ae-618c-4532-98ef-349fd0215315", "value": "b309c880828d41ec2aff57196e39745d.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9d8183f-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "16441aa8-8d9d-41b8-b70f-e2207e35dfdc", "comment": "Malware payload (Heodo)", "value": "343e780cb9d7300d9ee99aee1f94520f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "f1ee1d0e-713e-4423-8205-ecc55a4687c5", "comment": "Malware payload (Heodo)", "value": "1e26643aa6cf78b22eede9f8af795e98ff307bf28db99e8dfa4ba913f6f3c022", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "2dbe2265-9e1b-444f-96ce-798c53bd0215", "comment": "Malware payload (Heodo)", "value": "c63302baacd644dc4a30dd16cbaf358fb71d7bc1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "efa02477-b691-4b73-bc0c-e6c7f07ad02f", "comment": "Malware payload (Heodo)", "value": "f80c1c7768260850e6ed03049b4468823d34ab3c873b6066ec43609a47601a71ee21921673ddecbc63ca9112bc0f2dd8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "20f0685e-67f0-4909-aaad-430b8f5a1bca", "value": "T140D49C2233DCC8B9E0AE1D3D290297D523E8AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "9098a47d-6a31-490d-a936-3991f923019e", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "978569fe-3b8f-4395-a5cc-d9c0f6af4338", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmcOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mmc/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155579, "uuid": "74393096-6d12-4361-a143-6c5484cf093f", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155579, "uuid": "e4fd21c4-9719-4e6c-8a37-7aa4d564fe6e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "2f4ace84-00a1-40c5-b411-646c464b7010", "value": "emotet_exe_e5_1e26643aa6cf78b22eede9f8af795e98ff307bf28db99e8dfa4ba913f6f3c022_2022-01-26__000606.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36e0fcbb-7ecf-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643218898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218898, "uuid": "e9102d71-929c-48d1-95de-9eba752580b8", "comment": "Malware payload (SilentBuilder)", "value": "1bb68645207b748b911ba3fc6b58bd3c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218898, "uuid": "1f78017d-86a5-4730-8e64-24b5c33fd3ae", "comment": "Malware payload (SilentBuilder)", "value": "1e303bfac937f4ff5be8c067ef9233b5cee4e477fb38bd28ad4a4b77d9ca1821", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218898, "uuid": "3bac0e42-f183-4f94-82d4-1f25cc9ca465", "comment": "Malware payload (SilentBuilder)", "value": "2d77a281fc7a01940e600a553a227c27bfefbccf", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218898, "uuid": "85fa5e50-e156-4f25-bdb3-bf7f9fe061f5", "comment": "Malware payload (SilentBuilder)", "value": "706b5afffbc3494a3d0c8d1bf1e79d81c3cd07f110f16073b5366c0920f82ca59cc349a2a46cfe28f97454815f690089", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218898, "uuid": "df79bfc9-c1ad-4abf-8d38-73e32c009b7b", "value": "T13C131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218898, "uuid": "b9948ebd-85c9-4c54-9e8d-16b7192c6544", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218898, "uuid": "fb77b660-9d74-4d4d-9e40-e9f36c864bcd", "value": 45200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218898, "uuid": "f67270f0-ffc5-4289-9d59-e685dbed6c51", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218898, "uuid": "753b29a8-2866-4b33-abd3-6b633faedfe4", "value": "tmpm2v3as5r", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fdd2e05-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177171, "uuid": "385b52f5-5ba7-420d-abe7-981df90c37be", "comment": "Malware payload (Heodo)", "value": "20cf31bdaa9313cb59f3d1a7852fcbb8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177171, "uuid": "09abbb18-51b8-484a-b1d8-6876cfa75a3c", "comment": "Malware payload (Heodo)", "value": "1e3ea7dba9cc5a7b5e3706913151dbd25896085f0867c4db18f0a16bde8be4c1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177171, "uuid": "bfae6e5e-ffff-49e5-a08b-f294dba429ce", "comment": "Malware payload (Heodo)", "value": "8986d6a93633cc6c8a1e8f6921173a8436d4657a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177171, "uuid": "cb26a573-6c7a-4629-9f2e-5c3b2ead5e17", "comment": "Malware payload (Heodo)", "value": "1a1b87f7b52ee52357fc60b42166049be68bd2a7726e3d3dfbcaee2d4ff511b7179ac3c5ee7b473a7b2a44bcb1b18d18", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177171, "uuid": "ceaf4dbc-405b-48a8-85e5-2545c03409e4", "value": "T168D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177171, "uuid": "ec21389c-dae5-4ea1-baea-dfef869a8a02", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177171, "uuid": "f4a76a87-138b-4a55-8ac8-d5f788da97e0", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmyOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mmy/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177171, "uuid": "2bb08dd8-1a8d-40bc-abe3-cd27ce8b68a8", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177171, "uuid": "7ae3e6ba-b259-462d-af7e-7dd7424186dd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177171, "uuid": "9d513e98-54a1-4bca-850e-0f7dc36cf864", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:53_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d123c2c-7ed8-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643222854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222854, "uuid": "6e26b3e5-0a02-4175-8cb4-95b8f736285e", "comment": "Malware payload (SilentBuilder)", "value": "561960ceb700cfcc23126dc129d653a3", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222854, "uuid": "a811c6fd-b685-4f6d-88d4-d1fc269b309d", "comment": "Malware payload (SilentBuilder)", "value": "1e87480939af80b7a31d573688d8e36945b74cf892a79840cb0b3cdbbb85f7fb", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222854, "uuid": "260e04c5-8a90-4c91-920e-2d024e0d4cfc", "comment": "Malware payload (SilentBuilder)", "value": "bb54f6ecfa661a2a17626b00742b59d6d73c9128", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222854, "uuid": "bbe79d43-7435-410b-96d5-6ab89198da9c", "comment": "Malware payload (SilentBuilder)", "value": "fa086a543a655634077745ec5a51549158c62397fec92f3107929cf9df35f07cfa8ec136d6f201dec45eaa526bc28d19", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222854, "uuid": "e5137638-aaa0-40b5-9bc0-32a1d3af7ceb", "value": "T195131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222854, "uuid": "6e583fd2-cf84-4dec-af51-25026549ed4a", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222854, "uuid": "727b9ad4-1d18-484b-aae7-9a1e32f1dfbb", "value": 45560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222854, "uuid": "00c3b985-65f0-45e0-a408-562c4e302364", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222854, "uuid": "d33f2cbc-df36-4234-ba1f-6a525e751c53", "value": "tmp2hxes4bb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41fb9132-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "db8c990e-121d-467d-819c-950e7591bdbf", "comment": "Malware payload", "value": "425047a599487e95d0ba8cf2be12d2d8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "47698211-a66f-4f8d-98ae-1ac6342a66ff", "comment": "Malware payload", "value": "1ee93c7b6f40e34cef586b9d9e9b0e580c779920d1707e1d8d93b597d64bc8e0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "3cd88f3e-67eb-43ee-9063-320e70ffd3ed", "comment": "Malware payload", "value": "13a1aacb7832da61facbfbcd708f084d1115cd67", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "f1abb034-9804-472f-bf90-c6f62965f4a8", "comment": "Malware payload", "value": "84b2e509f06c920cf659a10843367e94e0c8d7b29a9c6a4195ceffda525c8bae19695bbd5fc4c85e01e83ae6a85152e8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "7807f229-fba8-49e7-a262-1523f2df8edd", "value": "T1E1B46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "9da8cc68-9933-46f2-869b-280e862a8ac2", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "f3704640-1e5c-40be-9350-4a3ea798afe1", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdhUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQkcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232231, "uuid": "af1a7471-38d0-45a5-83a9-133fca4e9446", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232231, "uuid": "e8897aa7-d7af-4cc1-a5fa-144b6ac94f68", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "0404570e-06eb-4d5b-9215-7301317bf37b", "value": "emotet_exe_e5_1ee93c7b6f40e34cef586b9d9e9b0e580c779920d1707e1d8d93b597d64bc8e0_2022-01-26__212335.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be3766e5-7eef-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232869, "uuid": "30534759-1481-462a-b361-41f36a6ce48d", "comment": "Malware payload", "value": "770d0b25057f5afd3611324d4fda1bcd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232869, "uuid": "432e67c9-2076-41b9-b960-bddd588a41df", "comment": "Malware payload", "value": "1f6cd6a0a923614830f52e6a778b77f357ba1297bae43d422383c52cf97fb466", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232869, "uuid": "9180cc39-88e3-4c19-bcf3-e865e4491d9d", "comment": "Malware payload", "value": "c265736bda50f17ea99395a16932c24f95d4f7e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232869, "uuid": "fb40b3f4-e25e-4491-894c-303f73bede4c", "comment": "Malware payload", "value": "e966016e4b23f2c702717000597781115f782c3dfe71fc3838388025ff1730ac301c05ef859f7e455ff5e39a2fd30acb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232869, "uuid": "e1f3f010-e72a-4305-8a4e-d378a432234d", "value": "T1FAD59E16AD7840D5EDE38074B6768373E272B8270B749BD7816486740F93EDE1A3B227", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232869, "uuid": "e814161b-d037-40d2-9cf9-ae5ebe5c6349", "value": "6b6048749f918d92e99f465c8b1f59af", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232869, "uuid": "ebd034ad-1b27-4fd1-9072-30dfa29d66fc", "value": "49152:4fviTzkrvUC9bGflVLhiGtlqogwzKwpRPMQI2bHbfgsWBNn5sxSOybIU6iQ:KvCzkrgxbbMcbIJsx1+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232869, "uuid": "4395e784-db6e-4526-bb82-447c0c5015d2", "value": 2977792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232869, "uuid": "f630c30a-7323-4ae7-90e6-a1edbb5aad26", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232869, "uuid": "d98c932b-a704-491c-b9ab-89acd7a8b61d", "value": "770d0b25057f5afd3611324d4fda1bcd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "625c820c-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226702, "uuid": "0f19c759-9680-479c-830e-6cc9bbe1e456", "comment": "Malware payload", "value": "1db84103db666ebf75ae318a076b6f73", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226702, "uuid": "ea48c556-87cc-4b22-8117-2978b447972a", "comment": "Malware payload", "value": "1f8af3f6a12742c957f9d2ca23af244882efedbfa9398beaf90c003bd07147fe", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226702, "uuid": "c1f2d952-2852-474f-83bf-7014764360b6", "comment": "Malware payload", "value": "c601f997df2dea0463a88e509111d4b68920c30b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226702, "uuid": "bb0a6562-6935-4cc8-bbe9-aaf3f51dc1c4", "comment": "Malware payload", "value": "302acce8702e094d6c9d5e364918215f91cc1722228643182ad11235677b0f4f8bdf1871ed4ea3c9393632b5a5f73c75", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226702, "uuid": "2c955277-60c1-4001-ad90-fcc3ac093061", "value": "T1D205F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226702, "uuid": "a341bae5-f7c4-4ae4-8d18-bc40cb55c999", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226702, "uuid": "56f3064b-94a1-42e2-acf5-9053ced0a2a4", "value": "12288:aA9e3OrvpgqjtQFecY6dddifiHxoB3rNd9CDr:blrvpgqj2FeRQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226702, "uuid": "8bca9f09-9836-4d7e-b0ba-43d245860f46", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226702, "uuid": "ce0d157e-9eac-4dfa-bd02-a35c064c5492", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226702, "uuid": "9bbbfc1c-a978-4770-8bef-82aa769faadd", "value": "QJ0hqh8OfSqL.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46452a6c-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643223219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223219, "uuid": "51a828e5-b655-40bf-a80a-4beb306a57e0", "comment": "Malware payload", "value": "58a085e2341137e5292fe4b8d7d20830", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223219, "uuid": "2625a41d-ccbb-4414-974b-62d61d1e319c", "comment": "Malware payload", "value": "1fbc034b30e25ab7747780e6df958cd8bbd6ffbae6e78170f52a981d5da40c29", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223219, "uuid": "ba10b800-7909-47c1-b335-dd3137ac1011", "comment": "Malware payload", "value": "04102c0cf0e5f661d0252a406bf6bf2f6a328adc", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223219, "uuid": "ed85de69-9e65-4661-a6d3-5a1f9e433108", "comment": "Malware payload", "value": "5f508b3b4998283dc3367a58ac86080c50789ed4397782490614e89e8ebf88e07aa348d8b4f5290379f3896465b67072", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223219, "uuid": "71eb70b4-2451-457c-863f-e04a372bb794", "value": "T15FB37C3AA185BF5BFD8B033D4C5245B9671FBCE47F9F5223128572102AF8861762623B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223219, "uuid": "b8de769e-edd7-4db4-bbcb-ab0905c7eff5", "value": "3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223219, "uuid": "5710a475-e8fe-4fdf-9fa6-a2ce7b61599c", "value": 107853, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223219, "uuid": "f12feb48-46a6-4a2b-acdb-2ccd794b0f08", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223219, "uuid": "1453bb60-ba67-4dff-b74d-57e8f464c0d8", "value": "INFO_363051582280.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff7fc6b7-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208497, "uuid": "53a4224f-6835-43a6-8ed3-027cf96e4494", "comment": "Malware payload (Heodo)", "value": "525a8712e8f66b1bd62872735669a754", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208497, "uuid": "26ff5856-42ef-4c63-8741-4a50885637b9", "comment": "Malware payload (Heodo)", "value": "201b69b435cf0b1c811b48245dd8c5fa64e787ae80adc93fc613e0fcd31e8b87", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208497, "uuid": "c57f6673-d49e-4ece-aac9-f1fee47501c4", "comment": "Malware payload (Heodo)", "value": "163319d1ad4a00ac13f5977ac52db02614f3c70b", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208497, "uuid": "a79903f6-8ce7-4449-bb5a-aa63065d71f2", "comment": "Malware payload (Heodo)", "value": "1938c6e2bade9827216e411f8c37a912759ee2da1cb7e61d5f229cc7b1ad7ce5d1754b66bc6780157fb7576be70e7d5b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208497, "uuid": "136d8a15-02f8-45b4-84a7-b5453adf4dda", "value": "T1BCD36B65B6C5E9CAC70523350A9A8BEE33676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208497, "uuid": "02023b2a-66e5-4bca-92d4-397d7c7a811f", "value": "3072:IcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0f:IcKoSsxzNDZLDZjlbR868O8KlVH3jeho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208497, "uuid": "7953f827-c8ec-487b-9725-a30e40a7af2b", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208497, "uuid": "6b9405e2-2a7d-4708-b2a9-fd5f120cd2b3", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208497, "uuid": "08cc9fe1-8034-49d7-b480-8e44a566c303", "value": "brandau-catering.de.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "420de5d3-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "363e1ffc-225e-45b8-9499-3956d3172ff2", "comment": "Malware payload", "value": "fd50cea1c43ed8866dc87e8852b5dc3b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "6b73268d-e310-4b6d-aca6-efdd7996cef4", "comment": "Malware payload", "value": "2029aa5316c96137109135420b8528dc16d95f0f5e6111207aaa86c178135960", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "63c3c24a-be37-4fef-8f54-183f9e24c8d6", "comment": "Malware payload", "value": "6ae9b5c9f40656ea3f82e0c8efd15e6a7868c6dd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "7ccbf538-6dbe-4fa3-b03a-e02d0a1c4a51", "comment": "Malware payload", "value": "6143cdbfa098db3615705537e660bd51ff803af9e33a43354e889f9c165aa3181bb77c3ad30a11d66d62dc753449de92", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "7490af26-7f1c-452a-9608-21f1c98d762e", "value": "T157B46B1AB172D871E3FEA3F5B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "cff23973-4f30-4885-9e0a-ceb5a3a400d1", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "cd7038bf-0ca3-457b-aaa0-7a1d563455ef", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsd0UPlhLYfZDqvasLD2d:n8nYRvJhjvGpQhcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232231, "uuid": "7074ac0c-bf80-450d-acd2-74fb0eea9658", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232231, "uuid": "1639dd6a-7f90-4451-b2c1-7052bdfc936b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "7deb702d-fe6e-42c0-935f-4e89ab4a02ea", "value": "emotet_exe_e5_2029aa5316c96137109135420b8528dc16d95f0f5e6111207aaa86c178135960_2022-01-26__212336.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf79325a-7ed0-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219557, "uuid": "8fd33e2c-08c9-4c43-999a-145961375a43", "comment": "Malware payload (SilentBuilder)", "value": "79c0cde691685374ea073b57876808cb", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219557, "uuid": "3f423e5e-4f39-4015-b05a-a6809cb9f9dd", "comment": "Malware payload (SilentBuilder)", "value": "206fccfff549b6c0b066562c793f5307c4a8eb65fb7384467b4e59644003346c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219557, "uuid": "4d82284a-bc18-4e9d-a56c-7c214e73aa34", "comment": "Malware payload (SilentBuilder)", "value": "975417ffbf6e599112bc4c28f3282cdac84cf28d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219557, "uuid": "e6a60b93-2738-4cc6-a8b5-a5add99ad8a4", "comment": "Malware payload (SilentBuilder)", "value": "a4c070ca987d8b856d68e41137efd697269ef9162a2c0b555b2f1280c364d70291d5de1709b97aa7dc3eb7f73d41b8ac", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219557, "uuid": "2051113a-ea8f-4fc4-a21f-b9503db17db0", "value": "T168131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219557, "uuid": "41e7878c-27ed-4b52-a5d8-d1ab20355b9f", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219557, "uuid": "f69400e9-33d9-4b7a-b1ee-64510d096ea8", "value": 44970, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219557, "uuid": "e1515f0c-2069-483f-846d-a64cfe48a21d", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219557, "uuid": "aa0fda4a-206c-4bb6-b9a6-dc948ad1921a", "value": "tmpdbtn9_f5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df9c7f6b-7ec8-11ec-9275-42010a9c0029", "comment": "Malware payload (Stop)", "timestamp": 1643216175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216175, "uuid": "7d5e5c41-57e1-4dd6-bd66-e9e105b9002c", "comment": "Malware payload (Stop)", "value": "68009cb1a158689807fe11161ae662c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216175, "uuid": "79fe66aa-d22b-49a6-9992-8d1a47090a08", "comment": "Malware payload (Stop)", "value": "208d834cec31b7d2ed5d82788548051459618479ca55012978fea7c29b6156e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216175, "uuid": "3b5d9190-0ce1-459c-9a2b-b93cb5a7a963", "comment": "Malware payload (Stop)", "value": "48c9cdc6f2a066b2647cc494079ce9aa654417b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216175, "uuid": "cffca2c4-4374-47aa-b2b2-82c9da6247a7", "comment": "Malware payload (Stop)", "value": "2002e135c6630f98dcb26e64963c600c27f3eb46f96b1ba4e5a61950ad19f329247a3b703d7a0e8a0210105841bcd3a6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216175, "uuid": "dbc08a48-4d5a-459a-9d79-d82abdb7c677", "value": "T1AF849D10B7A0C035E1B322F449B957B8B93E7AB1672451CF92D52AEE5B396E0DC3131B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216175, "uuid": "1f617315-6692-4ae8-adff-a2f5dcbbec07", "value": "9da0e72ef0ce0c441e86840001cd2ef5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216175, "uuid": "732cf355-b400-4664-a8e1-c7ed7d1df37e", "value": "6144:v7XCavSOaQ+CXCP+jHdwYTvlokcNqRPK+aMs12JECzd9iWGeEL6qk:v7y+Ym9wY+kcowisk9iul", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216175, "uuid": "7271081a-62b5-47d7-b156-66ba31e344c1", "value": 384512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216175, "uuid": "77ee53e1-a918-42cd-a701-fdd685a37388", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216175, "uuid": "73530403-5219-4b09-ac19-7e607a33f32c", "value": "68009cb1a158689807fe11161ae662c7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3755b81-7e9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643197310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197310, "uuid": "baa1852f-347a-4542-81ef-5bc2d005cd2e", "comment": "Malware payload (Gafgyt)", "value": "0b512d5f7e085e1e633b896e8ae63215", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197310, "uuid": "b0cb9c06-f147-4fe9-a767-a2560d8830fb", "comment": "Malware payload (Gafgyt)", "value": "20da319e62b08f837e6f1abd6038975f2b854fa5ae5b869cb1ab5dce97eaf6f0", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197310, "uuid": "de15530a-de97-427c-9caf-dac116a41718", "comment": "Malware payload (Gafgyt)", "value": "0665ff3e507378df8881154cca4d6e9c902e6518", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197310, "uuid": "171806be-aea2-4aff-b2ba-e13396fcb35f", "comment": "Malware payload (Gafgyt)", "value": "487efd4caa51f8192b9f9fb6746a3110b9957332d59f56ed68d29272ad5913c8153591b019658a24c94ca3fa7a150f76", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197310, "uuid": "a74df05e-6ade-481d-9184-0cc8b9d738cb", "value": "T1A8E3A51AB7619FB3D81ECE3706AA4601108DE55A02ED6F6FB6B4C51CE78B84F08E3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197310, "uuid": "326244c5-a547-4933-884c-179098b21d6f", "value": "3072:CSNpsTm6eq+tYPS5hx9nDhhURxuZq+1uPNd5R:CSNpsyq+mPS5hx93URxuZq+1uPNd5R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197310, "uuid": "36331666-d839-4a4b-82a9-a25aab141d1b", "value": 154480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197310, "uuid": "51d4d838-a902-41d8-9904-e48ed103020d", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197310, "uuid": "dc5aa7d2-0c91-431e-85c1-17ec6a561b67", "value": "assailant.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af8013de-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177010, "uuid": "dccb7a10-ccf3-4ffa-986d-e48867ed6146", "comment": "Malware payload (Heodo)", "value": "0d79e97f6dedf5078f2feae25cb90ceb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177010, "uuid": "4ba74b7e-ef60-4358-ad34-5da26896f0b3", "comment": "Malware payload (Heodo)", "value": "21379322301f7d900faf7166bc747779c3297bb2731374034cf2c16fcfa3ed94", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177010, "uuid": "58f92ae1-5b02-454b-ba89-d96942787736", "comment": "Malware payload (Heodo)", "value": "25805a556dfe3ceac0348dd2a506d89500d45187", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177010, "uuid": "042b1e2a-490f-420e-930e-d01884d64d00", "comment": "Malware payload (Heodo)", "value": "78ae3f86e25d6ae7412b2656f990673633cec8cd64d25703ded972e29b3636655657b32cb6935e750a67cfe3c724c36a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177010, "uuid": "bdb57db7-1787-4392-b51c-f0b2699ad1a9", "value": "T1EDD49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177010, "uuid": "57c7802d-63af-4103-be02-71da40f06819", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177010, "uuid": "7dac3b9f-343c-47b8-a677-7a8c70b28f4c", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmfOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mmf/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177010, "uuid": "fe085d8d-b7ca-4d1a-b51c-7e847dddfcf9", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177010, "uuid": "7d2817e6-0ecb-4660-818f-d8dfac8134f1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177010, "uuid": "ae52aae4-2b55-4a18-838d-4e8c618f1011", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:06_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "502e1a4b-7eed-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643231825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231825, "uuid": "5f88b4bf-4b35-4ad4-9ed2-0f9858504681", "comment": "Malware payload (Mirai)", "value": "893f70a0ac37c34b37360b65bedf2416", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231825, "uuid": "bcc8522d-bb6c-4738-8495-0fdf929a86ee", "comment": "Malware payload (Mirai)", "value": "213bf6b66c539172b863ce490e248e2b39a6e021756c93867560a4f8aba71b94", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231825, "uuid": "94647eab-3363-468f-ad9b-ee0d694ea612", "comment": "Malware payload (Mirai)", "value": "9a286754e482c2b4b4bafb4230bc29cfd75a9fc3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231825, "uuid": "ef861541-9ba2-4034-9bd8-98cc20e781fd", "comment": "Malware payload (Mirai)", "value": "35dcec50166c7c7339c917c8c9d47f750d1234cd1fa068d6b1a3fd0474c2195995de8283a3f9553dff1a262e36febf73", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231825, "uuid": "c37657e1-adef-434f-b415-8d7dac68054c", "value": "T11A53AFA2C9542D28DA154A747810CA749323F43487872FFAE555C37CD0279EEF1AA3F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231825, "uuid": "64e182ac-508d-4c73-bcb2-bdd0764ace74", "value": "1536:5aE242P22+INT5xAB7Psyydq5QKl7hhc5fUCHpm8yu:5T242P221T5xAVBj53lw5fUZnu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643231825, "uuid": "250ad25c-ea72-4ced-8296-516019f8db51", "value": 64312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643231825, "uuid": "136e3589-fa3d-4f81-adf5-f08f9819ae4a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231825, "uuid": "a4cd7f78-5fd7-4c97-a3a1-8a1a2ccd07d7", "value": "893f70a0ac37c34b37360b65bedf2416", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b149c2b7-7f02-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643241008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241008, "uuid": "46b29882-32a3-49da-ac30-16b476827ffc", "comment": "Malware payload (Mirai)", "value": "f7d0f0437df9829a52863347c5f59f2d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241008, "uuid": "d9c0fdf3-d2b7-493f-b5f5-20d84da5f068", "comment": "Malware payload (Mirai)", "value": "214ab738800d3ffc7e236d64e738b41e5deecf927e8a203ecb2638dd1fba097d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241008, "uuid": "9a57801a-a1d1-4813-8a15-25afd8a1fceb", "comment": "Malware payload (Mirai)", "value": "83df718add87f80a35400821f25aa13b4d476a74", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241008, "uuid": "cd316953-76c4-4a7b-b2a3-f2999ba0adf6", "comment": "Malware payload (Mirai)", "value": "4e3332854b16053dce29b1ce20b7034496b893fe9b2ab115e8b76aab660414c25bfeba9fdbedfc87bfdf4a814b4b72cc", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241008, "uuid": "5492f2a8-13b3-457c-9a72-d7fe9ab5b8b1", "value": "T13613F126326EF030CF1108751C749D5EE71BAAB9D6B07262ED31CF7C90E6652127AA87", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241008, "uuid": "869805ca-eb24-4d82-8bd9-80c3cdaeb741", "value": "768:AT/o9ysvAq08WVSMoKtGGkycdQ3VS3I1EsV9SzcjWN88otBYPqQw2faZJrdUFUsS:ATQ9x4WWVSFNGkd0SsbSIjI87+xw2f25", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643241008, "uuid": "290d42d1-efe0-4558-a681-2a5073de62c0", "value": 43984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643241008, "uuid": "a54f7c52-a464-4dbd-b863-b30c7f1fbccd", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241008, "uuid": "df32ad9b-0470-4314-821b-9fe3a4147991", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "797302b8-7ea5-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643200971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200971, "uuid": "4427e726-f2b6-4d32-a83a-ffdad443c283", "comment": "Malware payload (Gafgyt)", "value": "7d822c5569868a30743ee6412e5ad1db", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200971, "uuid": "976da7e5-cfb3-4c7d-a7d9-6f4790b5e650", "comment": "Malware payload (Gafgyt)", "value": "21bd0c88094aa18437e94dee14a8c4a5fa4fb5120018ad7ffb05ce261ca2dc57", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200971, "uuid": "b37d796b-156e-4b65-9895-fcb8c0d29807", "comment": "Malware payload (Gafgyt)", "value": "db21c09e35792c318305ad6f26b15e00540921f6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200971, "uuid": "45c66501-6ce1-42a6-88eb-b1a3d5c3b2d0", "comment": "Malware payload (Gafgyt)", "value": "01e372f3555fa8e9d15105a1e9b074041fce660f32cf2071a72cca09d299a526e3627829eb00993a91d92ef4fd5d6e6c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200971, "uuid": "8f6a8eb0-b0e5-4501-a300-e0eb360d24e6", "value": "T131B33A0798615F77C045ADB529AB5530072BBA120F4F1F9AB57CAAF4074F8CEB40EBA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200971, "uuid": "b3abc9d5-4346-4653-a978-b3cf54e14f92", "value": "3072:btTQn622oNI8zpUI5hLwtOCwLkY0Px9gQNfR:btc6Vs/UI5hLwtOLLkY0Px9gQNfR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200971, "uuid": "5f4c912e-960a-42b9-836a-d6fb94e3ae58", "value": 108415, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200971, "uuid": "73d9ef04-31cf-417e-9b4e-09ae33f48d00", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200971, "uuid": "0b925288-50f9-4169-9b86-5ce1314496b2", "value": "7d822c5569868a30743ee6412e5ad1db", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "874edb7e-7e85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643187250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187250, "uuid": "9debe8d1-4e0d-42d8-8227-3ede1523b81c", "comment": "Malware payload (Heodo)", "value": "1fa71916dd5c2ab8c22b1d57b2271178", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187250, "uuid": "3dd4de1a-9f5d-4bb5-b869-a0522dbaf26d", "comment": "Malware payload (Heodo)", "value": "2202b6fed313c919492e97f4a378275f0532ec2cad7f1f3389490b072e5126e2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187250, "uuid": "78c7be3b-d98a-4b68-9f15-4707f6d6b6fb", "comment": "Malware payload (Heodo)", "value": "e4692b4bc4f211da8c4b0e4a2d84f71211496558", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187250, "uuid": "a238402a-4fd4-4d0b-9e7f-aa7313a236d4", "comment": "Malware payload (Heodo)", "value": "8bbb0f16380d3083b662dcf42947a2e256b68e677c01d6ac0fbaf4d987e2d8ba28a6603b1473650810a739855639d66d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187250, "uuid": "4f04a761-e17f-4a9b-80e1-132847e6d475", "value": "T12B05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187250, "uuid": "9d192876-503a-4056-b164-09ac7a6a26d2", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187250, "uuid": "e4088846-d76c-4ad3-bcf6-4f29571d4c61", "value": "12288:aA9e3OrvpgqjtQFecx6dddifiHxoB3rNd9CDr:blrvpgqj2FeWQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643187250, "uuid": "e2fa731e-e05e-4ad9-8d9d-67d4efc7ac8e", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643187250, "uuid": "279262cd-7c16-4557-8bf3-9093681b8e91", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187250, "uuid": "bc466631-f8e9-4e1c-aa28-42c67e1514dc", "value": "8eAYsVkb45x.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d22a6e2-7ef8-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643236625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236625, "uuid": "0f6afb58-c4a1-4a07-970c-b8da4705b7fe", "comment": "Malware payload", "value": "b515ea93b9efa90b70907fc658496c49", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236625, "uuid": "ca787f05-906e-460a-b0c2-3352217ea928", "comment": "Malware payload", "value": "229ee8246a71b9fb8bcb3ff887518e1dc4906b03e3fde08556f8e6d56d6afd15", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236625, "uuid": "ea18b156-ed00-41f3-9b4d-5ee104feb2e8", "comment": "Malware payload", "value": "d4a0db4a2c14527231174fcb56ceafbb94fbbbb0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236625, "uuid": "dc7c7dfa-0e88-45b9-b5bc-6468ea495e12", "comment": "Malware payload", "value": "046fb90cba4ab96c6397b8b6390123464b71a7eb78297c3f57a3605c0a4d52aeda3ede5fc6918e1f3b05fb2d42200653", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236625, "uuid": "52c75651-5dfd-4f02-a581-f80586c4079b", "value": "T1A2B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236625, "uuid": "e24d02a6-76bd-47ed-9b34-8ee41b45dcc1", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236625, "uuid": "5299f0ca-f6df-4de0-9289-0176f4c187a6", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8Q9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgd0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643236625, "uuid": "b88827a4-e24a-4065-9154-1c0e4ea6959b", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643236625, "uuid": "0bddfb23-518f-4e7a-81a3-54ef41ece376", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236625, "uuid": "b49e7527-3472-45b8-aa4d-666b3c4277d6", "value": "b515ea93b9efa90b70907fc658496c49", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94f41d07-7e7e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643184267, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184267, "uuid": "9c1f812a-6044-4437-9cf7-7012931fb5d9", "comment": "Malware payload", "value": "8612fc6af9f6867a17e6715d28172eca", "object_relation": "md5", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184267, "uuid": "eedccff5-6603-4dfb-bc39-8577bdf7a7d3", "comment": "Malware payload", "value": "22a19286ef37f883a8d885f46d7b1bac5387f0931c5cc3a232b5b19880ee1f66", "object_relation": "sha256", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184267, "uuid": "887553f1-81b2-430d-9c29-00ddc570fac8", "comment": "Malware payload", "value": "bb797432ec61ddea451d3bebf5257488761b7afc", "object_relation": "sha1", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184267, "uuid": "25d8306b-ef50-48f7-a8f5-3c986d596f45", "comment": "Malware payload", "value": "72d4e23cc6f64f29be1af8c4dda20581482cb983841538c76db3044c67dd1d630f6497d1075ed36af652be16c1e425aa", "object_relation": "sha3-384", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184267, "uuid": "cf6d14bc-5e48-4cd5-9e2d-9180c68718f0", "value": "T1D0134B731A83BDC85F7A1D06E1077D800D0E6DB787348DD8FBC91DAA249A612DF5B829", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184267, "uuid": "3ba1ff7d-fc58-4fd6-8cb7-c02fb0eba7c7", "value": "768:HZF3qTcc8Tsd2ehv8jmF0n3kQ2vSS0NCMlw3UM8MnZvO9FXYRMOQqk2sI7Cf:HZd8esJOjXn3krvSljKUM8SZW9FoRM3x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643184267, "uuid": "a682f361-7793-48ee-903a-ef89fc5493c7", "value": 44376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643184267, "uuid": "a76ed7ad-cc38-4e63-9d07-c5f4e874c133", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184267, "uuid": "0db0e0b3-170b-426e-9f79-7e7d5a78a4e8", "value": "1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01f59277-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643210219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210219, "uuid": "2bddec85-a9c6-4346-a9b1-fb8978f37071", "comment": "Malware payload (Heodo)", "value": "7d5be516deb9a85d3c82460f5cdee56b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210219, "uuid": "5b5a69c0-bcf6-46e3-9c68-114db20eee3c", "comment": "Malware payload (Heodo)", "value": "22b8e1caf88ec795b68d57a768252d9ae059fda079cf00d4b16084b6fad5a007", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210219, "uuid": "72bb1a8b-c03e-4c17-9163-8010975b04a2", "comment": "Malware payload (Heodo)", "value": "640c2a207f2680b0bbbcad343d9b8a768eee7d8a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210219, "uuid": "12e75c31-b5d3-48cd-806f-7baa0bf171d0", "comment": "Malware payload (Heodo)", "value": "e7a073831330ffcae1571df150b403116d1b0e81f87b7f497c9ea7db9ede8da6c95d4d25e4e302202f6556efcb870513", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210219, "uuid": "ac309eba-2b05-4859-bd50-251077c4aa31", "value": "T177E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210219, "uuid": "a242572c-7a9c-42df-ac70-f86d0c378292", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210219, "uuid": "339a544d-4524-4857-ab08-bd1869f3b6ba", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIpG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGwOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210219, "uuid": "83c79969-df73-46df-8c73-831d3b0b6aa9", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210219, "uuid": "c3d8b1c4-1889-4eb0-be9b-021d07ea9521", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210219, "uuid": "06280607-5e00-48b1-9d22-c1b3cebbb40f", "value": "7d5be516deb9a85d3c82460f5cdee56b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24bb4d44-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643206842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206842, "uuid": "bbc487b5-862e-4354-b1a0-25c663b8827d", "comment": "Malware payload (AgentTesla)", "value": "f4ea526f0dbfde9d14625468e299ea8a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206842, "uuid": "85a4f15a-1b34-4c50-a387-26cf9b2ed066", "comment": "Malware payload (AgentTesla)", "value": "22f1a8db06ec3fb0cde19c7d7874600147655edc56921ec5a339ce2b1b5afb1e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206842, "uuid": "073fbe90-8cb9-4a66-9469-d82d9ee4cd37", "comment": "Malware payload (AgentTesla)", "value": "5cf656f86f35c4f91c11720c7a487192042b5ef9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206842, "uuid": "48c13b00-35f3-45de-8d0a-802fe3b8bc58", "comment": "Malware payload (AgentTesla)", "value": "b899e075fe5e09f4e93b4c380960688fa7a087ec63252d2e59e9dfe1104ba81862ddf38d36551fd29aa1113f0ec63f8f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206842, "uuid": "f2150e61-fe12-4467-9269-f581a10309d2", "value": "T10515BD2BF448D836D19D497681CFB04C43B4B803BDCBF59E3E9BF5096556B86AA0620F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206842, "uuid": "a0878038-b971-44b9-ab11-e314416c1d08", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206842, "uuid": "6874a937-a56d-48b0-b792-e8bf9531205f", "value": "12288:DuOoCDI9147xLDj/E+Tle2q74cWEpjs0s8ZwhByIESmwdFruXXC4ZHjRL+GIni4t:iOoZ9s/fcMowryDS3rc3Ini4t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206842, "uuid": "f9fd2ea9-8cf1-4015-891b-a8b4e78b3c21", "value": 902656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206842, "uuid": "360113a9-d29b-4ba4-ac11-e02c6e960a7e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206842, "uuid": "3460037d-415c-49e8-bba3-aa2fd74e706b", "value": "god.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44b48690-7ea7-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643201741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201741, "uuid": "f885c545-de4b-4b41-ac66-25f134a29c26", "comment": "Malware payload (RedLineStealer)", "value": "3054fb0ce445d3b5f110d8cc459c82d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201741, "uuid": "ad488139-12b7-469a-af04-3eb3b91e89b8", "comment": "Malware payload (RedLineStealer)", "value": "234e4cc68a33ec5f9b94a393c85bfc91d17e87bc911713f34e39342d29bf5607", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201741, "uuid": "2b1bfcc2-749b-4cf0-80ce-1271564ab33c", "comment": "Malware payload (RedLineStealer)", "value": "17033da6178337e20c4354b09f272fc49b32e761", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201741, "uuid": "c29d865b-c40e-42fa-8fdc-a9f3d3a90e6e", "comment": "Malware payload (RedLineStealer)", "value": "620c1f5f6e9cb8bdffd1dcd934d2e9fbcc368d2105b7ee27b9948babe45104e64f29b8cc33215a2f18ac33a9e738a167", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201741, "uuid": "b1bf97e3-849f-4b57-9c0a-09bb08e3e489", "value": "T10EA4BF00BAA1C435F5B752F8167A93BCA53E7AE1672450CB63D52AEE57346E0EC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201741, "uuid": "d662742a-a3e4-431d-8cb5-a4624d16cecf", "value": "afd7576f854d2aadccbaf37a01b18fbf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201741, "uuid": "0dc80835-a09c-464b-aa1e-e12926b92e49", "value": "12288:VMvKOBj7KlGWycROJAGCuaG/9UECiXGgY3B:GNkAWyc4JLT9C9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643201741, "uuid": "69086b53-62b2-4a8f-8f70-68b02a012feb", "value": 453632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643201741, "uuid": "26f683b2-a9da-41e6-be46-23bb333a00ba", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201741, "uuid": "efc9e244-182c-4465-9ad8-ca29119b2bf6", "value": "234e4cc68a33ec5f9b94a393c85bfc91d17e87bc91171.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9dc223d-7e59-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643168464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168464, "uuid": "fc12609a-3492-4e1f-baf2-3f2d91e3ecd4", "comment": "Malware payload (Mirai)", "value": "aa982c1285277663ad2a21b561523ed7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168464, "uuid": "887adfae-a815-4272-9792-303ee1c8a744", "comment": "Malware payload (Mirai)", "value": "23c7e8b38ec8217d30e31b7b2030a6336f99ffc1c31dca807d7fa933a0f782d0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168464, "uuid": "7778a281-7660-45d6-a897-809b26a3fb6c", "comment": "Malware payload (Mirai)", "value": "1c994fabba22a785c8a16ff752ba26e0e2d3cd49", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643168464, "uuid": "1d0c81d0-c324-4f1c-a79d-67bcc6cc641c", "comment": "Malware payload (Mirai)", "value": "492268f2f5609f16d9c9896f4f11efac4efe95dae6f29648349a5c1ceec3ef724fe1fe2ce5182148459c73ea64c7171c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643168464, "uuid": "b16f9499-ca49-4711-b688-4f94f1d7a771", "value": "T1D863944E6E719FBCFBAC863447B75F209248339626E1C684E15CEA011E7034E745FBA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643168464, "uuid": "b26f9d54-ac6f-4633-8b97-e441a3f2fe39", "value": "1536:dE8aCKgy6jLIjta3stGjp4p6fdXu0/fxJnU67Jk:RHBUJa3PSp6M0/fxJn/tk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643168464, "uuid": "154e5713-0b02-4c2b-97e8-999541fb0455", "value": 68288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643168464, "uuid": "c7d609d5-7e45-49b4-9a51-ad053d567ce0", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643168464, "uuid": "c9a2bb00-d964-499e-b37b-ff3177492c47", "value": "aa982c1285277663ad2a21b561523ed7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3e3f8e8-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177473, "uuid": "bb511e94-2ca5-491a-a8e1-c92b782bb243", "comment": "Malware payload (Heodo)", "value": "63cd212e4af652355f895618a21e17ca", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177473, "uuid": "02212058-7888-4a05-a935-e5a3db950d98", "comment": "Malware payload (Heodo)", "value": "24466c9b7124aec9a583ebd09b6df592c6a2eba41701a9f78a6ed1142e708614", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177473, "uuid": "bb6a269c-b070-4e70-acae-576a590a2f20", "comment": "Malware payload (Heodo)", "value": "821ca967c57362b26381f61395d1ff3d3fdc98fb", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177473, "uuid": "5b58c143-469e-4419-8f4b-31b6c814de84", "comment": "Malware payload (Heodo)", "value": "33299b3df873ac40d1cf2a5c77f0d05d7790f146e90377256adb9bd0504e25110ebced838adf61bc319b6c799fcbf656", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177473, "uuid": "b4a69b90-f5a6-4bf8-8023-8fc2dca6613b", "value": "T177C3AC0795019FA2C86CC3F9BF0B48D46F01065DE2D539DF28926B47779ABBB0A0D62D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177473, "uuid": "805323f6-10a7-4a13-987c-d4c9ab047665", "value": "3072:NXKCEvZ8BnW6X1yVkovrepMA5Q6g2X4in/:NXuh8lWoGk+eCP6DX4A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177473, "uuid": "d032823a-d31b-46b1-82b7-c56a83ac3613", "value": 118616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177473, "uuid": "7073a081-d59d-439a-bdf7-8f5797d3ab59", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177473, "uuid": "5490ab26-1795-4daa-93f6-279ca78a3949", "value": "emotet_list_ioc_cronupTue_Jan_25_11:56:55_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27f92c1f-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643176782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176782, "uuid": "70d75bfd-a49f-430f-aa4f-80fa12e81221", "comment": "Malware payload (Formbook)", "value": "8de332d7f57396f7e6f33e212d33480b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176782, "uuid": "00d0a739-98a7-4547-88d8-1c81b0d78452", "comment": "Malware payload (Formbook)", "value": "24c3816b1d93a87af33e2ac0fe32e6936578e220642441d8895df2f768745244", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176782, "uuid": "85f90721-31af-4de7-8305-cc6b37ec6460", "comment": "Malware payload (Formbook)", "value": "884ab2b85eb222e6ebb32480d05b2f2e7c17bc22", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176782, "uuid": "e659f8ed-9122-4652-8b18-3cf59b0e61c2", "comment": "Malware payload (Formbook)", "value": "be105c495fc957dbdf23094741c62d3a7b8659ab8f852d3aa3633fb5d131f9ba05427647a3d6f845713350536b4b1f9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176782, "uuid": "9de962b6-dbfc-4235-aa37-a1b20dfd4737", "value": "T19E05D01632E0C134D29D2C3599A07954BF73F06F38D2F974EEA2DA057BB9784AA04973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176782, "uuid": "a88ae33f-5441-4093-8c13-56736920f921", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176782, "uuid": "5a983851-f597-4897-bd69-1f0dc4320dd3", "value": "12288:wPdQ1m+uHwKuqlqg/c+W7x8hb72lk3rfR+MHHjs0s8/wbUk1mPkm3LNwK5tpU0sa:2X+7x8hb72lk3V+MjMwwT1EJNwDzq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643176782, "uuid": "942c9200-193b-40f2-bd59-9b9aa11fc6c9", "value": 802304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643176782, "uuid": "d4788c1f-fa6b-4dcf-8f19-5b52bb5a3c8b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176782, "uuid": "b2e66959-641b-439b-b48f-63d98a8db3da", "value": "NEW ORDER.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd372480-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177086, "uuid": "50709566-0a04-4fce-8404-2de608969906", "comment": "Malware payload (Heodo)", "value": "01cafcfd15c850efe67d165e6bbce533", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177086, "uuid": "3162cfff-1a6a-449d-8b09-457fda609a9b", "comment": "Malware payload (Heodo)", "value": "24c81457cde9bba397b138ae1f72dcf7940d99d0f0acd119ec895585fd8e2059", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177086, "uuid": "9c19961f-cd33-44ad-aebb-e6e196a23161", "comment": "Malware payload (Heodo)", "value": "2d080607faacc4af01e7723a869cd5278d0af210", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177086, "uuid": "1fccfd80-1c1e-44f8-b087-72def945db48", "comment": "Malware payload (Heodo)", "value": "c078eea15e7287df177a5797d66d90ad1e3d960318e382e65a6c304662f91388d1b2bc273bb59308702c3ee4645db7f5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177086, "uuid": "76520d9b-526e-42c6-b2f6-ce53ef0931b3", "value": "T1DEE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177086, "uuid": "e6ce9a74-8a01-43a5-9f26-18b456c1e627", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177086, "uuid": "089b123d-f133-413d-9eae-5ae9daf6a46e", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4l8NACHKm2tkJV8u:o87vGJzomxhw8bKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177086, "uuid": "2ee280d7-ec3e-4c40-bbc7-ea8bf441d35f", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177086, "uuid": "85199a98-b70f-4f53-aaba-bbc4c8484bf6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177086, "uuid": "1302dfca-e7f7-49ab-aa6f-bfdce01e7d63", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:33_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08969c56-7eeb-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643230846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230846, "uuid": "ba9ec564-2bfb-463b-823b-59ad3efeaa0a", "comment": "Malware payload (AveMariaRAT)", "value": "45f1ca40b80d81f690bfc9e70b5dd847", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230846, "uuid": "f5102f1b-ca58-4a5a-96c9-e88032c7b02d", "comment": "Malware payload (AveMariaRAT)", "value": "2535572c4d6f93d79c460bf53590e4079f6cabba485fcd631bec5a79081aa40e", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230846, "uuid": "4c2fa5b7-8450-428e-b630-88e6219d9e77", "comment": "Malware payload (AveMariaRAT)", "value": "32593989502e734ee3b5e34b826ab1b407199f07", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230846, "uuid": "0235d918-5a3a-4235-9aff-0614ce48e50f", "comment": "Malware payload (AveMariaRAT)", "value": "2bdb2136c2f56a971e66227154bcc94048c9624ae0cabf0a894fe665ef44be5eab44b3913dfdcfaeef771fff5fbd68e1", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230846, "uuid": "a0f89e3d-542a-4817-8f0b-846ac6cd03ac", "value": "T1829415012E29AC45F0E7BC3D246B8145CB9D5F33F70D72FEB664A74B49A03E9606B225", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230846, "uuid": "00a4bf03-0b30-4752-afa0-020b17d5df51", "value": "6144:9wBlbTnAJLOhjxOI+i6mseYc3V/1HTID5DfN3ABMMKv6tBXZj:qbTAJLSxOI+k7V/xIDJflUKyfZj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230846, "uuid": "c739aae6-a259-4776-8d2a-49a3dbed02dc", "value": 425984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230846, "uuid": "71f2066c-ba4e-4a65-a4f9-02689331cedb", "value": "application/x-tar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230846, "uuid": "0b6dd7aa-f7bf-4cd2-bd32-89f99b57c53c", "value": "PurchaseOrder 280181500 specification project 029452.tar.tar.gz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7409fa9f-7e73-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179487, "uuid": "4ae456a6-e1ae-4097-8563-8daa269b3a25", "comment": "Malware payload (AgentTesla)", "value": "6fd6881d4b82cdee9d23d82924709869", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179487, "uuid": "dd97a9af-6c68-4de6-be58-b47215c94e61", "comment": "Malware payload (AgentTesla)", "value": "25c530b318a7159e1e00c62791473bd92b8c8b6537f10c60d2f318b740adb186", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179487, "uuid": "531deca3-8cb9-4944-816f-89924261b9e2", "comment": "Malware payload (AgentTesla)", "value": "24d156bb7494fb5cfac55552a108c1ec8ff3060a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179487, "uuid": "9c1b009e-619c-48b8-8bcb-f81b6f91107c", "comment": "Malware payload (AgentTesla)", "value": "95a9363d6ba0ca23ee8b3a7dbd81825b2a9dfbdc7962be6fc479182425c524b4042fd3dbe2e62b18e98fbc64cd012bc0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179487, "uuid": "aae68964-0667-4020-88c9-5121a7862a54", "value": "T16BC42377B0C89133C82A45FB41B23DCD98B45A646D98ED1EEA1E46C3E2574C3D8DA4F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179487, "uuid": "9d60e1a7-2c3e-4345-a86c-266969627f2b", "value": "12288:7Uui8iSS/wGhyY/oIVywXPLRk02T30UnzselXyKdSE7QYz:7UuZSocxDPNkTYIzsItVQYz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179487, "uuid": "3c91b141-115b-4947-9ce5-1806f9dc8dd7", "value": 567425, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179487, "uuid": "ff7c6818-fee2-4cd5-9893-6e247bef803d", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179487, "uuid": "09333bb3-4751-459d-997c-141775593024", "value": "Order#586382_pdf.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24361aa8-7e75-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643180212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643180212, "uuid": "2367dfe7-8a2c-4673-a8e4-5878d978cd5f", "comment": "Malware payload (AgentTesla)", "value": "e8ba9115561561c88c68fa12e884539c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643180212, "uuid": "11f60a39-5f61-4c43-ab48-3c2227e63c02", "comment": "Malware payload (AgentTesla)", "value": "25c5abc8290a189bd8dbec2fccbcae7b8098f6f2fe07e74e19c9fb613cf632f3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643180212, "uuid": "6da82487-97a8-4217-a10a-78b2df527054", "comment": "Malware payload (AgentTesla)", "value": "770873181e8c2eaecabaec5567cc820bf2a3fd8e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643180212, "uuid": "1a33533b-2d62-4022-902e-ec8298aba912", "comment": "Malware payload (AgentTesla)", "value": "f99a0e89303808d493147061469ed70cfdbf168daf2f00348c52b8c14d8ac5c7419889415c9466c8c69b3700c2dba5c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643180212, "uuid": "89b5a6d4-80b0-4903-af30-606223497b37", "value": "T11405D12932E0C134D24D2C3588A575457B33F66F78D2FA64EEA2DA453FB97C4A600A73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643180212, "uuid": "d0be606d-7a6d-441c-84bb-68a537a7357c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643180212, "uuid": "c9404d30-7898-41a0-99de-0cbf463eb7f3", "value": "12288:xLdQ1m+uHwa2qlqo3cHOcTqbCXAFrMryMnHjs0s8CwQwL9qCV1wKxZ85J3Ub:5XFcTqbCXAF0yMDMNwQwdVqKqe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643180212, "uuid": "9a01b5d8-fa42-44ef-bd23-bf375fb4d912", "value": 837120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643180212, "uuid": "c829339d-55ab-4e26-8be1-825713b233dd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643180212, "uuid": "c2bc8b29-316c-4741-ace2-7ba6b1c96ac6", "value": "Invoice review.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7549c447-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643193233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193233, "uuid": "836ec63b-0b8f-49fc-a312-b7ab9f2573ea", "comment": "Malware payload (Gafgyt)", "value": "f1f6632f7ae03c49f57c899dcd4dc852", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193233, "uuid": "3d3c5916-a8f2-4102-b2bd-86710de18f96", "comment": "Malware payload (Gafgyt)", "value": "26262d0ee9d06da4a1d7b35decc99e610fd85472fad2039f375132ef49ce151b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193233, "uuid": "a72853d0-f266-4f0e-9be7-503d0c4d7f1e", "comment": "Malware payload (Gafgyt)", "value": "592b4dcb38796c6b51ed8967751c14a40ba7f046", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193233, "uuid": "fed4695b-25b1-4857-b966-925169b32862", "comment": "Malware payload (Gafgyt)", "value": "a6d33cc984bc32c2c6a2595d6961d72824580f12e0d99ec6a2b4f984e4ac34df2ebec3275f279a871070190aea2a505a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193233, "uuid": "19b9d0f0-2201-468c-b7b4-ba97d8b771e7", "value": "T1A6F31805D8905767C6E327BAF79E428D73231BACA7C7332149385EB42BC17992A7D870", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193233, "uuid": "54dca2e8-4839-4e3b-907a-095273ca706d", "value": "3072:8FfM8KdtpEeQOMS6dHuDtIa7pd3WhuWDSB0DpB45hLOIGOkyA87myMQBYS2jV7:UOxIa7/WhDp65hL/GOk987myMQBYS2jZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193233, "uuid": "2f6c6cdd-ba30-4563-9235-9e1b7f498a42", "value": 163944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193233, "uuid": "406b9dbb-4e6f-4c85-abd8-278656851f7b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193233, "uuid": "bf742e58-43a1-4c36-976e-bfed5075cbe6", "value": "Korpze1233121337.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab863e4c-7e9a-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643196330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196330, "uuid": "b4ebfad0-753a-4fe8-b82f-60f1b5035656", "comment": "Malware payload (RedLineStealer)", "value": "cf6429341b4f05febc7193dc63170f5f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196330, "uuid": "cd796255-16bf-4ff7-8c5a-25059c40463a", "comment": "Malware payload (RedLineStealer)", "value": "26953a9099b5f48341affe0093f9fa0683dca5f8816fcf023fa4580fbe7563cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196330, "uuid": "e0284b45-9ceb-4274-b14e-a5598064018c", "comment": "Malware payload (RedLineStealer)", "value": "98d2de6f9b917cebf972f667d613290a6c967951", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196330, "uuid": "b7546512-79e5-477c-9b85-2c9b95717600", "comment": "Malware payload (RedLineStealer)", "value": "75629d7ce96eac0d9765b27c4a8e25a9798284d15ff1f3726499fd9df882f445b55b3832d0b2c76701c26acb310be10b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196330, "uuid": "0e92171b-5e24-4f0c-9e9b-da9ec37bccd3", "value": "T131A4BF00B7A1C035F5B712F5497693BCA93E7AA15B2461CB53E16AEE57346E0EC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196330, "uuid": "0e6308fa-bb2f-4413-93e5-7eac5a99f4f3", "value": "57f1d018b3b215761fc2fe4109612642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196330, "uuid": "d5e01913-7099-4a1b-8c90-3bb61000d0af", "value": "12288:tU7Qd6KU+JNNYi5kav0L6UmXHjZydd+Zf5a:CGHjYi5XvF41", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643196330, "uuid": "60b75404-e621-4e04-bfdb-a0af1740f6c0", "value": 454144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643196330, "uuid": "f99d98f1-55f7-4396-9df8-75b12b8ef4e2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196330, "uuid": "39b2fdfd-acb7-409f-9003-49be30e6ea39", "value": "cf6429341b4f05febc7193dc63170f5f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3e8033f-7ed2-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220396, "uuid": "678a1ad2-c72c-4f4c-b560-60a5c49565ab", "comment": "Malware payload (SilentBuilder)", "value": "a4a6215eebcda9e66cbd8382112b710f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220396, "uuid": "54033ede-d397-4ddf-a52b-ac37d8a743d1", "comment": "Malware payload (SilentBuilder)", "value": "26db0ceadb7f634a3e619bea21280f2e94d3696393ca84d5a609e4b0545bc3fd", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220396, "uuid": "cd0bae47-0eb1-4e51-a3a8-71e2bb8b80b7", "comment": "Malware payload (SilentBuilder)", "value": "4a049968fad2b6d0e908d9f4f570747eb4b1dd7b", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220396, "uuid": "877f1c0e-cbdd-4a00-8048-594a84d30447", "comment": "Malware payload (SilentBuilder)", "value": "5726f767b8107873e36155f38842f909a126a14f14f6b0a3b5402c0dd022429fcd86941ddbfda550264b62493f194f2e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220396, "uuid": "d9fac008-e5b2-44d9-ba41-a2d712e7f69d", "value": "T1B8131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220396, "uuid": "66b45b85-9e1c-4c0d-88e7-7e216337c429", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220396, "uuid": "c0e57c1b-29d5-4c5b-9129-1ebb699bba48", "value": 45269, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220396, "uuid": "eb776f78-6414-48b2-a250-be3ed20557ad", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220396, "uuid": "43b00fed-ca72-4945-b3b3-b53bc19db4d7", "value": "tmpzwzxvv4x", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "460cfea0-7ea7-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643201744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201744, "uuid": "514fb71f-d8ff-4701-ac76-8d5b945b1770", "comment": "Malware payload (RedLineStealer)", "value": "06617e55f4c1a30bf1371adb48cc7ab9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201744, "uuid": "dd844c23-0e7f-479f-a10b-1632b0153b1e", "comment": "Malware payload (RedLineStealer)", "value": "26f1712b35647e5c63f52f4c9472e9430b76d0a82488e7a1daaff2e99ddabea5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201744, "uuid": "a7b1cc8b-ad4c-4f70-83e2-aacaac679ef1", "comment": "Malware payload (RedLineStealer)", "value": "87fece338ca1d84ce8559dac680e4b1e3498b77f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201744, "uuid": "601b87bd-432b-4d99-b5d1-2030db1aee87", "comment": "Malware payload (RedLineStealer)", "value": "4710f3b7412a23d95fa4dd04eabd289bfce16c3dee0631b6dfec100625b07ffcc67d53f2a258810499d8614bb96f8121", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201744, "uuid": "0dbf4a0f-e2b6-4809-9d9e-d6522f2c1ac2", "value": "T19CA4AF10BBA1C435F5B722F8067A936CA53E7AF15B2451CB63D52AEE46346E0DC3231B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201744, "uuid": "bd80a515-6269-437f-b004-7ca7ce04d5e3", "value": "4bcde812b040ca4f517d950272a8fa16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201744, "uuid": "12cf2076-ab5f-4a22-bc2e-3740e98e644d", "value": "12288:I4oQh2KO22xd3gGbW1Y8uRBTAUpQnjsselC/jYX:Hnp4d3gc+rGB1anjfj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643201744, "uuid": "391ed98d-d3d5-4dd8-8f7e-a2dc94735132", "value": 454144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643201744, "uuid": "65ea4d12-fdf2-46b7-8a17-f2e79c287776", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201744, "uuid": "bbc13dcc-fb99-433d-b6aa-153ff8e4d359", "value": "06617e55f4c1a30bf1371adb48cc7ab9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dff6c816-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643208015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208015, "uuid": "5440b30b-be77-4a24-8f32-0982181bd6a1", "comment": "Malware payload (AgentTesla)", "value": "fa07cfa82ad22d4fdbb48c3c06ca272a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208015, "uuid": "3bfd3344-1746-4f00-bc15-648dd93bb585", "comment": "Malware payload (AgentTesla)", "value": "26f6e54c3211549a7aca1d9166fa336bd19aadf6190b09c5a7379bb27d60dc23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208015, "uuid": "6c996f47-9963-4d2a-9d7d-c4c3807bb836", "comment": "Malware payload (AgentTesla)", "value": "c3649b3f809ca9a3940afb3faf2c4c20b06ab4f2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208015, "uuid": "d6102c9f-02a0-4247-b435-baf23d286e10", "comment": "Malware payload (AgentTesla)", "value": "f72936f8e5ed569706cac4eb4a681a80423e1fd8e3787db88a5af5c2455703d81becdb5c1350e9556ed671e0dac70461", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208015, "uuid": "5f53255e-3c9d-4e86-92ed-94b4843750d5", "value": "T1CB15BE27F44CC466D298497581CFB40C07F4B903FDCBB59A3E97F5066612B4BAA09A2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208015, "uuid": "06b7e971-3a35-4a83-af1d-92d0c61e022f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208015, "uuid": "74d5c490-2aec-4618-8827-45db47ef3cc5", "value": "24576:5B2ED89m1GvSvMtw8v+LLmtc92Tcx+nDlciJ9Ut:589m1h0SV/mtc+G+nDbJ+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208015, "uuid": "047207a2-fd0d-438e-b12b-944007d20125", "value": 897024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208015, "uuid": "d4955e98-55b0-466d-a429-f871b5347652", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208015, "uuid": "b2624f09-3e0b-4b15-8e3e-b1362f4ed357", "value": "PO-DSK12622011.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3be369df-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643221483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221483, "uuid": "54dc2525-0374-4019-bba0-6fe9df3b1adc", "comment": "Malware payload (SilentBuilder)", "value": "96e6fead6e30d4451fe32440e2824a7a", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221483, "uuid": "dac05c5e-d774-4b66-b838-a1110d18411f", "comment": "Malware payload (SilentBuilder)", "value": "2716f21bd0db27cccff7a6e92cd2d14b5c614b879b2c95890a2347ddd3195c99", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221483, "uuid": "969a7532-9d28-4044-b259-75851cf61344", "comment": "Malware payload (SilentBuilder)", "value": "a135068746ef1570ac94ce41d99a4f53b020cdd5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221483, "uuid": "47cf3c56-916a-48ae-ad49-3362f0be63ab", "comment": "Malware payload (SilentBuilder)", "value": "49dbbb9b82a097dcde89ef7b5137bbde5cf243b37a02410054cba42ccf53fc11d3fa95aa1a8032d102bb958f7b248396", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221483, "uuid": "b54ff93b-2b82-4918-912f-f96de9726838", "value": "T123131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221483, "uuid": "ac53e20c-9dc6-4bdf-8b3d-2295f88104e5", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221483, "uuid": "db2e8c62-0999-42b3-9531-326934309f6e", "value": 45137, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221483, "uuid": "022e4f28-bd06-4329-bb88-05d4092bf68c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221483, "uuid": "602e33e9-c328-46db-b1db-933feab45b08", "value": "tmpikmp91ln", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0eb12623-7edd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224844, "uuid": "53c1140f-101b-4064-95fa-544f5d065b55", "comment": "Malware payload", "value": "5f32e160ff8d2b56619a2d153471dbab", "object_relation": "md5", "Tag": [ { "name": "PowerShellSMTPWiFiStealer", "colour": "#5CE0A7", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224844, "uuid": "76efd0ff-f7d3-4192-aecf-64a72cf7fbbc", "comment": "Malware payload", "value": "27758ebd730c006268d4414a21db1b9dd63427eb56f8a9d498fea682fc6e55f8", "object_relation": "sha256", "Tag": [ { "name": "PowerShellSMTPWiFiStealer", "colour": "#5CE0A7", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224844, "uuid": "38b65679-0b32-4c90-b095-d7bf891752eb", "comment": "Malware payload", "value": "278832bd2be4f7fd1ef2b8d0f0ae5027bc150653", "object_relation": "sha1", "Tag": [ { "name": "PowerShellSMTPWiFiStealer", "colour": "#5CE0A7", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224844, "uuid": "dfe8f2b0-854e-412c-870b-d03f68066241", "comment": "Malware payload", "value": "16a5791acb4ae196e9874c0af491506a3b4ca39abe07f3f52667defee1287a3c8f44ea8830e38102ad4a956867432cd8", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellSMTPWiFiStealer", "colour": "#5CE0A7", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224844, "uuid": "5175e430-df32-4e8d-820e-8709735eb00f", "value": "T1F33165B71DC281260711E782B284582CE734940E8C83345CF2DE898DA0E0F972BCD2FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224844, "uuid": "23e34067-904e-47b4-8c14-3ac766e5514a", "value": "24:xcHU8fhPCkaP4mXjvTCkLKCPWF5w5GEGqBYZbxIkyyD++ETTTQ/Tviwdr:GHXfhexTvrtWFqUviw6yrb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224844, "uuid": "205c4c2e-963c-47a9-bd54-4d90afba6558", "value": 1531, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224844, "uuid": "5be7de63-f94b-48f3-ad57-6748f09165ef", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224844, "uuid": "1357f171-570c-452b-8e8b-8ac7f2762298", "value": "cpLyBpyK.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f8d7b2-7ea3-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643200188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200188, "uuid": "5e954c0a-2de7-4af5-b66b-382a6844a0fc", "comment": "Malware payload (SilentBuilder)", "value": "3154615c41a7718995ddb49eaff03938", "object_relation": "md5", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200188, "uuid": "10aee6ad-88b6-4738-ae9e-87a98c5e9dd2", "comment": "Malware payload (SilentBuilder)", "value": "27e400ec75a6391da1a8e47de2c24530a6d303361f3cbf525a106c35a9a58ea5", "object_relation": "sha256", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200188, "uuid": "0e843e97-7f14-44a7-b526-e5943d933ec5", "comment": "Malware payload (SilentBuilder)", "value": "8f72379c5db1013d42a018ce90eceb2344265917", "object_relation": "sha1", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200188, "uuid": "5b90144b-c2db-4314-a0fc-07bafb8f4254", "comment": "Malware payload (SilentBuilder)", "value": "e6a56f9ecef062c17414592220a0ca497fa99e3f0b8364892f0eab6ea402bcd3e18b25e7241470cdcc11c4cd1063f2ec", "object_relation": "sha3-384", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200188, "uuid": "71b120ab-ed9a-4329-a639-777846e1d44f", "value": "T17DE3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200188, "uuid": "1bd10d41-5a08-4ea0-958c-9e2931b184df", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200188, "uuid": "abe4e6de-f736-477f-9402-dc201be0d995", "value": 146634, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200188, "uuid": "5f4d2f3e-b3b4-4bb3-b3cb-632331d675bb", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200188, "uuid": "f0d6bb1d-7769-49e4-9cd9-4abb376b2fb6", "value": "Liste_2601.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04d23b6d-7e7e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643184025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184025, "uuid": "a0a48c5f-b1e7-416f-9c1e-f5bb7516f7e8", "comment": "Malware payload (AgentTesla)", "value": "7e669f7de1f4e8fa99a1c62547a2ff91", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184025, "uuid": "189f116b-54c9-4f21-b67e-ff7dbda7d912", "comment": "Malware payload (AgentTesla)", "value": "280ca704cbf28153c1de687c47e9457c403e756a4bc0ce0536e0de5a4ec35904", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184025, "uuid": "3948d27c-43c6-43f2-95de-eef68e6d8f6a", "comment": "Malware payload (AgentTesla)", "value": "aa84213db203dccecb6f5b6bc10fb30e33469cb0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184025, "uuid": "4ff626be-88d2-4928-9a73-f611f42dc8e3", "comment": "Malware payload (AgentTesla)", "value": "4e536c594367db95357a5015117f0ea1a68d5a4c7f55c7363f16cefc9b2f4b0b84b304b33b05950a6364ac8aaf2978c7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184025, "uuid": "9758bcda-7878-4370-83bc-65ef53de757d", "value": "T1F015BE27F14DC836D29D087681EFB10D43B8B803F9C7B59A3E9BF6097651B4AAA0550F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184025, "uuid": "a5432b07-970f-4a69-aee7-f1dac5209b5d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184025, "uuid": "54afa7a4-2349-4345-b637-9249d4e6977d", "value": "12288:N/Cm+cn7UnbHn+ko/DreT27ocJpjs0s8KwMywDEqgkw5QWoqfS+i5e3PZ/nzv4ZB:NqmOu5ocHMbwMywDEnkgd3PNzwZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643184025, "uuid": "54736132-8138-48fb-be8c-cb42664641ee", "value": 893440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643184025, "uuid": "300d4f9e-4488-42f8-8429-526da7e4cb47", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184025, "uuid": "d48ce15a-b908-43df-a50f-96017baba3f3", "value": "Rechnung_202112.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1329264f-7ee4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643227858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643227858, "uuid": "d683f8ad-547d-4823-ad20-622979d847d2", "comment": "Malware payload", "value": "1c282ce1d09ca397759558cbc52c9851", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643227858, "uuid": "8cb20e2c-3f36-440a-876e-9ccd70e795a5", "comment": "Malware payload", "value": "2829599ae0c4fc7cb707f4972dabf242a76b3990f38af8802cecffc2a6e1b460", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643227858, "uuid": "2a085474-458b-476d-93d9-74dfc091993c", "comment": "Malware payload", "value": "d414464cda31052bc95761acf68f5cb24c2bc614", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643227858, "uuid": "c061527d-899a-490d-ae7f-aca066216f1f", "comment": "Malware payload", "value": "d513904008ca0b2e02fbed0c7ebdb6cecf0f20803fa0c3a2c927fb945a187c431e0960d8b1132adf4b86be5bdfec258c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643227858, "uuid": "45666792-32d0-4775-b710-31c6b949ee98", "value": "T149B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643227858, "uuid": "3865fe8c-818c-4c1b-bf11-edb1b903ea42", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643227858, "uuid": "de6244cc-fea3-492a-88e9-ecdf02f20a57", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8S9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgj0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643227858, "uuid": "95f587d4-4318-4a23-9921-b88e3db2f693", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643227858, "uuid": "750a88bc-a1a2-40c1-acf2-d06dd2c76d08", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643227858, "uuid": "4fe32b07-7be8-416a-9054-783cb7394769", "value": "p6X1jL1.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d791caf1-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177077, "uuid": "17725ca3-da11-480f-ab95-c343cc1064e4", "comment": "Malware payload (Heodo)", "value": "581a1fc8d6cd990c6da21c73cfa63338", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177077, "uuid": "7c5a2113-fe50-4dba-9463-b9429c950627", "comment": "Malware payload (Heodo)", "value": "29a0573ce9ab660848e31e47c573bf9cbb41dcf134cab65a66a39441919bba38", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177077, "uuid": "50767052-d826-460d-992a-bda4f1949d27", "comment": "Malware payload (Heodo)", "value": "79898b23b4d60c2ccacbdf71eddf03c566426787", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177077, "uuid": "a7d00c27-1b61-4bca-82bc-be79ae00619d", "comment": "Malware payload (Heodo)", "value": "aabe49b25112e4329cf4d3e61aa7e048ecd55c13caf5ad78cacf13095f4ba17d8e938c0c5edf1eaec8a8d82f99de25fd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177077, "uuid": "a0254207-273f-45c3-ac33-bca6004d7559", "value": "T13CE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177077, "uuid": "d7b4c416-173e-4658-95e7-47aff950b36f", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177077, "uuid": "1d2fa6a9-e5dc-485f-abf4-5050a5769f38", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4loNACHKm2tkJV8u:o87vGJzomxhw4bKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177077, "uuid": "567d7b80-d175-4649-bac4-7bd2254afb0b", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177077, "uuid": "ff867846-9c3c-4e89-b3df-576462d8513b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177077, "uuid": "d417ccd7-8c22-4efc-9b26-71279c8ed638", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:31_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a56fa3c-7ead-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204462, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204462, "uuid": "b52fb9fb-8dec-431e-b0db-e5014dd34269", "comment": "Malware payload (Heodo)", "value": "bb3bb0518a8464c57a4ffd37390ec9b0", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204462, "uuid": "6b8e4073-496b-47fe-9107-2a11761fec82", "comment": "Malware payload (Heodo)", "value": "29b2e54beca5548a054b6f0f80c2cb010f1d36e1b8990e711b67f0fe7898d441", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204462, "uuid": "56aeeaa7-c6f5-4d50-8019-1b5b33164078", "comment": "Malware payload (Heodo)", "value": "a67c75b379c2802c067d2615f111aa7d503c7788", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204462, "uuid": "4f3cd252-be81-4416-a21a-90aa09d516bd", "comment": "Malware payload (Heodo)", "value": "2c578ff86360c2f8415587abf99304abe1e18835d8f1cccf725615932bed700c59be4fb2ecd2b24728a1c5e78c8670e1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204462, "uuid": "090cfea3-fd55-4fb8-bce2-6d6e2592d01d", "value": "T1F5D36B65A6C5E9CAC70523350ADA8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204462, "uuid": "30c5719f-5ca5-426d-bb2f-4dee0e591ddd", "value": "3072:WcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg5Gx0v:WcKoSsxzNDZLDZjlbR868O8KlVH3jehn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204462, "uuid": "b1a0f41d-cdf8-48a4-9382-1be08f74bbf6", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204462, "uuid": "537cdd4a-ae06-4d36-8daf-97a0c0e34bde", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204462, "uuid": "b326b15c-1c25-44eb-946a-276792653142", "value": "DE2022016536012871.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "758b365e-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155438, "uuid": "eb074512-0795-464c-8b7b-a842af75e6a0", "comment": "Malware payload (Heodo)", "value": "a5b8089d02845fea360b1e1bf9c62b08", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155438, "uuid": "cebbfc69-3e11-43f0-8b47-ecdb744d27d2", "comment": "Malware payload (Heodo)", "value": "2a3c7160d970f7917c7898163bd5f09206ac9554243149775498ce8d72851bcc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155438, "uuid": "1533f8a2-ee13-43da-bc94-e470b666845f", "comment": "Malware payload (Heodo)", "value": "9bfb60042975698fb9180cddc9c18d5f12b946f4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155438, "uuid": "204d8f0c-c18f-458a-a0a2-03d65d88c9b7", "comment": "Malware payload (Heodo)", "value": "364419358dd428879ca484de0aa5fe00a393e31d6476a596b236ca6ff8c4b84c55265dbfafa8ad598e09aa3ac0f39a18", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155438, "uuid": "c9a278ee-3d55-4703-a7c5-1925daba204c", "value": "T187E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155438, "uuid": "7e12cd5a-529e-4746-86d2-e60ef5093329", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155438, "uuid": "0d1bc85d-c553-4a39-9f10-eb70057d7a87", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lVNACHKm2tkJV8u:o87vGJzomxhwDbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155438, "uuid": "995c3358-12e0-4109-b7c0-eaad189a5313", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155438, "uuid": "44a01f2b-9f3c-46e2-89cb-e290d679a54f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155438, "uuid": "8258f75e-07a9-4747-a8a3-98321b4ebdaf", "value": "emotet_exe_e4_2a3c7160d970f7917c7898163bd5f09206ac9554243149775498ce8d72851bcc_2022-01-26__000333.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86ac1650-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643207006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207006, "uuid": "914644f8-ade9-4d96-8c92-2933db60ae85", "comment": "Malware payload (AveMariaRAT)", "value": "946f2f2d1f2c8f2c55e67511110fb46a", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207006, "uuid": "d86d9411-8240-4ada-9017-bfe0b3c93fd1", "comment": "Malware payload (AveMariaRAT)", "value": "2a6b466c8fcde63e05b2fdef50e6327db4a06c1297e066260a74a7fa958f6ade", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207006, "uuid": "d2bfd5e9-beed-4d62-8790-2e8d55cb48a5", "comment": "Malware payload (AveMariaRAT)", "value": "319d668068bf8e427951aedd5953902583265e9f", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207006, "uuid": "7df8aa5a-1fe0-4510-9390-deaa4cb3c681", "comment": "Malware payload (AveMariaRAT)", "value": "1343c11406e82020e05834104504ac44f2887d8ca248605a492b2a3423361443445100caa93c0a45737bc2de18b8537e", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207006, "uuid": "d3c78c20-f0c5-444b-8718-f70bd8df417e", "value": "T1CA65AC27367DC9E1F52C3EB6409A831403752D868532E60BEA8F3ED9DA73753C9481DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207006, "uuid": "d6536c07-c4d4-4f95-86a6-5dca41b6daf8", "value": "12288:oGPn7pyjD00IUvydX93nhIhXk0Q4UVUpWcAK/lTv76:o2ntGD0N3hZ4UVOWpK/5v76", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207006, "uuid": "2bdfc971-f7ec-4751-af46-6a3e094e883d", "value": 1486848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207006, "uuid": "83014b8f-8b51-400a-a722-5a9cec457927", "value": "application/x-iso9660-image", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207006, "uuid": "b315909c-45e1-428a-bc73-39cf7720a36e", "value": "Terms and condition.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "413fe1d0-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "758b34fc-2232-4021-b789-36bd78bb8249", "comment": "Malware payload", "value": "d38970f57a61bb1d2116e7e214ae7798", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "1bee585d-3847-49a6-99e4-6bd64232b514", "comment": "Malware payload", "value": "2a7ad6558014666b10424c2b4c7f4c6b095067ac2334617932e14d33a33c4b1a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "68774d39-2341-47c1-818c-528ab0e95769", "comment": "Malware payload", "value": "d827b206ae84e518ac8e0055ed7dee732ce9653d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "b15dce24-3988-4350-b377-8431fd4a2041", "comment": "Malware payload", "value": "2d7b79a5fc377e7e3b879fb8cfddf72341a395e49f14b73cebba60a0488eef016dfad55f00e93cb88af4016abae4f29b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "6ca66931-39bc-4a90-99b2-1af862267ede", "value": "T1DEB46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "a759c5b6-45ce-4763-ab22-ea3ee4ad899d", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "f3e897d2-bb3e-44c1-b9c4-6a3f8d955a04", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdtUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQQcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232230, "uuid": "6d6a761d-d6e5-405c-8fa9-c3ec9715e6bf", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232230, "uuid": "6b63fb9c-f76a-4c75-880c-e4d01f5eedf8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "e8f0381f-2c7c-456c-b2ec-d8fa7f3c9d42", "value": "emotet_exe_e5_2a7ad6558014666b10424c2b4c7f4c6b095067ac2334617932e14d33a33c4b1a_2022-01-26__212334.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "864d80e8-7e72-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179088, "uuid": "f40bc1aa-f21e-4c32-b3aa-276238ef4230", "comment": "Malware payload (AgentTesla)", "value": "8bf65346080e276cae32d435f5fda02f", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179088, "uuid": "8af0128e-2ba4-420c-b389-1ecbaf23d61e", "comment": "Malware payload (AgentTesla)", "value": "2a878094a5a9f90e11eb8131bbdd40c09497894e6984d2ab4914811d65dfa7ea", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179088, "uuid": "de04760c-7ad9-48d8-872e-6ef0343bacfc", "comment": "Malware payload (AgentTesla)", "value": "fb2ee220734006a5b0cc9548419e9254bf7a9ace", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179088, "uuid": "32da76af-ceb7-456b-ad2d-8966bc529b02", "comment": "Malware payload (AgentTesla)", "value": "a5fccb36b0b1afc94466921d34938405df1d8d48a6525ca851c5075bebb981310c027c465bc7184667959ac815dd62c3", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179088, "uuid": "2bb09f41-9619-4de0-b730-ed6d51084aee", "value": "T174C423B5B53502FC5B29D22549B1196CCB6E1A92C2387C33AB0E853C64D2F68D2DBCDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179088, "uuid": "3338e97f-1e2a-4b3f-a2ba-66ce569277c0", "value": "12288:9dZNb1bTudsQM+SSjTJwEXuCfWcqG26negvj7VvQYFmgNyWfW:xNmM+VwzCugBNvnZpUgoWO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179088, "uuid": "4dc597b4-1135-4f1e-86b5-85db51624ea7", "value": 583750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179088, "uuid": "ff3d147d-0f0b-46c0-997a-35c40e74d412", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179088, "uuid": "7703b27a-b031-4a54-970c-30078de3ec24", "value": "MV AMIS WEALTH CTM USD 40,000.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1882bbf-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177040, "uuid": "f2e2622d-1d3c-4bd3-a49f-7600feecf0c0", "comment": "Malware payload (Heodo)", "value": "80b667f5c66c230b5b176f3c55201793", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177040, "uuid": "dd025899-1e3c-4f6a-ba4e-f1632e1a709a", "comment": "Malware payload (Heodo)", "value": "2ac5c9fb1b46534ef9cd44cb45949586a79997be925b1be3da1110a20be61dd4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177040, "uuid": "fac22f0b-ea1f-49b0-8ea7-0cb4e1d12644", "comment": "Malware payload (Heodo)", "value": "c041db31d9c16db4827c4306574cb40c0866bf71", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177040, "uuid": "1e8ebbf5-e7e7-496a-b137-d2edb151447b", "comment": "Malware payload (Heodo)", "value": "1fc0d3df82978dccf39380f9cfe0d6c3dbf70b1d3ba0d9d0bd4e23d41f58149f40803c20407203c5695133a3823c3bcd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177040, "uuid": "9efb83f3-bd46-4aa4-b4b3-f6ca3c323857", "value": "T1BED49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177040, "uuid": "76df2988-0ae2-4de3-bf2a-995a8a546bc3", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177040, "uuid": "ed7d78b8-7631-4c39-86c9-67a1aa9d166d", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm1Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm1/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177040, "uuid": "62d79316-8c63-4a45-869d-6e29146e486a", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177040, "uuid": "95708843-f5d7-4a3c-aea0-9ccdfb1f31fd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177040, "uuid": "e213d403-a55b-4996-823c-eea3a23b871a", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:33_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2af5541-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643199429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199429, "uuid": "6aa474af-9255-40e1-9e40-b0e94fb6b582", "comment": "Malware payload (Formbook)", "value": "c5b0c2d5d791b026d6e300c33d68ea9d", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199429, "uuid": "c6393c71-9138-4f85-91a0-3ba4d373dc3b", "comment": "Malware payload (Formbook)", "value": "2ba23fbc5dcce0052b50f2a124a41d4d33140038882aa89941eacaf8e3947624", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199429, "uuid": "35381751-add4-4ba2-ac3d-4144edbea1e1", "comment": "Malware payload (Formbook)", "value": "b994e2c20ad64c5789d312a5214c71864ee811e8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199429, "uuid": "58d21c74-87f3-4b2e-96bb-f967d47b2542", "comment": "Malware payload (Formbook)", "value": "729a57a1fe854820d9b17f40194421ac127ecd7daf2981531f69bf495195b2fd09a9f05b30a1ad11a22062eaeaed1c1f", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199429, "uuid": "d120a46c-5b9b-4ee4-bc8b-177e2d127c96", "value": "T1659423EC8AB922D409C9B5709F290990F7790FC7982566DCC3C12F2A27DE0D7A6578F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199429, "uuid": "89d467cf-dca6-48ab-b439-7eb870c25605", "value": "12288:rI9FrJWCls7EWy4dt5OcC2DK+xXVWZdhB:rCllsTDp3ZhXQdhB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199429, "uuid": "485690d9-da02-48ff-bab2-3803c3e2b666", "value": 439968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199429, "uuid": "cd52dc21-797a-471d-8af5-2e7d095ddff0", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199429, "uuid": "babf6b07-da16-4b5e-82c3-5f18987ac144", "value": "SWIFT. UNICREDITGROUP.PDF.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b02346cb-7ec4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643214377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214377, "uuid": "c98cc21e-899b-411f-b304-94acf161f745", "comment": "Malware payload (Heodo)", "value": "39dddcdbad5f2753e504f507a021b9c2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214377, "uuid": "272f6e71-efbb-4b0f-bacb-65de90218143", "comment": "Malware payload (Heodo)", "value": "2bc6bb7a0edbdc5f5c415f971f493b02b3e60fceb8381201d589727974cc27e4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214377, "uuid": "b3c01aa6-764d-4439-a759-629a3abdf63b", "comment": "Malware payload (Heodo)", "value": "698c3b0e382a564f648bd3683ca2866dcf258bc9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214377, "uuid": "4265e857-12ef-4461-8d0f-d77a8c2e5960", "comment": "Malware payload (Heodo)", "value": "8680f79a7047065b7b4773f6e47c6411023b6cfb7a7ba788050d65c1e856cd990cbdf0216a56b2cb79d8576c8c364248", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214377, "uuid": "e20fe7e9-a5ca-449e-9274-484c9a453fa6", "value": "T194E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214377, "uuid": "5923c8f1-1ded-47a5-94b7-b20576e5c9ef", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214377, "uuid": "c77e4094-b35c-4128-9313-411d72f51efa", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orI3G0Bv1tgV:RpncLJZA2LwpJsNtZUWeGWOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214377, "uuid": "f117649c-89c7-4c86-820b-c0ac2ca44d01", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214377, "uuid": "78cfb07c-eb3f-4c50-9eb9-948766de495a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214377, "uuid": "9d67f014-0e2c-4fe1-9739-16d48b78ffb1", "value": "39dddcdbad5f2753e504f507a021b9c2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c1a5307-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643210236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210236, "uuid": "49f1d230-cbae-414e-be14-2ca977b10672", "comment": "Malware payload (Heodo)", "value": "18602da59364e62a42cb039abc19afb2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210236, "uuid": "a1d50404-6ebc-45c4-8b26-02c87a7cd1ca", "comment": "Malware payload (Heodo)", "value": "2c04f7291ee2aa3df0cfd0597d9a3d6b8eabf4da9be10841cb62382b20e0b1e3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210236, "uuid": "6ac960a2-d604-4334-afbb-f9fcb38cdcd0", "comment": "Malware payload (Heodo)", "value": "1bb19c15a14378747377d1d42e35642875248367", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210236, "uuid": "af51058c-f1fd-4fa1-b5cc-40b2be66664b", "comment": "Malware payload (Heodo)", "value": "5d681fc447234c1bf5dc658a023971c81bb04d9373cda2446e87841d18189d7b1ce4b665895e185f0f40907568b621ba", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210236, "uuid": "216a67cd-2e05-487f-8465-494d1a469b05", "value": "T1A5E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210236, "uuid": "0808532a-75a0-4d8a-be9d-277aa7d50f72", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210236, "uuid": "51e4c913-71ab-43d7-8f68-df9b733463d8", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIAG0Bv1tgV:RpncLJZA2LwpJsNtZUWeG5Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210236, "uuid": "8a4fad24-55af-44bc-aa1e-f85181381b29", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210236, "uuid": "5a6efa42-0038-464d-9a23-2ee7b1ab09e6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210236, "uuid": "89b4d81f-40f0-421b-9648-f3f79a462743", "value": "18602da59364e62a42cb039abc19afb2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16dd5bfd-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207677, "uuid": "3fe5a6e5-d311-47d0-822b-c354a27c3d37", "comment": "Malware payload (Heodo)", "value": "5c8636927cdb7c3fe3220eead649cc26", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207677, "uuid": "e7da7d77-849b-4f6c-921d-c64f00545a7f", "comment": "Malware payload (Heodo)", "value": "2cbcc4e8e8b43aafcf475a564e64f4b35b8558549163cef89f57350a89d4af8b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207677, "uuid": "1d3a062f-101e-4faf-8614-c72d0c685052", "comment": "Malware payload (Heodo)", "value": "2bec9fe0aded937bac0965661afc246c7fb50aae", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207677, "uuid": "fecb68c6-c6fe-4ccd-9b87-83712fdc664e", "comment": "Malware payload (Heodo)", "value": "60ef4e6297443aaeb0b8be50af61e3a348d7b493233ba4e188ea1c48dcf485507b9f7b333790bac3b0369dc6978c90e1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207677, "uuid": "f32336cf-a0c3-43f6-ac05-a4036e9164f1", "value": "T141D36B65B6C5E9CAC70523350A9A8BEE33676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207677, "uuid": "df39caa5-8c1a-493a-9e0f-8e2e8ae05c3f", "value": "3072:IcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0f:IcKoSsxzNDZLDZjlbR868O8KlVH3jeho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207677, "uuid": "fac44c6d-3e2c-417a-9db7-4bf1286eb63b", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207677, "uuid": "50f752b5-484f-4d51-904c-7aca73284e2a", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207677, "uuid": "60f440c0-55ac-47e5-b864-16c55b047ef5", "value": "tmpbcdtezm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8108b0cd-7ecb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217304, "uuid": "ead44d88-4903-47e9-8f62-23d2ec1fbb2f", "comment": "Malware payload (Heodo)", "value": "1830cda21c3a0e994810bb259ef1f916", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217304, "uuid": "27ba922c-7730-40ae-8174-f24b43b7bb31", "comment": "Malware payload (Heodo)", "value": "2ce857ab9f21a1c1437525d6f23f030e59bc56f2e5c2393e47a50533f5ec6f82", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217304, "uuid": "34f29466-9fc1-45b9-989f-e0c1065ed052", "comment": "Malware payload (Heodo)", "value": "ff47df571f175115808077d483bd9a398e43ff92", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217304, "uuid": "f62c77b2-c8b1-4510-a9b4-5cc418521676", "comment": "Malware payload (Heodo)", "value": "f8864466ae0140a88834c812caf193a62e9a4959ddab6e6eba833341600a871147e687b80e11a300bd5ef6a41803507d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217304, "uuid": "a9e7606e-041c-4dd7-bff4-f6405cd50913", "value": "T15AB37C3AA185BF5BFD8B033D4C5245B9671FBCE47F9F5223128572102AF8861762623B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217304, "uuid": "03f97336-f1aa-4a3e-bd70-26be0ce24d92", "value": "3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217304, "uuid": "258cd170-60b7-40d0-8862-89264b18e23c", "value": 107812, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217304, "uuid": "16024a90-9d66-4924-b306-9e8aeeb69d25", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217304, "uuid": "3178adb8-2426-4d80-be7b-0bd71d19dc97", "value": "14252_042968107.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7a89b3d-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643230308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230308, "uuid": "cd8c9279-fe04-4901-915e-242a71e04357", "comment": "Malware payload (Mirai)", "value": "6c8f1ee806bb7a2bd00b0c096fac77f8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230308, "uuid": "e4dc4df5-05d1-4afe-98ab-6d471baacf21", "comment": "Malware payload (Mirai)", "value": "2d07960e819d10a92f4cd40030dc6947a7dd97d0d1a3fce7081db4295acec213", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230308, "uuid": "0f8ba86c-c25c-47a5-b28f-dac9936dbbdf", "comment": "Malware payload (Mirai)", "value": "d7ef7c83100c90fdda25e7a17d9b8acc0d0f8551", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230308, "uuid": "89834fdf-3eab-4699-9543-4ac8fed1ca8e", "comment": "Malware payload (Mirai)", "value": "2c992329edefc57d60582e6c4e933dd1f4d6cc6bccdb6d521f6d51795fc003faa6e270ef72c0d7ae3a648a4bbc670b55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230308, "uuid": "d1712382-8751-41c3-89f4-257098beeef8", "value": "T1CBE2E19EF5A9D8A5C8E84E7D84C953611D02E18730AFDFB9A3244F54331810EF95E47B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230308, "uuid": "1f9e00b8-db74-4ab7-b0f9-5643bc6eaf0f", "value": "768:IrRKG+yWmYI0V30R1yGzu6sBqtONPYVLmKYp5imGqWH:IEGfbH0c1yodsB2ONPYVLsX9c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230308, "uuid": "ed30b855-94cc-4ce7-9108-a6cc820feb15", "value": 33988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230308, "uuid": "967cd736-8054-4035-83dd-d33cfe904b01", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230308, "uuid": "7f0adac3-2bec-49e7-9b5e-9410419fd8fd", "value": "6c8f1ee806bb7a2bd00b0c096fac77f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a296cc9d-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643198033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198033, "uuid": "4d7542c1-3340-4096-8ed0-b9f6ceb4a0b8", "comment": "Malware payload (Gafgyt)", "value": "dafb11df4aae86b8ba68a2116393f0f8", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198033, "uuid": "149a831e-d992-448e-b37f-75fa5151d926", "comment": "Malware payload (Gafgyt)", "value": "2d611eb87f0686989079b3426197ee633559c65e43354b0104f62b2f7cd138fe", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198033, "uuid": "6cc75296-50f1-4d5c-a2d4-bcf833c07e2b", "comment": "Malware payload (Gafgyt)", "value": "2546d69fe3c074c1e93602635b585e1e4fd911c8", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198033, "uuid": "01c2802a-4154-42ae-9606-7dcc6a2855aa", "comment": "Malware payload (Gafgyt)", "value": "e438a05a146fc0442711dfc166de3ec6c062998beb231ae9d916a337e6ecb4e7838fb826d7aa8779097619a8583849d9", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198033, "uuid": "4018aeee-b6dc-415f-9e13-dcce72321966", "value": "T174C31905FD404B27C7D22BBAF79E438D773666586BD333115A296EB02FC1B982E39160", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198033, "uuid": "15021a65-0fcb-4515-b27a-1c0fbb9d6f2d", "value": "3072:4DJDZ+6lJQTnoo3jKiXb6DwXgh5hLNF9u+CyhAnjqojwQQRh6RYAvZR:4Gb6ygh5hLNF9u0ojwQQRh6RYAvZR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643198033, "uuid": "51bbb444-9670-4e1f-9b99-911a88d2012f", "value": 128317, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643198033, "uuid": "5f88b8fc-ae20-4e98-b136-07529d0f187c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198033, "uuid": "f88c9dc9-1a28-4d59-97ee-aecb0317a636", "value": "assailant.arm4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de6c63e2-7e8b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643189973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189973, "uuid": "9f8868c6-7141-4900-8807-fdcf164df5c0", "comment": "Malware payload", "value": "3e20516e82fe126a3210dcaaa08bcc26", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189973, "uuid": "c376a593-c8bc-40c1-a379-ba8e79e1de9f", "comment": "Malware payload", "value": "2dc88fc086f7d47063b867db93b1432f2eb700ca64b60f1e806100d68bfd1daa", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189973, "uuid": "0adae391-0886-483f-9db7-966931945d57", "comment": "Malware payload", "value": "708a19e751483322f8ec0d21475bcb8729e5fd9b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189973, "uuid": "74a0d126-2962-44b7-adcc-ad4b77836b30", "comment": "Malware payload", "value": "1528cb94f10ef88a66129bff20dd70c1a7dfdc78c86ebc2b3082e064f5911c38d6689692681f13d904d1e61177116b73", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189973, "uuid": "a6ac7c5a-826a-4a9f-a390-8174d69a1903", "value": "T10771EB0A67E846A7F4B347346EF3471277B5F8609FB3931E1A80522AAC616740D72FB4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189973, "uuid": "d62bdc9b-a1b6-4fb0-b8ae-931cae2b4d1f", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189973, "uuid": "4d42e299-711c-4bb2-853e-c67f66994022", "value": "24:etGSzm8OmU0t3lm85nt4tdalqQg6A5LS41lI+tkZfkeBiZ3VUWI+ycuZhNf5akSE:6zAXQ3r5eXa1XxJzOF31ulf5a3OSq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643189973, "uuid": "965ccd07-ebdb-453d-bcf2-9941464f25a4", "value": 3584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643189973, "uuid": "d8891ad5-4b59-4b12-8104-b4050240e6ae", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189973, "uuid": "accd1c7b-1171-48fc-a109-7f1bf7d8e61e", "value": "hfm1mvp2.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "581fe728-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643207787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207787, "uuid": "a96c7104-bfba-4903-af6f-3d0172086302", "comment": "Malware payload (AgentTesla)", "value": "91cf8ccaf88daef78065111ccce61d3b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207787, "uuid": "de705719-a182-450a-96b8-749c9a471d44", "comment": "Malware payload (AgentTesla)", "value": "2dd50c5fe2c183b8e3ae0af4e6b41b27b140870412fa6468fe611c9c11a20cbb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207787, "uuid": "e3d9e389-eea8-49a6-8df0-f4f707118b2d", "comment": "Malware payload (AgentTesla)", "value": "400d18a24c7e9a6428ffeff0c86242a6f631b7d5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207787, "uuid": "c9ef4ba6-e5c8-4239-9bc2-e2b0af6f3ffc", "comment": "Malware payload (AgentTesla)", "value": "f9a38758e3ae612ddfd1de9d3e12d9c76c2356a6b54970d11c781615f096a061f2e603f665078d1297369c18216ceb09", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207787, "uuid": "135c0530-381a-4508-a16e-d70245a05d7a", "value": "T1EC15BE6BF048C83AC29D497581DFB14C43B5B803B9CBF5AE3E87B5096651F869E0624F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207787, "uuid": "64afa1e0-6f39-4db9-8fab-bb3fe7b26f9d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207787, "uuid": "59efb437-8182-4846-98b2-27d98ce4a755", "value": "12288:Wz7Zw3/UkUrP49/LAy7Ppm+oLHmHpjs0s8FwoenUv8cwFQZFnNhzVU+EzS/RqUYr:s7Z8R/jXMwwoeUvZWQJxVIzA5Yz4BS9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207787, "uuid": "ca05f9e8-9a53-43e0-a7ef-fc47b1fd784a", "value": 903680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207787, "uuid": "beb14aa4-9846-48b7-b5c0-9c22725d9001", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207787, "uuid": "ecac97e7-863a-4a27-b9dd-1cf74823e4a6", "value": "oLquX9ICDs2B6z6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e809356e-7eb7-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643208887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208887, "uuid": "ca4cbc9e-479f-4db1-ac98-9911a2b297c4", "comment": "Malware payload (AgentTesla)", "value": "35daff8947cf4a88d744087772908bec", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208887, "uuid": "fed1bed2-2895-4b2b-bd02-017de0535cf7", "comment": "Malware payload (AgentTesla)", "value": "2de473330c30d5c9bdd75c84a7cc5d58cde341a9e2fe43f5eff9901669221f70", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208887, "uuid": "936d9734-130b-432a-9932-3d25c3f53699", "comment": "Malware payload (AgentTesla)", "value": "870336cc2358f606b7e0830982db98ebca520778", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208887, "uuid": "367ec55e-8252-4d4d-ad89-4c413be480c0", "comment": "Malware payload (AgentTesla)", "value": "6bf18e9a8cd751f0f20b4bd213b637a12a44fe797152e827529628cb7f3cf21c8fc8350d11db685afd27944c6e4c46a4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208887, "uuid": "6be17eff-7e63-47b3-ac7f-78ca34851ab8", "value": "T12215AD77F449C826C29949B641CFF40C43B5BC42F9C7A99E3EDBF1096632B869A0560F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208887, "uuid": "a1200d2c-928f-46f1-a788-3da95c917cb4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208887, "uuid": "5df82ca0-f0f9-449c-a44b-3c4f6f0dd33d", "value": "24576:8XxNZzOdpF+L+wMTwXKiY9aH1uFufVtDFBP:M4hB0XeaHxfVJP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208887, "uuid": "ee881852-11f9-48d6-9853-04ddace2d47b", "value": 916992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208887, "uuid": "e5a4df87-da6f-4683-bbbc-45e8d9840071", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208887, "uuid": "8b7bdf40-58f1-4971-9746-0d6d2d39254e", "value": "Cotizaci\u00f3n.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61e912ec-7e80-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643185040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185040, "uuid": "6dd6db71-42ef-4319-aeaf-41c2c4fcfd02", "comment": "Malware payload (Formbook)", "value": "f7c0bc31aeb94707cdce8cf6abd4f099", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185040, "uuid": "accd3058-8cbb-4f01-b4ec-7d231db0198f", "comment": "Malware payload (Formbook)", "value": "2e3edcdf1ab052a2e0fbd8ffdaf213876b3571b23ff74f5e157ce24a1155be81", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185040, "uuid": "ff677f05-2f3f-4af8-bb73-fdd24b8bdaa5", "comment": "Malware payload (Formbook)", "value": "82725d581ae393a4fc5961f911e338f7a85e9683", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185040, "uuid": "571aaf78-01e2-41c3-bf6c-6502731ff1f2", "comment": "Malware payload (Formbook)", "value": "d6de1560a5c5349c879a69f667477ebdd76012ce067ecd370a287bb47d77ad126c763ce78239fb00e48f3a73355da78e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185040, "uuid": "e1992c42-a810-46fe-8159-d85f01ccd491", "value": "T13F44232451D8A4D3F14B1E72597EEB6ECAFDF3482A130A9B57140BB95C06BE2940B7C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185040, "uuid": "a3fb7268-dabb-4a78-8fa1-21028b489d4a", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185040, "uuid": "7af0b6f0-b0ed-4f87-b8b9-82ae197c311d", "value": "6144:owzr0xlKY0/lxOqVCeD1odfd4mfAGrAcom8euwt1VA:Xi0lxOqVCOU4IrduqC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643185040, "uuid": "943ce0f4-1af3-439a-bd9b-cbb84cc70a0c", "value": 254192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643185040, "uuid": "1a9f7f44-c260-4a81-9a2c-f4043ec29b87", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185040, "uuid": "5c7b19b3-1da4-4967-9da3-f77d95a3e1a0", "value": "HIRE SOA JAN 2022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9fe9001-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "35201693-a457-46de-9725-39b0010945fd", "comment": "Malware payload (Heodo)", "value": "13b8542b894290e31db23db863b185f7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "61699851-5b3b-467a-b83e-553126ea569e", "comment": "Malware payload (Heodo)", "value": "2e8c8666062eb6d33eb03513227bb3326878b32bd422b46c9e10604b14252950", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "1556f26b-de2a-45bf-a3b9-5b604d519723", "comment": "Malware payload (Heodo)", "value": "277059c7b9b04c759ccb5ef0d0c77ea9c3c45ca5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "0ef388c7-6747-44d3-968e-7f88a5a2c65a", "comment": "Malware payload (Heodo)", "value": "a970dbd4581db05e1acc0cfd0c972d3873d258cd243ac0ac2a545910017235bcaa02634d13cc1c64bb4551d41fa9cf1f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "b47acbb1-f9ab-4909-a386-815b758f6477", "value": "T1ADD49C2233DCC8B9E0AE1D3D290297D523E8AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "2e2bd07b-6b4b-41bb-b807-a71b51f67fff", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "e2ac8324-d474-4181-8b52-1e5795f6e805", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm9Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm9/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155579, "uuid": "ee9314de-f5cc-4fbe-96a5-c5190562c4c1", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155579, "uuid": "90072392-3d82-4611-b7a0-991836f4cf6a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "32e3a90b-1a44-464b-82bc-32ff4cf13f9b", "value": "emotet_exe_e5_2e8c8666062eb6d33eb03513227bb3326878b32bd422b46c9e10604b14252950_2022-01-26__000606.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "402878d3-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206029, "uuid": "05fdef94-f9df-4ea9-8485-ab4ccaebf8a3", "comment": "Malware payload (Heodo)", "value": "a2f2e1bff9a0f4b41e363bbba3b7b9aa", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206029, "uuid": "0910a9f8-5c6f-423b-b303-17a87c948050", "comment": "Malware payload (Heodo)", "value": "2ea8fc85de9890897c65c05a539ee9cd385b561c21d34c347a7dad3e5a652b20", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206029, "uuid": "7ece1d7b-b0b4-486d-848f-188cd0ebaf70", "comment": "Malware payload (Heodo)", "value": "62aec02c69c287fcfa934014aea6b264ab8258e5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206029, "uuid": "eeb42ac0-9f6d-480b-8820-b397ab50a8ff", "comment": "Malware payload (Heodo)", "value": "0638a0cebd7b9e4200b678d49c9d4c11b2c557277dba921abf9ff9f9c556b30c57ab9bf067c6651ebcb66d18f8bc5e0d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206029, "uuid": "ab5e209b-3563-4172-b58b-be6f3fa541a9", "value": "T194D36B65A5C5E9CAD70523350ADA8BEE33676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206029, "uuid": "b337563d-c9fb-41c9-a72b-2039137c95a5", "value": "3072:wcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0V:wcKoSsxzNDZLDZjlbR868O8KlVH3jehW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206029, "uuid": "f43e3c12-cfe4-4cb1-9b19-bb30d4583dd5", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206029, "uuid": "59c46681-7f15-4d89-9228-904922e783d5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206029, "uuid": "187b3507-523a-4e76-929b-92a2204f4f59", "value": "JX-3263 report.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4322a9c3-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643206893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206893, "uuid": "c40b6bc6-c3a6-4f0f-9b50-2ac9cb4b67eb", "comment": "Malware payload (Formbook)", "value": "bd72deb83b2827ca90cb7215c8ce9e32", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206893, "uuid": "2e09d043-b5b7-46bc-bfd8-d43d58d50b8a", "comment": "Malware payload (Formbook)", "value": "2eab01911fc932ed38535c3953d6391f4534196a5f7fb6356780dffa4d61be6d", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206893, "uuid": "7d02cabc-1c5d-452a-bfc7-705cb91eeaa9", "comment": "Malware payload (Formbook)", "value": "5d1bcef117e9b854dde94183cb5bd35ba4fb396b", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206893, "uuid": "ec32035b-d717-4211-b43a-ae468fe64d1e", "comment": "Malware payload (Formbook)", "value": "ad3dae285db6c561f05e5a7b89e58d30bd91eb708ccf0cfeac0183ac2189cbfee4b703cec295c67ed40efbece982d83c", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206893, "uuid": "85557dd3-1bda-4edb-9a2d-c7be32a33ac8", "value": "T16C141250779AA1E7F94F3DB48EFEE564CA26EF925F342241AC963548E037C8460DCC62", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206893, "uuid": "cb3420a0-b051-4cc8-91c6-7e69461991a0", "value": "3072:OH3GJDWmR3hrXNrctRHz6Pi9P3D0adUqHlRZwFoF2rZk/0CIlq/GoHldpKavx6jK:uaDhR3hrXN4DHOPil3DzUqFYFpk/jD/H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206893, "uuid": "4894aff9-d11e-42c1-b33b-4604f1dec92f", "value": 191448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206893, "uuid": "4aaa55d7-e000-4837-8d16-4c8d6c370e25", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206893, "uuid": "74f2fd11-200c-426f-a28e-c39f16a84c6a", "value": "W6905.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c434990f-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643207109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207109, "uuid": "8abee69e-2af8-468c-8f77-6e889d414e86", "comment": "Malware payload (Formbook)", "value": "ccc2490450e1a7874b0afe7a6750a277", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207109, "uuid": "c88722d5-f7bb-4281-81cf-eeb609235258", "comment": "Malware payload (Formbook)", "value": "2eba3f9d82559ae0f8d15c141d3844ad3ae4e98c786ab6720506ab3e80565d8f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207109, "uuid": "f87dae64-591a-4e17-8cd9-37bd2795df61", "comment": "Malware payload (Formbook)", "value": "ad494f6c6d34232ed4126895daa650e7967e4f09", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207109, "uuid": "fc3f7502-e72e-4358-a166-7b8c27925cb4", "comment": "Malware payload (Formbook)", "value": "29bc011ff88a51fd5bea8d5c8b06655b0e3c9d9c089c3dc09dea18588763e2aae1070cc40733cb3f0281cab93cd79bc7", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207109, "uuid": "2f273e1e-ac78-4455-8f8f-c5559723ea5d", "value": "T15494BFF23D5C41D5F86F1271BA1EA86626E17C2FEAE0340A515FF41BC5F231602AE61B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207109, "uuid": "9994ba35-a59b-4c5c-8af1-d0700637f75c", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207109, "uuid": "1241f34b-8b40-4be7-bf06-9290db134f9f", "value": "6144:NwW3I/rWDFjcBRTTr41wxnvDyrJEdscKL895CCgyb3fvoeFg6z4mT0A:L3IrWDMTr0wxvDRK49MG3fvoeuwdIA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207109, "uuid": "4299dc19-b5a0-4228-96cd-d24059541a47", "value": 422445, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207109, "uuid": "d9820e08-edb3-442f-84f3-fc1bbce74452", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207109, "uuid": "ce2625cf-5341-46e7-a178-1c6577460402", "value": "DHL OVERDUE INVOICES.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe55e0a7-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224816, "uuid": "20969bf4-e97b-4eee-ba62-b67e51e4f903", "comment": "Malware payload (Heodo)", "value": "bb762a76d14e91597fe833db3d056bcb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224816, "uuid": "6b88ab83-621d-43bd-896e-71ff84ec823d", "comment": "Malware payload (Heodo)", "value": "2edd8f9dc4624ba6db34cd9b5d8f3308378f3642f64c4bae2435df945cadc3ee", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224816, "uuid": "b4a2de3e-98f5-45b8-ac74-a3abfe136028", "comment": "Malware payload (Heodo)", "value": "6d116e183c3d9907cb9b8ddbe5fb6938b47d21a4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224816, "uuid": "a16408ff-ab11-4a6a-b1d9-716a0c1be068", "comment": "Malware payload (Heodo)", "value": "9e1a86a0c64b3fa5003a9f0d765cdfa4569493f1ed2f9ba51217155e6196763bdac0c44a5fb7fac5f4545197230ae10c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224816, "uuid": "b9d308af-a678-4924-9d79-7ed9731db2e2", "value": "T17BB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224816, "uuid": "4a095453-be5a-410a-99e9-2ff824aa3632", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224816, "uuid": "9bf54c41-47a2-48a5-8d81-3926f8cad5e2", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8X9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgO0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224816, "uuid": "b8ea2bb2-76e0-43ce-a48d-c07acf9542a0", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224816, "uuid": "af3b7a61-bd5c-4102-801b-1de5c4d7f33c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224816, "uuid": "171e9303-a222-4e0b-9b1e-fac7b3ddc502", "value": "emotet_exe_e4_2edd8f9dc4624ba6db34cd9b5d8f3308378f3642f64c4bae2435df945cadc3ee_2022-01-26__192006.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d95b78c0-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230338, "uuid": "043083b0-d7e2-4ab1-97e0-7df8c77635ba", "comment": "Malware payload", "value": "7dbd316bce24ae5a575dcdfd06230330", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230338, "uuid": "4c09e33d-9fe9-4ae2-83eb-4e50c666e046", "comment": "Malware payload", "value": "2f6ecebd60803366ba3944f1822901cc9669dbf4f52ad7efd73422313e62b713", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230338, "uuid": "9e186219-d076-47ee-89cd-fc407a93ab09", "comment": "Malware payload", "value": "4a6bfeb105282a9bdc0e2dfbd8a3b4c82a5f62ab", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230338, "uuid": "2c50f47d-55b1-43af-a7f0-09e5be745a0d", "comment": "Malware payload", "value": "e5a0d51335145ab8e20c7d0273ad131539bfa0be2b3582de0c8d4afa1034f4574967691ebf3d579b62b8777bf75cf931", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230338, "uuid": "ffc6896e-81b9-452d-9828-ebe032416c32", "value": "T19D74022B3A4D8579FE0307304200E14BAC36D9BCC74E7297BAF44A5D1E61E5A6F1AF49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230338, "uuid": "3b3a42ec-9de7-40b4-bdcd-69703e69cdbb", "value": "6144:zQA6CJnxNOmyNj/D7ytSxOx7k9bhQXAk8Sh9GXAt5N5vDOG5FqW3:tgmyl/XywxOx7KhQwYAAt5rOEqW3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230338, "uuid": "f69d672c-9cdc-4a24-a1b1-1cdc4f83853a", "value": 369285, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230338, "uuid": "ea2ba5c2-f759-4c4d-946c-869cf3b22c8e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230338, "uuid": "9b2f3f33-da5d-4691-95d3-9f03a3a755e8", "value": "2022-investment-tipsEUPDF.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6028209f-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643213384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213384, "uuid": "0e98ac85-6079-4949-8344-6cd025b8ae6e", "comment": "Malware payload (Heodo)", "value": "0ff3507ce6e5163cbc2f0e9c575841be", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213384, "uuid": "91e7a1c3-4446-4773-99e1-9a14374b4232", "comment": "Malware payload (Heodo)", "value": "2f7215e5df94dd354a98e65b3d1ed6090f161ea6e6118d8537e2cac0e4789cab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213384, "uuid": "d3198817-1543-4079-9ba7-078d6e175817", "comment": "Malware payload (Heodo)", "value": "553184033274978bb67b9ac4cbe80c684f3f1b21", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213384, "uuid": "1a43d933-21d2-4eb9-a641-5ed9e4c609fd", "comment": "Malware payload (Heodo)", "value": "469b16353a37095613619a7d25775274ec2d36c1a5312e9890ab633a7048d4f2df2e487c41bb0c612144a62d261d1833", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213384, "uuid": "deb62d85-14f6-45f8-bf8b-0ad9051cb6d0", "value": "T161E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213384, "uuid": "110e685a-d799-409d-8840-2c45f3ffd075", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213384, "uuid": "405049f5-b71d-42c8-99ba-384fb0897e8d", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIjG0Bv1tgV:RpncLJZA2LwpJsNtZUWeG6Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213384, "uuid": "97e15550-ef30-456b-9bb3-7bd52c4ca52e", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213384, "uuid": "639b466e-5aa7-4685-911d-418d49e31e41", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213384, "uuid": "ad417701-0a69-4d7f-bc33-261fe2377c54", "value": "0ff3507ce6e5163cbc2f0e9c575841be", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e6af8ca-7e7b-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643182914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182914, "uuid": "47e5562f-d4d2-4b9a-be09-7fac926260f8", "comment": "Malware payload (AgentTesla)", "value": "81df4be4160dae8ccafc59f4e53dfea0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182914, "uuid": "71b15794-ddd9-4b36-8f8d-4b74cec2823f", "comment": "Malware payload (AgentTesla)", "value": "2f9198b5a8150f8878b75c99ee3461f762f8db2d394a69c4337e12f44bb79b71", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182914, "uuid": "4eaf4f5d-bddf-442d-806c-94306bef9afd", "comment": "Malware payload (AgentTesla)", "value": "03411d4c195cae1116ae632b3f29ad04744fddc0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182914, "uuid": "53a539f7-6a88-47bd-b730-d4b6d8494650", "comment": "Malware payload (AgentTesla)", "value": "90bc337376c318e70eae03ecac8f6ecf95258f01fac957729dd66ceb8f36d720c1cbbac1b954b2f7f427cbe7428ddf86", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182914, "uuid": "f3bce22e-0170-496f-8bee-62f069d7ab35", "value": "T1D9749DA277F96327F0F3A6B2A5C87B59469BA294FD0147AD118C37626B11740CF37A30", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182914, "uuid": "7812be49-36ed-4b17-918c-b628e8be97de", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182914, "uuid": "a2ccb7be-63a9-41f4-b241-e4808c78ec64", "value": "6144:SKnr2+w0XQYj1CXfJkJsla81JYbbG+TfophMJ:SKreUQK1CvyGUCqbOCJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643182914, "uuid": "883502c7-4943-4a49-9aa0-28a01fb75fb8", "value": 343552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643182914, "uuid": "692bebcd-9712-4253-b40f-a169dc888810", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182914, "uuid": "de58e347-640d-40ce-9913-1d31bdc6ffd1", "value": "nuovo ordine 0038847788 01262022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4de74d9c-7ed7-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643222373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222373, "uuid": "5bc16cd9-eb26-46b8-8050-c6a986149407", "comment": "Malware payload", "value": "6d5cd0e26890739d0cef50ee353caa0c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222373, "uuid": "a80217fd-c506-4e6d-b9ac-24c0a4df0fdf", "comment": "Malware payload", "value": "2fb34bee43e3cf400cde3d4e9bbd8fdf2a53f3b3ce104469f26a6ac9582f5aef", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222373, "uuid": "7fcb96e0-8a85-4a37-bf50-c1c06b87e7bf", "comment": "Malware payload", "value": "f6fac96e83860f1ef55e559ebd082e44840956a8", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222373, "uuid": "f4957fd3-f406-49dc-8a98-9e535cceaf7d", "comment": "Malware payload", "value": "375550e89211a9d82c7f67d93d30dfa0359901156d16950f7a4654a1da76d66429e77b323094002366905d9015160748", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222373, "uuid": "b19265a3-7e9d-4e8b-b802-ee4bcc0b2b08", "value": "T174131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222373, "uuid": "a67de950-eb5b-4d61-b959-915d73fad1e1", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222373, "uuid": "d9325ec6-52e8-4579-b90c-bf152b7e6c1a", "value": 44897, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222373, "uuid": "46d40312-580e-41e8-a7bd-6e6904ca9c9a", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222373, "uuid": "1921a293-f1ff-4c84-8496-35d688698a24", "value": "tmpw9a4q19l", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "630eee97-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177311, "uuid": "4c4e43e6-d005-4411-832b-6c31c174a204", "comment": "Malware payload (Heodo)", "value": "fb695a4d7710ad64c5fa4da150140a0b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177311, "uuid": "4c9bf655-a58d-4106-8f31-482849576b81", "comment": "Malware payload (Heodo)", "value": "2fbb87a11fca67042692afc7efc6ef9456848c38515a1cbb0ecb7599e5bab836", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177311, "uuid": "531c31df-d031-4060-bdaa-7c27dc582cc7", "comment": "Malware payload (Heodo)", "value": "c30b8a77a248590f2576782311e64834e027c38e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177311, "uuid": "dd85c1d6-b25d-4c7a-9b8e-02fc59e24622", "comment": "Malware payload (Heodo)", "value": "0908fd833d95972e904026ba6eda400cefb94ddc3c41a2ec2a80bd93c48c6e01fb16677bfa804a9788b1ba99b4dec4db", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177311, "uuid": "e068755c-8c8a-432b-ba76-68d478128792", "value": "T1A6D4BF11B2D2C07AC1AF1674596393A463F9BE90DAF9C257FFC06A4F1E315828B39712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177311, "uuid": "4a736d3b-db8f-47f3-9ff4-0835bc857f52", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177311, "uuid": "ae900378-2df5-4e33-8f94-40604890b18b", "value": "12288:kqdJaxkOWFornPmGZqnTFWbDHUYVubhesslBvQqEPO7:kOOsornPTwFWbwYVohevBoi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177311, "uuid": "4ee27aec-4bf9-40ac-b4cd-eb286b21cd93", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177311, "uuid": "2b117a04-0c73-4765-8190-c540be6592c4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177311, "uuid": "6a4f5100-d1f4-4a6f-932b-4ec2881d2633", "value": "emotet_list_ioc_cronupTue_Jan_25_11:54:56_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8444c249-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643176937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176937, "uuid": "1e91baef-af1b-4870-b316-94c47991bb0f", "comment": "Malware payload (Heodo)", "value": "55c10d20cf4d9850003d6786b46d39da", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176937, "uuid": "a908c737-b858-4b52-9046-878f4c427c74", "comment": "Malware payload (Heodo)", "value": "30da1581e0faaabc589fb5e413b1446d6922b842aad58055284d591d3410ca09", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176937, "uuid": "1114ca15-cd1f-4c23-8788-726b7fc64ce8", "comment": "Malware payload (Heodo)", "value": "8ecd42f0119a96ed7f8ecee5dbe243f15aee428f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176937, "uuid": "21c31dfb-eda8-403d-95f4-b8808c26497f", "comment": "Malware payload (Heodo)", "value": "0b8c26590459163a58f685a45f99ed087ab609d7b921584b7bfadc2bd14e359cf2f31796a843065fa63abc674768889a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176937, "uuid": "a78d1cb9-89f9-491f-b3f4-32ea6e6ed56d", "value": "T1BCE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176937, "uuid": "7c7dfa4d-670b-48ae-a8f9-6b8fa98c2470", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176937, "uuid": "e540e79b-3adb-4d03-b955-2058c08e0feb", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4l1NACHKm2tkJV8u:o87vGJzomxhwjbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643176937, "uuid": "738d7a2c-86f0-41b3-9b08-0cd235d10fe0", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643176937, "uuid": "9adf2344-1b72-4f1b-b406-cb136cf380b7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176937, "uuid": "a78a725d-ce47-4e5f-9d4c-82ed3b28687c", "value": "emotet_list_ioc_cronupTue_Jan_25_11:46:23_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85485c8f-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217741, "uuid": "b74ea5eb-4b80-4b3a-84eb-c11061413b2b", "comment": "Malware payload (Heodo)", "value": "a118a413b461a16ae2f1879c697792a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217741, "uuid": "3a58b66b-b1c1-48f9-b00d-ea947cf8f1f4", "comment": "Malware payload (Heodo)", "value": "3132e4fa514f5659a8a2998bb2235dda428ab3ecc51382c3342e321188250e72", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217741, "uuid": "f89090e9-77f2-4649-9368-316400b26f75", "comment": "Malware payload (Heodo)", "value": "e5f7a5156e7061151284238b8f34a2a4afa8f48e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217741, "uuid": "d7665471-de29-407e-810d-6cd56c583f93", "comment": "Malware payload (Heodo)", "value": "582d6e21144c101136dc95cd96ea72361dfec607f6c54b6f8d695a4df0695202e37fcd05b1b3d97672b7612709ffea69", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217741, "uuid": "4a158218-5d3e-4f4a-8ce2-085821d5482a", "value": "T1B2E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217741, "uuid": "3f5dfdea-a3be-4a3b-b699-744c4239fea8", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217741, "uuid": "383954cb-05e6-47c1-ad38-1e779054ba64", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIHG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGmOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217741, "uuid": "06d91bd9-b53c-45bf-adf4-7ea1bb1cd03e", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217741, "uuid": "e7a11d01-772b-4ce9-972d-3709d8905171", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217741, "uuid": "f896ca79-8c7a-463a-a9b6-5bd8e4af5952", "value": "a118a413b461a16ae2f1879c697792a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc2ab99b-7e9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643197325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197325, "uuid": "086f6b37-2bbb-4822-bfd3-42a15450f120", "comment": "Malware payload (Gafgyt)", "value": "8e34f41ac1a1812463c1c76b7e20478b", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197325, "uuid": "f8630599-0739-4ad4-bb02-d375e6c552a2", "comment": "Malware payload (Gafgyt)", "value": "31350bf323265d7ef67598cb71b54d1212d2c9d8a13e942531dfc23e373aeb24", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197325, "uuid": "c6991852-552f-40da-b069-c979b3738185", "comment": "Malware payload (Gafgyt)", "value": "fc0d725af18723eec3a1255b87ab0f3f92d02373", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197325, "uuid": "8b3339d2-e2a5-47b7-826d-f33cef7b26dc", "comment": "Malware payload (Gafgyt)", "value": "bcae768e00eb010f13ddd2762fdcc93a66d320258e2738847142e3c8e180b84b1fbe5fae0bfbc141ec768f3ba63f0f89", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197325, "uuid": "3d98f572-8d60-4319-8d7f-62b112cd52e2", "value": "T11BC31B273B270E23C0C9547102E31331FAB9DB6938B953E7E9D06D9C2F26A943456BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197325, "uuid": "43173afc-cfce-46ad-9516-cf56d8ca9c67", "value": "1536:jcEwQpOgNUFkbcgcQJ5rBN95Tpt76ck3tophaMCvoNJ/UNxEL9/skYEP/UDjSQr1:4i1rBNPLgWphaoJYU9/nYEP/UnSQf/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197325, "uuid": "4543bff5-985a-47d6-b568-f82a69ddad42", "value": 126945, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197325, "uuid": "a7101d81-9ce8-494c-8eb4-77f781c81534", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197325, "uuid": "6bc9cd78-5982-4bff-ac86-ecb26b50bb65", "value": "assailant.sparc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bac91a23-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177029, "uuid": "975369d4-d80d-47dd-a556-7914ac4c3c96", "comment": "Malware payload (Heodo)", "value": "9d3845b3311ba45992c119932fd0261f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177029, "uuid": "b92acef4-babb-427a-a94c-204bf825e448", "comment": "Malware payload (Heodo)", "value": "319a051f2797a2fa50f868616f9bb7dbfbf875175c3993f8e6855024f24eafb8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177029, "uuid": "75a5831e-1932-4a0d-85c4-ed289c9eb24c", "comment": "Malware payload (Heodo)", "value": "71cc6a27797baa6348630653c66f1b391f406540", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177029, "uuid": "e867602b-50c3-442e-a820-d4078525fdd6", "comment": "Malware payload (Heodo)", "value": "c17f2579e5a18c8aa22a539596c2f4d231ea5993125655f36b673b884e4407eefa5bcb31fb531eca61c18dc2552c9fa3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177029, "uuid": "9f548aa3-c35a-48c3-83fc-920f4ca50447", "value": "T1C4E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177029, "uuid": "611c17d2-f7a9-4486-a30e-4b9163edb364", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177029, "uuid": "99de7eb1-2848-4d97-96b7-d8685b4b4d3c", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lYNACHKm2tkJV8u:o87vGJzomxhwobKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177029, "uuid": "c803cdb8-9b7d-4bcd-a136-e70ecf110fde", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177029, "uuid": "51f9d179-832b-4e5c-be0f-2fadce24edea", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177029, "uuid": "81fb607b-7d70-4760-ac9f-ee2d70265f80", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:16_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12abce82-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177176, "uuid": "ff8adef0-2ce5-44ab-b1f7-4a9c6442d34f", "comment": "Malware payload (Heodo)", "value": "b683fb8ca0f1a4971eab3921c01e56e7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177176, "uuid": "30043dd0-9732-48dc-99a2-268829d72ad4", "comment": "Malware payload (Heodo)", "value": "324427fc433bd337f8a9d17c1b0abecafbf80032ffedd87968be186e4a07674e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177176, "uuid": "b84de35c-9dab-46a5-a52e-c0b5a464ef46", "comment": "Malware payload (Heodo)", "value": "1d5edf9dce507741283527f4410e81604e933a75", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177176, "uuid": "8e614b8a-1743-4629-9c99-b7a1def8d95d", "comment": "Malware payload (Heodo)", "value": "ab6a19640800a8ecde6d69739b4f5436d84bd24ca395ff30417ebb6c096086171c790ff01585a0abfffcaf53372d8a53", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177176, "uuid": "094c8165-8da2-4242-bc06-1fd8b0ec9f74", "value": "T1E0D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177176, "uuid": "575e5d97-d6b9-479b-b186-4a6b57177ea0", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177176, "uuid": "f6fab0d7-58f7-4a00-b95a-9149f3611807", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmBOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmB/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177176, "uuid": "5d02adac-5a4e-44b6-8372-d7e0c98dfae0", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177176, "uuid": "81097a60-76f7-4e29-8a21-9365a3736735", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177176, "uuid": "47c56985-1029-49d2-8dae-33ed196a3dd7", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:54_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42309058-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "1c5e6bbc-812f-4470-83c4-65768d2a3d77", "comment": "Malware payload", "value": "e9a872801699765c1be51819d0dac2e9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "16c5afc8-2b9f-4806-b7f2-7d1a3930b0a6", "comment": "Malware payload", "value": "3341532db3e30702799af147a6a0c160f6a8c1cdb22c4f8f8aeaacf044827efb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "36e3e629-4c0c-4d7d-bf69-0d9ab922e89c", "comment": "Malware payload", "value": "e6dd7224afd43859e317abe0c6642d7153f48e5c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "116378dd-63af-4ef2-8775-cb091c3187fd", "comment": "Malware payload", "value": "fc7a5de2b6427b93e67394ada13310de72d079dbb1ef5cc19c486a73ee0b9a92b661fd5b39d3e24ea9868bb4dae6dad1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "ad62cde4-96cf-4ff3-a6e5-254e520e710a", "value": "T1BBB46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "85fe5ce4-d90f-4426-83bf-87f4814e1c1c", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "db5f3037-4909-44f6-800e-43e33af643c9", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdZUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQkcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232231, "uuid": "b66a48ea-359e-4119-876b-e9e78851a738", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232231, "uuid": "70c2bb7b-1f63-4630-91c9-606dea8517b7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "b0807d20-1ac3-454d-a2e7-9ee52dbac03a", "value": "emotet_exe_e5_3341532db3e30702799af147a6a0c160f6a8c1cdb22c4f8f8aeaacf044827efb_2022-01-26__212335.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c884516-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643221646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221646, "uuid": "6fff5dfd-0d70-40a4-935d-d98572274f03", "comment": "Malware payload (SilentBuilder)", "value": "93463470a76a4b472c18d3f0209c53c7", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221646, "uuid": "910b5509-b016-4bde-afc8-64373db2a269", "comment": "Malware payload (SilentBuilder)", "value": "3408e48982634cb55a68cd8595034a447d42217b65c4559e86b328328a2154a3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221646, "uuid": "0fbf13f1-785f-47a9-9450-ae07d8e9e680", "comment": "Malware payload (SilentBuilder)", "value": "d9c16e3279ae06e322ff50c8fd15261f2bf4bb72", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221646, "uuid": "59c54f04-4bf7-49a6-8a19-7b3f09537401", "comment": "Malware payload (SilentBuilder)", "value": "d7d203a88f7c62bc0cf9ba8bf266a379b648b1af766dd55d37840b83d7892aba89eeac8f9a88d6cc42fa60bdcbe509a3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221646, "uuid": "7496742e-8039-4ef7-b769-0507077174c6", "value": "T19C131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221646, "uuid": "a67387bb-8515-4b61-b120-15287a3e0953", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221646, "uuid": "2723bfbd-32bc-41eb-a9d9-33fe00bdcb65", "value": 45399, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221646, "uuid": "9defabbb-e61c-4d88-9c01-ece7bb0a1418", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221646, "uuid": "d0446896-0039-4571-b0c0-94682ef0ba98", "value": "tmp98q3ggfo", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3676d55e-7eb9-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1643209448, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209448, "uuid": "338fc644-cb70-49d8-98a5-452a2455aef5", "comment": "Malware payload (RemcosRAT)", "value": "eaa68b2e411c93506bc233c70032b6f5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209448, "uuid": "6f9afd88-6ba6-443d-8b24-3604c007e903", "comment": "Malware payload (RemcosRAT)", "value": "3424a772843a1d716a3bc275e9cb0db21c8a81981e00282178ca0e2d3a30c49d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209448, "uuid": "656e9508-8fae-4866-98e0-6d54afe33ea6", "comment": "Malware payload (RemcosRAT)", "value": "3515044d0b18c5fa18c3c469b6ab94e4f3c77283", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209448, "uuid": "266fe02c-e3dc-4ae9-a000-d8830077f3ec", "comment": "Malware payload (RemcosRAT)", "value": "16191f23d5a5e44679cd57654a099fba4b1e14567defa28d97b9e4987b14b2f987081fbb77355513d1f4356cb9fc4564", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209448, "uuid": "30fd9192-ac9f-49f5-a7cc-5d3921556803", "value": "T1CBA4AD11B9C1C032D17252700D29FB75DABCBC302935597BB3DA5D9ABE700C1BB2A6A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209448, "uuid": "6a1fff00-2830-4dfd-9085-1cb186be95b5", "value": "1f15bed3346039b42bc33c9080047f8c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209448, "uuid": "2a75f5ef-dd63-49a0-87d4-ff2770b5b363", "value": "12288:CegN0jfYLclGb0bVT6e+MT2MffZS/gSSYo:kNywLclGIeMT2MXZRSSV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643209448, "uuid": "09452040-5e3c-4f38-bca8-8931429bad72", "value": 474112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643209448, "uuid": "08be66e2-dead-46b8-b918-ea130eb23ec4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209448, "uuid": "2559410b-99c4-4f9b-88e4-b2e7813851e8", "value": "eaa68b2e411c93506bc233c70032b6f5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f04d541-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177331, "uuid": "1ae2c48d-feaf-4fb1-8550-8b8509427b9e", "comment": "Malware payload (Heodo)", "value": "091c24760470154fc629ef6287b439ad", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177331, "uuid": "03d3bbc9-e411-4930-a8e4-9ab1b97db522", "comment": "Malware payload (Heodo)", "value": "345075974a633202c20da7f744cce921ae20061720ea5d27a474adcc15258a56", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177331, "uuid": "d7c682f4-6e0d-4d07-a32e-94d101795513", "comment": "Malware payload (Heodo)", "value": "bc21f082f63688d18667424e60fef6d7f261b65b", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177331, "uuid": "28ded48d-0076-4c6b-bae4-66956143f43a", "comment": "Malware payload (Heodo)", "value": "729ef8c96cac89e283320a2f08e30bd3f5bba1aed1389771d9ee7ef3f6579f45a408922aa846000deabf31f8e81d597e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177331, "uuid": "809d743c-bb2d-4ec2-b32a-db0061c198b3", "value": "T17E33D0AFE6B1357AD226C17DD52CA390F48F92151E88F7C52D90FFA492126D3066A3CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177331, "uuid": "e8cd5de5-3882-48ce-94f5-7a53e560fb15", "value": "1536:zQGjmfxVXAiozeO0XVZKyalpvyR1bZlJl:EGj+PXAie0XVZKFjvyRdZ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177331, "uuid": "636d737c-4888-4b84-af94-ff40b0d8529d", "value": 50687, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177331, "uuid": "d4dbb503-64d9-4d34-8178-a211f4f0c792", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177331, "uuid": "c41300d1-5d09-486b-a78f-dcdef9c2f262", "value": "emotet_list_ioc_cronupTue_Jan_25_11:55:06_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18d286cc-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643206822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206822, "uuid": "4ee5cd9a-919c-40d5-8d8d-37c04af7101d", "comment": "Malware payload", "value": "8c47c219eb44eaa28b2d218f7ef8113d", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206822, "uuid": "b595e925-c07a-445c-b6b3-a307ed7dbba3", "comment": "Malware payload", "value": "3468506b55a65a6e1dee0c6566eab9c9f39305e7b0b40958e4b739d781cca365", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206822, "uuid": "c21c6345-632a-4819-8c30-85714ff3ce85", "comment": "Malware payload", "value": "855d9fe59754f3740a717b0c4df969acb842ff5b", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206822, "uuid": "444507e8-a925-4d44-916a-9a7699663322", "comment": "Malware payload", "value": "46911e038cc8cc23df7f50aa74e55cc116ab77db0a5122f23114a6256e98bdedcd6e7a6038c6f3e705b873da856d7cf3", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206822, "uuid": "292345f7-c04f-4137-8c90-1324a5750022", "value": "T11C14022AE6998031F43222FB1F86B46FCD1F9C248E53207B05597FE008BD569AD9DDB1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206822, "uuid": "3d61f6bf-0148-4c31-a20c-8d88cdc0dee7", "value": "3072:QGABCZssSqeixoK1Dp/ix1+WZczH+JFt/Wra3ohFYQv9FlDitVsPxBjbY7KobnzG:lSsSqeixoK1e1tcq7/WraYhOQlFQtVIj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206822, "uuid": "ac73ed78-1064-465c-965c-22f9864474e2", "value": 191928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206822, "uuid": "a5d88211-fd0b-46f4-ba88-cf88e968dfb3", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206822, "uuid": "d8c0b266-7119-47fe-aa34-804b63faacb3", "value": "RFQ#417683SCAN.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92b1c264-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643203590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203590, "uuid": "52cab9ba-d16a-47d9-8d81-f67a8321a3c4", "comment": "Malware payload (AgentTesla)", "value": "c23c0a7fc20f39957ea6f7beb9b3df9d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203590, "uuid": "e719f2b3-78b5-4a1d-a396-40d00c581b0c", "comment": "Malware payload (AgentTesla)", "value": "3535d259772f2661f74828d858a4fcfb50ce4cfc24fc549fd58111b1eb4c01b1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203590, "uuid": "23ac6004-f4de-4454-b9b8-d3df97db955c", "comment": "Malware payload (AgentTesla)", "value": "8c87515dded3c991b1f9f212f0c99f359cf0e5a3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203590, "uuid": "e65db125-ec35-4f68-9fa4-67f6eeac937d", "comment": "Malware payload (AgentTesla)", "value": "2aaf5aa53bb38c133216a73cd9b27229e744c9b80dc717dfcf7d3752fddabd3fa4bb414ab6a7e4929993f13db0da9277", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203590, "uuid": "2cb56434-f2a8-426f-8a9f-0e9971dd72c0", "value": "T1D615BE6BF489C936D199497680CFB00C83B4B903F9CBB5AE2F97F50A6551F479A0920F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203590, "uuid": "a62f2877-6309-43a4-9b61-e0a80fc4d873", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203590, "uuid": "6e6e77fe-a974-4c82-844a-15696eda8aa7", "value": "24576:P3tuzRPNu1UMGwD1kuP+pahx9nPZBpfY7:GZNWzPOuJPpfY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203590, "uuid": "0834df95-fea1-4d6f-8b77-aa2e82008574", "value": 904704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203590, "uuid": "8086f03b-2321-4ca9-9447-ac37cbfebe16", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203590, "uuid": "143965e6-66e2-4c6b-bfcc-df2700d9be52", "value": "184285013-044310-Factura pendiente (2).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01221b13-7ec7-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643215372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215372, "uuid": "2f96d8d5-ebc0-494b-a0b3-d896993c6754", "comment": "Malware payload (SilentBuilder)", "value": "722b8fc56e599c596cae7f0f0139b574", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215372, "uuid": "d8739844-df35-456c-8570-39c20c6a8d01", "comment": "Malware payload (SilentBuilder)", "value": "3575644df3117ff3158e86deeaf11425bd38ae870953fdf79655e80e4f24bc1e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215372, "uuid": "31ad1c6e-1945-42fd-8329-e8d4502eba81", "comment": "Malware payload (SilentBuilder)", "value": "c8bc62eeceea7d45756f3edef58a026aafa192e2", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215372, "uuid": "655fd0ad-7d98-4449-bcc6-150eea2739b2", "comment": "Malware payload (SilentBuilder)", "value": "af1badc6d851c55b4878ab190141ef7d60fadebb82eb3c8ff4bfb46ea0d5ec21d4f7652e2ba354e86eb67934f8fb599c", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215372, "uuid": "26a9acea-ebd4-488f-ad65-7fe6331d1fb0", "value": "T1D0131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215372, "uuid": "c735c89a-9fc0-4d40-8a14-38a985bb6837", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215372, "uuid": "0eb97e97-b8bc-44b3-b969-4d9e4046ad3b", "value": 45088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215372, "uuid": "d0c44181-0125-4df4-a28c-ef81fbd19404", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215372, "uuid": "b1be7f61-95f7-4d5a-804f-40a7aa399164", "value": "tmpjzv6geza", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da1e988a-7e8c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643190396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190396, "uuid": "9b43dc2e-2a26-4c0b-9bbd-74da1358e0e7", "comment": "Malware payload (Heodo)", "value": "65bd6c7c0ef569b15ddde21d7c3817d5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190396, "uuid": "8383112e-1ed4-416a-92b1-9e067b52ed1b", "comment": "Malware payload (Heodo)", "value": "3601bea7085bd103676b29f7eaa7becf1ea66ac5ec2e1a2c930a3e4ad69899d6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190396, "uuid": "5fc3b656-5bea-46e3-812f-ff92fd0634da", "comment": "Malware payload (Heodo)", "value": "c8f3ab859dd1a692ee19f24eba2c6f91914ab52e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190396, "uuid": "464f1f7a-a678-4745-85fe-509a932ff164", "comment": "Malware payload (Heodo)", "value": "3d9c29406da3879d7d62c1780e12f0c801fca76fba756da569e5600c570381295d0f000144f2c4c8c7bac99dab8633e9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190396, "uuid": "f65fa401-ce2f-421a-a168-953effebe521", "value": "T1B505F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190396, "uuid": "c8e41dbc-04f1-48fc-bdea-d3bf2bea3a3c", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190396, "uuid": "0cbe4c2c-9574-4816-846d-2994c28b32f4", "value": "12288:aA9e3OrvpgqjtQFecq6dddifiHxoB3rNd9CDr:blrvpgqj2FevQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643190396, "uuid": "6f7d2d51-af8f-45a1-8c96-de996d507646", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643190396, "uuid": "08a491c3-af0d-4db1-befa-cb69c6d9b2d4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190396, "uuid": "af496d65-a03a-44d1-aa20-19f14f951b3b", "value": "565.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b11be281-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643207936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207936, "uuid": "a9bff678-8e74-41da-a93a-838915900901", "comment": "Malware payload (SilentBuilder)", "value": "7aa706ff9bc6cc47176fddfd3198e4f5", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207936, "uuid": "dd76c48f-fe61-4f6c-8d82-66e225f78863", "comment": "Malware payload (SilentBuilder)", "value": "3606caca6dcd5fa0457e07529f33e75bc6562f0abd1dcc2efdf7ea03adbe3942", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207936, "uuid": "47d53d94-b05d-4d6d-a4b8-64d587398600", "comment": "Malware payload (SilentBuilder)", "value": "f7b159c37cb95b669a7fc7a6d186d9c3d59001ba", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207936, "uuid": "cc0016b0-6d87-404a-a7bd-cacb57438acc", "comment": "Malware payload (SilentBuilder)", "value": "084b5a778ba634b9d8d9c38e29a1b5fb2541ceaa11dbfdfcdcd3c34f1177e0f8e34cac05232f0b1e5fbde2d5edd08997", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207936, "uuid": "f3f56c0b-d871-4e93-a206-5fee90291e52", "value": "T136131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207936, "uuid": "e4aa798d-f2eb-4aba-bc4a-3ddab74dc9b0", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207936, "uuid": "86c55ece-3499-4331-b42a-48366127e9ac", "value": 44930, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207936, "uuid": "47e170fd-3c17-4588-8f31-3ced1b616495", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207936, "uuid": "a903f3d2-5758-4d43-bbca-afd9baa32b4c", "value": "tmprlbq6qh0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ee8d0ed-7ef2-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643234024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234024, "uuid": "9e927481-7b68-4842-8ebb-05b35b53b7e6", "comment": "Malware payload", "value": "ac45e721a5b47e74e28cd4285ee650c7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234024, "uuid": "c0429923-401c-4d29-8bb6-cc4415c14621", "comment": "Malware payload", "value": "36412fe71c686aea347fb0522038f481d3a17f007a59cbec113709aff6de877f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234024, "uuid": "d17dc3d9-cae9-4734-b544-9bd840cdfcee", "comment": "Malware payload", "value": "b0ecfe6c65c5ed3cefe39731fcb96c37664ef123", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234024, "uuid": "9c9ff82b-4467-461e-a184-55f35ac45b2a", "comment": "Malware payload", "value": "9df106916d167fad517d7570f939d3f9826485fc5afdc5065b8b06b526fa9c43d7e3a2057d23deba03b48a365d5c456a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234024, "uuid": "ba21ab5b-4e5d-43e2-a0dc-09005734f586", "value": "T115B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234024, "uuid": "4485d495-d12c-4fc4-a1ed-2a358111575d", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234024, "uuid": "8c3c4fec-b17f-46db-874b-183f7df04126", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8q9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgj0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643234024, "uuid": "0bb80ffe-80af-4786-8398-02181d411f7c", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643234024, "uuid": "6b018bfa-29d5-4c5f-97fc-588e35c312c6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234024, "uuid": "5c8a19fd-fec3-4200-9f58-3e4e9edd036e", "value": "ac45e721a5b47e74e28cd4285ee650c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60450bc9-7e7c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643183319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183319, "uuid": "0fb027b3-e57d-474c-80b8-b2fbb1c49aed", "comment": "Malware payload (Heodo)", "value": "911fcf9b9cab3e10edfedd2f87571b10", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183319, "uuid": "40cdf52b-d000-4ebd-86e4-5f1161e6e475", "comment": "Malware payload (Heodo)", "value": "36c4545acf15ce1823b7a58f354883ea4975576a950b1b5e8b33769f5f82286c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183319, "uuid": "8e4b9351-e16f-46c9-8ae5-9e50d8dcb62d", "comment": "Malware payload (Heodo)", "value": "55c40b90cef53ee79d86979f380c1190fbb7da45", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183319, "uuid": "ec3391f6-b6fd-421b-aea3-6fbe2d62c7c4", "comment": "Malware payload (Heodo)", "value": "4b4194ed976e80908a4786a7ecaa2773ccc7bad5f58b4e813a5fab37f76fa0dfd1c4d1215174a9770908efb091db4095", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183319, "uuid": "b5c8b6c3-8639-45f3-bff0-297beed1e389", "value": "T10E05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183319, "uuid": "8b964d97-390a-4bcc-8065-5176db22ec8e", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183319, "uuid": "c90cd5de-4a3f-4eed-958a-4f39234b874a", "value": "12288:aA9e3OrvpgqjtQFecy6dddifiHxoB3rNd9CDr:blrvpgqj2FeLQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643183319, "uuid": "7d36a728-2872-4660-bf63-fdd0c23f6eeb", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643183319, "uuid": "fd72cb6d-a49d-4241-848b-e4f2386f8648", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183319, "uuid": "cd524b17-508f-4ffd-9890-68fcb9272196", "value": "emotet_exe_e5_36c4545acf15ce1823b7a58f354883ea4975576a950b1b5e8b33769f5f82286c_2022-01-26__074832.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9daef6bd-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643215205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215205, "uuid": "c4452dd6-ebfc-4451-ba16-ca18e0c26351", "comment": "Malware payload (Mirai)", "value": "da4ff391c90c9532f930d83007dc6c1c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215205, "uuid": "dae4134a-36cf-4a4a-a138-929ac7c6d403", "comment": "Malware payload (Mirai)", "value": "36d3424039d548cb10606232e4bbb79a9799ad3250e6e351013c84867564484a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215205, "uuid": "5df4da5d-5ae2-49c7-8a63-715dfbc76058", "comment": "Malware payload (Mirai)", "value": "c4a953aa91e116692cab39a27e2cf432038cac17", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215205, "uuid": "5b5cdc6d-b4cf-4bcf-b4b3-a977be06b2b6", "comment": "Malware payload (Mirai)", "value": "2690507fcba61b56e1211bd1b04637af30b9bd72b2011fa9bf6c25630ab63ee827cab4c437f3ebfcf73fca523e714261", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215205, "uuid": "b7b2047b-94fb-4a15-82d8-42c42a94b3e1", "value": "T13F338CB5C579EDA8D1544A78BE248F749723E100C6A32EFADA44C6699083EFCF1583F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215205, "uuid": "a16be267-a1b4-4f9e-88fc-39b1afaccd62", "value": "768:rauxBwtHSMsas4UQebjEjBTIztyWfs3IFG5eFUA/qwCqaoys1Cb:ra8BwtyuVTIz9fs3s0eFR/qwln1Cb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215205, "uuid": "7cb273dc-607f-4596-9ca4-32c5fce6ddc0", "value": 51580, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215205, "uuid": "fce0076c-7af2-43ff-bc05-df60d4f93f17", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215205, "uuid": "cccbf051-4e9f-4429-934c-ee3f238974a0", "value": "da4ff391c90c9532f930d83007dc6c1c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49c469da-7e90-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643191871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191871, "uuid": "dc2f3a8d-b34f-40a1-ba5a-f731dc235b14", "comment": "Malware payload (Heodo)", "value": "00323a3734df55ee89a09e7ce2238e7e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191871, "uuid": "7319acbf-3cbb-40da-bf05-9af7127da9b9", "comment": "Malware payload (Heodo)", "value": "374dc120d99d608b6779f312cf60e13e340c53edffc804e80041d4ae803c7fc6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191871, "uuid": "cd1deeed-5768-453e-957c-2fd98e612344", "comment": "Malware payload (Heodo)", "value": "8e3761d43634a33dfe6240eb08e4a0f8f6b7a379", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191871, "uuid": "4b1c18b6-f76a-4c58-a6ff-e7e46ac9c141", "comment": "Malware payload (Heodo)", "value": "32510a557ceb1387732cce3a3cf8732e553206fd3b0c8cbe019c75df48d5e5e70246bfd5fa6979de5f5b38b1bc586685", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191871, "uuid": "247da15d-9469-4df0-bb39-4b96049fabfa", "value": "T1A105F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191871, "uuid": "484a9164-40a1-4573-b285-7f9f788ba8fd", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191871, "uuid": "c666f883-fac0-445d-9d22-5b3a6f1edabb", "value": "12288:aA9e3OrvpgqjtQFec16dddifiHxoB3rNd9CDr:blrvpgqj2Fe2Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191871, "uuid": "62ca0d1e-7d19-4d6b-986a-ac5489a9e7d2", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191871, "uuid": "9e148fe0-512f-4b56-a0b0-3a2ba8acf456", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191871, "uuid": "d6d39e5a-8037-4c62-a50c-a11d1456132f", "value": "00323a3734df55ee89a09e7ce2238e7e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c47b805f-7e95-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643194225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194225, "uuid": "fe65b216-b8b3-4a15-9ee6-af271fd28282", "comment": "Malware payload (Formbook)", "value": "a7f81ecd307166b18c038245a2005564", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194225, "uuid": "ba960c53-5df4-4667-bb52-a6a83e69c8f9", "comment": "Malware payload (Formbook)", "value": "376a0ec6b93ca5a330675d0dde65c0092b59fa92cf2341cf6d87ad7d62f7e55e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194225, "uuid": "0e5a272a-7a1e-4689-8d1a-b45838a942b7", "comment": "Malware payload (Formbook)", "value": "f4218fa763a80a578afa156011b5e0ca4346d0e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194225, "uuid": "dcb6fafe-0e97-4633-a8a6-9de2079a5dac", "comment": "Malware payload (Formbook)", "value": "289bd71f0db18d26c4c160ec2c703a3663b7926e9a0e7cbd46d0ae88505396497cb91f598e63c9c96991541d48271181", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194225, "uuid": "faaa8be7-7e34-4e6d-b72a-c1d7c1820239", "value": "T171333C42C6A20363D5554BF3749396C31BB1610E58E0CAABD8C9B08A4EDF30A7597FDE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194225, "uuid": "8fa91396-0d37-4fd8-a994-71d8c0e02c0a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194225, "uuid": "aaa85284-9c80-40a3-89a5-b4e145ff89f1", "value": "1536:NzRypga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLrr1Q:RRypga/eHUTQQQQQQkdBft/2YWLrBQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643194225, "uuid": "a82ebb47-27cc-43d9-8937-5205ee40c115", "value": 51400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643194225, "uuid": "af8c8cb1-1766-453d-bdc0-4b5ce7a26720", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194225, "uuid": "2c0e642c-2082-47cf-9371-00ed7209128c", "value": "BANK DETAILS-25012022-971332pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "493049bc-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643206903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206903, "uuid": "4c391aee-603d-4678-8e80-10673d0e82af", "comment": "Malware payload (Loki)", "value": "a29d4ce76dc642305d8d06a24a502445", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206903, "uuid": "328552b4-12e7-4a53-a629-62c1e3b98993", "comment": "Malware payload (Loki)", "value": "3794618c854405868fa0385abbee14f264c04b98b74c0b05b70a9dd9956a9e09", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206903, "uuid": "e575aacb-17ab-40e2-a5e7-6b78c015397b", "comment": "Malware payload (Loki)", "value": "8332e21cba8d7af938986ba8438ff2bd97bde529", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206903, "uuid": "89ee5b12-c0e1-48a7-9619-0e4408a5d65a", "comment": "Malware payload (Loki)", "value": "a908b070d0412d001af04c29f716a3f8178801d498062839ea391bd5e6fa4e482de09004249d7baa794672654fa31d6e", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206903, "uuid": "66831a64-a790-4e72-93bb-a442014654fb", "value": "T1B81402016E39C6D2D3746BF8A446824651FA9FCB0F889C1726B43C3B2DB654C465B3FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206903, "uuid": "7f83d89e-0dbd-4dea-83da-8f0d0b448720", "value": "3072:Rr2U3Pf4rcL44wjWcUV0LhMgz9E+3HyQjeRovmfwPC0GQRZ1FdERenYymcQsHwBr:UU/f44kpjWcUELzW+3HARj4q2lFdrDQT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206903, "uuid": "00339287-b5a3-452e-8531-dce475889bac", "value": 191816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206903, "uuid": "70e7a488-e89a-4640-9189-85eda33f5cbc", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206903, "uuid": "a038fbc9-6a74-4979-a149-cf1ab0c68521", "value": "Revised-FO19111003.pdf.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "358757ef-7e40-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643157478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643157478, "uuid": "6697a3b3-d882-43d0-aa43-2e7020346533", "comment": "Malware payload (Mirai)", "value": "834f3748a80bec233a4e1bd322b1b387", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643157478, "uuid": "55b5789c-3d76-49d2-87cd-a46b26ec47fb", "comment": "Malware payload (Mirai)", "value": "37a73f7d782de0965511fcf63a806d84f26550826148453ac668654de8da4330", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643157478, "uuid": "b5633741-82f9-4524-abee-4596a589ba84", "comment": "Malware payload (Mirai)", "value": "395e682bc04819a3c736be07361845bc3d218977", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643157478, "uuid": "af2874e2-eef8-4fb8-a439-47b2d905d2c0", "comment": "Malware payload (Mirai)", "value": "eb7ce1a64e97c9f266cc69aba50fe4a3ef7034910346a08cb5d6b3d851b6b8a1989e26d8d7415e1d68037795d4e8400f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643157478, "uuid": "3d05010c-44d6-4981-8d20-de9552f7ebde", "value": "T1DC64F1CAEF11BC3AE985077135A70B5DF7B4DA9AC2C3E090F2D4C55E38A92C5AB611C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643157478, "uuid": "82a742df-d027-4c9e-af23-6e9ecb7bf81a", "value": "3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xio1a5POdOQ33Q:p3lOYoaja8xzx/0wsxzSiZPqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643157478, "uuid": "766d44ac-b4ea-4a02-8f4b-f6e77afa7802", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643157478, "uuid": "7ef5e1be-58d7-488d-ad5c-5daa3fd34a27", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643157478, "uuid": "17d34c28-08ae-4e1c-bc9d-2801725171e4", "value": "834f3748a80bec233a4e1bd322b1b387", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7f73a7e-7ecd-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643218336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218336, "uuid": "87084afc-bd68-41e9-a740-f734fdba6917", "comment": "Malware payload (Heodo)", "value": "ec8bf63a377e03feaa3c0ad1b85444fa", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218336, "uuid": "a5dec719-e44b-44c5-a51c-facf055097f9", "comment": "Malware payload (Heodo)", "value": "37c5f6e5b597dacd94538caa10e226226a54a11c528984d42a88970c34570538", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218336, "uuid": "6ae391d7-392a-46be-8971-24cfd9fe762b", "comment": "Malware payload (Heodo)", "value": "087dc872707b1e858c549075dc548c50068cc6e2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218336, "uuid": "753a0faa-2146-47ef-b185-218296df6ba3", "comment": "Malware payload (Heodo)", "value": "f5ee0723357429e346c71b2d8a3268a0782322da8c8c82b46be1099194d5de7cc114af51a2624dd2b66771b19b96b221", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218336, "uuid": "e903b46c-60d4-417b-8197-b2b8be2718a0", "value": "T11EE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218336, "uuid": "a30cbc4d-7cfe-41b0-b16e-e8500c8a99c8", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218336, "uuid": "8ede82f0-2c19-4ee1-b48c-305941aa95a9", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIuG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGHOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218336, "uuid": "fd6e3bad-dc9b-455f-89db-4fbaed9b0bfd", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218336, "uuid": "1de6bcea-71c9-4be1-8ef4-9bda1b7a192e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218336, "uuid": "52653db5-771c-4592-a099-d06d3bbb9a08", "value": "YZz1SNPc99.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5dc24a18-7e96-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643194482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194482, "uuid": "e6c2871c-600e-42b5-91ea-f1f6b73219cd", "comment": "Malware payload (Heodo)", "value": "aeaa0c6a64b67a37cc590a7605350572", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194482, "uuid": "94297a55-ad2a-4f90-a50f-d3ac06a2cbf6", "comment": "Malware payload (Heodo)", "value": "37c9d85fe0833dc4e3945d2ccc69cc1b5402a48739b5a31f72861533da253d64", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194482, "uuid": "c82f7aa2-b722-41c4-8663-6b9abb641eb0", "comment": "Malware payload (Heodo)", "value": "8e176ec2f99a48449c08b64ae47eebe9a141d870", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194482, "uuid": "0cbde0e9-d8ce-4cb7-a1d0-525d38f6bf99", "comment": "Malware payload (Heodo)", "value": "76f1cd184cec671c36b6f9419201dad310a4e6c372031c4b1ab4477c54fc8b21acc4872b7c6c99eeb0035c1f0c985d32", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194482, "uuid": "65f2b39e-59cf-4eaa-8ebc-2d446871c844", "value": "T1D405F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194482, "uuid": "b9060892-22ab-481c-b20e-52c762769e8d", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194482, "uuid": "581be768-5b21-41ce-86ae-883a42c294e9", "value": "12288:aA9e3OrvpgqjtQFecv6dddifiHxoB3rNd9CDr:blrvpgqj2Fe0Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643194482, "uuid": "ad5f38a2-ff4c-48e1-ab9f-125ccb91a043", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643194482, "uuid": "12550dba-c503-489d-8856-aa0b96397363", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194482, "uuid": "eca3341d-d0db-43b3-8a19-ae6141532908", "value": "aeaa0c6a64b67a37cc590a7605350572", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0db0c9a1-7ea6-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643201220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201220, "uuid": "0fe35e8b-8cfe-4623-8b31-0eb9c19ca38e", "comment": "Malware payload (Formbook)", "value": "0712797b0df1703c5e5b26ea41d4a372", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201220, "uuid": "03a3120f-8cf5-4ab6-bc0a-d15f6dadbe4c", "comment": "Malware payload (Formbook)", "value": "37cef8b492b98e4b153f135f697bc9830f7f0c5a590d4f2bba69cf3f2cb95608", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201220, "uuid": "fce2ef7d-7df7-4bdf-813d-0deb30c89509", "comment": "Malware payload (Formbook)", "value": "3bede1b0d160e9a2c8b96d4f6ec041adf32a25f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201220, "uuid": "eb2cd53f-86eb-4469-84ee-a3672b24f694", "comment": "Malware payload (Formbook)", "value": "fa78412859540a41fe063525d5de1d805b8d7c0f576d9ccd4a692ecda6f9f947c50acd286a1e4008d1d4397531a181b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201220, "uuid": "874e3890-a691-40b8-bf8e-ff1ed9935163", "value": "T10A05BEABF488C866E19D097281CFB00C47B4BC13E9CBB59E3F97F5096551B4BAA0950F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201220, "uuid": "13e6b7a1-8df6-4788-bce1-663bc8edc711", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201220, "uuid": "1e09f73d-1c9a-42eb-a6c1-89853c7449ee", "value": "12288:DZEplXP9W1/ux6p55C+zJbayUXdZDpjs0s8LwBqw/0GhsnaTow/+nXyeIqmzvuCv:DZEplnHnPXxM6wAGTV3/eI8Cgls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643201220, "uuid": "face6f72-a576-4782-ab91-04aa2b96ab65", "value": 861696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643201220, "uuid": "5cd035d2-3ade-4705-89dc-76ad0d5b06b0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201220, "uuid": "18d33645-b1a3-4cbb-b202-ede6778aaeec", "value": "Unpaid INV - 100989907.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3b96c3a-7eb0-11ec-9275-42010a9c0029", "comment": "Malware payload (Socelars)", "timestamp": 1643205793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205793, "uuid": "4010f478-2526-4a2f-ad36-1081c7723760", "comment": "Malware payload (Socelars)", "value": "bb736c1184d3023a1b0eb3c1a421c880", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205793, "uuid": "867c7829-a58a-4888-9bc7-b76d515b350b", "comment": "Malware payload (Socelars)", "value": "37f3f71d770c82ccf20057f41b58ea25d1a3001124f8103bc7003145428fd32d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205793, "uuid": "e66d318d-10c2-4db7-b4da-046be9fcf241", "comment": "Malware payload (Socelars)", "value": "9ef6dc0eb894c16efa914836981238e441013316", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205793, "uuid": "c735f7a3-395e-4d4e-855a-cd642269b30c", "comment": "Malware payload (Socelars)", "value": "26a23a776036abefd142d171ddea0333fb0921869c1aa7362657affb42c48e1e5ad631f3f5038080562b216a42a1457f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205793, "uuid": "ecf1212e-a974-4d76-9d16-8dc12d5eaf65", "value": "T15E65AF11F642A037ECE300B286FF5AFE8D2CA621130854D7E3C45D695E619E37A37A5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205793, "uuid": "c709c3a6-7d5d-4183-8a14-e60c54a5522a", "value": "d69e4c13e25f0ad622344ac56118c0df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205793, "uuid": "40732e8c-9ca0-4407-909b-82f215ca9a95", "value": "24576:METpNoFKAfIL0AffU/WbTPxb5wWThCfTCMeno7lCXm0YLuR:7pwSyeGmMReno7lCWJyR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205793, "uuid": "9c57f217-0657-40ec-88ad-5b4c0141262d", "value": 1490432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205793, "uuid": "13fd489e-5f3a-4889-9aa7-d16353b11122", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205793, "uuid": "bd1960de-0937-419e-a6db-d6c863873ca0", "value": "bb736c1184d3023a1b0eb3c1a421c880.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56c0e999-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206926, "uuid": "3e56b3d8-8340-48a9-bcf7-937f7127ef2f", "comment": "Malware payload (Heodo)", "value": "8ed652e9db643af33b7a3f8ebcfd6ada", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206926, "uuid": "bd4f05c6-ece2-40eb-87a6-a7597de6c33d", "comment": "Malware payload (Heodo)", "value": "38323b17af0da8f670b94486a7994ea74199e683a71168d615987f03a0aef2a7", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206926, "uuid": "e510b53c-37a9-4954-a32a-69c66df72994", "comment": "Malware payload (Heodo)", "value": "0c881bdbc369323b1617efef7ce668e53db15b1a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206926, "uuid": "9f00c57b-c84c-49b4-af86-b60954180918", "comment": "Malware payload (Heodo)", "value": "21c6b97abc589127ed6d8300fbf91576757d9136f1643a603e29d2d90fbf5009009d3fa00dce9e8545cae50dcc6837c4", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206926, "uuid": "034be63d-9798-4ec2-a4a0-1d3fae97e67c", "value": "T14BD36B66A5C5E9CAC70523350ADA8BEE33676C478E7603C77258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206926, "uuid": "a54ab0a6-543a-4881-95e5-7a6fec45e31b", "value": "3072:acKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0s:acKoSsxzNDZLDZjlbR868O8KlVH3jehr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206926, "uuid": "7e2ef1df-f9dc-4abe-bf00-bf10b6f5c4a0", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206926, "uuid": "556a59eb-934f-49c9-b524-72b43d459795", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206926, "uuid": "78871c0c-daed-48a6-a5e2-af8e91cca34a", "value": "USG.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf0fb916-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219986, "uuid": "9596be7d-7329-4392-bef6-d79e4fcb0429", "comment": "Malware payload (Heodo)", "value": "04537f91e4b4d8b2fe9fb34c3e1fe4b4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219986, "uuid": "93a5d12d-febd-4720-9de8-ed583b4138fb", "comment": "Malware payload (Heodo)", "value": "383f80c794e72f8de283e75b3bbf047e94a67ccb11e7f0ce7bf18bf6d54626a8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219986, "uuid": "b5db151e-a089-4108-ab41-cb57fa0be016", "comment": "Malware payload (Heodo)", "value": "da0cf8c61c112d8b23fbf2f9109421958fea87c4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219986, "uuid": "6e226437-a77b-48f5-a284-be0a900bc4ce", "comment": "Malware payload (Heodo)", "value": "a05d0d9511fed709c0aff728f07242718947766a1826e601e5399677c4ee80d311d3b29c11a7f4830b2bba21b0eab170", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219986, "uuid": "7b312790-01a9-4e30-9f8e-f40a5c2ce937", "value": "T18E05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219986, "uuid": "cbee0378-a6b6-4d18-aa09-a0422ff459fb", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219986, "uuid": "9690fbfb-86f2-46b4-9dde-2a7fbe9b785f", "value": "12288:aA9e3OrvpgqjtQFecT6dddifiHxoB3rNd9CDr:blrvpgqj2Fe4Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219986, "uuid": "f463a8ad-dd2e-4b6a-beac-86167f22611b", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219986, "uuid": "f503bca2-f98a-4e3b-820e-abac27cb3a81", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219986, "uuid": "419dbc3f-762e-40f8-8107-501df557dacc", "value": "04537f91e4b4d8b2fe9fb34c3e1fe4b4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f51f6c48-7ebf-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643212345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212345, "uuid": "7f0d13ff-cb6a-433d-8772-ba1adec2a31c", "comment": "Malware payload (Heodo)", "value": "aa28202cb331eceb2c42513f76965ce4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212345, "uuid": "b1a65763-bb5f-470f-8265-1d29becee36b", "comment": "Malware payload (Heodo)", "value": "38627db3bd1dcc54c85be09836a55d435d6169cd6f4b37b4bb15806914030a75", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212345, "uuid": "25885f97-92d5-4ccd-a322-62f7e3d54d5a", "comment": "Malware payload (Heodo)", "value": "fc8b4e4f319535bcee34716f4922622e7d64ec51", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212345, "uuid": "80dd5dea-1df9-43f3-8ab6-ad47653824e9", "comment": "Malware payload (Heodo)", "value": "08c796da8de35f18a5ca14270ed8ba0197867cb361d09df45c2eb4f1fb9aa70bd33590293a0f912c59248f8e04e17d7c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212345, "uuid": "c5b2b5b0-4a51-4d9b-b982-c8fc8697e7ea", "value": "T17CD4B24D7F918F79FC5D017098CC8B7AA995E87B4A904F022ED6EA3ED5FB1424D18C0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212345, "uuid": "2cb7be14-ca1c-495f-a9e5-78f4642fbc7e", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212345, "uuid": "0fa97bf7-d3d8-43de-a9af-808350124ec2", "value": "6144:KfUdJ9dhe5HjGo3OvwX0ddpgqjlfBtAkIeTILkHMPtdddGLfloHxoB3J:aA9e3OrvpgqjtQFecA6dddifiHxoB3J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643212345, "uuid": "8933fe3a-3203-4a09-ad3a-35351b98340c", "value": 654690, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643212345, "uuid": "41ccc26a-78a7-464a-8744-9ff874b01b18", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212345, "uuid": "f7162a31-ccdd-48d0-a264-ea0ac6fa06da", "value": "aa28202cb331eceb2c42513f76965ce4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a471de1c-7ebc-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210921, "uuid": "45d3491d-0029-4a4b-909a-93afe245d0be", "comment": "Malware payload (SilentBuilder)", "value": "61979a1bbe5e8291e54b24080d709e1f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210921, "uuid": "354b6bba-5e3b-4da3-a132-2d0e8598829d", "comment": "Malware payload (SilentBuilder)", "value": "386f7aeac9c491033b4536e233bb6a415ef47756d12f38582b0c3eb008210ffd", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210921, "uuid": "8085fd1b-852f-4fe1-a86c-44619d4bb26d", "comment": "Malware payload (SilentBuilder)", "value": "4083b680ec6b81fc8955a7491fac49baac5da8c5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210921, "uuid": "4d33b2b1-3f38-40c1-9e81-54b9feaa6b71", "comment": "Malware payload (SilentBuilder)", "value": "ab4e056e897b3a2753658636499dcfa32c9b63b91d248e5668b36b03be24688c923249391d685530964bbebb90a0c2d7", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210921, "uuid": "77530c67-03d2-49a5-a7a2-d78b7fc77ac0", "value": "T1A3131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210921, "uuid": "e1e5a23b-d350-4ad5-95d8-95f9c277b643", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210921, "uuid": "ce46aaa5-c962-4737-98e2-5e9e12205abd", "value": 44760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210921, "uuid": "747623cd-a0d8-4ab4-a581-073c428bcef6", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210921, "uuid": "8d928ea2-9a7c-4347-aa9b-9b9e8fb57d9f", "value": "tmp6f9wdk_7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ca4585f-7ece-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643218532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218532, "uuid": "ff9bb413-17d1-4d44-8ffc-9c804c5ea1ad", "comment": "Malware payload (Heodo)", "value": "1f48ae29cc420c6108aba78551dd1efa", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218532, "uuid": "9161d0d6-80ed-45d9-a98d-8751badcea4b", "comment": "Malware payload (Heodo)", "value": "3872984e79a4204772c0663476760f6d88f37071558b3517cb204c18600e5c7d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218532, "uuid": "51d690fd-5c17-40d1-8775-f5e5ddd34ce2", "comment": "Malware payload (Heodo)", "value": "de6beb76da577590484246f28c627e0e3a528b22", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218532, "uuid": "1e4c947c-08af-4bae-8698-3c23013485c5", "comment": "Malware payload (Heodo)", "value": "64a7fd07f7739d45b3d549ea6c918d3f5d70e5d6acdf732418187e90fa0c1306a80e5d72091baa60e770e7deaa7bb043", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218532, "uuid": "755cf21e-7819-4d2c-9728-2e31a4f11df6", "value": "T176E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218532, "uuid": "d6c64e63-3940-4ae7-ab4a-f61f103c7d34", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218532, "uuid": "832b2acc-3536-445c-bbf4-4c9e9a9a49e0", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orI2G0Bv1tgV:RpncLJZA2LwpJsNtZUWeG/Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218532, "uuid": "f9e33c3d-bdfe-48e3-b938-987b146212b5", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218532, "uuid": "4b01d5b3-cc85-4234-814a-2be497fd7922", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218532, "uuid": "3fcb2411-674c-4c9a-b31e-eb3b2cf506ec", "value": "KM2ZIyy.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c2f4fae-7e4e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643163421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163421, "uuid": "aab9e57f-b161-4a0c-b5b9-dce75de01331", "comment": "Malware payload (AgentTesla)", "value": "05d5050b4ca5eed99802277c62e89685", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163421, "uuid": "ff4e827e-8998-4623-9950-eda55dbb154c", "comment": "Malware payload (AgentTesla)", "value": "387554b59e0bd52558862e1e51fa9b52a2c92ab4a54250c5bd0431185edadda8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163421, "uuid": "b37ce57a-0316-411a-b9c5-675d05306f84", "comment": "Malware payload (AgentTesla)", "value": "bded61b19d0b0111493b2c0666eb9b83b6ccbab5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163421, "uuid": "46870a8e-3369-4988-a487-73f803185698", "comment": "Malware payload (AgentTesla)", "value": "207d98af4bae8997a2e18c813852d675fed01adcb1bfbfb51d5295b541096b567bb5abe59684e4308877da6e47ec21a7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163421, "uuid": "cc440d51-063f-4d56-ba4c-f90d7df5170a", "value": "T1B555127826B69926DD3FC73C4772C65C4F7A627AD10BFA6E6D44B08D0961B404F42E23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163421, "uuid": "dd15cdcc-64f1-4843-a6c2-40867eea366e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163421, "uuid": "9ac6d8fb-071b-446a-956e-f027c31e7507", "value": "24576:nUjAH8dPl2ITt1lWktU0k0ehzLFCgTrc1zKViGWIANSCqCmURrOrSO/:d4X51lWsRe1d4171NNSCquRiF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643163421, "uuid": "2342a289-5a22-465c-a1a3-7f9600567709", "value": 1296384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643163421, "uuid": "576d3e05-40ac-47ae-8362-3ef13fadc66a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163421, "uuid": "1e93bc7b-6089-45a4-a150-6d3bf16d8c66", "value": "19012237419439.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caba3261-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177055, "uuid": "6c261f27-c84d-4997-ac0a-8b8e9afa0253", "comment": "Malware payload (Heodo)", "value": "b797633ed45bc90e4be65821177cc745", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177055, "uuid": "cd99340d-ab8a-439e-ad34-eff8017ac684", "comment": "Malware payload (Heodo)", "value": "38a72a899b03b1fdf380746febb7f82cc26f56441c0c396cb39dbedb9a37a1ae", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177055, "uuid": "15b01634-58a4-4341-9229-ea91c295282c", "comment": "Malware payload (Heodo)", "value": "72049e0811516eb06cdc60c43118970aeb1a8b40", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177055, "uuid": "b17fc6ef-4792-4bdb-8fc1-f8c52c25e435", "comment": "Malware payload (Heodo)", "value": "a9d632fde941feba3a460769dece3f8e0e5b91e3822664f9ca52d2a8f055557fd551c069f4565376d9cdc778c2dc508a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177055, "uuid": "9ad84917-0c03-4855-9eee-28f253e12419", "value": "T128D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177055, "uuid": "6f799794-f84c-48a1-8db4-8fe08011bdee", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177055, "uuid": "72a80819-bc43-43ec-b4e6-2504e782c8fd", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmMOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmM/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177055, "uuid": "7759710c-0af6-4384-8dc7-9ef1e71680fb", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177055, "uuid": "c336df87-4648-4a2a-bd24-f64c74b0d1a2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177055, "uuid": "f7c5ebee-ddf9-4046-a317-9a3715b1517a", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:44_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa76334a-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177136, "uuid": "af5258d0-ff47-4e3a-a542-56fba4713762", "comment": "Malware payload (Heodo)", "value": "6d4720fb518c3d75a3c6cb0162b0bce7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177136, "uuid": "37ad6974-3ae0-456c-9490-22e41865ed9f", "comment": "Malware payload (Heodo)", "value": "38cd64313c79c8de7d343097acee9342a14d0d7940f1f3a04b8a643c947fc1a1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177136, "uuid": "2eb15f2b-fc5d-4ad2-a57d-d53478cb8424", "comment": "Malware payload (Heodo)", "value": "8b84b6c622221551e9b3192040babcaff0227374", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177136, "uuid": "62a0b3b9-b089-45e4-b469-6a195d6d4df2", "comment": "Malware payload (Heodo)", "value": "554086222955e278ebefdb7ede97c4f667186a06038fe171981a399b709f21db051a73a457ee6e061e0ffac6fff6ee21", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177136, "uuid": "4c649840-a523-477d-97bc-c742eeb1b0ef", "value": "T10DE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177136, "uuid": "37f5bb6b-a0e7-497f-a7c7-389e93065dc5", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177136, "uuid": "8a5f190a-0a7d-450e-a945-d3b28ae75042", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lVNACHKm2tkJV8u:o87vGJzomxhwDbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177136, "uuid": "b5ea6e53-540f-4621-8f3a-33e9f70f66d5", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177136, "uuid": "58e699ad-532c-4274-af26-e9dfacb96f93", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177136, "uuid": "f6cdee2c-bcff-45df-9a64-07fb47f97810", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:43_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c13b58c-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643197969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197969, "uuid": "19d741f3-a02d-4f23-9a44-90bf5bf59d80", "comment": "Malware payload (AgentTesla)", "value": "a238c4890deec662ae0cbfb8118f86a4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197969, "uuid": "13045c02-a6f5-437a-bdb9-5d34716c50c9", "comment": "Malware payload (AgentTesla)", "value": "38f3ad285808296ea13d50b39abf2eb784fb0ae9fbd85a3680c1607b315309b3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197969, "uuid": "01227e45-761c-4dd5-9f7d-eb866e0137e9", "comment": "Malware payload (AgentTesla)", "value": "d6e67c067e2002d65c4b8be8a7a013aa0b0dea05", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197969, "uuid": "aa735484-05ae-4914-a0ab-8bce3b7a5cf9", "comment": "Malware payload (AgentTesla)", "value": "8a3f37d1371b50a0f661cd3c994c4c84d2a9a375b12f2e7393f10d007fe0c82abf23f8246317cc1a12d2f76ac49aebf2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197969, "uuid": "5b355a5a-69e2-4a0a-9175-344c003eb989", "value": "T1ED15BE6BF04DC82AD2AD097581CFB40C43B9B803EACBB5AA3F97F6096551F57990520F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197969, "uuid": "d7f73026-95db-4891-8d57-865d6df3b88b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197969, "uuid": "e365a414-d55e-4a61-98fe-f0165de6b96f", "value": "24576:tjjXM8Wzasw6tAxM4wCwbNxmxPmAJTVN5LztJvWV:tf8nzaj6mWtCwbQ5JhN5HrWV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197969, "uuid": "50fdf477-9ea1-41e2-bb00-228fba859140", "value": 899584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197969, "uuid": "391a431e-fbe1-4171-b81c-3065dadf56dc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197969, "uuid": "5485d40c-115f-455a-80ab-aa9d7f8f3776", "value": "716eis68.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6c4310e-7e45-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643159815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643159815, "uuid": "f22515cf-1578-465f-b678-317959c3125f", "comment": "Malware payload (AgentTesla)", "value": "f6dc97bac4f8f6a25a69752fa6422f86", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643159815, "uuid": "e2ab9ca4-54fb-4898-9f09-2c0ea8a695c4", "comment": "Malware payload (AgentTesla)", "value": "390e0d6df67662c3c1cdfed5c81c49a2e6833116369842f806c5fe819984eec2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643159815, "uuid": "0d0afb48-bc33-47a9-a955-8e79ffb8ec16", "comment": "Malware payload (AgentTesla)", "value": "a61239bb3382ab33a346282282681ac5c0eba8c0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643159815, "uuid": "9fb963f2-db4a-4fe9-ae1a-6f9aaff480af", "comment": "Malware payload (AgentTesla)", "value": "5e8788412c202f6774932bb904d52ca29f5a24e6f21e34d3812b03182d16d32c20424a35d6cf2f154b01e91cc9006321", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643159815, "uuid": "86408cf2-2d66-42c0-84d4-ece2647d98ce", "value": "T11945123826BA9A6BDD3FC73C4775866C4F66A27AD10BF67DAC44708C0961B004F52A73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643159815, "uuid": "f463c6c8-44d0-47d7-9a8c-f43ea7b2134d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643159815, "uuid": "208d3b83-27e1-4a8e-a6fa-62fdfcae6049", "value": "24576:xdjA//4+ORYU7IZcEnqVehzLFCgTrc1zKViGWIANSCqCmURrOrSO/:Y/URYU7IlOe1d4171NNSCquRiF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643159815, "uuid": "405c8262-5d81-4fba-9684-1d393732a2e0", "value": 1275904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643159815, "uuid": "c8a8d756-0640-4114-b770-74338633c43d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643159815, "uuid": "1416fa22-42d3-4747-aee0-c2fa40d739d8", "value": "DOC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "727b9d20-7ec5-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643214703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214703, "uuid": "9c89207e-1a6a-422e-8b30-77f9f3a42708", "comment": "Malware payload (Formbook)", "value": "5a373f74560ea6482666152dbcd6f5c6", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214703, "uuid": "72f1eecc-cc54-44c6-8c63-fc7ac7402fd6", "comment": "Malware payload (Formbook)", "value": "392d53e0df22582568a42204601870498810ad743786731f45e7850f8761d6f7", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214703, "uuid": "b95fae69-594c-4a12-9833-8acf26552fb5", "comment": "Malware payload (Formbook)", "value": "58754c2e1388cb35991369f4868409fe207fabe0", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214703, "uuid": "26de2de8-ef15-4243-a1c0-ab53c75490ed", "comment": "Malware payload (Formbook)", "value": "b5c0fe61962bfee3b82b786ec48cbc8c59b7376ca631f4aaf05da46a23a231e58adaf32b42fbd273412fc65c812a8d92", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214703, "uuid": "f76f20ce-c6ed-4bcc-86b6-e0a236712830", "value": "T17AB423E5616F0B9936E4CD2C9C6082F7131FF75449F91516B0CFDBCE3981E8B88A8A19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214703, "uuid": "d0f09632-857f-43d8-a1c8-b1dab0b29c46", "value": "12288:TTwbrfW9E0UNkPDXeecjVURNZ/LiW+6MV6K7ERUIzPlWx0JKe:XwbKkWLeegGJP5aEnDlWUKe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214703, "uuid": "cb43b5dc-9ff7-4779-a56c-657bc2cdc9cd", "value": 535044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214703, "uuid": "9bc95867-e98c-4dcf-ab59-5bf248293324", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214703, "uuid": "6e8f42d4-064d-42c4-a031-f5fe367dae84", "value": "DHL Shipment Doc.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2d19457-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643215241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215241, "uuid": "c9181a6b-dda8-4c98-96ec-bcec7f26aa9e", "comment": "Malware payload (Mirai)", "value": "5f4a26b95a8297f8b6159cdb016264ef", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215241, "uuid": "5cbbd229-6fb4-41c1-aa9c-faf6884b4ab0", "comment": "Malware payload (Mirai)", "value": "3941c7fcf8cac591456c4b478bc0a8a9f44e572e56da442d85b61e29e1b962eb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215241, "uuid": "1c947780-769b-4a98-b3f9-8e6994fd16d5", "comment": "Malware payload (Mirai)", "value": "712a1190972e2e889a82dff12b5d4604db03c543", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215241, "uuid": "a9b35fbb-ad6f-456c-a947-e2fece67ccf5", "comment": "Malware payload (Mirai)", "value": "fc28c8a9cf1ebbc45f58da4aea7f65a9b44ae61c22dfa9a15eeb54ce0d05af7fd84482bf6cae4e3076620594dc97a1b6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215241, "uuid": "aa0d1f4b-74e9-4f60-99da-d0c414ba7ecb", "value": "T1F6B2D0917321A074C6A01F32CD78C1ED71AB2989F3FE31232A185575B69758F27F868B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215241, "uuid": "f92ae036-0845-4222-9a02-e925ab9c604d", "value": "768:DwBA1NjQwcThlYlYXoKrEas4ccUcfhls3UozV:DwBA1NcwcThuuXosq4czcfezV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215241, "uuid": "e2204bc1-04e1-41e9-b879-4b8b27c4be0e", "value": 25000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215241, "uuid": "fed08142-3e4c-475f-a097-a1ac75f3b3c9", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215241, "uuid": "42d14ef2-ca1e-450c-8c50-93f7f7f69c54", "value": "5f4a26b95a8297f8b6159cdb016264ef", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0b37dc6-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207103, "uuid": "0d104012-9337-4a4e-9dcd-801bcd998264", "comment": "Malware payload (Heodo)", "value": "76167fd34b96bf58b70fd009928c097f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207103, "uuid": "c353a71c-ca65-4b64-adc0-77e43c74f4d4", "comment": "Malware payload (Heodo)", "value": "3941d3a7db43557f478efee994cb79aa78453fa5a62b845d0c76dc1ab95aa48f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207103, "uuid": "47a2a122-9656-4c07-894c-2c3efe1f49b6", "comment": "Malware payload (Heodo)", "value": "c63b5d4293ed513a2ffd944133b7898c10d2ef11", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207103, "uuid": "a3220a92-0bfb-49dc-9ada-a132d3389de3", "comment": "Malware payload (Heodo)", "value": "566e277232317561d9014feaecaa5b58d58d9032d3ff46804efd6cad06ff38bd376790ad90e3f2abd3484c78039a44d3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207103, "uuid": "682473da-d0f2-4517-a9d6-badbff668218", "value": "T165E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207103, "uuid": "58cd1e00-ded6-4f80-aa75-8189b63398dc", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207103, "uuid": "140e876b-8b25-4b70-8657-acff0e4297c1", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIxG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGoOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207103, "uuid": "0d2c0872-6f6b-4183-a1f7-56fa21d443c9", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207103, "uuid": "775e1942-1f1f-4787-ac4d-d8fa1556ff37", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207103, "uuid": "e9122ce5-85d2-40c7-99c3-785f1e7f34f8", "value": "76167fd34b96bf58b70fd009928c097f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14ede16e-7e8f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643191353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191353, "uuid": "4a344436-f88c-4acb-a1e9-a11d460533d1", "comment": "Malware payload", "value": "474cb1d629198359e40685fda91d2e8b", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191353, "uuid": "458bb98e-0413-451d-87c0-39609068a56d", "comment": "Malware payload", "value": "3967a0a4fbbbfbe2ebafff03707092774369064453afcd4d8304d73364050ef9", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191353, "uuid": "483edf6b-24d4-4330-9894-f8e1e8b8c9e4", "comment": "Malware payload", "value": "8ccb33f02ffe32b2f651b792dc8e15f3df355d1d", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191353, "uuid": "2eea389c-92df-45d9-a261-7a8b955b2d02", "comment": "Malware payload", "value": "8a38d6a34728f014bafb7024d00d3f94a488747c5fd71ffef3e68fd1d9f924894c2afe2303e92ac6bb91c6f41186a494", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191353, "uuid": "0bd24ee1-9557-4d1f-809c-41e6c6e38cbd", "value": "T19D7533694B62CE634E5F1CA16CA4112EE3FFCF4029C92A511DAB478C4508F7E1F616D7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191353, "uuid": "3a702eef-3f75-4a31-9441-44fcccdde2a2", "value": "24576:/HRlKrQnYNuZadF59eOuJ/A3YWCgWIyOCkfukaB8jE+nejtU4YponmxOQ8ybIIRm:5l62ZQVhKAtCgPZvej4inmx38Io5eKL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191353, "uuid": "99de27fc-a97f-4032-983a-16bb6bd20f46", "value": 1624653, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191353, "uuid": "74ee13d2-4261-4175-b791-a208b3443404", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191353, "uuid": "701927dc-06e2-4b5a-bdab-aa33de0d5520", "value": "MESSAGE.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54011bc2-7ee8-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643229684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229684, "uuid": "63a5c856-d29f-42ff-af59-fa0837263626", "comment": "Malware payload (AgentTesla)", "value": "18b9f4454420c5094a1c9e48334092d7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229684, "uuid": "09ffc63c-00dd-45a3-b214-e2536876f3ea", "comment": "Malware payload (AgentTesla)", "value": "396a51cbdf7c6a9ab6e4f57331a9a5fdd4108ff9169b6687bf3c15f2ba70698a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229684, "uuid": "3dae14af-f5a4-4084-a5ed-3eb81bb94451", "comment": "Malware payload (AgentTesla)", "value": "122c4cb69ac7181b32464e8aecfd62de85bfcd72", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229684, "uuid": "3c1600af-0b00-438b-ba7d-0ac6d0f076be", "comment": "Malware payload (AgentTesla)", "value": "0cd9ac4c0743bc7748373abc549e8e45a60ec04a15386ac6146b0670712ecb95d922ea06418073189ffaa08bf1475ff2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229684, "uuid": "5afa36db-44b0-4d3e-a487-94e25abdf1e8", "value": "T189651239A876CEA9DC3BD33A1772C05C4F6272B6E156B5BF16C8325E0850D5086ABD33", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229684, "uuid": "dec56fdb-ed77-4abe-bfb9-6bd1331e630d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229684, "uuid": "906e472e-c474-4d1d-a8e9-6d8e3087653c", "value": "24576:IQjA19oKjUVvbirqsOlhuRehzLFCgTrc1zKViGWIANSCqCmURrOrSO/qbLIusQUH:W1qKYVzim7hAe1d4171NNSCquRiFivIh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643229684, "uuid": "7281ebdf-3aa1-486a-941e-70cd0791f886", "value": 1472000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643229684, "uuid": "431868f1-ac4d-4d4b-9d03-5615fffa5dfc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229684, "uuid": "0d007da2-6607-4674-aae6-9a8883dc22c4", "value": "TT copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d3f5b0e-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1643197863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197863, "uuid": "33882b12-9992-4fc5-887a-25efe7a6c883", "comment": "Malware payload (NanoCore)", "value": "036f7890e6e19a1de41ea9c326f30742", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197863, "uuid": "dee32b67-2183-4556-93ee-200f5163400c", "comment": "Malware payload (NanoCore)", "value": "39896e26bce7833af0016124109693ed3ff222f2a6f2409bf8352533cfa9d304", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197863, "uuid": "20f5d905-afa9-4ceb-8710-c088096136e5", "comment": "Malware payload (NanoCore)", "value": "3ecaf58fa2e994b2c389c184885eba0dfeda17ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197863, "uuid": "d4efc644-55fb-40ed-b5d4-dfecc6693c01", "comment": "Malware payload (NanoCore)", "value": "92dac5586aea03c256d79cd259baec6c47add816ba0d000434bd682635a4a4bab2e97ecf99f084f3c6d70c09fafc8f4c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197863, "uuid": "0a525752-b1ca-454e-a28a-7c99db5a3a8d", "value": "T1ACD3D7653BA9E60FC9E88D34BEABC212AB6DDF9247F7060626D53075CEB444C3843179", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197863, "uuid": "8385fbda-6f64-4a10-90b8-91a2b7bc3c67", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197863, "uuid": "2dea5071-36ad-4402-8152-525d25c48cba", "value": "1536:4+7b62tbycmp7bGoPhH9ZS6WNdM2MyMxMdM65GMCMbMS1jzv5MhMdSJ3DGVSelN6:r7b63moPV94z90is", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197863, "uuid": "7cd0b8ad-52a2-46d0-a68a-67ad8cafac09", "value": 137216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197863, "uuid": "1d52743d-eea1-4480-8b08-136fd0c6e907", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197863, "uuid": "522b1af9-974a-4665-9f0c-f03f4a8a091e", "value": "Divit-RekutPO260122.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3446e5eb-7eeb-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230920, "uuid": "076dfd14-0bf8-4389-b871-c23252a8e8c9", "comment": "Malware payload", "value": "634a457966e4aebe14c44c204a4fed86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230920, "uuid": "1fdea136-fede-4bff-b4cc-9089e3f27dff", "comment": "Malware payload", "value": "39f7b43c182fb69287831fd54fc6cc7733a22430f876416cb3a5a60c1da1faa1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230920, "uuid": "d3eac3ba-f5a8-4e69-a168-06d5aaf43666", "comment": "Malware payload", "value": "f62dfe7c3a0db8ab50d4c858020a57503b479944", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230920, "uuid": "6a878806-42af-4ed7-add6-1a35b005759d", "comment": "Malware payload", "value": "10d291ddaddb821ccfcd62b46faa6c70e62971529124924d3a12d935d09368de0c86b509113525d22f8137f4563bfcdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230920, "uuid": "3b06c4c8-ca0a-4fd1-8a95-6b5f1c127c48", "value": "T18A82B60FB598E9F6DCA32EFE5D362A014258FF2399319A8A10463109FB7F7501550FEA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230920, "uuid": "19c9d6b4-af39-41f4-b6df-d681e0de65d1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230920, "uuid": "a78e1a9d-0ed0-47ff-8789-eed0df1f2b08", "value": "384:/iGZXCLVYfbXlmgR4LtLNvtQWyg157AgOGWag:v+CfbjsRIWtOB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230920, "uuid": "fcaf4aa4-3a25-4ddc-94a8-e7c27c0cc1c5", "value": 18432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230920, "uuid": "546d6a88-2a66-43a2-a545-7f034945e9cd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230920, "uuid": "82fa6a33-5f48-4008-a4de-27e0c45f8bb8", "value": "Attachments.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80badcec-7ecf-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219022, "uuid": "87cd0332-c591-4fcb-8aa3-40b224e72e8d", "comment": "Malware payload (SilentBuilder)", "value": "3f52456e9f7b751d9bcb03af8d404e3d", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219022, "uuid": "8a1d5d2e-6b9a-4b8f-8c65-21ece662ddf8", "comment": "Malware payload (SilentBuilder)", "value": "3a136e1106b927b8c1e83a6bbf1ae6e6c29ec106af7134032c8b7d65e185a469", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219022, "uuid": "52af36c2-e90c-4c4e-a682-53eb16bd1bef", "comment": "Malware payload (SilentBuilder)", "value": "9f4e36002a1f342b95b749c6785c089b1f4b5331", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219022, "uuid": "31a773e8-31d7-4a23-b4cf-0cde57c9086a", "comment": "Malware payload (SilentBuilder)", "value": "9f7e5e4edd188172564c1c340ba14c081b6f7a86e7792c64a1837fa855188d503067b344010ac1635c831fc1d4673522", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219022, "uuid": "9eced28b-f226-4937-b488-d736a4e02665", "value": "T154131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219022, "uuid": "2221eeae-ad5f-475d-ad5a-86bb93c82b0a", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219022, "uuid": "64a56cfa-61be-458d-a753-d85162d67626", "value": 45313, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219022, "uuid": "cbaf10e3-61c2-404e-8ad9-642fe3feb3f1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219022, "uuid": "1e45a498-8619-4e47-985d-20f69da777d8", "value": "tmpi_3hrjtn", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b345aa9-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643221617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221617, "uuid": "6c2b9f4d-72cb-4593-9457-f3b95a8cc542", "comment": "Malware payload (Heodo)", "value": "77f7b0164fffc0639a3d44bf0d2fb52b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221617, "uuid": "1741df8a-9220-4162-aa88-9d000df8dfc8", "comment": "Malware payload (Heodo)", "value": "3aa1c9f8bc644043e60e8b545fb31644d853f8637c8c388e186210d3dd10b6e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221617, "uuid": "1e9f0a79-1006-4b81-a431-ddcfb58298c3", "comment": "Malware payload (Heodo)", "value": "21892683c2ac7e76079ff92738ddcf3ea8d34023", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221617, "uuid": "36b7c8d5-1f23-4d49-a3fc-be1ab306da4b", "comment": "Malware payload (Heodo)", "value": "11e771367d2bf405598aed31c32bdca6e288688d82c8de4d5aab94e3e55784e54ad9bab1753804fb51343e9a04048b3a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221617, "uuid": "d21f4127-6fa7-42d0-a18c-0d0085e9c9ee", "value": "T15305F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221617, "uuid": "f9610955-729c-4cfc-966c-d239e6d3a152", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221617, "uuid": "c9626719-8d01-405a-b8dc-91e23e480a03", "value": "12288:aA9e3OrvpgqjtQFecJ6dddifiHxoB3rNd9CDr:blrvpgqj2FeSQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221617, "uuid": "e29681da-19a9-4573-914f-739db68c9a87", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221617, "uuid": "7050e8f0-e843-4939-97c9-7cc8a9e48c6f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221617, "uuid": "e4f4b107-45f9-4809-b45b-bf52ac0281a9", "value": "77f7b0164fffc0639a3d44bf0d2fb52b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d86408ae-7e8e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643191252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191252, "uuid": "a3e2bb8f-6ab2-4bf3-a728-332b9b122575", "comment": "Malware payload (Heodo)", "value": "513fa01ecb271d8693735a62b6ff77d2", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191252, "uuid": "81f61320-d328-4af2-92b5-00d0a1cfb9b5", "comment": "Malware payload (Heodo)", "value": "3ab00b4944b8bbd8d300c4e67eb345a0c7f5eeaf22ae706aed7eb8643ccbcb64", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191252, "uuid": "3c448b67-f272-4b96-b7a2-9d88779e88fb", "comment": "Malware payload (Heodo)", "value": "227cf783e5e4b323bb13199e173f58951eecb8f9", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191252, "uuid": "5520774b-b3d7-40b7-be88-7e907937542e", "comment": "Malware payload (Heodo)", "value": "483fc5bfe80702472eec91b458cdcc9df0eaf3defc6827eaa52239781f7146b8ca8a511d59d9956f99f0d8e63c90e6e5", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191252, "uuid": "a0816876-6001-4d80-bc5e-f3e8cb626515", "value": "T107E35B6576B5C9F6CA0407B10AD2CAFA2327FC779E5603E33198B30D1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191252, "uuid": "65164612-4ca7-48c2-9353-407fff5a2066", "value": "3072:C7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGxg:8cKoSsxzNDZLDZjlbR868O8K0c03D38h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191252, "uuid": "802b24db-c6d0-45e0-a983-b52b06db3300", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191252, "uuid": "2943b6a5-d9cf-4a91-934a-25217d76bd48", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191252, "uuid": "dac89151-5579-4ff0-b4be-3465f0387a75", "value": "check.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31d7a491-7e92-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643192690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192690, "uuid": "88edef8b-0dda-4a05-89cb-f34128bf22cb", "comment": "Malware payload (Heodo)", "value": "3a0b64248e1394631c0b510beb7c20aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192690, "uuid": "57f11aa1-336d-412c-b4ab-e953ab5e5cfa", "comment": "Malware payload (Heodo)", "value": "3b65f79ab9e0940bd0547b1042206468af2ed3bd53dfb12199eb97fd0471b64e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192690, "uuid": "3da788d5-fa15-42e0-81ac-34f2a11624c1", "comment": "Malware payload (Heodo)", "value": "b8d7deeaf1e2de8653af72d5d979153951f70d79", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643192690, "uuid": "7c90d7f0-d28e-46ba-8d24-fc1f9a50c48b", "comment": "Malware payload (Heodo)", "value": "799e7e1dceb8f28931cbb79b7d6c79e0925dbe3f52b28858ef9585fc52347ba266aacb9c789d687ac15b61ce8771009e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192690, "uuid": "27713a3c-9abf-4faa-9b23-c33fe004abdb", "value": "T1C305F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192690, "uuid": "51536a14-e4b9-4129-8c7a-1b90fdee9ab8", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192690, "uuid": "ed430f60-ba05-4885-8721-286ff970f624", "value": "12288:aA9e3OrvpgqjtQFecd6dddifiHxoB3rNd9CDr:blrvpgqj2FeSQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643192690, "uuid": "7c5b6992-2b8d-4184-9992-8313ca3a4ed3", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643192690, "uuid": "303a5c00-9d40-4978-a5a4-65fc5f5ff037", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643192690, "uuid": "4b935bc6-b63e-4bfd-b00a-dd5c0ed2a84a", "value": "3a0b64248e1394631c0b510beb7c20aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8a1eebd-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "cd825650-e063-4bd9-9b6e-831a2789487c", "comment": "Malware payload (Heodo)", "value": "59a0b9ce628d608275011aa428c5779c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "207a11bc-abf0-45db-8346-5c2ec913b1ac", "comment": "Malware payload (Heodo)", "value": "3bb3e941854d7dd1f4935ce273ee1640ca1ab75146abc3fdf27d1973741a0a77", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "29c048d1-d7fe-44cc-8450-9c7c0851cc25", "comment": "Malware payload (Heodo)", "value": "a659c0cb0424354dfe6291186de853a43e6f2b4c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "65088975-c322-4180-aa86-784d3300c709", "comment": "Malware payload (Heodo)", "value": "33536f9270d08a7163f0edfebe705430b57778f21cdd662f6ed29afa02903d7c4311b720e315f4ecfc464e8937030d46", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "5513823f-7002-42fa-8ae4-0b1387e36a83", "value": "T1C9D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "4eaefea7-ab54-400f-abb9-dce0877440dc", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "9b8efbe6-f9c8-4d65-8722-fef3850e401e", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmTOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmT/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155577, "uuid": "76ba1672-76ab-4042-976a-28bb022d6e9c", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155577, "uuid": "80f99b34-acd1-469f-a379-daede777a172", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "48700516-fddc-4770-8c62-7c6b973c2f66", "value": "emotet_exe_e5_3bb3e941854d7dd1f4935ce273ee1640ca1ab75146abc3fdf27d1973741a0a77_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72f33be9-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219858, "uuid": "0fea2280-5692-4832-8ee9-05c259e3b836", "comment": "Malware payload (SilentBuilder)", "value": "f546a14b75870cbed41a93e3e2205be6", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219858, "uuid": "260842ed-3d43-4eff-a782-4322f0cd0289", "comment": "Malware payload (SilentBuilder)", "value": "3c114999a28212b16842ce26c2e19af4224472e52eef042cc407b9cfc2135165", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219858, "uuid": "c8f2ee2f-55aa-4aa9-9e1b-eab98eee1636", "comment": "Malware payload (SilentBuilder)", "value": "529ad5b3b30c6dd8cc4faf1cf6b17740ee6116fd", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219858, "uuid": "554c2d05-8b0c-4d0d-92fb-feeb5771a811", "comment": "Malware payload (SilentBuilder)", "value": "d2bb65b267589ac450e43c927e4c327485cd6186f587bf6d010d8f88c2f7ccdc41d426c1cbb7eb29f338b49ef3015a67", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219858, "uuid": "01caac8c-dd3f-479a-afed-e94a20afdeb4", "value": "T11A131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219858, "uuid": "1f53f49b-aca8-444f-af9c-6968717093c3", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219858, "uuid": "67414f53-57dd-4e2f-9fb5-f48af6ae06e0", "value": 45198, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219858, "uuid": "8367e109-9a07-48fa-9bde-487e9cfc5568", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219858, "uuid": "c278bb52-116c-42c1-b99c-b4e2ae0d272f", "value": "tmp_06ojw9n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d26eca2-7e6f-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643177838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177838, "uuid": "6572d46f-0282-4a5a-b8fc-7f2f14957f46", "comment": "Malware payload (AgentTesla)", "value": "1f4e6e618b001c5910323eda0eaeb688", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177838, "uuid": "9cb513d1-9ed3-4285-ae68-f1abd4f08596", "comment": "Malware payload (AgentTesla)", "value": "3c5e92a7f4d415e1b9fa7e3fbef4bd18e9ac26cfebbd98b68b5253d11c83320a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177838, "uuid": "12aeaf02-1b78-4390-b3a2-c9b9f39b42b5", "comment": "Malware payload (AgentTesla)", "value": "5621480f5b6d9a9f6bd75515a1322ae7b61bf538", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177838, "uuid": "d0ffd700-5948-45b7-a7d7-c0cb1693215e", "comment": "Malware payload (AgentTesla)", "value": "55f267decc7fed0213dc33b1200560dff5a328c9fed8eaa6ecf1f528b1a684ce03942f4a20cb626788f810688a699ba8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177838, "uuid": "07921671-139b-4c7b-9ca0-1ba670a01c42", "value": "T19805D15532E0C134D29D3C3588A47541AB37F1AF78D2F9A0EEB2DB457BB5B84AA00973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177838, "uuid": "151812f8-4dd1-48a5-9f6e-f627496ef63f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177838, "uuid": "c73de6c9-35c6-4652-90fe-fb4c3cf03c5e", "value": "24576:UvL6YUtriEM0zM1MEwWAFQ/Dn9i/E00tNwXq3TrmqwJn:U2K0zMSRLwfPw0mqw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177838, "uuid": "551e4ba9-4691-4ae9-a81d-fcc607aa15bd", "value": 842752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177838, "uuid": "0499c8d0-47f1-4538-a8f0-f31bbb402cac", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177838, "uuid": "c216841d-f5cf-4f87-8a58-321e2830733f", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0dc5473-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643199400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199400, "uuid": "cfb844be-08bf-46ae-afad-fe97e566ecbf", "comment": "Malware payload (Heodo)", "value": "515b7566770c5166b0e90ea279185b95", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199400, "uuid": "b5f52539-26f2-4dee-8c7c-786c3f7958cf", "comment": "Malware payload (Heodo)", "value": "3d18f8790f76e349915e84b34badfe2aefd03c89345eb9ff7d243e3cf9a13389", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199400, "uuid": "4d9ca331-aef1-4c44-b5ad-fe749edf6e68", "comment": "Malware payload (Heodo)", "value": "81cc303eb4877e04a42a45e017a8dabb79f0aec9", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199400, "uuid": "6941d11b-dfec-4bcb-97ac-90aaa414cfe7", "comment": "Malware payload (Heodo)", "value": "fe510fc453dfeb4a5a482b9489a5733d7679595e1446ebd6570ee512b7658fe57a59ce01afd3fb75023d09535990d1be", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199400, "uuid": "f35e368a-439f-4236-abe9-cc9f2d01b4db", "value": "T154E35A6576B5C9F6D60407B10AD2CAFA2327FC739E5603E33198B31E1FB91509AC26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199400, "uuid": "3dd84176-0898-4eff-9a63-c2a98b6f3bfe", "value": "3072:T7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI7Gxn:/cKoSsxzNDZLDZjlbR868O8K0c03D38n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199400, "uuid": "6d2d2e5d-e0f5-439f-9b28-8ab8a0c4a16c", "value": 147456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199400, "uuid": "e4287653-f57e-4111-9209-c869ccdce3a4", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199400, "uuid": "6839bf27-2702-499f-b1c4-f91a7466d1f4", "value": "OMICS International.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd5a46e5-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643199421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199421, "uuid": "d25bd471-175f-43a7-b1e5-29ba9213d2ed", "comment": "Malware payload (AgentTesla)", "value": "87b9c6460891009725798ae4c32b2e7e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199421, "uuid": "f3c18c46-5e61-4217-860d-d436e3c7e1eb", "comment": "Malware payload (AgentTesla)", "value": "3d80b212ddc73f9482d727da931e74d180c98702b597dfe21f32a7bb1325e362", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199421, "uuid": "acd762a1-9e3f-4b47-a290-ab785b40fdef", "comment": "Malware payload (AgentTesla)", "value": "4dd832c1a9eb19225499dd53134bd73f0fd4aec2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199421, "uuid": "5489a57f-2a26-4656-9fa0-b77095868ccd", "comment": "Malware payload (AgentTesla)", "value": "5634d0b797f4b5dc2cbbdb23b68ec6040ebf6dca15b3fdfae9ba40c2bd0baa1826195ad2908497f9798da6bc5971373c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199421, "uuid": "5e71eda8-639d-402d-acc4-8450b6273f7b", "value": "T121053329DB56B7EF3E0240E3F21864587E1913F01925D92D3EB67480BC7F1AAAF52135", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199421, "uuid": "414abb58-2a7a-475d-8dcb-3eaf3917ed6a", "value": "12288:pZ+h1h6Y6FaY2WqVznXODVCIKOSZODGWmYd+b/2ypNHOXb1XEAq9nG2bn:r+hCY6FaYGJ+Vw+mY8uy3uXpX3InPn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199421, "uuid": "05d4af71-e605-4dd0-bad3-7a9ea96a7d0b", "value": 797381, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199421, "uuid": "a771afbd-6713-4344-8665-d032def7148e", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199421, "uuid": "e58e78c6-663e-42fb-9d17-d8b903b6a163", "value": "Purchase Order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b49fb3e1-7eb2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206654, "uuid": "932478c8-ef28-4e7e-ab6b-739776ebe5ae", "comment": "Malware payload (Heodo)", "value": "158cd213472c29b4e1102a10af0631d8", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206654, "uuid": "63e4aad7-368c-489e-8f9e-657ef7fdd44d", "comment": "Malware payload (Heodo)", "value": "3d9c06f9c5edefcfdf7ec17e8ef42e4d33eef0dd0191c4d528dab109dca935fb", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206654, "uuid": "b355a6a7-3f22-4265-b96f-d6e9af68f664", "comment": "Malware payload (Heodo)", "value": "9278d986ca7ef7522b0497cccec4abd819d0b132", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206654, "uuid": "9bba0c4c-5c26-45d4-9330-61cebd57ed9d", "comment": "Malware payload (Heodo)", "value": "f14917c4d260783ddc17bf80af7d6e4da4f95aa578398913c9194f9068f6b594d9a9f6b97334310e98445b6b9f270f05", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206654, "uuid": "2609d7ab-afc1-4f27-b6e9-96a2f299b7de", "value": "T131D36B65B6C5E9CAC70523350ADA8BEA33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206654, "uuid": "007a4cf8-583e-470b-863d-4c11c17ea8be", "value": "3072:LcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0b:LcKoSsxzNDZLDZjlbR868O8KlVH3jehU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206654, "uuid": "d358353f-8581-4670-95a7-6138b73018cd", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206654, "uuid": "34774bd3-4d0b-4def-afaa-e0b3b8f6fc9b", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206654, "uuid": "e14cdf74-1460-45d3-baad-556a2c4081d0", "value": "tmps1n0qond", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7885de1f-7e7b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643182930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182930, "uuid": "2be634b8-6687-4d9a-9e5e-cae798fa4675", "comment": "Malware payload (Mirai)", "value": "0ef6a94b16440e872ba19aa91770ebae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182930, "uuid": "f6779d01-87e1-4fd6-8160-ef72ba92a77f", "comment": "Malware payload (Mirai)", "value": "3dce88bf07dc89c8c2135587e454d6cab168323457cc6c6c52d14b6c4ca14767", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182930, "uuid": "95041416-c259-4577-9f4d-7e35d22917bc", "comment": "Malware payload (Mirai)", "value": "efb68df67d704a9e368622d103ff16d773665ca7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182930, "uuid": "fba64e29-dd1a-4b77-896e-fb88dbb1d76a", "comment": "Malware payload (Mirai)", "value": "ff875a52a11934009a03944b2660d6106b45dff2d933926d7af89d2870cb53cbd78d3c50bb620c70489643b0d6a109ec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182930, "uuid": "d9015442-96b8-4ba8-9f2c-bb403d2f4f5a", "value": "T1DD833A82F9C1A612C5D5667BFA0E018D332653ECD2EE3213DE259F6237DB16A0E7B051", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182930, "uuid": "90426368-343a-4a00-87cc-ca2bec5cb327", "value": "1536:m27zvp+ppw9sGGt84akcUIH3MUo1gvdjQmZcaPpFVARjTYn2KGPXtYcv9r:fzvGb8hGIcR1gvdkoxxFV4jTm2KGPx9r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643182930, "uuid": "98acf265-fa15-45c1-8bf9-0763830bdcd0", "value": 87328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643182930, "uuid": "2c9ec05d-37cd-4b75-b8b6-7bbf98e0c67c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182930, "uuid": "450d49e2-6025-4ea7-9b5e-23f8b5685fb1", "value": "0ef6a94b16440e872ba19aa91770ebae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86ffb363-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643213449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213449, "uuid": "323ca167-b007-4c49-8dce-d2f34fac4933", "comment": "Malware payload (Mirai)", "value": "a87f332ddb0fc8a27f8c11c3a5bcea25", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213449, "uuid": "fb326e10-70db-4a15-b177-b78f906b608d", "comment": "Malware payload (Mirai)", "value": "3df5ab6f69d99efc18310d36a671ab47d5d270cf2091bfe387ce313711b46255", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213449, "uuid": "f8a16673-01db-4657-b5f3-8736b25bbce0", "comment": "Malware payload (Mirai)", "value": "72607c7e79c08340c772615984f0831a02ec4f50", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213449, "uuid": "5a970c43-347d-4c35-aed4-b4a7888dc330", "comment": "Malware payload (Mirai)", "value": "29f3626eb093b31ff91ceb37244f281c0c4c32c1e3f1af773a597796c6640bb395a6beec7b2fb801f0eec25e455ed2b1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213449, "uuid": "7e270766-e053-4bf9-9399-f5e29f3b9095", "value": "T1DAB2E1D5D7AB2BD3D792D332E0BC994DE1722AC10746441E110AB25E93A760E47FB3A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213449, "uuid": "229b3725-1dd2-400d-a947-2b1180c5a8c9", "value": "768:a/QOC0Yhn6ROHWF/P+cwNlwFCnNBxc4Lcz:a/nihneFzw1NBabz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213449, "uuid": "b188a0c4-936c-4d8e-a903-2948925fef01", "value": 24720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213449, "uuid": "64aadcf2-81b2-4eb2-a62f-4f9c2f5f3d26", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213449, "uuid": "c9e22621-5119-41bf-acf6-d09014c2597a", "value": "a87f332ddb0fc8a27f8c11c3a5bcea25", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81b3fe81-7ea5-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643200985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200985, "uuid": "b159779d-10d8-417b-9f3e-14e136afd265", "comment": "Malware payload (Gafgyt)", "value": "6843a4e78092e998c39172ef0cddd5bf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200985, "uuid": "dc98569c-287b-48ef-9a99-2f7447d723f2", "comment": "Malware payload (Gafgyt)", "value": "3e2b049b821adb4ee86d2d8e62463841385e59fb80b6e353aafa001f0001242f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200985, "uuid": "18d4007e-bad6-4818-8290-4ab32d2cc466", "comment": "Malware payload (Gafgyt)", "value": "64d86665866669fbbc5f8786bea5bf5320b22f16", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200985, "uuid": "793c3c11-5b8c-4951-bf34-b5bd64a62e8a", "comment": "Malware payload (Gafgyt)", "value": "7bd4e136d95e7b846dd91d62b3437a91d703914cfb545e754c7f461ce4e43a322aaf9dbffcadf1ceb94e7fcd985821ff", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200985, "uuid": "f0b9a605-7bef-435b-a446-a3749fa957c4", "value": "T13EC32B273B231E23C0C9547102E31331FAB9DB6938B953D7E9D06DAC2F26A943456BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200985, "uuid": "31e84e48-918a-4509-943c-1710914125e7", "value": "3072:/YNa/GLBNPoQVphakpiQ9/nYEP/UnSQf/R:6a/yloiphakp39/nYEP/UnSQf/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200985, "uuid": "cb8b578c-93ea-4569-9d5c-cc0265a21841", "value": 126929, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200985, "uuid": "f77540af-1988-4f07-9170-67afc478ea13", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200985, "uuid": "21d54de3-be33-46c6-ad4c-0812ee9a6159", "value": "6843a4e78092e998c39172ef0cddd5bf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "382f186e-7e99-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643195707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195707, "uuid": "c856550b-7bba-444b-a3c6-9b2482b5ad0f", "comment": "Malware payload (AgentTesla)", "value": "36ca089a8186f16ebf02c7ac73616ea7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195707, "uuid": "1e7b3a25-ae5b-4c30-9cbf-cb6df8817880", "comment": "Malware payload (AgentTesla)", "value": "3e54c1d9aa98aff77d2cf7b27f92e4633ea54216ade56f7af3a39c6dd6490494", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195707, "uuid": "8a52cfcc-56d9-4f92-bdea-05c7a63ff467", "comment": "Malware payload (AgentTesla)", "value": "f961c30feaf1d274775e6f6167c26bd5303d981d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195707, "uuid": "b4b9feaa-067f-4498-83ef-2de85123973a", "comment": "Malware payload (AgentTesla)", "value": "c3ec709134287aa02fc48f49418cb370e3cb05151f49ec408d8c36dbbb04b8b6b35e8abd0991729f2fbf36634e7fc282", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195707, "uuid": "aafd780e-7809-43d3-a52f-7443167a3466", "value": "T14315E104BBB48762C17A5BF814B230088BB4396AB53ED5D56CCB62DB4BF9F109562F07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195707, "uuid": "9c98390c-d979-40bf-9db5-db4267b987e3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195707, "uuid": "78bf46ab-642e-4959-af97-4e485956041a", "value": "24576:MjaHss1aF19X/cFUexQO42L+VxMdyksh:MjOHaBiUe+OgVGdZsh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195707, "uuid": "dc740c52-5ab3-48f4-8202-7b998aa2af79", "value": 922624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195707, "uuid": "14a01415-1f19-4cd9-a137-6c15f5e5060d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195707, "uuid": "f7f64552-0538-4bc5-8301-16e29e2500a1", "value": "SecuriteInfo.com.BackDoor.SpyBotNET.25.27271.25097", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed6f7343-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177114, "uuid": "b6ac24f3-a7e0-476b-ac59-696e80596626", "comment": "Malware payload (Heodo)", "value": "22f117c109267c6b435adf6ffaa63277", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177114, "uuid": "6fda01c9-a76e-4372-a4c4-c23b960f2bb0", "comment": "Malware payload (Heodo)", "value": "3e7aad094a42e3bc620f5957a6ab347ce948971b7f2daf02f47aaa4ee6d93712", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177114, "uuid": "bfbf0fb2-196c-4257-80cf-b9f47fb0163e", "comment": "Malware payload (Heodo)", "value": "4e92fd946443cec9cf808ccbf86db881a0245b90", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177114, "uuid": "e21d0c2b-f763-403f-b16d-e3adbf391ab2", "comment": "Malware payload (Heodo)", "value": "15fec2f12aa25f1eb397fc7fc01b21af98b00110491cc491412a557403941bca6c9047abe5cac0d88448cdcd76567ddc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177114, "uuid": "c5fddcb9-5429-4209-bc96-e651651b8ff4", "value": "T107E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177114, "uuid": "f02e515f-21ca-4a02-a7e3-d75a36d3c431", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177114, "uuid": "05e84119-e61d-4b55-870f-1bafa575de32", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lJNACHKm2tkJV8u:o87vGJzomxhwHbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177114, "uuid": "cb2105b7-3b46-44cc-af35-ee9cf89fda12", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177114, "uuid": "ced83ba1-2191-4493-99bc-979b14e73016", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177114, "uuid": "7de4493d-2939-437b-862c-7369a84efdb7", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:38_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b24a77f-7e78-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643181646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181646, "uuid": "a33f06c9-ff09-4369-aca6-12c32ec0e609", "comment": "Malware payload (Formbook)", "value": "6a0c66b62670c0592ecc348da92a23ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181646, "uuid": "c9fa16c2-e879-4419-b464-4845e607df7a", "comment": "Malware payload (Formbook)", "value": "3ef3defaf18516b080d3e6536b6f076440cfcd53adfd0c3b5eba1330a4293224", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181646, "uuid": "cca2006c-1bad-402c-bcc7-7e2bc1622260", "comment": "Malware payload (Formbook)", "value": "c8947b17eeafffa42e7cd09e92a6a9e8306b33a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181646, "uuid": "b57fbcdf-8f1f-4771-b364-7fbeef176a49", "comment": "Malware payload (Formbook)", "value": "67c4b339873bdc1ac77b0dfe5f7a9fe2bafb7f93214daf81823a062428358fe4121a317d23e926ba8de05fae7dfc7d81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181646, "uuid": "056d3668-95c9-46ca-85a2-c4fce9a10e59", "value": "T1D7F4DF1532E0C134D29D283988A07954EF73F16F78D2F964EEB2DA057BF9784AA04973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181646, "uuid": "70924dbe-95f5-41f9-b7cc-8bdbb857c7db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181646, "uuid": "364b2721-57ab-43c4-a850-29e5abc93737", "value": "12288:haEQ1m+uHw1uqlqg/coL00X6xnh93KTc+rLb+M4Hjs0s8swhIUpYqd7YfJL8TmbA:8s6w0X6xnh93KTc+z+MIMPwhIUpYqRQe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643181646, "uuid": "ae1746b7-f7a5-426d-baef-3e058170515f", "value": 777728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643181646, "uuid": "64cde17b-04bb-404c-8ec2-b7bd7ebcef89", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181646, "uuid": "67970915-1f83-46f4-97d6-6f2f7123735f", "value": "Swift Copy20222601.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be75e460-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208388, "uuid": "0c3d626a-d55f-4128-9071-85f1ba887925", "comment": "Malware payload (Heodo)", "value": "38cb62d9eda39b022cabb668d2e4c7f0", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208388, "uuid": "326e1eae-21fb-492f-b098-71c78843738d", "comment": "Malware payload (Heodo)", "value": "3f017935af71ae7de69e423e4d2e0c6a9b80eb228db3ed4530de1bdbf215a3af", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208388, "uuid": "6ab3e16b-4a4c-4032-8c74-3baa1cb24a4f", "comment": "Malware payload (Heodo)", "value": "c6b1cd7df927d4d5db473475ec8c40b9d7103c8e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208388, "uuid": "080db9b9-b2d1-49cc-b1af-dd004f248675", "comment": "Malware payload (Heodo)", "value": "f361fe7f2652853652369eb95c2bcf2b169d5c9ab00d7c652e85d551e248a54867b64d1a56935a5e72bd2663485173ed", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208388, "uuid": "b3600115-cf43-41a9-98fb-4e46305cf992", "value": "T1D8D36B66B5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208388, "uuid": "8ac60fdf-c557-422d-a796-1340d57f595b", "value": "3072:PcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dgcGx0v:PcKoSsxzNDZLDZjlbR868O8KlVH3jeh8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208388, "uuid": "58999c52-cef1-4ee9-ac6e-22ac9d4fc586", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208388, "uuid": "ba5a802b-5473-47fc-8b46-c214adf3a97c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208388, "uuid": "0622e693-0b97-4ccf-ac70-98b56f76a467", "value": "ADW9272156992076805960.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ff26e54-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643188768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188768, "uuid": "35ae29d6-1bdf-4403-868e-edb12d895ab5", "comment": "Malware payload (Heodo)", "value": "93183f2e8ade72a42f2c04cbc2609e1b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188768, "uuid": "0aeb94cc-88e1-432d-9c94-d4a27bedff12", "comment": "Malware payload (Heodo)", "value": "404e51b533f1e595df5ee747fd4853be406fa737d1aa57a92dfd06a82c4cd953", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188768, "uuid": "cf250c56-a7e4-4bf3-9d0e-b02542f816ec", "comment": "Malware payload (Heodo)", "value": "472e6f4831378f87b31dac04de0c08abb200c209", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188768, "uuid": "206b2996-d221-4ffc-af2f-66d743b17d2a", "comment": "Malware payload (Heodo)", "value": "9b93c3c5754a1853f49e1a5a6377ecbbded6529a8e9b74a36369fd54f7fb6c87a67fdb1ea1b37a9c141be382d70c0705", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188768, "uuid": "93337b28-3b87-4070-b931-e9f62216bbec", "value": "T19105F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188768, "uuid": "390ab4c6-8ea3-40d6-8b3f-fd41c98b0de3", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188768, "uuid": "08da10ce-7211-4e0c-b6ac-0db3aee1fe99", "value": "12288:aA9e3OrvpgqjtQFeck6dddifiHxoB3rNd9CDr:blrvpgqj2Fe1Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188768, "uuid": "9adf983c-65c6-43f4-a1dc-179d811ffc83", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188768, "uuid": "fcb43f58-79ad-4db7-969b-3338b5f3931d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188768, "uuid": "1f29c9e1-be03-4a60-9069-419500fa6336", "value": "93183f2e8ade72a42f2c04cbc2609e1b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e61850af-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207166, "uuid": "e400d274-1c06-4899-8ac1-98511cea76e8", "comment": "Malware payload (Heodo)", "value": "402f37174176afa57365c8f740a4eb3f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207166, "uuid": "89d0837d-35d4-4cb7-876b-28a14bccc152", "comment": "Malware payload (Heodo)", "value": "40d50098352c407fb095c55f677a3e9489c74bd8392eb49e8b3744bf267384b0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207166, "uuid": "30a81791-232e-4feb-bdf0-2403d03ac4b2", "comment": "Malware payload (Heodo)", "value": "9a39a6ddeca462c16823d9560783c426c5dbcdfb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207166, "uuid": "b4fe6158-7a30-4c5b-8b13-b4a588994300", "comment": "Malware payload (Heodo)", "value": "66306c76507cbc2cfe47ceaf763dbd1402ad4f613750e7609f369569113329f9a00b7638529a3d1fc7b409d2ebb3f8be", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207166, "uuid": "b7bfec7b-390a-4af8-b491-32b78804fddc", "value": "T1A1E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207166, "uuid": "8aa2b4a0-db1a-4486-9e0e-44fb5cc0f550", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207166, "uuid": "25288db8-b995-49f7-81f6-ac9e447ba67c", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orI3G0Bv1tgV:RpncLJZA2LwpJsNtZUWeGWOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207166, "uuid": "7df44e5f-c407-4719-9841-a2b96e790d48", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207166, "uuid": "a3e897d3-9a2f-4134-84ae-b70f9493758c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207166, "uuid": "3f83c59e-ec2a-483a-8549-79bde2c8f2eb", "value": "402f37174176afa57365c8f740a4eb3f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "144d8d1f-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643210250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210250, "uuid": "5afe088b-c34e-4022-b05d-b0f17e255153", "comment": "Malware payload (Formbook)", "value": "67b547b2ca77306c8036fd20ca89a40a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210250, "uuid": "2399f713-bc53-4d87-9b5b-a5c6b62fa801", "comment": "Malware payload (Formbook)", "value": "4102936b0b54529eb3be257a0ed5a222149bf146da96cd75b77e1dd2be614f9b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210250, "uuid": "69dc4e0a-7cd3-4d59-a1a7-6b140a827b73", "comment": "Malware payload (Formbook)", "value": "b7d8a6012df371ee276c901aafc1b5b21d62a1a0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210250, "uuid": "4b9a6721-d0e8-4b33-8b30-6351da14fdb8", "comment": "Malware payload (Formbook)", "value": "5e225eeabad83e80337753049af749e642fc175db87165a96807068ceadbb7ed502dc9b3c4590f694e65e2adc02e886e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210250, "uuid": "1dfeea5b-9ef0-4126-86e5-2a6cd73014aa", "value": "T16F05BEA7F44DC866D29D097281DFB80C43B4B823BDC7F1AA3F97F5096251B469A0960F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210250, "uuid": "a6aef7e1-b192-42ad-9371-b234f2eebd75", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210250, "uuid": "fd3f7e77-dfa6-464a-9b7c-a685e15c364a", "value": "12288:kqfmaz7Kcq/8RlfUo/VM8Sehspjs0s8WwFV96wCMfXY1E0kdyAPFzZt:kqfmfAwbMrwFVsWf3cmz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210250, "uuid": "592d456e-6289-40c8-a0ee-70bcf5736b12", "value": 856576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210250, "uuid": "368c9478-1641-4d7a-8c90-35f0f4aa938f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210250, "uuid": "f904a7d8-9d27-4010-837f-a2c2e4341a88", "value": "67b547b2ca77306c8036fd20ca89a40a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61fa188c-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643176880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176880, "uuid": "7618dc96-76e2-428d-922d-1f0fb335dca6", "comment": "Malware payload (Heodo)", "value": "738da45a8e30f1fc64977a2295e6511d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176880, "uuid": "363ffe42-3457-4c1d-b150-2f32ee3baf98", "comment": "Malware payload (Heodo)", "value": "41101728e9f1c9f6270fda1dea2dd7c4a5a9e6aca2d7fe096ad3631a2b718eed", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176880, "uuid": "cd61d919-5245-47d8-b669-d6880c4be619", "comment": "Malware payload (Heodo)", "value": "ea7903031c51361c24f69d8188f6992cb934de94", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176880, "uuid": "398606de-13da-4957-917d-43e3515046e7", "comment": "Malware payload (Heodo)", "value": "5a12ff95e96fa63840ae96e569574406e6c6b8a70de4239af1ff293a7e3e687a6b325c35990cdf6d8e1b0c0ad7aa9a4e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176880, "uuid": "ad0fd4f4-5a23-4071-a6de-18dbdbc0bf51", "value": "T118D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176880, "uuid": "63c6fe40-ce9a-4fc8-a4e9-74243a3d6106", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176880, "uuid": "9b87fbae-0268-4c98-940d-0ba0f8dcf1b2", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmVOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmV/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643176880, "uuid": "5f9097e0-a8b2-4d9d-bf7d-e2776ce0853d", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643176880, "uuid": "59550044-7f38-4ded-a875-f8a8e0e91003", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176880, "uuid": "a9fdbdf2-47df-46d6-9bdd-5cbf4554b44f", "value": "emotet_list_ioc_cronupTue_Jan_25_11:46:04_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97d68429-7ed0-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219490, "uuid": "3e958a0d-b4ff-4b83-b9fe-e88e6f16a6a1", "comment": "Malware payload (SilentBuilder)", "value": "5f211d2269c67c955997f298c1bee0da", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219490, "uuid": "4413248d-f825-49db-8a85-8db089655c6e", "comment": "Malware payload (SilentBuilder)", "value": "412ec45b6b2ea627841c3ca80122cb732bf6bc03a647651316ecab5b02f1dfd1", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219490, "uuid": "c0f717f5-a95f-4444-821d-d1c2db5773ea", "comment": "Malware payload (SilentBuilder)", "value": "2ef1d52c1c00f6c94cd42619735e6d27b9ea0871", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219490, "uuid": "e8ed55a7-3dc1-4035-a348-610ccb1be469", "comment": "Malware payload (SilentBuilder)", "value": "0c886b59e657197e5bfcdaed217bf707a25d6007165297aba182d24458d3f1dca12c353447efa06ec76bf3f02d86317f", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219490, "uuid": "a34ad29d-c41b-4c7e-926d-605359e4267c", "value": "T123231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219490, "uuid": "f84d1450-af66-49bc-a99d-788cf5e3da28", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219490, "uuid": "2fd6ee50-24eb-4413-836d-dfcc43d272ae", "value": 45645, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219490, "uuid": "01859580-500f-49dd-980c-bbb99f433937", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219490, "uuid": "819727a7-da62-43a5-ab18-189afd039b91", "value": "tmpoteb1q0y", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20b1a5b4-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193521, "uuid": "e878ba71-5289-4004-80f1-ef2c2eecfd04", "comment": "Malware payload (Mirai)", "value": "7bdb592902d4637ec8237d31a111e6f2", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193521, "uuid": "039567b3-00b0-4c38-930a-2d4ae77edef8", "comment": "Malware payload (Mirai)", "value": "4132dd0d61e866bb9990ce37e89fa6745922b97d777fc8051237dc60fdb28d6c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193521, "uuid": "fd4326bc-c98c-450e-888d-c19ac2af210a", "comment": "Malware payload (Mirai)", "value": "294761554aa13416aa20590e2624cd13b5690979", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193521, "uuid": "46b0f983-5ab2-43a7-b7c8-e6f6a8a03e7d", "comment": "Malware payload (Mirai)", "value": "98a9ccb728b43b54d3e280aba805f7d75b6d9a3a3abafd9b72ca1cfb496b0f2766a699fdd1c369ccb6294b89b4c458c6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193521, "uuid": "41feecd7-d75c-42d7-98f0-caaccea0b03b", "value": "T153B33A57671C0B43C58B5AF52C7737F187ADEA7112E221C5E40EBF801B72A701A26FA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193521, "uuid": "de32d43e-6d9f-458f-957e-2037ebd20fcf", "value": "3072:FHXfEEPOH0UHNzONBbsQ75h7z7ku62QnI0PDG4gQNcR:F3LRUHNzOwQ75h7zQ2QnI0PDG4gQNcR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193521, "uuid": "c249e44f-f83c-4681-8911-81f885fc7d3d", "value": 116369, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193521, "uuid": "bb37e105-7f4c-45da-b09f-01703e19cce9", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193521, "uuid": "1c51aaa8-28d6-4be1-87ab-2ed5642092d1", "value": "assailant.ppc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b29763e4-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177444, "uuid": "d6372956-5b4f-40ff-a5c1-92219686c9bf", "comment": "Malware payload (Heodo)", "value": "40a87ae0ee6c9d8647c8ad1b680e0e87", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177444, "uuid": "e4dbcd3b-1be5-442d-9c88-cc0b6b368aa4", "comment": "Malware payload (Heodo)", "value": "4170fd2e1e20be004dc4fb1490bd16ce9bd092ec9d1048e6ac0a63d10c7ba255", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177444, "uuid": "06acb47f-f8f4-4f28-9013-9b13eef05d4c", "comment": "Malware payload (Heodo)", "value": "12e762de276e8ce77a27fc56d135833a29f161d5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177444, "uuid": "4d20fc09-900b-4466-9a87-97aa6eadbfb0", "comment": "Malware payload (Heodo)", "value": "e11b5fbfd68c19ec7cbfac5834ec8cf4ce8a8eb0c539c0291463b7dfc74f140e33dc540a62e67ba988378503654f33d6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177444, "uuid": "9a493559-2889-40fb-b9ac-938fd48830af", "value": "T13633D0AFE6E1357AD225C17DD82C9391F44E92151E88F3C92DA0FFA49202793065E3CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177444, "uuid": "bc6c3622-60c2-4d2a-a17d-0be4f96566c6", "value": "1536:xpZjmfxVXAiozeO0XVZKyalpvyR1bZ+Gl:xpZj+PXAie0XVZKFjvyRdZ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177444, "uuid": "0c0441fd-b501-4632-b47c-6fa68a2bec2c", "value": 50687, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177444, "uuid": "3c14def4-48c0-45a9-8a76-efc3e6d51502", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177444, "uuid": "bf7d50c3-ff27-47eb-93b7-d5eb0001590a", "value": "emotet_list_ioc_cronupTue_Jan_25_11:56:29_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40d8b2ac-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643211184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211184, "uuid": "fab24767-7f62-4167-9d40-dfe003f49007", "comment": "Malware payload (Formbook)", "value": "f328a43f0ed25b23d8e5eddcd3d4e96a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211184, "uuid": "1d7bdc38-e41d-4dbd-8c87-d18418d9902c", "comment": "Malware payload (Formbook)", "value": "41e0f6ad541e5253c451b3d51976df257813e85c443ab1b863b3acf6c078b38c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211184, "uuid": "adaca2c5-5dc7-41d4-8757-4e474739c6f8", "comment": "Malware payload (Formbook)", "value": "f2774f50aabd73d03ac45447fa1aac4563348af9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211184, "uuid": "7a6ee8fc-b11a-419c-bdd9-a04a9c3a8389", "comment": "Malware payload (Formbook)", "value": "b8bfc2f6b9cc9eb14255e5c175acdc43c938d91ab634c1049bf5fb61a8fd2722e969d63b51eba1be8788c030de27d2c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211184, "uuid": "e85052b1-9c3a-4b1c-8454-29854012ac34", "value": "T1DDA4BE9D23E6A597D07213B50D5AFB3AD62365743A1447B27ED03BFF2E643360CA2242", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211184, "uuid": "9d71d32a-194e-483a-bea4-78d81d706866", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211184, "uuid": "f33a5b25-af46-42d7-b182-9604f1b165d7", "value": "6144:RwzF/7EV6rbI4CduZdK1BFca2jIlUZVo3K074K+0bNT1N0afa3g:wk6PZAAMPa30qVo3dV+cTP0afa3g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211184, "uuid": "e2345dc6-9533-45d3-9e72-006047d6e0a6", "value": 474421, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211184, "uuid": "6188ab74-e05b-40a9-add5-dafe2176a087", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211184, "uuid": "a8850de5-2f4a-4f70-a825-f9dd40c3c1d0", "value": "f328a43f0ed25b23d8e5eddcd3d4e96a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f31e26d-7e81-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643185465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185465, "uuid": "59851f4a-6f8c-442d-a894-43f04990292a", "comment": "Malware payload", "value": "58e13ed8f3db7d6cdc0397ae99cc3148", "object_relation": "md5", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185465, "uuid": "c03c112c-be7f-4ce3-947f-d71fd9e1bcc2", "comment": "Malware payload", "value": "41e9c52160ca7421bdd1e34a2bf8086599250cb6623f3d8cf2d242405bddb242", "object_relation": "sha256", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185465, "uuid": "6c5b1eee-eb28-4bff-9a1a-5b936a46c891", "comment": "Malware payload", "value": "0897d6f615ca13afb8ad7d33f952476cc0b91106", "object_relation": "sha1", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185465, "uuid": "258c4e84-7fde-44a5-b7d3-ea8d43bfb9ad", "comment": "Malware payload", "value": "a65bf8d96d4dd58245d0d62a9d90284929c6bde31e6ff6b4ab00b53f1fd4b196a81e1f1a3dc75cdd72a48296a7cfccee", "object_relation": "sha3-384", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185465, "uuid": "bff8e2c1-b8aa-493b-bdeb-2d8ce0505fa4", "value": "T12344F3C0E6E5A8F0BC4B2D9FFE3D24E70F158C60DCB62995954DC94B54922910F8ECAB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185465, "uuid": "22a5f7aa-287e-4144-a237-7996cea343cc", "value": "1536:O7gq8kg+dkWYRdcR9lN/6OgrV99VxM1yguoR6RDI210tT1:OFFfNsz+R63Y1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643185465, "uuid": "6daf298f-10a5-4cd3-8663-f53f2f887af6", "value": 270552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643185465, "uuid": "a390fa1c-169a-4e70-8759-66e1f5fb59bb", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185465, "uuid": "41c643bb-5389-4d3d-a570-b2d62cc0769b", "value": "uyerl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19d126da-7e8d-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643190503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190503, "uuid": "6d91df8b-e57e-4310-92e5-118522e1bd09", "comment": "Malware payload (AgentTesla)", "value": "a48c5cbbd0a1c95c1ad4e0fdca1409e3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190503, "uuid": "3c581bfe-123f-4472-a3da-2a9918a131e3", "comment": "Malware payload (AgentTesla)", "value": "41fb815b25e6a9a9b161cd60f584b146a7dd504221cfdd606faf64ae72026be7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190503, "uuid": "0a390a32-fae0-42d2-adb6-decac5e0e450", "comment": "Malware payload (AgentTesla)", "value": "4eb3ab7a679260a9da18b0ea0e458d3c5f54130e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190503, "uuid": "6f097e34-d05b-48df-8911-7ad86193d8c4", "comment": "Malware payload (AgentTesla)", "value": "69b5804362023549227381f34ce21d7e9a32ecd6bfca3fdac324b4aa3ec399c952d0fbfafbc6906b5d5ae4cf09de4f54", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190503, "uuid": "8ab289c6-9922-4c3a-8f2c-18e2bb21a0a8", "value": "T1D715CE6BF548C53AD298097691CFB01C43B57803FDCBB19F3E97F4096261B46AA4A24F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190503, "uuid": "b4875649-7d79-4f6c-b160-60878662cc11", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190503, "uuid": "20a03c64-4f29-45c6-a36d-ab9cf3c03c25", "value": "12288:OQUi+0LGSte1yxzfGfm4L14Cepjs0s8fwAMk+uqKfUSJWntjyaE3b57bN:OQUi+g4R4CiMiwAM7uqKMSJWteDx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643190503, "uuid": "13453773-d1f2-4825-a084-fd769abf8917", "value": 907776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643190503, "uuid": "3870db9a-40c1-452c-bbfd-d39c3846960c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190503, "uuid": "6b820248-074b-43c4-b424-d1a899dca84e", "value": "e-dekont-html_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2225fda1-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177202, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177202, "uuid": "5555dfa7-128f-4d4e-b3bb-f649c0fcd280", "comment": "Malware payload (Heodo)", "value": "5a712e7b8acf616b316414ac642ce001", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177202, "uuid": "01e10a08-4bbc-430c-a5ac-7661b15aac87", "comment": "Malware payload (Heodo)", "value": "420bb557127b8a664d8d40df06160a5f6dac06ca51323d3f943f8f16d02849d6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177202, "uuid": "2062d820-06cc-4160-916d-155cbc5dc381", "comment": "Malware payload (Heodo)", "value": "a30e7bc2cc9c3870821e2073bf7185dc92fa5f83", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177202, "uuid": "a36fa80a-b656-43d0-afec-5738a997924f", "comment": "Malware payload (Heodo)", "value": "cc38b40fd92cb4ca658a395d357fe8b65433db2fea40348136e2f52cff5b2576b187f2e897b644e98f1713a76f3a2cbf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177202, "uuid": "0ffcf49b-0d47-40bc-9027-0510320a0ed1", "value": "T155E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177202, "uuid": "8e3328d5-d0fc-4440-a80e-b6532b3720df", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177202, "uuid": "d1831e14-5655-47d6-979e-c74c83b6fd4c", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lONACHKm2tkJV8u:o87vGJzomxhwebKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177202, "uuid": "a78221a1-d024-46cb-9bb2-e9d07800d4a9", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177202, "uuid": "8d42da74-9e30-4ffd-bd05-9305a233f1e2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177202, "uuid": "9aa028c1-f17e-4ac5-9086-b4efd9c117be", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:59_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c510cdc5-7ee0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226438, "uuid": "463bf0b9-9cb4-4e7b-ad33-748e899e2050", "comment": "Malware payload", "value": "4b3b50aba2d677d800cb29ac97d6c35c", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226438, "uuid": "8ed277f8-7685-441d-8abd-747030f8a5ea", "comment": "Malware payload", "value": "420e7c50fb06e769a4aacd12aeef1504019b08f5c8e77a69241d2bdf8564786d", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226438, "uuid": "f3b9fa5b-b69f-4a54-8e56-9850eaac3d85", "comment": "Malware payload", "value": "d857a4de7675f93b69303f3bb7a27ee07443d164", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226438, "uuid": "9cd30ea6-5f95-4e79-af62-a548fd5f6247", "comment": "Malware payload", "value": "e665e0ebcd5fa6cf7a0a307be1269a59a77b3d6316ce992e5b05905c70b5cacbd70e8bbdae394d9d894b6e33d54b9bfe", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226438, "uuid": "a10f4c26-7e76-4d9d-8376-027336a2b580", "value": "T16DA37C3AA185BF5BFD8B033D4C5245B9671FBCE47F9F5223128572102AF8861762623B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226438, "uuid": "6cc2734a-d348-40cb-bd27-2039b4c163f3", "value": "3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226438, "uuid": "91eb818a-ddb0-4fd6-8712-3a55490d5cfa", "value": 107151, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226438, "uuid": "dfdb192c-21da-439f-9db9-24bf2bddcf88", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226438, "uuid": "36d0f55b-a6e4-415a-b6a7-abd3d6be798d", "value": "AVIS-2601.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d939c348-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643199414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199414, "uuid": "38968b97-ad10-4cf2-b651-6ca1ac8484f6", "comment": "Malware payload (AgentTesla)", "value": "03cce821d304d9483c6fda1a9effa5e8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199414, "uuid": "b42da1a4-52f0-431f-b6b4-2440ce53a6fc", "comment": "Malware payload (AgentTesla)", "value": "4245e06036e2487409d154a8f607c10571f924d1fdfafb2b9056462b916ab4bf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199414, "uuid": "909c3d7a-fbf4-413d-a7bf-5fccb12d56ef", "comment": "Malware payload (AgentTesla)", "value": "1cb410cfc4fb7c90b06b0e8ebae869effb4a3c14", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199414, "uuid": "bff602c6-bb7b-4a3a-9b32-2424b11529cc", "comment": "Malware payload (AgentTesla)", "value": "715e32d4e2cf6d2fac6bf67341f415b4a14d4375404a7b32f87bf145e3b2cb4ca0d984ee8bfcc2023c784159bfbe5b50", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199414, "uuid": "73240d08-1dd1-4836-8c45-1aa2ddb08b12", "value": "T161C42391A71ACB51395A3C6677387F7172AE47C9B8E5431803DEDCF59348822D18ACBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199414, "uuid": "5935ddc5-b2a4-48a3-a356-e3013c65dd30", "value": "12288:kC4n7IgkKqWjkpYHRiOPKVIcWKVmq+TeWHV4h79Pan/fNOoT7V:y2KvtcOPt6+yWHV4h7EdOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199414, "uuid": "7c7726c8-eb2f-44cb-8af4-62fde8b9597d", "value": 588163, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199414, "uuid": "a51e6f15-d7ef-49a7-9b30-0dd5b5645790", "value": "application/gzip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199414, "uuid": "caf5e434-d485-4b09-91da-3905dd9ac5b4", "value": "PO 20220102.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ef4277b-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643230240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230240, "uuid": "1852b8a0-f3e4-4cd9-8649-d0c74e45c21f", "comment": "Malware payload (Mirai)", "value": "0973a8fbc467904f949a5fbdfea61b89", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230240, "uuid": "2b09ad2c-cbc1-4bd8-9a94-87f757d526f2", "comment": "Malware payload (Mirai)", "value": "4267fc1406b6c0d72f77d03514ccf8ac9c8b459c64c11c128b762dc05f6734ed", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230240, "uuid": "165a82fe-e449-4d48-90f5-4ce83600025f", "comment": "Malware payload (Mirai)", "value": "255b48a81b9541fc768ec52284c49880693b1184", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230240, "uuid": "30d07cfd-e2d6-4a42-ae43-66a401b92714", "comment": "Malware payload (Mirai)", "value": "062d208258e263b519e1c54947e10bff72c52e74790727033f7d35bcf51295d873b7b162a0aeacede4746d61ab8bbf0a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230240, "uuid": "3af85e70-447d-4b8f-aa50-ca5cac8a2b15", "value": "T108636CA6F800DC7DF856D77B44230A05B130B3540B921B3BB766FDA3BDB21A45466F86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230240, "uuid": "141f8080-0232-431d-a676-c4e6059ec565", "value": "1536:7/a9AcrX5C6/5Tepdiy8fzI5PioXFnr8PgRmEJMEI:7/a9vrpCq+dibo1n4QMEI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230240, "uuid": "db207700-c4a3-4e1a-84f0-61af28846f1d", "value": 72964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230240, "uuid": "e243bedc-26ab-4e64-8b0a-75f033e6399d", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230240, "uuid": "6e8ab22a-72e4-466c-b396-cd045f6d8fb3", "value": "0973a8fbc467904f949a5fbdfea61b89", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe9fdc57-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "ce9d2436-5782-48ff-b96d-33b0cf1791a9", "comment": "Malware payload (Heodo)", "value": "19bf55e8e3ebae171273c1c466f54b1c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "169afd0a-4570-42b0-8360-fc8dd6722396", "comment": "Malware payload (Heodo)", "value": "42d30dd0633ff3a3c0224f84fd2586bc15be6680fbb7108ef2d1749b370f71b3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "7d4f7452-5ffc-490f-9eac-de4808db495c", "comment": "Malware payload (Heodo)", "value": "264844e9dc91c84f9dafdc90e8422cbdb2c0619e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "e02ddea9-93d1-4aef-9f5a-15016fd52e52", "comment": "Malware payload (Heodo)", "value": "040a45af9a95ef628c6b171627d99eb5cdb79c314e9192aea19812f52a8ecbecc72e5358cac8aca0f548b5e3cf92e7a8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "2d7475da-a922-4f9c-ad9c-664116032cbe", "value": "T122B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "21513ec4-a4eb-42e9-ba9d-a750a7e7227d", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "66be4d7b-cdbb-4e2a-a023-54c086df7e82", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v809clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgF0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224817, "uuid": "8596fc42-1c4a-4eff-94c7-98ea651671da", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224817, "uuid": "aa435e5f-f0fd-478b-bc3a-ebb02ee85309", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "0eae2b98-021d-41c0-85dd-75c72732eabb", "value": "emotet_exe_e4_42d30dd0633ff3a3c0224f84fd2586bc15be6680fbb7108ef2d1749b370f71b3_2022-01-26__192007.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99fb4385-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643211333, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211333, "uuid": "8ba51831-9d74-48ac-95d9-aa41f1a622b3", "comment": "Malware payload", "value": "4f60027330821276bcef41a681689482", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211333, "uuid": "c83ec7e6-8878-4a69-b7c4-44e542c738ee", "comment": "Malware payload", "value": "432ecdf438c7a7a4e81d385263a11f0a71065ace1f1a88fe5998cf63b1a54e18", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211333, "uuid": "8b6be508-e591-407c-a716-1b0b57f013a3", "comment": "Malware payload", "value": "1ec48a7b320fe4dc5b8f7778b6e05ee7b9d6617d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211333, "uuid": "346f6a01-36db-49b0-b366-ba3cd45a81c6", "comment": "Malware payload", "value": "011e0f3ff80da57e1213d1584b81d0c63536d2619813e856dafad345dd50b1078b494c83db24c1b38ee8853a39110c2e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211333, "uuid": "ed527dae-a61b-459e-9d5a-534bc9ab093b", "value": "T1BC159D8413D92B14E1EE1B33E8F47B258BB4F939E76EDB0F10901969488679BED04763", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211333, "uuid": "ee128520-2328-4576-a9ee-be8f5534a0b5", "value": "12288:tiAbJBfpFpxTRZf8c86cqcrypK8fH9TXzzh2cLvTiejZD0zyAe+1Bj+f96D2rMRe:FzBFRtTXzzh2Que2/NsY6grcG4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211333, "uuid": "7ddd6fc5-04e0-4939-b10c-bfb6f71b4cf9", "value": 944599, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211333, "uuid": "0f28925b-4830-4068-bff5-1de68044b665", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211333, "uuid": "cf6c30fd-25f5-4dd7-bbdb-a1832e9aa3ed", "value": "4f60027330821276bcef41a681689482.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c00a6f59-7ea3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643200230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200230, "uuid": "8990b398-f500-427a-9e61-48cc1d40c3d4", "comment": "Malware payload (Heodo)", "value": "d91b69842f79206c3e28a3a2d473de64", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200230, "uuid": "4c33c834-b16e-4ba8-9739-287036c29691", "comment": "Malware payload (Heodo)", "value": "43bebc2ad0e3871a985f40e83f152bb5e304b03deef3458084b7dd4ed2dba844", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200230, "uuid": "b87f7d3d-34d5-4ac6-a175-09206c0e4218", "comment": "Malware payload (Heodo)", "value": "ef5c8450568e9b9ad2fc61d8ea999d6f92b30075", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200230, "uuid": "002119b5-7666-4228-8b31-8caa1aff04df", "comment": "Malware payload (Heodo)", "value": "a7b4a7ba163eaf17a194f99d46150490e6efa9e0fc76b3fe8ee298f71c50063244181174593fa856e6dd0af4166b267e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200230, "uuid": "47102fcf-e858-4565-9f07-1b089d926c34", "value": "T109E3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200230, "uuid": "4b5e61aa-18a2-453c-879c-ef23c7b26fc0", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200230, "uuid": "f2666391-72fd-4e5c-b800-1a9943e7c9dd", "value": 147085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200230, "uuid": "fe5c1319-1f61-4c01-b0f6-e56da8d47784", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200230, "uuid": "aa4905ee-f264-48f2-8e88-10dc2ecb932b", "value": "INFOX958865.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "846cad9e-7ea3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643200130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200130, "uuid": "de82dfd2-87c1-4fe2-b5b3-f465c7375d85", "comment": "Malware payload (Formbook)", "value": "fbabc7960bfc286e617f03b4afc97f91", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200130, "uuid": "3f260040-e33d-46fe-b2a9-61433ba5c8bd", "comment": "Malware payload (Formbook)", "value": "43dfdf1d47b81747c11e3340969201c90ea08b7d25505c292cb3dfcedfc89df4", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200130, "uuid": "740bca64-8093-4f60-ab82-44bb12ee0c41", "comment": "Malware payload (Formbook)", "value": "2835e9b293dff1d61096a7f6d44c068e2a8c1eb4", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200130, "uuid": "afdaa6f2-0b63-460f-9914-fb16fddcd1fc", "comment": "Malware payload (Formbook)", "value": "9d8616554e4193aa24a676cfa414c6d7ffccdda6ad7a4ce76ddf098a0fed2ad36d27b9a6d2dc8c44916f44771d144442", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200130, "uuid": "c6649327-95d7-435c-83cc-500b14d4bcca", "value": "T1770412173FBB9B38CAF217F14925C59609B4EC82862742D3916A3B37273B4499936227", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200130, "uuid": "e4aa3acb-19b0-4f09-bab7-885e7182dc5c", "value": "3072:cS7x6PVC6qAJZyJk3vC55aoNHUD7tzmxKVft5QeueFLcMscirVGQ2N315:f901CIvC5GxSxKVzmAHiVy15", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200130, "uuid": "b05a16f1-8ec6-4995-9467-80c570d58d75", "value": 181064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200130, "uuid": "91416d01-dfa6-46ec-8725-91560fcd1b24", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200130, "uuid": "7283efa2-2fe1-4f65-b4f2-33c8223f488c", "value": "Quotation.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "694c7ff4-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177321, "uuid": "95f6658b-9700-4f00-8ffa-9085e583d765", "comment": "Malware payload (Heodo)", "value": "e5c603c3d574376892c74f29649d0be4", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177321, "uuid": "7919e794-99c1-455f-865d-5671d8f4863d", "comment": "Malware payload (Heodo)", "value": "442da867e6d871fad0d4e472ef48bd2ca7ac41ef601355875379056453ccf42d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177321, "uuid": "0fe4ef11-0290-4b53-9a3a-407ab85e31df", "comment": "Malware payload (Heodo)", "value": "526361e4c673712f37400f4b705e1d6698e64ce8", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177321, "uuid": "a064f392-a904-4aba-945a-1cd8dad3914f", "comment": "Malware payload (Heodo)", "value": "88f91f3fe7fe138d474e0573582f0da363a9f49280dbb94ee1e384dae4c1183c5267a7a9c0facf8504f190bdc8ea59b6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177321, "uuid": "c415e85f-eaf4-403d-b363-36b3ae4def41", "value": "T1DB33D0AFE2F1357AD225C17DD92CA3A1F48E92151E88F3C52D90FF959201792069E3CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177321, "uuid": "a5c9e3d9-cdba-4d2c-863b-b3cc2fd65c9d", "value": "768:U4OjmfxV6sbaLX8iWjzwxmCeOG2S6DaqmBVZKNAxalvxnvy1OA16OiiiiiiiiiiO:6jmfxVXAiozeO0XVZKyalpvyR1bZ58l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177321, "uuid": "22fbfbb2-6123-43fd-884c-c500bc94e967", "value": 50687, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177321, "uuid": "88caa749-073a-4351-99a7-0976ea5a829c", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177321, "uuid": "018ef03e-3f7b-4d1c-9b3e-c7e80a3b3c71", "value": "emotet_list_ioc_cronupTue_Jan_25_11:55:02_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b276e3ca-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643193336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193336, "uuid": "90c8182e-a1bc-4062-a962-eafed2e57555", "comment": "Malware payload (Gafgyt)", "value": "46bc3dbb1c9e8af6fd8e77071dc6f5f5", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193336, "uuid": "e6aaa795-b1a6-459f-b39f-37766a65adab", "comment": "Malware payload (Gafgyt)", "value": "446f097919e3f0ea8218e1d5068f3f6d16011611297ac4b18f0163eead3fd968", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193336, "uuid": "ce4d6b8c-d9c7-4acc-b506-c1a8bfcb05a6", "comment": "Malware payload (Gafgyt)", "value": "e1b31b87675eef5358f8011536f13bc2a9e56d05", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193336, "uuid": "485f1d54-8c82-477e-ba97-4dea4a9b3998", "comment": "Malware payload (Gafgyt)", "value": "af9dd6e71ec29c7e317d2092fdc8419beb4865f7b694e9c2203571ee476d8a1236d2d16b3e69160e6f80d8d653835ec9", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193336, "uuid": "f8384d58-35dd-41a3-bcfa-58fcf610ceaf", "value": "T19804646F7A22AB7EE6A4963107F65FB0C35521E22391E352D12CD64C5EF228D1C4FB60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193336, "uuid": "6581e9fa-ec98-46da-83b1-106e706870a9", "value": "3072:N0RFGPib+Qas+kriY5h3qR2O5DYgzzNxRxu6qb1cWgdh8:9sJWY5h3qR2MYgzpxRxu6qb1cWgdh8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193336, "uuid": "dff997ab-5ac8-4232-96d2-06ee21a4b814", "value": 187401, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193336, "uuid": "3f77acce-36c4-4ac1-ba21-6f1f9e772279", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193336, "uuid": "0cd9050c-2b3e-42b9-a869-3debeb00c640", "value": "Korpze1233121337.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84768509-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643221605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221605, "uuid": "ada1ae6c-4217-4342-a6aa-ec7b61a8e8ec", "comment": "Malware payload (Heodo)", "value": "6128afc848419b2a5f16d152cc738982", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221605, "uuid": "1630d626-7a03-42fb-900d-e1ba87fbad45", "comment": "Malware payload (Heodo)", "value": "447ec56c993ab61c907fab4ec4f5e65fb256f78987659a236ddd45d04259ebcb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221605, "uuid": "19e048f1-384a-4067-9beb-dcc1a7414e85", "comment": "Malware payload (Heodo)", "value": "7ffc226c1f4eac0ffcf3e8ec7ef2b8a9e18b83cf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221605, "uuid": "dc21aebe-298f-46b8-b6ac-1cf4bd7a12d2", "comment": "Malware payload (Heodo)", "value": "366fa022ab3986fa7d238b50d3124840fe8db3358cee3c36804a53b5e20622a610d938d09889fe581158594b6b395046", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221605, "uuid": "aee1432d-8326-4fb9-8198-bac781086eec", "value": "T11105F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221605, "uuid": "7264722e-b7c3-47bd-8b46-d277dc1d40ea", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221605, "uuid": "d99b2d60-79ae-45dd-96cf-39938eab6d39", "value": "12288:aA9e3OrvpgqjtQFecO6dddifiHxoB3rNd9CDr:blrvpgqj2Fe/Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221605, "uuid": "60415ee6-5a96-4ac9-a776-0d46ff8ae64d", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221605, "uuid": "1bbbe1c4-bbda-477b-be45-25f9fbe275cc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221605, "uuid": "d0d44827-4cb1-47df-87c8-0c7aeadb987f", "value": "6128afc848419b2a5f16d152cc738982", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76154556-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217716, "uuid": "8169059d-bf6a-43bf-936d-16ff764e460e", "comment": "Malware payload (Heodo)", "value": "07f8c259f4a121211c1059f7c3a706d1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217716, "uuid": "28639775-9787-4509-86e2-3568c457052e", "comment": "Malware payload (Heodo)", "value": "4515983fd0a2e072e568a067d6cf86e8147811685982bfce125a79dc4ed8cb43", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217716, "uuid": "80085e70-1e8b-4257-939c-5393bea1cd34", "comment": "Malware payload (Heodo)", "value": "908bc11f154682c1d6a1c0a9f603d2c6fda28258", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217716, "uuid": "10fc9b9e-a4ed-445d-9115-79387f6d2b2a", "comment": "Malware payload (Heodo)", "value": "27e88ddb8f28993c84a43f88ca05c7b1d6cd3d6c9d7a976d6eb0838574c0e97d7d911f12069429e132a36b8c4e65a667", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217716, "uuid": "9855bea9-ca18-47c7-ab35-aa04ccf7c073", "value": "T1A2D4B24D7F918F79FC5D017098CC8B7AA995E87B4A904F022ED6EA3ED5FB1424D18C0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217716, "uuid": "6c389351-1199-4053-aeef-849bc88389f1", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217716, "uuid": "7b0ec005-fe35-4e8d-a81a-5a085c9d6fd8", "value": "6144:KfUdJ9dhe5HjGo3OvwX0ddpgqjlfBtAkIeTIXkHMPtdddGLfloHxoB3T:aA9e3OrvpgqjtQFecU6dddifiHxoB3T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217716, "uuid": "21ff8d21-2cf7-4043-a8e9-9e34e0d6bb4d", "value": 654692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217716, "uuid": "9c8b08d7-fef9-4618-8e84-f028212d26fe", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217716, "uuid": "cf5b3a4f-63ef-4144-877d-a19826815171", "value": "07f8c259f4a121211c1059f7c3a706d1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5fc03fb-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219997, "uuid": "d2a87f2d-b9e0-4f42-a347-ef5c1317cafd", "comment": "Malware payload (Heodo)", "value": "6e9f73f2071db1d63243ffe8dea3f24a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219997, "uuid": "70654265-d0cb-4609-b8a9-9b1a19876946", "comment": "Malware payload (Heodo)", "value": "4529351381b67846bcaa3035742ba11d4ef3f67466f2e4c9c8eb187c3d8d7648", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219997, "uuid": "97ec44c7-2704-4b04-b61c-3c3763772388", "comment": "Malware payload (Heodo)", "value": "e60b0918462efa8c978de0f6baeed6289b45b977", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219997, "uuid": "7cc55b47-c4a1-483e-96e6-71dfd4618bf9", "comment": "Malware payload (Heodo)", "value": "70a4fef00fc297b8dc2ab8bc2f6f0ff38c096eb830a76a09e001041bb741fd89e8de50c93b20e0d9f60f9d209f779faf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219997, "uuid": "3b6593c7-7d7b-43a7-a1c0-961b6e28586e", "value": "T17705F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219997, "uuid": "f73fe4dc-de29-48c7-a677-53d7732f1cee", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219997, "uuid": "6c7283a5-f359-4be0-a539-78e74e79e1d4", "value": "12288:aA9e3OrvpgqjtQFecw6dddifiHxoB3rNd9CDr:blrvpgqj2FeZQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219997, "uuid": "4ecd746c-e126-4461-99d0-e7c0b8dade3e", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219997, "uuid": "4ee985f5-d377-49d4-975a-4198debaece9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219997, "uuid": "3369f768-ea83-4330-8f8b-fdc7a48e231b", "value": "6e9f73f2071db1d63243ffe8dea3f24a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0046ca9f-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643188742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188742, "uuid": "d5b9dc35-f0f6-4432-b6d2-197c1004d71d", "comment": "Malware payload (Heodo)", "value": "abea5c5eac18363ead0c32df32b95191", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188742, "uuid": "e946c109-1d7f-4f34-8a43-f419c7f768db", "comment": "Malware payload (Heodo)", "value": "465a10b13ca487b8aee37eb4262bf9afd968a3eff3eaa148bbf07720c01f0a19", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188742, "uuid": "6cc77f59-b60c-4154-8459-4af6a03e8927", "comment": "Malware payload (Heodo)", "value": "27e6af285dafd20488b73139c3cfa4b507139444", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188742, "uuid": "bf76a785-c78b-43bb-acf3-c8e18f945b49", "comment": "Malware payload (Heodo)", "value": "f9a170827fd771be592731491864a5f8294dff5a66130a8d3d799ff3d30472e49937d6a38c7d31c45ec6cbbfb9a4a633", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188742, "uuid": "e74feb8b-0070-479c-ad0c-919e98ed8f1f", "value": "T11F05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188742, "uuid": "6cd02458-6847-497e-bef7-cad1f4d8ea90", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188742, "uuid": "9e3ddf8a-b431-4449-a150-bdd8878d4658", "value": "12288:aA9e3OrvpgqjtQFecC6dddifiHxoB3rNd9CDr:blrvpgqj2FebQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188742, "uuid": "ef40f237-b325-4e6c-82c5-11306ffb771f", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188742, "uuid": "86b3babf-caa8-4183-8de7-5dd798567652", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188742, "uuid": "0ca040c8-b94a-4795-a5a3-51e572573bb6", "value": "abea5c5eac18363ead0c32df32b95191", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a267203-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206797, "uuid": "901d18a6-a3a8-4e80-bc27-36be972361d9", "comment": "Malware payload (Heodo)", "value": "80b7ec29fce6c6fb88dab4c159e6c5de", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206797, "uuid": "f049702e-9583-42a4-80b1-c0b37c7c7a8e", "comment": "Malware payload (Heodo)", "value": "465edc301b615d56b9f279fef094ef4cc073a19103ee8bd7cacd2b8a904074e0", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206797, "uuid": "bf29bc22-2753-4f15-92df-b85336fc13ef", "comment": "Malware payload (Heodo)", "value": "a39ec7291462ff164756421a720198f91b02412c", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206797, "uuid": "c6720f9d-16e5-4325-af3b-8aea2b783443", "comment": "Malware payload (Heodo)", "value": "c6e4c78d4a0afe109ae7152ae87825f2c90bea0b40fac8bdbc624b8b76193e1ad769ff918da9fdda57a86e5a0daf669a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206797, "uuid": "4357d64a-8c05-4bea-bc18-b51396abf1ab", "value": "T104D36B66B5C5E9CAC70523350A9A8BEA23676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206797, "uuid": "a31e1b8f-0385-4691-b076-d9b6f4f5e598", "value": "3072:ocKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx00:ocKoSsxzNDZLDZjlbR868O8KlVH3jehj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206797, "uuid": "2ae941b2-d607-4602-9fd2-e0b1ea562dc0", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206797, "uuid": "10129fa7-21e0-4074-b2da-e16d3ee37153", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206797, "uuid": "a1ada65e-5ec6-4d20-a134-d5714eb6e795", "value": "FBP0609132036923.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e718a30-7f04-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643241594, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241594, "uuid": "854956f8-cb34-48a2-8145-f7f804999cd2", "comment": "Malware payload", "value": "c70e2c92b6cab4c53ec64d79577698ce", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241594, "uuid": "b06fe67f-d8f1-46a6-854f-2a015bfedc73", "comment": "Malware payload", "value": "4687f35a7f6544422d5d2081dfb3b456ab920042b86a98b7c220b71bef7bfe13", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241594, "uuid": "3d4fa2c9-44c9-4dae-a40d-fe2b309e60d6", "comment": "Malware payload", "value": "b1849a39dd390a5f45f57be46db7782e965bcf87", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241594, "uuid": "6e7d967f-767e-4fee-ac11-4315e1bd866d", "comment": "Malware payload", "value": "17c3aa1f851f72987f355fe3df1825f09d273367f3bbb50a196dcf9e832365e7be320d445d8b00c18293e54c7f5737f0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241594, "uuid": "8e429542-9088-4a5e-a712-47e7b0f88af1", "value": "T176B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241594, "uuid": "34a404f1-6de1-49b9-ace1-b2423362f7a5", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241594, "uuid": "bb6c3094-81ad-42eb-9220-e5c0ab92c42a", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8U9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgZ0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643241594, "uuid": "b73bf320-7bb1-4ca1-8c6a-a67bc71ed3ba", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643241594, "uuid": "e83fd046-6110-4e4d-a6e6-a59531cd7c1b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241594, "uuid": "0baa128f-ff03-4070-86ed-ccaf63967d35", "value": "c70e2c92b6cab4c53ec64d79577698ce", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43f1c83a-7eb2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206465, "uuid": "bc326800-1455-44f5-9bb7-28234027b057", "comment": "Malware payload (Heodo)", "value": "4f9a7c8d0425af7c386b197ee58f26b2", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206465, "uuid": "8942d741-3b0d-449d-9512-a23cd6c5fb70", "comment": "Malware payload (Heodo)", "value": "46d73de71bb02f8e993f3fb562720b47c786786a0c8b62bbdf00000efe8bcb54", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206465, "uuid": "6adfb405-56fa-4e58-a866-b3ee4205f940", "comment": "Malware payload (Heodo)", "value": "1dbd59823b5f00afd1f16353f75053a461e4da81", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206465, "uuid": "1f3c383f-9598-4814-9bbd-503179bde3d2", "comment": "Malware payload (Heodo)", "value": "34ff82efd43ec8d9f0440987dbafa49c7c10112b886ea547b7dc53aaeba439fed0f7c6de8a50e0083a81a1b7dea4300c", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206465, "uuid": "9a055a41-996b-43ba-802a-9e1584c5d93d", "value": "T1C3D36B65B5C5E9CAC70523350A9A8BEA33676C879E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206465, "uuid": "71018678-3305-4396-92f7-d6e0b57e4957", "value": "3072:wcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0O:wcKoSsxzNDZLDZjlbR868O8KlVH3jehV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206465, "uuid": "7f8e562d-033d-4813-bba9-1c3ae56b23ca", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206465, "uuid": "aeadd3b0-bf33-49c8-b04a-995ca6d6c23d", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206465, "uuid": "9f2e2219-b48c-4625-8ce8-a08ca68a6e64", "value": "Invoice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "419cbd86-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "2a1641ec-6a6e-4629-804e-8bf9c887dba5", "comment": "Malware payload", "value": "1c23c5d3c9e3d725560e1df9b9233c8a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "f8aa0be3-4ab6-4c45-8923-e3d1334fe65f", "comment": "Malware payload", "value": "471691e7286bf3905cfed6b7828797e64b5c1c1d3ea1e5938a023422a22f4302", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "7046954a-8aac-4126-8029-5140edcd5235", "comment": "Malware payload", "value": "5a47300ea91d2b8bd78bc3dafd458f70407226d1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "45c94c59-570b-4245-8a5e-11b2c090e221", "comment": "Malware payload", "value": "ff117b25bbef4f1308b665e8361a8b7d4265b04048c3a78ced17b63206e4739aa6f46ad0409ac121ba7beb3b2d439ebf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "c38cd126-e7cc-4d04-a4c2-7e6cd271d06e", "value": "T1C994485AB173D871E2FEA3F0B5A4CB93C1EFA820275555ABE7FC021F4A2DC864234945", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "1e23e70f-7c1a-42b0-9d2e-be845bdb1ef9", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "c2b76bf4-f2bf-48bd-8f16-3a59dae53873", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdHUPlhLYfZDqvasLD2I:n8nYRvJhjvGpQKcGDO3b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232230, "uuid": "05ea2d30-92e8-4109-bd22-c1e9633610b7", "value": 409054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232230, "uuid": "b60759d3-f530-432c-b4e6-3c8df5febcb8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "969c38d7-a2f6-4e1f-bfd4-6661f6548ee1", "value": "emotet_exe_e5_471691e7286bf3905cfed6b7828797e64b5c1c1d3ea1e5938a023422a22f4302_2022-01-26__212335.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78769731-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643206123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206123, "uuid": "19bb319e-60e8-4078-beaf-b26e2e6924c0", "comment": "Malware payload (Formbook)", "value": "240abfcfdc4f102cd6ff271076e932b0", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206123, "uuid": "ecf591c5-453c-4109-82f7-abb409c6e4e5", "comment": "Malware payload (Formbook)", "value": "4730874c95b68b146dc126f4b4a0ee2e1da32366e3027ae8021e2f5b7a7cdc48", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206123, "uuid": "f206e3c9-06a4-4686-8ba6-faafcdae3256", "comment": "Malware payload (Formbook)", "value": "eeef2cd6c2d659418a3458240b3ceebdf2157a7a", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206123, "uuid": "73c2259f-166a-41d3-b0e7-340c6b86e095", "comment": "Malware payload (Formbook)", "value": "b335dd8bad2fcfd2438c292651a0cd6f57e82aefaac0ac2635b13fffeb65afcfc80488e8a52617706f78a8ed441e41a8", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206123, "uuid": "cc7a940f-953b-490d-b9cb-86e78abda38b", "value": "T1918567F0AD01D4C1F57A5B6AF2FD3A48A1343217EBC94A4A00E7E6551EF6A11F90ECC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206123, "uuid": "3ef35877-f28d-4c25-91fc-3bd2a53f9226", "value": "12288:0R63ByZR/uuychjuivKVxAXnG+sFIZD6ZBlhqpuxEOj2NMS5Wsw6Z8K:0KyPqvHAXnG+sFIZMjhgkE6eL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206123, "uuid": "95b482b8-c5e1-4dc0-b113-3811bf4e15cb", "value": 1787870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206123, "uuid": "f57a2144-6869-41f8-bf5c-8cf496c21ed0", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206123, "uuid": "137eb8dd-30af-4ee1-9f9d-64aec500ef88", "value": "PO 2463826 .doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62ccb090-7e53-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643165714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165714, "uuid": "bdcfd25a-84f9-441e-877e-c32e74ce516d", "comment": "Malware payload (Mirai)", "value": "988b4d62224e40fabeeef97b9615cb9a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165714, "uuid": "4f31e5b4-881c-4982-80cc-039afe0a6848", "comment": "Malware payload (Mirai)", "value": "4743653b2613b18f984a1638e5692429586882b2ed404835c31052b8049f89ca", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165714, "uuid": "1f6f12e4-d083-42d2-a9be-bb08b08d39c5", "comment": "Malware payload (Mirai)", "value": "842fc48b876519dbc99ac4f2d24e5c9e0cb2ea9f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165714, "uuid": "03e50076-fcf0-4f7f-bb05-5a8e7489724c", "comment": "Malware payload (Mirai)", "value": "4257c87ad0d2ba10323e22ed638f3915f8be34c7838f5fd88168eebe20c4bb4b04a45f3a42fee3076798829f29f36b11", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165714, "uuid": "5cd372ae-7687-4553-8b48-139da29ec47f", "value": "T15BF2E15CF1A86EC5C69C8F7E02ED097ADA6495C6715B0F479329CFC9B125488314C0FE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165714, "uuid": "6bf19408-9be2-4331-a0e7-a573817f37d7", "value": "768:06F4hOH/Au8CuQqKeGwL+hS7+72qhVQdB+vbu9jbs4b8rv2h4zcW7:0oUOfbnedLA2qL4bL4zF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643165714, "uuid": "7dba6453-224a-40ff-b46a-b63fe7b0272d", "value": 37404, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643165714, "uuid": "453c6f98-ee16-401f-829a-4423ee6444b8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165714, "uuid": "3177bfd9-f8ae-4c4c-bdee-175707ddcd71", "value": "988b4d62224e40fabeeef97b9615cb9a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72862a86-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226729, "uuid": "345a4ba5-ec23-47a5-8ea2-e3c721bc5a59", "comment": "Malware payload", "value": "a829ae1beb1e3778db0e74c00b58c4eb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226729, "uuid": "f074676a-6c94-4b55-8039-12c45f1e9901", "comment": "Malware payload", "value": "47b7bd6fd15d50d7dd9fa8f58c9bd94379ccb7a54e556ef1cc60a4259c4f713f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226729, "uuid": "2ac12d29-2aa3-40e2-bd11-ad14f9fcc13a", "comment": "Malware payload", "value": "a789491185f978a045a3c1e2dff3f060ff621103", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226729, "uuid": "8d4dbadb-a2dc-4318-b693-01fae33683a0", "comment": "Malware payload", "value": "52336bd81acd64021a4b252716c29fc7802036c0ee0162a1c6e4737cdd6d1c4e2dfdf785c5f1a1f6b565c18868b02572", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226729, "uuid": "911427c5-9843-4745-b8d7-0ba5f080d82b", "value": "T16805F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226729, "uuid": "d0b5357e-0114-45f2-96ea-f69731d902a7", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226729, "uuid": "6d1240ba-c880-442c-ab3d-b43b08555189", "value": "12288:aA9e3OrvpgqjtQFecR6dddifiHxoB3rNd9CDr:blrvpgqj2FeKQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226729, "uuid": "4906207b-78f3-4084-ba24-2395b34be43d", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226729, "uuid": "a74a9fe1-9296-4b77-811a-3cc64fc4bd4f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226729, "uuid": "a0381879-b54e-4e0c-983e-870ca2b62ae5", "value": "9Ogl5zbvPvp.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "766fc7d1-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643203543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203543, "uuid": "a283e9de-4280-48b5-b0f8-6c3c3fba5b6b", "comment": "Malware payload (RedLineStealer)", "value": "08cce0ceaaef515e4b93f0f826ec55f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203543, "uuid": "b96a270d-e617-46df-a3a6-77fe0d60d596", "comment": "Malware payload (RedLineStealer)", "value": "47db202a3deef7ab702bf1d5c2e1451acf5a46f2ea6ada502cfbe966e6132339", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203543, "uuid": "50a1bf20-5353-41f7-9f4a-a3e7f57bdb1c", "comment": "Malware payload (RedLineStealer)", "value": "afb626c7cb0cd8e50b5a82ec179c1b5b94df6014", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203543, "uuid": "964ca837-ba5a-4120-94ee-21ea275fa8bd", "comment": "Malware payload (RedLineStealer)", "value": "c4afb4aedc31b121644e83e8aa615c4b527cbae444d24ae3754c10b0f5535d08167393fd4fa91d701c06a1dcdfe2e8ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203543, "uuid": "c089fb2a-f889-426f-b19a-edd5dd120d57", "value": "T199F633A7BC48D0EEEF56E43D264871B246B2A209CDD3C8D6532841485FF6799F8CB361", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203543, "uuid": "bb5d1ede-1f8a-4084-a58c-0b0e618d1cf0", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203543, "uuid": "230f5a04-f389-46ce-93e2-3fa6bb43d6e1", "value": "393216:x4Pjf9ONhMEb3eYzBl+ygldqdadM3B50MUgxUxujr6xccez3fd:qr9OXDbnzBuldqdadM2Ar9cez3fd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203543, "uuid": "1d7a23bf-5e45-422b-b221-ff585f63d6ed", "value": 15627458, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203543, "uuid": "3e566b31-4f74-4754-9e76-a3af872365a5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203543, "uuid": "e183131c-d7c9-4a8f-8ddf-2479cac22aed", "value": "47DB202A3DEEF7AB702BF1D5C2E1451ACF5A46F2EA6AD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8676bbdd-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208294, "uuid": "735abbec-ba08-433f-ad89-083ab9ad172f", "comment": "Malware payload (Heodo)", "value": "e534707880011303518700aade7baee6", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208294, "uuid": "cef0832b-1cbb-4ecb-b641-616afa468c5b", "comment": "Malware payload (Heodo)", "value": "47de135097c75813b92838f2a445a19a3115da0f13fb28b194b4c96d788f7ecf", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208294, "uuid": "62f0407c-110c-4e7f-8e4d-46b3e88c1674", "comment": "Malware payload (Heodo)", "value": "7a1e4146cb2da1609b20d908603c2ebbe932d77b", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208294, "uuid": "5e3be1c1-85ff-4f6a-889c-4fe9eb6b7b46", "comment": "Malware payload (Heodo)", "value": "2c56201f15be00cc67555e92a725d6d66429fa0466c9a1206612e419429b6ba6bf84148be6ea9e448858aedd449496ea", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208294, "uuid": "e4fb97e6-c7e4-403e-b01a-823fb5c33a1c", "value": "T167D36B65A5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208294, "uuid": "2de94574-c1d1-440f-9f59-e93bc2d0c7bb", "value": "3072:ycKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dgcGx03:ycKoSsxzNDZLDZjlbR868O8KlVH3jehs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208294, "uuid": "1e6cead0-2204-42f8-91e2-f87d24f25635", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208294, "uuid": "3dad93b3-c8b9-4e32-875b-67edb1ca72c0", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208294, "uuid": "d214cd62-46b3-448e-833e-cba43a9518bc", "value": "Transunited.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c4392bc-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643188762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188762, "uuid": "9070f221-5a48-4637-9ccc-3b9e3949e851", "comment": "Malware payload (Heodo)", "value": "2ceb358cc15e517a031805b276231b55", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188762, "uuid": "df0b9a86-eb41-40ca-aaed-1a93aa8bd880", "comment": "Malware payload (Heodo)", "value": "47dfbb29281580e67de1394c953cc9c75d32e9032222186d7e109e324520f50a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188762, "uuid": "335142a8-169b-4af2-b7c7-63e2976026d1", "comment": "Malware payload (Heodo)", "value": "6e90538b1a491a054a7df2492df69407e49239d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188762, "uuid": "6aafba8f-1634-43ab-955d-f06ac53090f8", "comment": "Malware payload (Heodo)", "value": "d267888876d0df5f11e1e938577c3beefb81b1ebc447e7475021bcc97eb78e1f6ec1a4c1d10fafbec1200aab4ede6e23", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188762, "uuid": "bb6274ce-d840-4d34-af54-0ab53df3fe5a", "value": "T17C05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188762, "uuid": "87d9f3cc-b8c4-41e5-a1e5-8568600dcaf0", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188762, "uuid": "ed55c652-4d2e-4ede-99ae-2ab60e9ac802", "value": "12288:aA9e3OrvpgqjtQFecr6dddifiHxoB3rNd9CDr:blrvpgqj2FesQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188762, "uuid": "0cdd79c9-37f2-4918-9511-076e7e437d89", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188762, "uuid": "bec2186c-4f12-4a54-b8b2-ce35886b8613", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188762, "uuid": "e15c2515-5cbe-4128-a70d-e9c37b6ea685", "value": "2ceb358cc15e517a031805b276231b55", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6c97112-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207194, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207194, "uuid": "1e2380e0-a850-4cc3-80eb-cad1aaaa71a9", "comment": "Malware payload (Heodo)", "value": "ee4ca439e313a25e6b3b0a45dd8b9a02", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207194, "uuid": "56a14174-87fd-4b07-8c59-ab5ed76cf468", "comment": "Malware payload (Heodo)", "value": "481b195bd60d20fc095d60cde2b3a06a279d385a04e3fdc95989a940a99279e5", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207194, "uuid": "abe6a617-5299-4a73-9e0d-d9c830f23117", "comment": "Malware payload (Heodo)", "value": "0bc7f8459d28ee6caa443c3ed521228086c4efd5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207194, "uuid": "fdde5b46-65a2-4572-aeec-676171d57648", "comment": "Malware payload (Heodo)", "value": "b798f56da97439d88ee120ae5e67d37ebbc8bd749f4d3bd38e4204c123159b0e8b716fdeed6f0fe94c3268a82dd06691", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207194, "uuid": "bf95671f-4696-4a98-bafd-9fba5a77fb1b", "value": "T14FD36A66A5C5E9CAC70523350ADA8BEE23676C478E7603C73259F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207194, "uuid": "2bd0dcef-95b2-4986-8440-05685c3979f9", "value": "3072:ScKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0j:ScKoSsxzNDZLDZjlbR868O8KlVH3jeho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207194, "uuid": "71aedb3d-7f5c-46ea-b4ef-e1aa33e83b4d", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207194, "uuid": "223e28df-d441-402e-9cce-11ab44aac279", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207194, "uuid": "7fed767b-944e-40b2-8989-f63b08ac16b9", "value": "Catering.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac4b77e1-7efc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643238422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238422, "uuid": "fddf71f7-3289-4e2a-9cd3-c3a57667be6a", "comment": "Malware payload", "value": "a1b58b3f30f27737a40816e1f7bd14e8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238422, "uuid": "c1368076-1fc0-4c38-b4ec-e3b05a5a9f42", "comment": "Malware payload", "value": "48274d12184be8075ea39035ea564d8281af4bb65ff7414cb4cb91355975c46a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238422, "uuid": "5a24cd17-2d5a-4939-b582-9a432257a218", "comment": "Malware payload", "value": "e065759c091cc78de97b7f91a35f8e97d0d4c8ab", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643238422, "uuid": "4da4db42-c8da-4a21-8092-49a2a95c4cad", "comment": "Malware payload", "value": "a2272c66668a94172c64b867b5d9bf847c608b03d701f567fcd8aaff26519a51aa0404963eeb7866175539524c651b75", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238422, "uuid": "64b9d464-2726-4585-a1e2-340e0520a968", "value": "T1DEB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238422, "uuid": "e9b7de90-42b2-4705-a136-9223a6f1dcb9", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238422, "uuid": "da37be88-c7c2-4e88-b364-b60240c69d2a", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8L9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJg20uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643238422, "uuid": "68f96e33-863d-445e-9e20-c9a0de8e3fc7", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643238422, "uuid": "c2bd93f6-75c3-42d8-b9cb-cef419ea24fc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643238422, "uuid": "568f5f95-6f85-4dbd-8b05-042f420f70eb", "value": "a1b58b3f30f27737a40816e1f7bd14e8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "344f7979-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643206868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206868, "uuid": "6feed27f-8d52-41f0-9b2b-ff6401d505cc", "comment": "Malware payload", "value": "272f5047d889716eb6edd74aeb11602b", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206868, "uuid": "0eda86bb-2428-4b92-94ed-710e17d9a9cc", "comment": "Malware payload", "value": "48708e73b2d8a2146dfd35cf87fd61a135d0e5a8720c9bf944f4d47cea82733a", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206868, "uuid": "a57f2f50-80ed-4ca2-b3bf-e5dd69eac793", "comment": "Malware payload", "value": "a4dc5f4f6bf4d684eb9046b1b9fb25b8e3f6e60d", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206868, "uuid": "03d0e034-08f4-456d-bded-c92498a32713", "comment": "Malware payload", "value": "bde50d74f03c59394f4d4da213928d0ea7e92ce438cf6b96fd8bb4fef3e9c1f1c0f7fafa8a771f74579dcb6cc15cdfaa", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206868, "uuid": "61b9f631-f9e2-4c7f-bdd9-48ffa63f9b9d", "value": "T1B91401EFF5CE8F06ED10D7FB9CB1C52DA6D6CE441A1840DAA829B52DA836C09DDCC524", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206868, "uuid": "64b97c8b-db87-4123-8cfa-b77c4fd7c3ac", "value": "3072:KL7DE1MEhEptNjVIQJTE+v7XZg0e8yn+QsMBTbIg9YLV0lzK/57o3E:c7DhptEQJ40uv8yn+fAl9YLClzK/Vx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206868, "uuid": "3e492d23-128f-4ed8-9cba-39b9fc83800f", "value": 191832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206868, "uuid": "c03108ec-9a0a-4714-a269-5fb2d64b4514", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206868, "uuid": "976a2e5b-1483-4345-bf58-5c085e2383b0", "value": "New Order.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbf7c1c5-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "7e89c07a-439e-4054-96d0-117d55d26417", "comment": "Malware payload (Heodo)", "value": "8b64e711b0895323e12d96f83f0abba8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "0627efa2-cd64-4cdf-8a9f-8c4e0e234dce", "comment": "Malware payload (Heodo)", "value": "4890fa2f24374911bf4017da74dd124f2f13af60d398b95000cd5172b4bac65a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "937e70dd-1b40-4723-b757-d3f77557bbbd", "comment": "Malware payload (Heodo)", "value": "9276578a2d4d8de24560cc313eaaa46904bce208", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "e40fcc31-95e0-46e3-9627-392adede4e98", "comment": "Malware payload (Heodo)", "value": "5e3933596522b88c390947ef9e5a8dc6c79c8ed3f700b9daf3e41a71d98a64d6a8134aad94c622d99ab6cbe027dab6cf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "e5a21bbc-5e5b-42c3-b7fa-c7c873264690", "value": "T16AE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "862fcbd1-1533-4d9e-a4e2-b88d4308cb8e", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "2b40bd65-1ac4-4d99-9685-e460832f4f4e", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIWG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGfOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207095, "uuid": "ffd7fdd1-4bcb-4741-b78b-bc05a517e5b2", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207095, "uuid": "48cdecab-2396-4563-b8a8-74b1c13e368d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "9885fc6d-b704-4db6-9c1c-ddd0e3f878f9", "value": "8b64e711b0895323e12d96f83f0abba8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63475b77-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643221550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221550, "uuid": "5c18565c-ca1c-42a7-aab9-b5f91cb2f85e", "comment": "Malware payload", "value": "f4996449cc83fcfbcf307ead1b5f7b48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221550, "uuid": "2d44426b-9a01-4e8c-a4a4-44bea3af5488", "comment": "Malware payload", "value": "495f96a9becbc871b7aa233bf4fb9346d9869645f61174cf1e695b27e4631493", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221550, "uuid": "9ebcade6-108f-4aba-8f69-8717c923a5e0", "comment": "Malware payload", "value": "33182fcf3d4b652736a058de15ad1c13448048b1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221550, "uuid": "4b6b8a77-e511-464f-8685-7e0aa80db53b", "comment": "Malware payload", "value": "d1cdea495820f576da4e7ed3cd527a89781fb796e3e4adc6903740cff402d4c7f7ed1b31296e68c442d6f1f536e7967f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221550, "uuid": "7d408383-0223-41d2-b772-542ecc15a224", "value": "T1BF058C95A2A843D0E167B134B45DC626E371BC2F0BA0C74F13A93F2B1F376A15E1A716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221550, "uuid": "ac0aea7b-72a9-4e1b-bd96-99259e3b8668", "value": "f9302f5cebd1bdd1cc78933158696696", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221550, "uuid": "b746d6bc-6123-425b-af9a-2c1bc5cb718c", "value": "24576:LY439DrbsM/m0+U1lnQzdech02Nwf70nbZ5O1pxyAR+AdY0Y:0SNHnQzdech0M3nbZs1pxbndH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221550, "uuid": "b0c609c9-646e-4693-97e9-9a1327094272", "value": 808448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221550, "uuid": "0bfdc4f6-930a-4d63-97ca-6524e1cbea51", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221550, "uuid": "238ffc3f-a9b0-4285-8863-e268ec41cbe1", "value": "SecuriteInfo.com.Win64.Kryptik.CVZ.9019.32313", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cb6f02c-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220760, "uuid": "822960d7-02c4-4ed5-92f7-4ed785513639", "comment": "Malware payload (Heodo)", "value": "aea8dbbd23ab51a71011aa4ad31ff44a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220760, "uuid": "fd8bbdce-b3da-4926-8bd1-551e93bb06a7", "comment": "Malware payload (Heodo)", "value": "496ebf368370ac0066a20c6026482466af1ed37ed66eca7646014b5c424eb72b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220760, "uuid": "7619b499-78af-415a-b85e-46e49c288417", "comment": "Malware payload (Heodo)", "value": "6e7caf588438ba79e09ae79f0c0d32b25aee929e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220760, "uuid": "2470d960-938e-45bb-90dc-63209f096e99", "comment": "Malware payload (Heodo)", "value": "3a268edae83088ff4f9e63110a979725a1406f15e790b14ca99447593f6c64cc03f0321170e04b2651d7eee94216b9a5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220760, "uuid": "78811f88-cef2-4e00-ad36-40f8a3b72589", "value": "T13505F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220760, "uuid": "332ad138-b481-4ab2-a393-12d98a725dc6", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220760, "uuid": "26fe043d-c6c9-44ed-a8c5-5ca6a367fcae", "value": "12288:aA9e3OrvpgqjtQFecX6dddifiHxoB3rNd9CDr:blrvpgqj2FeoQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220760, "uuid": "1e218de8-53f1-4823-83d9-de58b7e9b5f4", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220760, "uuid": "3f6c904d-a9b0-494e-87f1-0ee8b9f92e88", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220760, "uuid": "261155da-0f58-4ede-a7e9-e225ce2edb64", "value": "aea8dbbd23ab51a71011aa4ad31ff44a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c5174bc-7e78-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643181487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181487, "uuid": "1954d5a4-fc65-4f03-80be-31f938ab4e2a", "comment": "Malware payload (Formbook)", "value": "bc4b7eea8a9c64a1cd66a209ce48125c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181487, "uuid": "70a033bb-e397-4870-873d-7606334ed65e", "comment": "Malware payload (Formbook)", "value": "4a1a658896edc2f583967722a2115b8d69442b6448e330c1e5995ce5d431282f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181487, "uuid": "e414c38a-45fd-4d3f-9dd7-68a80ecbae86", "comment": "Malware payload (Formbook)", "value": "9a78326725fc0966047f102c375ae669509eda89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181487, "uuid": "2f10e177-94d4-46d7-bbf8-9c3e57595531", "comment": "Malware payload (Formbook)", "value": "0d2099c70e445c2460ed964c0305e4ebf9455caaac0a070eb8b95bcf4056676a75af025cd2a44b8c051777b9f3ea6a09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181487, "uuid": "5505311a-3eee-4c75-b190-91b452f26a61", "value": "T13194E4F872E1E27AC80582712A257C7193F54DA0DD70A915EEECF9E4D530EF62B22607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181487, "uuid": "1ac5092f-f419-4514-9f59-7f8047865308", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181487, "uuid": "7fd17fd2-7e72-45e8-a0a2-f7bf94117115", "value": "6144:BwTa4ogLe95vzFis1p4UrxDfqHtuwZ34z2RBYCIVeVcQi/ln1gDG:kJT8vzflxDfqgaRBSV9TYG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643181487, "uuid": "aa3febc9-5ee2-412a-9fca-77696fd86492", "value": 424073, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643181487, "uuid": "e391d9dc-997a-4a52-a5d2-ce7c9e6a473d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181487, "uuid": "030506db-9798-4303-ba6e-10ccc088432f", "value": "PO2847310.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "054ff7db-7f04-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643241578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241578, "uuid": "b50837cc-0540-435e-bbd3-305cd791894f", "comment": "Malware payload (Mirai)", "value": "cd71fa0c107f68cbb178b8e801992f35", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241578, "uuid": "23ce47e4-df52-4180-bcd1-0d07e59c34c8", "comment": "Malware payload (Mirai)", "value": "4a8a584da5bb1a40e030c956ca918f8cd0cf979cc79c3718c132320ed7089448", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241578, "uuid": "749b38ac-c794-4587-95d4-1b1d351538bb", "comment": "Malware payload (Mirai)", "value": "de471a243f971a9df135435eb25d588422b1153c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643241578, "uuid": "dd062302-a964-4116-86c9-2f13f71b3e10", "comment": "Malware payload (Mirai)", "value": "f18d8476257ecf2534e32dbf5d23445951f51395e5986156ac87d23218dc683eecdc5f337e1f608271e3b884dcb4c936", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241578, "uuid": "c7e382e7-48a2-4156-a8a8-4c591376f438", "value": "T1D923E0701A2955F9C069C5F855F023D23997471A8882DC1AF164F54AAF87A773CC3BD2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241578, "uuid": "1795b31e-95fc-48c6-937c-dcc5b98a4676", "value": "768:4XLL88BFQrRKBP1ZXX87yQy3Mb9KgZ4myMlyneZ993HKkU5utBFvBJgGlzDpbuRn:47RFyEBP1l8m3VQFyMlQU993/yCVJuR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643241578, "uuid": "6fed283a-bd75-4b47-892a-a8b68534ea7e", "value": 46136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643241578, "uuid": "dfb9800f-b3e5-4e55-a629-0f8b2e6dfd2a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643241578, "uuid": "27404418-3a62-4da1-80d6-db4f40df6363", "value": "cd71fa0c107f68cbb178b8e801992f35", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86736b64-7eca-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216884, "uuid": "56c5488c-4012-4a44-ac01-dd4285dadb0b", "comment": "Malware payload (Heodo)", "value": "f03753485311ee110b9c474aac6d3cb7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216884, "uuid": "a85e4bae-dee1-4f19-9346-00df6c0a7b82", "comment": "Malware payload (Heodo)", "value": "4aa8a1df4041f851d05fae044df7fdc44fe333ef3049e6c01a85245778fc7f3a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216884, "uuid": "10b1f646-5f1a-464b-b448-459807347cb5", "comment": "Malware payload (Heodo)", "value": "280e778295fcec63f2fa7f34d235c808fa96ff05", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216884, "uuid": "052add4f-c6fb-4330-bf4b-7d3e4ded7f99", "comment": "Malware payload (Heodo)", "value": "80cb1ef8b881f85e2138136c21f2ad3a62508416a77751c18c43142bac9d830098b227b523967349e77cdb311c5c4514", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216884, "uuid": "00c17a45-f559-44dc-9a39-73ff36e93917", "value": "T1FF05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216884, "uuid": "5d461e47-b74f-4cb8-8f03-cb0366d1ca04", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216884, "uuid": "f9746cfd-640d-43ef-91f6-f8b07fead6f1", "value": "12288:aA9e3OrvpgqjtQFecs6dddifiHxoB3rNd9CDr:blrvpgqj2FeBQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216884, "uuid": "33fd3b64-b95b-4754-b3ff-86cd19ddb8d5", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216884, "uuid": "ae5bc8a7-c308-4991-982b-b1dedc414fff", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216884, "uuid": "cf42728d-9abb-4c9a-b414-e7eb572682ce", "value": "f03753485311ee110b9c474aac6d3cb7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81722eb6-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207856, "uuid": "d7132ad1-fc5e-44fd-83b4-83d6ad9e624b", "comment": "Malware payload (Heodo)", "value": "2bb6da8f0bd4b7692845568d6523ef1b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207856, "uuid": "85368ae4-a731-441b-aec7-a437fa820ad2", "comment": "Malware payload (Heodo)", "value": "4aeaf9468368a0b82405ba435ea1687c7b084f3c37c14dfe3d0c9f9557c555f4", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207856, "uuid": "bf2f6ce9-06dc-4755-bbd8-c8d3c1e04934", "comment": "Malware payload (Heodo)", "value": "bad12b6ccbac4e94a21e9e16bb404a8d9a162a61", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207856, "uuid": "91d5edbb-5265-45e8-a7ed-958013e78b9f", "comment": "Malware payload (Heodo)", "value": "77c7049273612823f070458639050b5ebba12319dd546931757dc48f8a68a2bf3bb3ed3d909f917a7ccb81f25dee41a8", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207856, "uuid": "4c040cf0-5070-4a00-80c8-367bbb32e170", "value": "T1C0D36B66A5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207856, "uuid": "f5bcb919-d104-4a1f-a9c0-8b6f054ec2d8", "value": "3072:jcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0w:jcKoSsxzNDZLDZjlbR868O8KlVH3jeh3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207856, "uuid": "1f0333e4-6882-4735-9979-0640cf26972b", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207856, "uuid": "8bef4f7f-6b3d-4c2d-9e42-c264bcb82b52", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207856, "uuid": "9f7a379a-3166-4e77-915b-99b5dff863fa", "value": "check.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f52e7e5-7e88-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643188391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188391, "uuid": "6f5049bc-6cec-403d-97a6-fd13b00e40dc", "comment": "Malware payload (AgentTesla)", "value": "55dc7c979efb8967bf650ccf38db277e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188391, "uuid": "3ad0df33-b58a-45ff-9d77-9c7c47f6b99e", "comment": "Malware payload (AgentTesla)", "value": "4b272c6bf0895c31a7ee776c253eb7be995a967cdf4adbb944a31b12b887b971", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188391, "uuid": "91da4736-cad5-49cf-a9eb-f19f5d3753b2", "comment": "Malware payload (AgentTesla)", "value": "070f34a552968c991442cf74c5bd22d96061384f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188391, "uuid": "8078d814-4a3c-4894-8af8-f4b0bb4d521e", "comment": "Malware payload (AgentTesla)", "value": "90f580b6cc62b319ae09378aa40d1e339ff3267b42157d76f4c4380aa9071e437eb6bc20ab9fd6ce6f569abf57f641b0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188391, "uuid": "6b00de95-6c51-4050-a5d1-7de23f8b3712", "value": "T17A15BD6BF44CC822C29D497681CFB40E47B5B803FDCBF5AA3ED7E5096551B46AA0920F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188391, "uuid": "746e9900-f4a8-4c4a-8a88-7c204316a109", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188391, "uuid": "d1b8234a-4e21-4804-83cb-4baffc69c8fa", "value": "24576:cRcOtneWO9MXwCw1kXZHaAmi3W9hzebp:9WJgCw1kp6fim9ZWp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188391, "uuid": "d72e7c8f-2a84-403f-b12e-eff482b0f19b", "value": 891392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188391, "uuid": "2ec23ce9-2bb8-401c-8f1f-f9f4cb1b4579", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188391, "uuid": "8ec6cf16-891c-4642-8a70-2c25e4cfb8a1", "value": "NEW PO_45436682988500938776_2022.gz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dacf923-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193515, "uuid": "3ca2652d-235d-477b-8e1e-38dc36e3dbe9", "comment": "Malware payload (Mirai)", "value": "1f87fdf57c02a328a6594e73ea8e0a7c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193515, "uuid": "a2147f8f-95bd-40df-b60b-b9228e90fd72", "comment": "Malware payload (Mirai)", "value": "4b30fc9eb3d15a65c1604757eee654639e7acc70ec0118793bd27ea6ee4b5c7e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193515, "uuid": "f7389420-efc8-4848-9496-16a1299279a0", "comment": "Malware payload (Mirai)", "value": "f5598fbaebc05a5ffece15e6c26c05f0869df346", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193515, "uuid": "6859c5e3-039c-4ef2-bd3a-f0c985634921", "comment": "Malware payload (Mirai)", "value": "0e736e3ab74723c1115571869285715c423f17eac8bcf355322b024813613ef0f56120d537508cdee492b10aaa368b8e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193515, "uuid": "303c72d9-6869-475a-997f-9437307647a2", "value": "T1C1E3A51AB7619FB3D81ECE3706AA4601108DE55A02ED6F6FB6B4C51CE78B84F08E3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193515, "uuid": "1b89cfd7-f80e-4aae-992d-552676269b88", "value": "3072:OaRBoUm6Oq+lozD5hdyrzhsURxuZq+1uPNd5R:OaRBoxq++zD5hdyeURxuZq+1uPNd5R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193515, "uuid": "6598dcad-26d0-4202-9666-93aacf659b04", "value": 154480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193515, "uuid": "5ca72131-c945-4a7c-bfd7-9bfe05521295", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193515, "uuid": "0fe5e8ae-e804-4111-9b70-29037eef4fab", "value": "assailant.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6758f992-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643223274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223274, "uuid": "bed5466a-c88a-4b38-8e07-3b2609112e5d", "comment": "Malware payload (SilentBuilder)", "value": "2390992a388ce0c9313a819822a970de", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223274, "uuid": "1e5c2e10-9a8a-4958-9b28-1242fb616ad2", "comment": "Malware payload (SilentBuilder)", "value": "4b3741786cb80034f27240ccdd5967fcce9f6a3d973154b4623b1387c99cd936", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223274, "uuid": "a5cb3b52-482f-4be1-92b8-46383af59c5d", "comment": "Malware payload (SilentBuilder)", "value": "0f01c6ebed6a9551e7c6d0a6aa631047f8f270f0", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223274, "uuid": "000badd9-1fbe-4262-a57c-bb343cb4e2d2", "comment": "Malware payload (SilentBuilder)", "value": "10a1b6f97479bb4513369cea4f9d9107d588858be13e10940198a8933ac74e00499c0fbede81be2ec3355ffea1c89865", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223274, "uuid": "ea50b952-c296-4b1c-85cb-c51a4f66948e", "value": "T18D131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223274, "uuid": "1a1a576c-9057-4bee-9ed6-0cd9a2a76003", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223274, "uuid": "d25985d2-698a-43da-b8c1-290e50939093", "value": 45538, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223274, "uuid": "469bdff7-18d7-47a2-92d6-38ec50171355", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223274, "uuid": "bffea5a2-7d79-4eec-a8ac-bf2f7732a8a9", "value": "tmpzobeub5x", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70b35904-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643213412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213412, "uuid": "7779dc59-2991-4358-a392-b7a38f7beb0c", "comment": "Malware payload (Loki)", "value": "bbd3ef243a73505c32fa53756a95bd54", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213412, "uuid": "32f3706c-92d6-4d1a-aefc-fa96da9de095", "comment": "Malware payload (Loki)", "value": "4b7fe1f52f82907de21caebcaf99074bee5e2ec41df0681a853cb4834c4323fd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213412, "uuid": "21c693a3-d864-4bcb-a1fb-1fe7f7dd1af3", "comment": "Malware payload (Loki)", "value": "15cf24db6ab2f0ae906776c685eb9ebf78d51c55", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213412, "uuid": "8a4daad5-aa9e-4b99-b5bc-44086cc14237", "comment": "Malware payload (Loki)", "value": "7902948827429671fa482fa2c00743b6f82ac65ba8cba2cffb62c88fe4cf35026ea07ecb13dfe7da6dc236beb4eef861", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213412, "uuid": "b3627267-b0e7-4b96-a249-c7da80900973", "value": "T16CE4CF1632E0C134D28D283998A07950BF73F16F78D2F964EEB2DA467BB97C49604973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213412, "uuid": "6ea11d0f-1ca6-465c-bf20-54f6a7b914d8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213412, "uuid": "286c1619-e874-4f8d-aa17-893c6d36c428", "value": "12288:5BJQ1m+uHwy0ql+ONckp6xAhJNiFJu+Pr5/+MJHjs0s8VwcRPa4E2a395Pny7mfY:vDt6xAhJNiFJu+PZ+MlMewSPaj204/3t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213412, "uuid": "66bc35db-2291-4902-915d-aa00aae2be2d", "value": 696320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213412, "uuid": "04b3b326-34e8-4ff8-a732-8c8522e23d65", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213412, "uuid": "55dca17c-85ff-4062-8096-6080a1a4185d", "value": "bbd3ef243a73505c32fa53756a95bd54", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a37b5b86-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643203618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203618, "uuid": "2e724214-46fe-4614-acf6-b761423d4c99", "comment": "Malware payload (Formbook)", "value": "4120b10b0d7bce420e1f0f7e6ae1739f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203618, "uuid": "8d56884b-2466-4287-953a-b2afc0b5164e", "comment": "Malware payload (Formbook)", "value": "4ba337aa0663470b85d2b1b97713a219ea8c5d7ee7f5795dfc9017ae2b123e47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203618, "uuid": "50b9d63c-4813-42d5-bb35-6cf2f4531e51", "comment": "Malware payload (Formbook)", "value": "cbdc0fa6fdbe213ae0fdd7876cb240c5ed127085", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203618, "uuid": "da0b8bea-7098-4d45-a91d-c1f7a8ef3389", "comment": "Malware payload (Formbook)", "value": "ff54c2f86b9cda7dbd120489e4dfe797af966a540cd5540b6244e3b403e0fa407e4a46f2aae11ba6756c5131d0e99111", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203618, "uuid": "78df6f19-3da7-4be9-975b-c3197d8ebb3e", "value": "T11905AE6BF449C83AD29A497641CFB00E43B4B843FECBF19A3E97F5497151B86AA0510F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203618, "uuid": "3bc86616-bfa0-4dbe-8121-8bf168e2359c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203618, "uuid": "de0a46a2-a62c-4f29-939d-26fa82437239", "value": "24576:yOJiJLNUVd6O8Mtw/QhJrD1yGuK6A9PfsgX:qJJUVd7SonP1y3K64PJX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203618, "uuid": "0b632f15-369c-44c7-a3ab-bc143354600d", "value": 832512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203618, "uuid": "390581a3-61a4-44de-8d75-85e884038bea", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203618, "uuid": "6ea13c95-c0f5-4f44-81d4-b44a8b587145", "value": "b1r18YD8w9HwQBi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "517be22a-7e79-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1643182006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182006, "uuid": "9f286a8e-89b0-430d-a144-1c02dca21869", "comment": "Malware payload (SnakeKeylogger)", "value": "f11dd26eda0506fffd9d64bf9d781b85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182006, "uuid": "20b88a30-71ff-41f5-b566-59331677f7f7", "comment": "Malware payload (SnakeKeylogger)", "value": "4c25db625706955a2b962c4c67e4d3a1b1dfe8b856e79a676cbc0e804e051bef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182006, "uuid": "2e6390a3-2615-4a46-81c7-dbbc1e92c034", "comment": "Malware payload (SnakeKeylogger)", "value": "1997c8d93ac6a09109a34475449161f56a7cb6e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182006, "uuid": "279c9986-705d-453d-94fe-e50fc42c0de4", "comment": "Malware payload (SnakeKeylogger)", "value": "68cc9279453a9862773d7eb916346da29dc8e474994a08604f7ec3038b6dfaaaeea662e2cfa65763ade10b2d25d4b1f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182006, "uuid": "d323cb5d-6375-4b7d-934b-24584daaef47", "value": "T1DCF4AD6BF84DC826D19D89B641CFF00C43B5B803B9CBF99E3E97F5096551B46AA0920F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182006, "uuid": "8def6f21-98f1-4b9f-819e-079d17bb9e4f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182006, "uuid": "1908b40b-42df-4b50-a75b-2f93a6225807", "value": "12288:QUUvtWeZAEujX0M4TaggMR1tnxxZTVwPJ0WVpjs0s8kwq7/ONcKloGw+hFtcgpKV:fUFW60FBmPmPJ0GMxwjNckokRpKto", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643182006, "uuid": "4d5f96b6-08ef-4812-bdb8-3179153d63bd", "value": 794112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643182006, "uuid": "36230384-1275-4399-9f2d-79dd90bc7946", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182006, "uuid": "537c0d80-8a7f-491b-bdbd-fca467614eb5", "value": "ALDOM- ALD-797-R1.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70b479ab-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177334, "uuid": "66ce7445-7c7d-49da-97cb-196bf20c7849", "comment": "Malware payload (Heodo)", "value": "3dfb79a7933a9fbc037ba7682aea5815", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177334, "uuid": "bcfbf28f-e1ae-4b20-99aa-85d6403b6f57", "comment": "Malware payload (Heodo)", "value": "4c2ddd629e265246f75b3e606e6bc899afb3c82020fc9a8f440e7793d6fed047", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177334, "uuid": "f28c6664-9a8c-4003-a7b0-1e018bbb4e35", "comment": "Malware payload (Heodo)", "value": "d6cda0699a9c06b898f9bf3c2a462fe56e71c299", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177334, "uuid": "1cecf2d0-a44d-44c5-87e4-5db05cc6ba91", "comment": "Malware payload (Heodo)", "value": "855ab1604be262749e568166c9dcd8680e93087915db07944a76f4e173ceafb9c7a7784fab3f22121fc579a15be1e1db", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177334, "uuid": "be202e0f-c2ea-4aa8-b2f1-2ad84a2fa12d", "value": "T1E4636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177334, "uuid": "a001ac68-f8d5-473b-91cc-4735224c648f", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177334, "uuid": "b6e32010-e62f-40d0-86e6-a8bc0248f114", "value": 72800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177334, "uuid": "acdb7e4e-5799-4538-8cfc-a90c7c93bb75", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177334, "uuid": "78600108-7d4c-4664-a0bd-3738b3d41b45", "value": "emotet_list_ioc_cronupTue_Jan_25_11:55:07_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc90820c-7eb4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207553, "uuid": "24290516-a32f-46fa-849a-fd308b6eee2a", "comment": "Malware payload (Heodo)", "value": "4fc522d4a7f42aa9cec8a50db2e3fcda", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207553, "uuid": "edf46da2-3023-416e-9b3c-5c8594932006", "comment": "Malware payload (Heodo)", "value": "4c2f22d28a1224d152447f9affeab1d40a7465df2d0307ad9067d43f2938cf5b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207553, "uuid": "2ad6265b-affe-454a-b437-8b2142fb0f19", "comment": "Malware payload (Heodo)", "value": "a19b142ec9b97eb54ec510a2e69acdcb144f5c1f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207553, "uuid": "6d3f1891-ed62-4cb1-95f2-6e67418cbc32", "comment": "Malware payload (Heodo)", "value": "fb93afaf3381f2e7f901291b79bbf52943d9ac5ad82fec456746c33eb92cab46f414e842f8f81bdf116176ab6fef32b5", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207553, "uuid": "0bce37cd-3e5f-4b92-b705-5384c74bf117", "value": "T15DD36B66B5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207553, "uuid": "45f37064-4750-443b-a169-79805df66e37", "value": "3072:PcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dgcGx0v:PcKoSsxzNDZLDZjlbR868O8KlVH3jeh8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207553, "uuid": "208ec65f-0989-48fc-b9a7-e942e9256329", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207553, "uuid": "37fa6021-faf4-41d2-b7f8-7e99f4ed92c5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207553, "uuid": "49824635-fb27-42fb-b94c-0845b2cef569", "value": "tmp4ki3008v", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d0b8218-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217674, "uuid": "21acc579-dae0-4243-8f05-faf28c6bc899", "comment": "Malware payload (Heodo)", "value": "ef9d84a956db74ca270bbdec9154a713", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217674, "uuid": "16285db6-361c-48c1-b4ab-3c60c328d4de", "comment": "Malware payload (Heodo)", "value": "4d0e63e930c1515b9d762180f36b955c41a6d051869a3715d1c9f87afaefc572", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217674, "uuid": "29a3a1c1-06bb-4f68-8e78-a4ff8c57631d", "comment": "Malware payload (Heodo)", "value": "39d6e39e0b1628fa579fae3acfc9192e5190993e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217674, "uuid": "8b75496f-7a00-475c-8dd0-879583708637", "comment": "Malware payload (Heodo)", "value": "70e2795054ac7e7549883fc92d476d7c12363aab4ffc7e4583cc7478d6078c84bb744e18f5367884f063f31092c16382", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217674, "uuid": "991338d3-0e74-4269-bf78-a4d05f208f6d", "value": "T1EE05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217674, "uuid": "b7feecbd-368e-417b-a07f-b208929c596b", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217674, "uuid": "d1199892-91e1-4410-8be4-1c99a2aa5b99", "value": "12288:aA9e3OrvpgqjtQFect6dddifiHxoB3rNd9CDr:blrvpgqj2FeaQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217674, "uuid": "d9417815-2fe9-475a-838b-c2a99f67d2b4", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217674, "uuid": "2a3f94af-0c09-4270-97de-db247aa6aa80", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217674, "uuid": "c09a3676-c589-4eed-b658-242f942cf4ac", "value": "ef9d84a956db74ca270bbdec9154a713", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae18b8a0-7e4b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643162405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162405, "uuid": "e9181a5c-b3f0-4d1c-9f0f-1542ce86a633", "comment": "Malware payload", "value": "a96bd0a4a1be5c1bd7b61023d7dd0689", "object_relation": "md5", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162405, "uuid": "6706411a-a3a2-477f-8ea4-b2578de07db5", "comment": "Malware payload", "value": "4d1d0272e8d17b014971c8fdf55adb4f34cb7854fd97f17b9207a66c21c20206", "object_relation": "sha256", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162405, "uuid": "c2dd639d-bb2e-491c-b8bf-5fc40161bd3b", "comment": "Malware payload", "value": "f789368569f206a349906296fdf0e83f31397dba", "object_relation": "sha1", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162405, "uuid": "9ca9d305-fa5d-4b73-afab-467fc72c11e9", "comment": "Malware payload", "value": "65d2bef983e1b4be49146b6aef94ab2db07bd3997054b9ffd89c2b3638bd7b03169194ee03a30a91871dd5a738011e74", "object_relation": "sha3-384", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643162405, "uuid": "3b4a6a53-dfa5-4ed6-a148-bd952a8eb0a8", "value": "T190B53336F4FB79783606F7F64900DA3576BAC3863ABA33110FF89CCA512415B7669068", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643162405, "uuid": "64b3293f-6c89-45ee-b9e9-0a6a3b533509", "value": "49152:ijoGN5J3sAs+aa8d6q3RKNhvqa87NXcHnSySdkOFOd+LgEBHVCjf:ijn5JcAsHYqsnvqZ7hcHVSdkOFOMs6HM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643162405, "uuid": "91ac1e5d-b58d-46df-a556-d5a2bca11546", "value": 2293760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643162405, "uuid": "1f46c1ce-1bc2-4388-afa7-a1e6a3ce4b5e", "value": "application/gzip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643162405, "uuid": "3a352cfd-1d79-4e7e-8154-c8b587c89bab", "value": "4d1d0272e8d17b014971c8fdf55adb4f34cb7854fd97f17b9207a66c21c20206", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe1ed6e6-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206347, "uuid": "9982f4d6-69db-412b-b7fc-0e42f9a1739d", "comment": "Malware payload (Heodo)", "value": "2a870093c27e683a72fecf6b8d2da060", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206347, "uuid": "a2ec3cb3-b240-458a-bf87-e57832e37d1e", "comment": "Malware payload (Heodo)", "value": "4d3f1ddbee160e35d1ca2ee59facf2524665323d879368bb7de296e660094d11", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206347, "uuid": "8b9779bd-7901-4aca-854e-b1f7157fab26", "comment": "Malware payload (Heodo)", "value": "94a1174a5d2addb510db41a644db0e550ae13aa3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206347, "uuid": "7ebc4fa8-5ccc-4752-bb82-53753d6b0628", "comment": "Malware payload (Heodo)", "value": "4d6df6337c851103f5af21f8f94add536533a44458a7bae04d678a820f2d4962ac719d1488e637c1f025e6566cf53e40", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206347, "uuid": "1055711f-80b7-4a21-bfcd-e5c176b0c80c", "value": "T1B5D36A66A5C5E9CAC70523350ADA8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206347, "uuid": "35771608-0728-4d2c-a4eb-26ee76e16aa8", "value": "3072:TcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0U:TcKoSsxzNDZLDZjlbR868O8KlVH3jeh7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206347, "uuid": "2f55b7a4-d2b7-4064-a821-7858b6ec88d5", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206347, "uuid": "5a7c6046-25bd-46b5-8ca8-daa83872b61e", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206347, "uuid": "be4c044f-30d1-443d-b560-a56f70f3f0ee", "value": "tmpnka0il76", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0abb6db2-7ecf-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643218824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218824, "uuid": "cc62c427-f2a2-4bbc-ae28-da58cb873745", "comment": "Malware payload (SilentBuilder)", "value": "24e27f25fdeef8a6322f9d2e1846f37f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218824, "uuid": "307197e6-c8ec-485d-a12a-ef2f536a5aef", "comment": "Malware payload (SilentBuilder)", "value": "4d4887d49228a970160f56a389d27761c41510698d7c570fb488dca78863e182", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218824, "uuid": "a4651628-2bdc-4309-a5f0-0b8fb3006a38", "comment": "Malware payload (SilentBuilder)", "value": "cef7960816cadf6aa2d57370736b94d1cca8be2a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218824, "uuid": "45e343be-6fdf-4c9d-a0b3-0695aefd59b7", "comment": "Malware payload (SilentBuilder)", "value": "c118e7714368400c31cb1116c84dcf8d5dc163b5b1cec5337b39e3a83120234fa13877ff3b7090f00d002107d0d8f51e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218824, "uuid": "c1486613-c009-4114-b82d-0fa74d3a737e", "value": "T1CF231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218824, "uuid": "22c76e73-7e7e-4e1e-9419-62af12d344aa", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218824, "uuid": "2f15bf95-d16a-40a1-84cc-67ccf5330f4d", "value": 45655, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218824, "uuid": "d15f4e43-0d47-4882-944b-013c3e705cdb", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218824, "uuid": "16dec7da-1b98-4eb1-9282-85fe019c7371", "value": "tmpj2y4e647", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "533e60b2-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643221523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221523, "uuid": "10a163f9-c30e-406f-813b-6e0df7606b1b", "comment": "Malware payload (SilentBuilder)", "value": "a3fdf1a2aa47414e080b0c0c84000dca", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221523, "uuid": "d855431f-5cea-4d50-a5c8-8fb579a8539c", "comment": "Malware payload (SilentBuilder)", "value": "4d4e309143a6f338ba17c72d3edeb8e8e809f17395852d658ac96800e4e7c373", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221523, "uuid": "1bafa67f-5405-47ca-93b2-3d5027a1ff86", "comment": "Malware payload (SilentBuilder)", "value": "1e49e3c20531903c9392176827a37cbd760e7773", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221523, "uuid": "13ed7551-4c2b-4d74-b43a-ac745fc4e86c", "comment": "Malware payload (SilentBuilder)", "value": "cb9c50d6b0f1e256a733db90a4f15b8c8577cbb26ce4ee92586e48545ea38ebbdfac44b86fbad4e9009f49774942549e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221523, "uuid": "3d6be968-1771-4d30-8578-5f1c9e86823a", "value": "T150231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221523, "uuid": "444bfb19-5ea1-4a02-9f9d-a7add727cdc0", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221523, "uuid": "ec86e97d-baa3-4b41-8e85-a37b428c1853", "value": 45585, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221523, "uuid": "1cf85d7f-fb9f-484f-847c-277790488600", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221523, "uuid": "89ace97b-25f0-4c26-a1f8-0db945ec8961", "value": "tmppfgnsnml", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67565c8b-7e85-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643187197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187197, "uuid": "b131c2a6-fc16-49e3-82b1-71355e216734", "comment": "Malware payload (Formbook)", "value": "8ac12e9f61b508bfd55d9608bc8e7296", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187197, "uuid": "838c7a9c-9c27-4592-b78e-ef2340de0cea", "comment": "Malware payload (Formbook)", "value": "4df60d233d14c249da0c0202f9b5c77848fdc43b8979589cdb93bec3aa142758", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187197, "uuid": "8344f789-dc3c-436f-9e52-9667d3c6f4d3", "comment": "Malware payload (Formbook)", "value": "a0d7d57e88dafbe0e04ccfd67cab55d60040b667", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643187197, "uuid": "a7f764ba-ab97-4c82-a9f6-e320b5cbc46c", "comment": "Malware payload (Formbook)", "value": "9fbc45df70bd64b6ee56c65743057ef2952c124b7ff9492e97f76ab79c74b08587740397633ce09f350eac51c3b0f30e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187197, "uuid": "037b183e-c6bf-4f60-818c-0da503ed26d2", "value": "T1DA333C42C6A20363D5554BF3749396C31BB1710E58E0CAAB98C9B08A4EDF30A7597FDE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187197, "uuid": "650d1472-4c6d-4fd6-b270-38bf680365c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187197, "uuid": "0773de08-1ee1-495b-b45d-3387600a39f4", "value": "1536:Ghypga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLrr1Q:kypga/eHUTQQQQQQkdBft/2YWLrBQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643187197, "uuid": "577e315f-82ce-4bb3-bbc9-44eae4d59244", "value": 51400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643187197, "uuid": "6ded4a13-74be-4759-8531-80bc6ee0450f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643187197, "uuid": "a238fb91-ad3a-4735-8d74-ec94664ec3e7", "value": "Purchase Order 25.01.2022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a5fbb41-7e72-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179095, "uuid": "cfcf96f1-e3a0-48f7-8a36-ac25482829fb", "comment": "Malware payload (AgentTesla)", "value": "e97b03c530f7cce01498499754cf318a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179095, "uuid": "e2829fa5-97e7-4573-869d-149dfd993a9c", "comment": "Malware payload (AgentTesla)", "value": "4e7a6c189914f12383a1fd83a6f240aac8d52e88ba7f8062d3ed2bd931678f9f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179095, "uuid": "1ccc0f6b-80dd-431b-8eca-4f6d33648c62", "comment": "Malware payload (AgentTesla)", "value": "3d69d9f9edbfefdad32a588df27b89d777f22219", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179095, "uuid": "95c07204-d293-43ef-8ca5-615b98527b21", "comment": "Malware payload (AgentTesla)", "value": "314b51997f61007313e56da3cffad61691bcd22378be24e320f649b8690dca67018b215f99486e24bdd106dafa672623", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179095, "uuid": "910845f7-0e2a-43bb-84f6-36d52b5033f7", "value": "T17305BF3982B99431DB0D467CE052B50AB3BBB04355C1BEAD8F0695C26FA77917A03CB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179095, "uuid": "0fabe7e9-95dd-4351-b753-5e76d86df346", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179095, "uuid": "2559b31e-14a2-4078-8e35-81a2a0b9e172", "value": "12288:aJSL0OI/7c7FOw1pxp+sL7D75js0s8lwOQ/2VuGEvACLccqu26pegTj71vQY9mgs:S4/MSwl/2kG5CQUBHTn5pMgc7Kg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179095, "uuid": "23bd5b56-b7c8-4200-8a8b-af03caad9c93", "value": 810496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179095, "uuid": "86abafd9-1898-4c94-968b-8a7d354b1f99", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179095, "uuid": "2ce69b1d-5ee9-429c-9631-be7b77a78232", "value": "MV AMIS WEALTH CTM USD 40,000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba839e34-7e95-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643194208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194208, "uuid": "3fbc71a0-f471-4152-87d5-020fdf2bba3f", "comment": "Malware payload (AveMariaRAT)", "value": "4655448051058c4ba29f69a8b78003d2", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194208, "uuid": "9ae7ca43-7db0-4be9-8095-19a2f70f707d", "comment": "Malware payload (AveMariaRAT)", "value": "4e837a08dd24b1f710c6fce10f974a49141decf103d6aeb290c0d36bba75121b", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194208, "uuid": "57b6d8f5-a163-49d4-a027-256f54a475d7", "comment": "Malware payload (AveMariaRAT)", "value": "b57d558c87429777d650cb47b283d3379c4b92d6", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194208, "uuid": "5e26d213-d4dd-47ed-b081-e0beeaf3b26f", "comment": "Malware payload (AveMariaRAT)", "value": "0cd622f5bb7a8ba80bc549be5aa600188c676aa7ff25f61a3f112553cb79e37d5f7c345212f50152aef0769a4e4961be", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194208, "uuid": "25c03c3d-d15d-43f1-b740-2a5c0c1499a3", "value": "T191157D12F2D18437D0232A385D5B87D99429BF112E68BC8B7BF41F5C1F35281B926E9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194208, "uuid": "54d904ab-af43-4d69-bd92-325556c6ac5f", "value": "ce06f30a84c8c346f27e8a9923034116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194208, "uuid": "c83cd6b1-d03e-4d7c-be62-26102eb08ffd", "value": "12288:PThv2OxtKzJyD6Zsc0KqU3l2P8gULCvkZwP4hmiOVKtqzoW7T3bnvw:r1xAJyD6Zsc0KqUEPf5vkSdoJKT7v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643194208, "uuid": "748c7f37-3eaa-4142-a4b0-716dfc2587d5", "value": 890368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643194208, "uuid": "2ff9d735-fc77-4fd5-a00b-122bee67fe4c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194208, "uuid": "15f47e34-c368-4c3b-968d-d0c4a80108d2", "value": "T49900783-Confirm-20220126-788088-Email-8700787.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b842a428-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230282, "uuid": "69a78c3b-d5ee-42d4-bc69-159c449ec8ba", "comment": "Malware payload", "value": "1330c1579cebfdb3b896a9ba7761f6c5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230282, "uuid": "277c4fc6-83f2-46d8-b0df-b64e5d65fc5c", "comment": "Malware payload", "value": "4ebb00d3955feaa16e713c81713c2878edcb70b7bf42e1a386a9e37406225585", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230282, "uuid": "5f0b2643-f9c8-4e66-b553-bc0c69f3d95e", "comment": "Malware payload", "value": "a76f1f7914c5fc7d8f673c323f1c5f0b4c19fd33", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230282, "uuid": "b045a3ae-04b4-40d4-9c6b-9b7dbadb8052", "comment": "Malware payload", "value": "c61aaf8930a726dd5b3fd4944f91445150e7dce4e67cc78bb713af5c0065e8f6ad8ac2984ff844b43e164f2df2575c8d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230282, "uuid": "253bcba5-6bf1-487e-8f07-f2ea13c54233", "value": "T170B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230282, "uuid": "d48c3aa7-bf0e-4567-9914-391ac3a72ea2", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230282, "uuid": "0f64e92a-3e0a-4a4d-8e4a-4c954e6031e1", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8h9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgA0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230282, "uuid": "3f860dcf-1784-4253-81c4-1d048e32da93", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230282, "uuid": "c781ddc9-f214-46fa-985c-e8e45b82ccf0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230282, "uuid": "c32fac55-6a1d-4706-be5e-f766653f0ed9", "value": "1330c1579cebfdb3b896a9ba7761f6c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20f32ebb-7edb-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224015, "uuid": "63993720-5a86-4ad0-b301-c1aba7cb37a2", "comment": "Malware payload", "value": "5cf2eba1147a54c5fb723eb7b3d151c5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224015, "uuid": "d5097ece-4cfe-437e-a68b-6bf96d75daf7", "comment": "Malware payload", "value": "4ee673e0c091d870c24bad3c479b0f78493abcbd04e83d9c8a5e2fffb1d1e7da", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224015, "uuid": "30ea264f-59f3-4a7f-8532-11b49a628e12", "comment": "Malware payload", "value": "f463529cdff601de022e272c586e2f25b9adb814", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224015, "uuid": "0b45463c-7264-476a-ac0f-6ce522c400c3", "comment": "Malware payload", "value": "6bfd1788dab9b75d7c35d63e7a0ac6eab70f7480984614023285e74a461018cdf56413bc1884328f621701ecd70d4086", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224015, "uuid": "0f6bbb54-c074-490d-ae7f-57b8c3ea9f58", "value": "T12EE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224015, "uuid": "81178a41-518a-447d-aefc-f49b6ea2199a", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224015, "uuid": "a06d9a76-d937-4cb6-a96a-cdab4c9c80b0", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIvG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGeOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224015, "uuid": "7c50ce65-ab1d-46d3-b86b-58fce8458ed1", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224015, "uuid": "ae69c48a-6ad7-4b43-a2ab-8ccdf768390c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224015, "uuid": "b1d8e92d-493e-4891-8341-8fbc1451d912", "value": "Lh9T1MeqjDS.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66ca68c2-7e84-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643186766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186766, "uuid": "e1a3c72b-5b20-41d0-af04-23c312f073b8", "comment": "Malware payload (RedLineStealer)", "value": "0aed0fbfc4f64b71a85fbc5207b5f3d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186766, "uuid": "0e13dc58-f54a-4be7-a3ad-846b5c051143", "comment": "Malware payload (RedLineStealer)", "value": "4f214ddbc3c9d5882eefd5eda0d3dcd87290f5f95f42cfdc6c0e8a0fcf6199af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186766, "uuid": "87a7a51f-9e76-451d-bd2b-1f58d22a1c4c", "comment": "Malware payload (RedLineStealer)", "value": "b2e0212e4ccc98069a9f2266c2a2881c32dc32a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643186766, "uuid": "052d564e-574a-46b5-afbb-3dd09322e5cb", "comment": "Malware payload (RedLineStealer)", "value": "a84be2b6032aeb71975cf7119606edc7d7098a676718af95e4cb9c8c62a71304219f95bf8b0872c951292060a4486e8a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186766, "uuid": "d6ee11f7-b0c6-4250-9f5b-5b4274657019", "value": "T1C2A4AE00BBA1C435F5B712F445B993B8A53E7AA15B2464CB93D12BEE5B346E0EC3131B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186766, "uuid": "9f622f2a-a89e-4617-b7bb-44d77390b884", "value": "04a163d3ee35887696fe3625c3dbe935", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186766, "uuid": "1837c5fc-cc4f-4fca-a4fc-b50644a4733a", "value": "12288:ClN1CIEqXVy0Y6fP0JppZ11mhQ8AiQudrH:cpd80Y6X098Jxn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643186766, "uuid": "1946e37f-529e-45ff-8078-d159e88b502c", "value": 454144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643186766, "uuid": "2cae156b-b315-4d79-b5de-a0cbde975c1f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643186766, "uuid": "7c9bcffe-aed0-468f-8e0f-693b88d30f5b", "value": "0aed0fbfc4f64b71a85fbc5207b5f3d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bde0ad5-7e80-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643185110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185110, "uuid": "0747e2b8-be1f-482d-b079-55259ae0bb82", "comment": "Malware payload", "value": "e55b803c0d55e6079fa66a8b709869b7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185110, "uuid": "c9ddffbe-426c-4dc3-9edf-00b06a09ddbf", "comment": "Malware payload", "value": "4f227bf130a00fb92d273e8ffeb22c607d68227c8ef6242ec7fce8fe2bf010e5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185110, "uuid": "8633ccde-f82e-4e9c-bc80-b5588e1ee52e", "comment": "Malware payload", "value": "782a42492a7f8545869cd57a1ee5b334981ae740", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185110, "uuid": "a0bcff77-e925-49c4-a2df-baddfb0ebf93", "comment": "Malware payload", "value": "29a69f6c40d46acf545e4c643acbefe59e683691b41b5df5382acd9b9a8d5e02bb4da7c3c4846814d450ea3009b6c331", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185110, "uuid": "796d4c78-27f2-4d7d-8016-8eca4051ce61", "value": "T12925BF41B7C5FC2FCC73C4364BBA862A94464C4AC746D71759A1B62C5EBBAC08E86FC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185110, "uuid": "29e9fe36-6ec6-4ed3-ad53-338b607542ae", "value": "24576:F7BGG8aAJCAh4u3ePq920qmPi8aB6P3fmgvJkKr3dh:F7cG8FVSuuS9jqmPi8ac3+gvJ/X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643185110, "uuid": "a40e444a-b86d-404b-9dad-7cc075cfdb79", "value": 966195, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643185110, "uuid": "1ed3d750-e35b-4cf6-a6e1-48581307e292", "value": "application/java-archive", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185110, "uuid": "c5ccc313-153c-42ef-9cea-f9a3e8295e4b", "value": "psk.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b0cd603-7eaa-11ec-9275-42010a9c0029", "comment": "Malware payload (Hydra)", "timestamp": 1643203094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203094, "uuid": "3f065f9b-404a-4ffa-80f9-6fabb50548f3", "comment": "Malware payload (Hydra)", "value": "f548dc36d1b31da3ab090c21b3f1ba25", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203094, "uuid": "cb0496c2-d1ae-450b-b909-bfd5b265df6d", "comment": "Malware payload (Hydra)", "value": "4f2c50075ca0cc9457afed48951da5c582ed2a8f67163a06238f0d1362f0a37d", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203094, "uuid": "ac7b651f-7d0b-4448-9418-3167bb5eaf17", "comment": "Malware payload (Hydra)", "value": "18f1bc5770728be0a67d89af8e5728cdce0cb5fe", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203094, "uuid": "30d81d19-d50e-43be-abde-dc1007acc9cd", "comment": "Malware payload (Hydra)", "value": "e02940039595f51bfa8292e085168b258848bdf66caceccdd50767bfef2ad173625380600c74e21f1f9739c9811aef33", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203094, "uuid": "aad5523b-390e-44ff-b62a-8c0000734932", "value": "T132763347CAC88A4ACA0B7BF448E246899308AEF795F0500FA459734F1DB3FF45725A97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203094, "uuid": "ed42ba87-c155-42f7-9255-2e6782dc7f90", "value": "196608:L0gynD412RaGtXVmrcjpw35Rw8a8u/sLTCFiYQ5krMhAyNX:Pync2aYoQpw33w8auLe4VrA2X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203094, "uuid": "247c3b71-12dc-4aa1-8f39-d7d0262b6ec7", "value": 7249640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203094, "uuid": "befc604d-fc26-4729-b5a0-0977e3caf2d6", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203094, "uuid": "682809ad-e174-492c-b776-b35ce8542528", "value": "bawag-psk.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f5e0ca2-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643211101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211101, "uuid": "ca32d08c-2894-4054-8911-12b8f3dadcf2", "comment": "Malware payload", "value": "1b81beea5c70016fa6d13eea966014d9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211101, "uuid": "04bd05ae-4b47-44fb-8d18-33a5df993ba3", "comment": "Malware payload", "value": "50446940c78f1c31ce31fa826a1a761ad89a8f8593a07eedcab992ab6af9d0cd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211101, "uuid": "4789d0da-95a8-45d5-a6cc-744da71498b7", "comment": "Malware payload", "value": "5e7d8d8c5dc1d79fd267db4f52dff5c9d7c5b381", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211101, "uuid": "65d4710e-7f7f-4d55-aed9-fba534716911", "comment": "Malware payload", "value": "2271041f9ff4d443c051a97f395779a6b7ccbbdb5059a1dfe868c2fbdfc9f5620950fd2ed4e6e3721d4695da53bb9402", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211101, "uuid": "9b3c7055-c954-4e14-8e0c-4dc00fd321b1", "value": "T18C849D22A7C2D036C36730B086DBA77AB6BD8A316B385ACB47D11D355F745D2963C20E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211101, "uuid": "8364df26-f597-46be-b3c9-ac7d90ffaf98", "value": "12288:agvTeqrCeX329Soy/O+TCJJU2QyDqXkkO:tviEdX3Y7GTCRhukkO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211101, "uuid": "f310762d-22d5-4fd6-966f-54b7e733d994", "value": 400484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211101, "uuid": "ffbfbd03-e568-4153-8a5a-f11740e3cc1c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211101, "uuid": "a1651715-32c8-41c0-a783-60c99b10079d", "value": "emotet_exe_e4_50446940c78f1c31ce31fa826a1a761ad89a8f8593a07eedcab992ab6af9d0cd_2022-01-26__153136.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dd8be92-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217702, "uuid": "13fce71a-52b0-4528-9e4f-920302498cdb", "comment": "Malware payload (Heodo)", "value": "b457021f6ad06026af87b4b49f219ce1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217702, "uuid": "3cf49f0f-1244-456b-bc7f-e6b6a233c598", "comment": "Malware payload (Heodo)", "value": "50c720d8256dac0f2384673fff28f0d232a252a3a0cb0f891b7a7618abf60484", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217702, "uuid": "f98e920b-f2e2-4f23-a94e-0a3c92d631cb", "comment": "Malware payload (Heodo)", "value": "9e1177a42cd8535050498630ee0e5467e634c461", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217702, "uuid": "4346fbb3-6dc5-4531-829d-d03939cd0323", "comment": "Malware payload (Heodo)", "value": "dd2d5ea61085b598a79f6a0055c0c21bc5379e4d1bf474fab12c8a7c9a334e3d09a65b226d5455eeaf84361175c8bdc2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217702, "uuid": "a1f2ebcc-a7d4-4c65-9dbc-71f31edd2351", "value": "T14C05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217702, "uuid": "de30ba13-3a59-4c43-951a-82be757522e1", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217702, "uuid": "bf4a4d28-b3f2-4d20-9639-0b08406fdd6e", "value": "12288:aA9e3OrvpgqjtQFecz6dddifiHxoB3rNd9CDr:blrvpgqj2FeIQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217702, "uuid": "59649aef-1e1f-41c8-9b4a-e9a032a056fc", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217702, "uuid": "3a6f83dc-2e49-45ef-b870-89ad5edf83c4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217702, "uuid": "ca86a95e-f15a-4200-bf1a-c3046fc6f42b", "value": "b457021f6ad06026af87b4b49f219ce1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac40e19e-7e5b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643169273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169273, "uuid": "fbf8af47-5d26-4a45-a791-adee594d47d1", "comment": "Malware payload (Mirai)", "value": "c82c2e1949fce85ddfd857981890f7bd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169273, "uuid": "f8e8a98d-df42-4da4-8153-107eba94777c", "comment": "Malware payload (Mirai)", "value": "50d042a903cd6b154837d0cbabc656753085caa4da4b3fc0a48c94552004c0be", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169273, "uuid": "2384534d-516e-4162-a77f-0a6cf5532657", "comment": "Malware payload (Mirai)", "value": "92b5a7a73e97e32eb906a7220520b1a95d3db5ea", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169273, "uuid": "5cf885c5-3d47-456f-9f26-623810fe19e7", "comment": "Malware payload (Mirai)", "value": "67096e63f6f2a6f0486284355dcf640a9ecddfa1608b6af1c170f75b2e473ac5eae8a82b21ed692b31fa148b7c4bd4c5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169273, "uuid": "fd8a563d-85e4-4543-a7e7-39076b49b349", "value": "T1A1435CC59563E9FCDC1015393077FF7256B6E93E1028EBC7D7A8AD32A941A02D80729D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169273, "uuid": "3112d708-2e6c-4e08-a9de-d747328dfcc6", "value": "768:CoXHT2eWvOW4b3E/yzDLbrCP8kTJwXHU/HYQnyWt1XfWA+i+tOfRc30K:CojhW4b3uyzDvrCP8ywXy0WTF+7t+Rc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643169273, "uuid": "c16502c7-2d8c-4485-9bb9-f93de4c44815", "value": 55872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643169273, "uuid": "10873bb2-9caf-4da8-a6e2-01d043341770", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169273, "uuid": "835e0168-1701-49c2-bc9c-19846108bab2", "value": "c82c2e1949fce85ddfd857981890f7bd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "075d77f2-7e74-11ec-9275-42010a9c0029", "comment": "Malware payload (Hajime)", "timestamp": 1643179734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179734, "uuid": "63bb01ba-c563-42bd-b625-0515cd032170", "comment": "Malware payload (Hajime)", "value": "4293e9b4b868be1c77d5888bd51edc75", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179734, "uuid": "bda252c8-6eb2-4311-b828-10283f2e5c9e", "comment": "Malware payload (Hajime)", "value": "515b794f8b90a615523697800a7569727c4fbae27c4f0927e723e20196502965", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179734, "uuid": "bf0582f3-b003-4f76-b257-8d48e7ce3ce9", "comment": "Malware payload (Hajime)", "value": "f336d4c2b437114140abc2c360fdc3c289c0fd61", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179734, "uuid": "f65cb801-023e-4e70-a864-d2dcb3430029", "comment": "Malware payload (Hajime)", "value": "bf29788205dab966ebd908619d7b24fa7609c52b086886fd0775372a9f01da08479c4a71a6ef22c2f8792d21108b4eb6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179734, "uuid": "8607708c-07ed-4870-b29f-03aa1c00667e", "value": "T1977312E017B516CC1371A8353BED205E9128223972AE35203E9752CDF957703B6B2DBE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179734, "uuid": "26163983-ae75-4064-b6f3-2233ab3f6979", "value": "1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBhP:8D+CAXFYQChaAUk5ljnQssD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179734, "uuid": "2966bf85-0be6-4d4f-ade7-b119e9b634d5", "value": 79632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179734, "uuid": "880d835b-45a6-464f-9458-215845ff8b31", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179734, "uuid": "bd3731fe-383d-44be-b2b4-84cc587f7090", "value": "SecuriteInfo.com.Linux.Mirai.4338.21757.14213", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72a58660-7ebc-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210838, "uuid": "5d94399d-4d3d-47a3-bf54-93d9a6ea60ac", "comment": "Malware payload (SilentBuilder)", "value": "54ee566435836f517120c8abd6798f81", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210838, "uuid": "30953051-975e-4384-9399-b0d60d3001b4", "comment": "Malware payload (SilentBuilder)", "value": "5177de3d126137969fc18997053b06aa3ce230bf7ab031022be40c0d366abeb8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210838, "uuid": "0352701d-3e7e-4210-8158-c680f1d35113", "comment": "Malware payload (SilentBuilder)", "value": "a6870c55a066d553cd4a1843260ab77b71e793cf", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210838, "uuid": "86f1f78d-7abb-4eec-a21c-61e8abcfa0a4", "comment": "Malware payload (SilentBuilder)", "value": "b82341994feafa3f7eae2257c3654983a81421d5e6eb4a4bbaf508171cc511c58795c6253f062ca5014da7cada34fa8f", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210838, "uuid": "2d483711-3a3f-41ae-a43e-30669c1db1cd", "value": "T120231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210838, "uuid": "06dbd8ca-d3a0-4e27-bf33-f8582c9bd3b4", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210838, "uuid": "3ae2250f-9f81-4eac-8e5a-9562bfb61127", "value": 45600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210838, "uuid": "537f680b-ba54-4bac-a3c5-236a97296307", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210838, "uuid": "6cc9e3c2-1e37-4f01-a461-ae186a75748f", "value": "tmpmcbfkt5n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1837dd61-7e3f-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643156999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643156999, "uuid": "1dce111d-5d03-47b6-8524-a6bd5522dc8c", "comment": "Malware payload (Mirai)", "value": "a7f08bee5eeedd694271164b16284b13", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643156999, "uuid": "c7051669-f734-4e56-bded-0ef36f812b28", "comment": "Malware payload (Mirai)", "value": "51e5555937df042cd222e236560c03d67d7a3b2247294d9934d819a9961cfe5a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643156999, "uuid": "7d691bc7-2295-431c-b7e7-4f2adb300545", "comment": "Malware payload (Mirai)", "value": "e6de07815842cc25fbdbbb3e6db4addf8ebbdfd9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643156999, "uuid": "2b935f87-e71a-45bb-9ba6-8584b3db6e2b", "comment": "Malware payload (Mirai)", "value": "ae832c4ac0c946051ba43083650c6ef4cf30a5f12f51c6f55f0d599285b76ab3f12ad98a8d807566852c218799c6d992", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643156999, "uuid": "f3eaa1fc-6aa3-4f86-ac28-462ce2858fb9", "value": "T14603F1B95B0FF9A6C9FC253AD9464A82338D1CF523FAB43EA6D0CD798D9440847E81C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643156999, "uuid": "4f69bbe5-cb06-492a-bada-9a93ed3271d0", "value": "768:NlwdjMN9xfvRJ0StzDcNeTNLTPcFfmxt6lxAIZP5jhQQBXxL9q3UELjC:Xwdjc1vRJ0+DcNovSfusldQLO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643156999, "uuid": "62d31063-2839-4817-b703-98f140cc98dd", "value": 40188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643156999, "uuid": "819f8a27-c0f4-4744-928f-30a20cb3be20", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643156999, "uuid": "b6fe3958-01d9-444e-8f11-21ae3afb0ac2", "value": "a7f08bee5eeedd694271164b16284b13", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a22bbb1-7eef-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643232647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232647, "uuid": "7ca64663-3b4f-41f1-ad85-4633bb7a45c8", "comment": "Malware payload (RedLineStealer)", "value": "e4fcdcf521f7a8f73246e1e7ad443baa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232647, "uuid": "96b6e147-91fb-4588-bef9-da203684e331", "comment": "Malware payload (RedLineStealer)", "value": "51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232647, "uuid": "815c7108-0ba6-43d5-9a1a-a6376fd09b1c", "comment": "Malware payload (RedLineStealer)", "value": "b8b2618cb65ab1dca605bbb3b63e2ed946f7a720", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232647, "uuid": "b5a86ecf-f3de-4ac8-aaa3-fbf2510b1558", "comment": "Malware payload (RedLineStealer)", "value": "f88250c0cfafd3be67901aa668143928f3dcfe66f3e791601cac701679867f52a20c2016a8b073686c222d918cd31a86", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232647, "uuid": "a1b18eb8-04ef-4cee-b3f5-76a458cdd548", "value": "T152A4BF00B7A1C035F6B752F44A7A93BCA93E7AE15B2461CB53D52AEE56346E0DC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232647, "uuid": "03e6aa37-f7f2-4f39-88e7-df3d383ae34e", "value": "aa2b22e8e3b96fd546a63d71626f45a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232647, "uuid": "5811bce9-116e-4fb5-bb7b-d299eacc71c5", "value": "12288:Cd6C+WYVJI1B3Q5UNxxbv2T1XqWBOFJ1dfMIb:ChAG1B3og/T2JpOFJb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232647, "uuid": "abe10f99-34e1-450c-a5d1-b244f2e9d347", "value": 454656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232647, "uuid": "3bb0b1ac-c563-46cd-a4c8-247e5860b4bc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232647, "uuid": "add799e3-25b6-4fc5-b532-1ec39d732af6", "value": "e4fcdcf521f7a8f73246e1e7ad443baa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d07e690a-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1643215290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215290, "uuid": "9a31628a-3b1d-489e-a95c-94aaabdb3183", "comment": "Malware payload (RaccoonStealer)", "value": "64228adb5fcdacedf403389292fb159a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215290, "uuid": "dcf94a7e-0fa5-4e64-a21e-be7610e893f4", "comment": "Malware payload (RaccoonStealer)", "value": "5250f2676a9aff2bc9fb44f75a98bbbac098c2079246bf2228ece9638bba3e04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215290, "uuid": "fe0e1571-113f-4d87-b63b-5363bba1ea3a", "comment": "Malware payload (RaccoonStealer)", "value": "9df74d8129ab9a375eff281511c4efc6e8343d18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215290, "uuid": "9c9aba95-1606-4b1b-bf89-be7635e0580c", "comment": "Malware payload (RaccoonStealer)", "value": "a10fd8fce956ab2c72a3d3a37f54b18821fff64bbdd04cfe4b646424485c977abfae36c2cc7ba7554b631212ef4b0d50", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215290, "uuid": "182c1c69-c70d-4d2b-b478-e72ae2c92de5", "value": "T1F3B412307E80C436D44616BC6526DFD41A6DFD71486B4252F2A83B8BBEB37C458EA21F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215290, "uuid": "cab182f4-c79f-4566-bb7c-21df68368327", "value": "57d5db840a81e7e803bb5a77a606db21", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215290, "uuid": "bc04aa54-3bbc-4d08-8867-da2665f54813", "value": "12288:1Bi87bQcnk8iWtKy6Ov3tWwGheJQpv+lN:jiIVbdnEw0pveN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215290, "uuid": "07e55fe6-73d8-4235-a334-358af61e38eb", "value": 535040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215290, "uuid": "ca677bc0-9b3f-4650-9ab0-403db8fbc388", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215290, "uuid": "8c58eb35-7cc3-4c3b-8ab2-717652717b35", "value": "64228adb5fcdacedf403389292fb159a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbe67fa5-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643207149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207149, "uuid": "2b8ad07e-e1cc-43c6-89ba-4108c1bda371", "comment": "Malware payload (AveMariaRAT)", "value": "fe8a95b18fe7f2c699d58704ac7afd14", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207149, "uuid": "3e92c261-d98c-4c87-a762-8bf95a8a8c0f", "comment": "Malware payload (AveMariaRAT)", "value": "5261a06ba9e6f644f641d41060e67026a8834227e786e269b80f8d20e644a273", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207149, "uuid": "8073b4cd-81e7-4044-beba-254f76fb59bb", "comment": "Malware payload (AveMariaRAT)", "value": "40e70f220fa6f3b90a168ffd8bfe502407a65bd9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207149, "uuid": "95e14eb0-fbc6-4b9b-be86-a687bb8ac567", "comment": "Malware payload (AveMariaRAT)", "value": "529357fbb6cadfcfa2cd3732a0b00e135a8f01aef300412769560947c583704b4165c0ab1a3194e232823c859ed3aaeb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207149, "uuid": "4b611695-b55a-4039-8044-aa136f9dd0a2", "value": "T12A654C64A3A15115E9D7A7BF72B08B90C87E3C005D6D97CF4E464AC6CA2E2F079086F7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207149, "uuid": "192b0822-326b-4e0b-a831-e85a1806df44", "value": "0edc542bae7cd504ed54cb8d70b54508", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207149, "uuid": "7b151523-c9c2-4ef1-a89c-4599cd4630f4", "value": "12288:R4eWZX+6XlaNArEKP55ltuTydNNAF4B0la1:6VyOrE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207149, "uuid": "7731bc4c-09e0-4038-aa4b-023621b0178d", "value": 1460736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207149, "uuid": "4038726c-9ba1-4e9d-a7f3-71c8f900a14b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207149, "uuid": "bb79fd8e-b262-45c3-98fa-afe08cc4ff6b", "value": "fe8a95b18fe7f2c699d58704ac7afd14", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47b97089-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643206041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206041, "uuid": "78a329ab-4fc9-47e2-becf-55c6a732be1d", "comment": "Malware payload (Formbook)", "value": "5cd86913d2c514fac26439557709aa96", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206041, "uuid": "7ae371ad-be46-4638-8cc3-84f83478dcc6", "comment": "Malware payload (Formbook)", "value": "534971b14abc0d7b16338f7a1c329d044d8d9352638b9f3bb5866d5dcd1799fa", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206041, "uuid": "69d40ab1-399a-4006-89d2-d2ee3470ec59", "comment": "Malware payload (Formbook)", "value": "65f00339afb84c6c9e83c8a2fd4aa367d897102b", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206041, "uuid": "ad709058-785d-4dea-8e00-f5ac148957aa", "comment": "Malware payload (Formbook)", "value": "214fe61095b4526aaf5bda8543686c81c5590e1306684fcd733e5bc24b2d583ccf2d7304df0b710cf03594586e64a70a", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206041, "uuid": "095df8d3-bf24-4d79-8741-a2c4aa7ae28d", "value": "T1C0B58631B1757AC7C3260460169FBE0A931C7D46B3D61F48845DDBF82CAACF9A309E5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206041, "uuid": "84d8ad73-ecb2-40c5-b32f-a0b5cd053c07", "value": "1536:+5BLYBf1888888888bW88q8pbJ1FbZRIK8p4w5BbuwpbJ1FbZRIK888l8M888p45:Mw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206041, "uuid": "68aa42a2-0ea9-42f8-b62c-77ddcfdd8ae3", "value": 2389435, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206041, "uuid": "6d9e03d9-9a27-41b7-8ec6-b0907f1003b7", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206041, "uuid": "6ed983dd-c6c0-4380-b5fe-323bc9e116fd", "value": "PO20220126.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a949345-7e78-11ec-9275-42010a9c0029", "comment": "Malware payload (Guildma)", "timestamp": 1643181511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181511, "uuid": "1447c26d-ed6e-4a4d-b9c9-a5a598cd899c", "comment": "Malware payload (Guildma)", "value": "30d2f2ee9347af82688b5bf72275e725", "object_relation": "md5", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181511, "uuid": "f38f5e96-f0bf-4c4c-9e6b-86f4633743da", "comment": "Malware payload (Guildma)", "value": "537a69fa81366e9bb25fa4cd1136128e144b482c684b18edc0ed8b638c28b42b", "object_relation": "sha256", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181511, "uuid": "3ed35117-5ec8-46ff-9bb3-b316ca1a54f4", "comment": "Malware payload (Guildma)", "value": "b35e5d2bbc6477ac17ec48f8b860173755878d5d", "object_relation": "sha1", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643181511, "uuid": "032c6490-44ad-4ab0-b3b5-420f6bb9cdf9", "comment": "Malware payload (Guildma)", "value": "876e5ead798dc194305ed8fd44daeeffd1156f87f22e68077b2af698ec2ada2638f7852e09eedd765bf3b62fcff4cf85", "object_relation": "sha3-384", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181511, "uuid": "d64fab8d-7913-4413-a2fd-f5806ee2ca69", "value": "T17A366D327284903AD0FB0E768D7BE768987B7A712955CC1B37E81B4C8F35640793A64B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181511, "uuid": "2dbbf4ae-ea76-45cf-808d-5e3f32cd37a9", "value": "e281737dd6c35d6ad5e8d2f852551e85", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181511, "uuid": "c7f07e38-5846-45a2-90ea-17e4047b98c0", "value": "49152:Qpw717bNYSe+7yXFAo6v1SFHsjMhvhghaTETTX+JTOElwt7XAAcgvHQk9fiSmA:Qa74Z8voajMhvqh5XaOEl4A9kZz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643181511, "uuid": "21e6bc69-ddfc-45d5-b6e9-11926dc3e4e8", "value": 4899328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643181511, "uuid": "aee7bc74-67f3-4a18-be9c-50d169a5d2ad", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643181511, "uuid": "c47cafe7-eff0-4514-89df-3ab40bed7748", "value": "Nfe-459390-1296-05-023904-750-4590-523904-12304923.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27f8f37e-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643226604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226604, "uuid": "b2aa6870-b81f-42d7-b89b-171fd498df5b", "comment": "Malware payload (Mirai)", "value": "5f8b16bf74d1717e3b9c52794044f9d0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226604, "uuid": "b552758f-f2df-4133-8989-13f7629a6a7b", "comment": "Malware payload (Mirai)", "value": "53ef975b4d877836acf546bf8aa811b8f72e1ef41bccebd02d9169b762b64fef", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226604, "uuid": "ec571615-378e-403b-a5cf-c2e9966c06f7", "comment": "Malware payload (Mirai)", "value": "59bfe8eb0ff8771aec26a72eaf54db494be0d553", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226604, "uuid": "2ff29e5c-8101-4678-b599-ce23a4ed6ef0", "comment": "Malware payload (Mirai)", "value": "2962755aa2ae7f1c1f22dd3bd8b0d3bd9740e917317ed15756126777adbc9cda1aae12f490dc3ddf0b9a200b3be1fdd2", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226604, "uuid": "805b8e2c-4196-4a63-823a-dcd0af1639b4", "value": "T151D2F1CA7947E64FD04963BA598B1B1EBAE47CF8DA5E9203824D5347DDCF45413B0B08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226604, "uuid": "379b895c-f775-45b1-8efc-3e0adae88af8", "value": "768:izW8IjJ/v/TiMR2dribMuGu/2gbPKEju+5A+:cWRHTiZrQPZbPKV+/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226604, "uuid": "18bd4aa5-d663-43b0-866b-0a018d972f0e", "value": 30844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226604, "uuid": "9f7192dc-0e54-4043-8cb5-2349be2b9195", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226604, "uuid": "00515e30-9e38-40d4-a400-4b68959aa931", "value": "Rakitin.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a50ee97e-7e5b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643169261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169261, "uuid": "cc6e309d-a3b2-4df3-8487-db81b5271552", "comment": "Malware payload (Mirai)", "value": "10cab9dee2f22f592cbe6cfd715e9992", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169261, "uuid": "acc77c97-71ce-48ee-a17f-f3c4428d303c", "comment": "Malware payload (Mirai)", "value": "549772c310081b4ec05f302f505edb6af8771641d789e67c34731020dd43767d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169261, "uuid": "aff63dec-bfe0-41b6-b140-da0185915b5b", "comment": "Malware payload (Mirai)", "value": "a983db591c8537efee9bb834939ca82fbb9783c4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169261, "uuid": "479e270b-3fb4-4173-a035-8ae5e3cf0b5f", "comment": "Malware payload (Mirai)", "value": "5895eb6015120b2b9339f6567222b5b868f940e1f282bd20d12ae2af29c42de93b07d5768503423a91f73ae68b7d2b40", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169261, "uuid": "519dd14b-ebab-4c71-9506-25c7177acd39", "value": "T19353F946FC818A05C5C513BAFA2E118E33136779E2DF73129E116F2077CA96B0E7B952", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169261, "uuid": "fc4d2d0b-5451-489b-97c2-7b0d31f4253e", "value": "1536:UpnSABdB9VT2aIzmErFHQejfWhQczKek6VEaCpMLNIgigjFhZWq:CdpZKmGFHbjfWOczK4VHtjFhZWq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643169261, "uuid": "5e3f3a55-1f96-47b8-807b-ae61ba3735fa", "value": 63192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643169261, "uuid": "96ee7f97-e0d4-4050-8db4-4c3f74f06332", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169261, "uuid": "6954615e-f631-4b27-a358-300f15f4943b", "value": "10cab9dee2f22f592cbe6cfd715e9992", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae963be1-7eaf-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643205355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205355, "uuid": "bf994ae9-c3f6-4369-a902-51080a31875c", "comment": "Malware payload (Heodo)", "value": "706ddd6983d37d29b840381843b18e93", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205355, "uuid": "7b075ffc-fe25-4ceb-b20d-388461082475", "comment": "Malware payload (Heodo)", "value": "549d23a5a3d63474b7274b6c4c58a4682765d06e24ef25c3982f3ee0d670a427", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205355, "uuid": "082455d6-4e53-44e6-80ab-56a7647dd5c5", "comment": "Malware payload (Heodo)", "value": "e653f9c505efb00a09878fc146a3f45891884659", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205355, "uuid": "c8aea857-04c4-42ea-99dc-8404f326deda", "comment": "Malware payload (Heodo)", "value": "79fbea470a9c16c2e5c3165e5677b6f7ea4484b5ff232a57750a158892bd15aeb7b7eee68d301f1921de360fd4e22c55", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205355, "uuid": "752dd995-6f66-49ee-84c0-55b6db56ea65", "value": "T1B5D36B66B5C5E9CAC70523350ADA8BEA33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205355, "uuid": "9123debb-8608-4b93-bc53-c07914b1fecb", "value": "3072:GcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg5Gx05:GcKoSsxzNDZLDZjlbR868O8KlVH3jehB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205355, "uuid": "c7c61317-2409-4374-b914-7b4b46bf212e", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205355, "uuid": "f37960c6-2f34-44bc-8049-ce4b92c30ab9", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205355, "uuid": "79d0eb3a-ddd0-4f8f-9dcd-be5402296868", "value": "PO 01262022.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fff2a53b-7ed0-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219665, "uuid": "fb0ab6b2-6fc4-47c3-87db-cd353600e46a", "comment": "Malware payload (SilentBuilder)", "value": "a2a8160ec50da8731db584b738b6e4c9", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219665, "uuid": "60bf9d60-a2d1-4b3b-b01b-d674fd29c1ca", "comment": "Malware payload (SilentBuilder)", "value": "54fcb82913b5d6b76b2ca00381723c08a5546cc26298165e410ecf53d62077c9", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219665, "uuid": "f60ac6a0-ab8c-4171-803f-ca2a8e425a34", "comment": "Malware payload (SilentBuilder)", "value": "46f96867ca0b33c27611eaa30a3ccde288f93259", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219665, "uuid": "4b9ffe37-1e41-4101-a8df-c1317a3788fa", "comment": "Malware payload (SilentBuilder)", "value": "bbcb5c7d6259a38fb8fdf7a8f1caacdc683aad799212cee596a37d52700b513a5a9ddd067c59e089b1179197e185114c", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219665, "uuid": "a1934910-0cb0-4df3-9a8d-17f2adbdb4aa", "value": "T17D131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219665, "uuid": "1b8fb26b-b3c0-43d8-afeb-d64c0d645dec", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219665, "uuid": "33709188-fe63-4fab-b09b-9634e1f51957", "value": 44689, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219665, "uuid": "5df88e60-bf5b-4149-94ef-e5eafd57b198", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219665, "uuid": "93978818-ff7a-4a36-a577-c8ce93697ac7", "value": "tmp3e0l30x8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95ed2475-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643207032, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207032, "uuid": "b244d374-26ea-4d56-8c49-738c0e0878cb", "comment": "Malware payload (AgentTesla)", "value": "834ded1827d1666946d99101b8bb5369", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207032, "uuid": "af24b105-e897-4817-bc36-9cf245249fec", "comment": "Malware payload (AgentTesla)", "value": "5531f7394d865479a4a6e800caa8bb75c0de9c7ee57e200721cefa2080c58243", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207032, "uuid": "df3e883a-0a77-49ae-97c2-ce8b729c79de", "comment": "Malware payload (AgentTesla)", "value": "6297ace2b9797e8fe277d562f501b3e282c466ef", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207032, "uuid": "a579f382-9959-42a4-806e-c769cd321375", "comment": "Malware payload (AgentTesla)", "value": "34602d131f25832dcb1229a53449be7b732e0b9a09520a6a755ca6a5daa43f46cc70164e8f6dd04fd50ceb6387be6c12", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207032, "uuid": "8f233ce6-033a-4b66-9dcb-992b57f7dbae", "value": "T1DA05D01532E08134C38D287988F47904BB33F17B75D2F964EEA6DA097BB97C46A10A73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207032, "uuid": "b0051091-9e3b-4c3f-a46d-6d1ca03c66b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207032, "uuid": "1c1d53cd-8580-445d-9252-a370a9cc0601", "value": "24576:MfiqJQC6g+DaDMiMBw6rM/00Nnc8rw3CR8kL:M5SaDMZOsM/00NfSCRN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207032, "uuid": "199f5f75-8dd4-42e4-9b39-00e98af5d0d0", "value": 843776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207032, "uuid": "b96ee5f3-2ff9-44f8-a0cb-149e3723d3ed", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207032, "uuid": "f3312c77-d89c-42d2-8b54-b7a67e00b7b5", "value": "Document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "654cd3b2-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643176885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176885, "uuid": "38be8bbb-eab2-4f3d-8180-3a6565f23532", "comment": "Malware payload (Heodo)", "value": "42b822c93d84297b542b70cb5c26c4a9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176885, "uuid": "205d9120-674d-4ce9-a70d-e2956ef44bbb", "comment": "Malware payload (Heodo)", "value": "55cd57a7779b37329d5f7d51a3d81b8e3869e8cc1bdd8b155efc66878635885c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176885, "uuid": "ca239dc1-66e5-4a16-88b6-99dbfcb3fed6", "comment": "Malware payload (Heodo)", "value": "5218d4dbd6bbda11461215d0c9aa8757b94a8517", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176885, "uuid": "c5e339e1-743f-49c7-a458-16e32d727577", "comment": "Malware payload (Heodo)", "value": "511128c236217757d1db0524ab0034a27cd9eaa6492a52c2f1eeeef42327afd373eb4c46ea614c3a18efe1084eead2c6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176885, "uuid": "4e91b5f9-670d-4bc1-8bed-66a2569941e1", "value": "T1F0D49C2233DCC8B9E0AE1D3D290297D523E8AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176885, "uuid": "e731961c-7429-485f-8b4c-0ff403e7014d", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176885, "uuid": "b7af1717-7b32-4c8c-b88e-03ba10f47998", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmUOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmU/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643176885, "uuid": "acace323-f5c6-4e9a-9a4b-a380b4ba13ba", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643176885, "uuid": "165efa61-639d-4e13-bcaf-e573dac92ab4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176885, "uuid": "92031bf1-6dfc-4ada-9150-2d742b3cf601", "value": "emotet_list_ioc_cronupTue_Jan_25_11:46:06_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33961aa5-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643225335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225335, "uuid": "3259801b-9f38-42f4-96b9-967aac48972b", "comment": "Malware payload (Heodo)", "value": "d23944b3a1b1ca57e88fe1723a5255b8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225335, "uuid": "91dee2ba-5a5f-42e7-924b-91be3a636fae", "comment": "Malware payload (Heodo)", "value": "55ff2fa44110701a9d323d86b080c826b59acee8d1e892df28296f5ab9d8a826", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225335, "uuid": "76489b00-489c-43ef-b0f2-d49544dbac5a", "comment": "Malware payload (Heodo)", "value": "f4587d2633f1d18e983fa9ebea490f3f7899081d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225335, "uuid": "7d703758-21c3-4e26-8779-a1cd67f81db8", "comment": "Malware payload (Heodo)", "value": "95eaeac4607443e3ed27f54fd1922351c20576b4482fc74fb97585c4670fd2f81b39bb3f09a9d4be482584512226efbe", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225335, "uuid": "1a50bb05-ff64-44f1-8794-47a2daa1d3a8", "value": "T1EE05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225335, "uuid": "eaf31e76-80c2-40da-bd6f-feca13c02eaa", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225335, "uuid": "4442cf11-6cd1-423e-bb1d-5e2c01123228", "value": "12288:aA9e3OrvpgqjtQFec86dddifiHxoB3rNd9CDr:blrvpgqj2FeZQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225335, "uuid": "7c2b2b46-5ea7-4331-9577-5785acbf75c8", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225335, "uuid": "214a1de6-55c8-4ce1-b8d0-5446093d9dd4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225335, "uuid": "a4c5182a-e893-4355-914f-b9460fa989ed", "value": "d23944b3a1b1ca57e88fe1723a5255b8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f23cc141-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643223507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223507, "uuid": "a8c296e6-048a-42da-9ddc-5fdeb7c57885", "comment": "Malware payload (SilentBuilder)", "value": "1e6f7fb7d816a0a40245aa0639d364a1", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223507, "uuid": "c11301cc-4ae3-49a5-85dd-ac24e1c42d8f", "comment": "Malware payload (SilentBuilder)", "value": "560d87316498cc267c2adf732dba020d2a8f970e790af7d663d670ddf1411c30", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223507, "uuid": "09901fbb-334b-445b-aa7c-5c3da7c1ac8f", "comment": "Malware payload (SilentBuilder)", "value": "ede72fb761c855d01ef179e7f88776161fd8a4d3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223507, "uuid": "af4a2506-516d-48f3-8d2f-828cb7ae3405", "comment": "Malware payload (SilentBuilder)", "value": "2eb2b61835c125212407bb07347f243a1ebe8d9b0b0f63cc172d25ca56706ef2a1a777c4c894a86a756b894549b16e8b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223507, "uuid": "1d3f4353-8d44-4182-8b8c-e23c8be964b9", "value": "T1B6131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223507, "uuid": "26151ed1-8d92-4738-aec8-889975301498", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223507, "uuid": "e9d3e8fd-c64a-4290-945a-633026ead12b", "value": 45354, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223507, "uuid": "140bb647-8c26-4b3f-95f0-e8c770b1eed1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223507, "uuid": "fd511b0e-0917-40ac-a73e-e4f92cb34710", "value": "tmp4i0n40j6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f20d02c-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177251, "uuid": "8835742b-254b-458d-9d7f-0b2d33ebd6f9", "comment": "Malware payload (Heodo)", "value": "74ef2589b372f105b31d69b352aec951", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177251, "uuid": "55f8dd6a-4e35-4f5b-9f45-142314961c66", "comment": "Malware payload (Heodo)", "value": "561f1541d1ce60dd8a10c61c54f99d83e67ed86b0f645a6e564a99baa08f56b3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177251, "uuid": "7697ef3b-a8f4-4e88-811a-fa470c1cd42f", "comment": "Malware payload (Heodo)", "value": "2f12a5d662ee51bf73e7ddc2e04c7c018f367e36", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177251, "uuid": "2ceda23c-f2d7-427e-a3db-87db3e235f3a", "comment": "Malware payload (Heodo)", "value": "3ca16d56a9c12f3e427780bd54e5a96cc4a729848a5545a5912ef9688acdfd1a9b7d815496d3994853e2521165d3ef4b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177251, "uuid": "34b42ea6-2a06-4e02-9b7f-ff32ff211392", "value": "T1D5636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177251, "uuid": "20fb8f3a-05b8-4ccf-b0cd-305c3f94ff6b", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177251, "uuid": "609d2118-8efb-4653-8fa1-dc844a695c9f", "value": 72310, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177251, "uuid": "7e5df018-17f1-4680-ae33-f9efc0e9cbd4", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177251, "uuid": "38c536df-a452-4754-83fb-24ef26f23e5a", "value": "emotet_list_ioc_cronupTue_Jan_25_11:54:29_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80c14cc0-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219881, "uuid": "5650de9c-9e9e-4fc4-a371-da9d164c1efe", "comment": "Malware payload (Heodo)", "value": "8b249d0c7ebc6e95ac9e7005184318a7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219881, "uuid": "635889fa-acf8-4afa-9797-b6e4945e2cf2", "comment": "Malware payload (Heodo)", "value": "56d706e1f1178ca38e0a51d5b768f6704fe4a9acd9da5814a84da94e8bc0c630", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219881, "uuid": "3e47a535-4d39-41b4-a1d1-7a53bba86cf1", "comment": "Malware payload (Heodo)", "value": "c0d7a420533f79058a97e67ab48944a4299463ec", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219881, "uuid": "69976990-9e52-4af8-92f6-d40ff9a489cc", "comment": "Malware payload (Heodo)", "value": "4b839500cb88f12e00b3c60ea2191079c43eb194bc19c200c821c5508f623bac76c63fe2fcf8788f90d627c4a40f395b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219881, "uuid": "37cff3de-d5c3-428e-9167-f896eac01a44", "value": "T17DE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219881, "uuid": "7eda478e-fcc3-4570-9792-4ad159707cdf", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219881, "uuid": "9a5eccea-27f7-417a-800c-48d7bf2f6b1a", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIcG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGNOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219881, "uuid": "4d064129-5bc3-47c4-be19-862e156fd1b5", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219881, "uuid": "465c1857-30de-48e4-bae5-7930056b3ba4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219881, "uuid": "1f028630-378a-49db-a51f-dfe8f16348bc", "value": "Wd.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2835ce5d-7eb7-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208566, "uuid": "cc1f0541-6805-48a4-8d3e-11c237aa6b3d", "comment": "Malware payload (Heodo)", "value": "cee59e5c5522a988c4cb9b79801517bf", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208566, "uuid": "2e8858ab-c3c2-411f-86c9-3a64bb9bff7b", "comment": "Malware payload (Heodo)", "value": "56dc4dff5704ad8a896bf01e977edc0d870f9a72a54faed1abd16ce85c368037", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208566, "uuid": "2220aa7d-7dd5-41d3-824a-8afb9f3a2983", "comment": "Malware payload (Heodo)", "value": "46ddea5997f781fc6d632341341f9760a94c57dd", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208566, "uuid": "fe0f33f3-cf58-4062-ac57-d8e2b83529c6", "comment": "Malware payload (Heodo)", "value": "2c110b4774802bea4660a597a15a68637bfc0069f09763a0c1b7a9f0b605cb5939629e6d4ace7b9aa1cdb8aef6a40709", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208566, "uuid": "6ba2d1a5-e037-428d-8edf-b009416c99e9", "value": "T166D36A66B5C5E9CAD70423350ADA8BEE23276C478E7603C73259F31E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208566, "uuid": "d3b012bb-cecb-4954-b317-a5ae4f48006f", "value": "3072:5cKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dgEGx0e:5cKoSsxzNDZLDZjlbR868O8KlVH3jehh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208566, "uuid": "9b9b5ad2-25aa-4bcf-aa2f-d3b027910bbe", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208566, "uuid": "f74b232f-7c13-40fd-b00f-f79bff1a8a2c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208566, "uuid": "aeb79a9a-aed5-418e-b407-5ab2c51d20ce", "value": "ZMT-010122 OKHX-260122.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac3f4296-7e98-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643195473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195473, "uuid": "a5081dc1-7e0a-43f6-bce7-56c3b27fb6bc", "comment": "Malware payload (Heodo)", "value": "ca18222f05262f17adb936649a0c472c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195473, "uuid": "936b4907-6615-4810-8761-550e41c4867a", "comment": "Malware payload (Heodo)", "value": "56e1b28a361ad032f1150e341d1cac19106fd0186174373018c776ce576a1923", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195473, "uuid": "b2a47124-235d-469b-a1df-ccbd33ce6e2b", "comment": "Malware payload (Heodo)", "value": "38734388ab892d25c17bcd0d1eeed3b7412341c0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195473, "uuid": "115849f5-889f-4cd4-8ad9-af83fa42e1cc", "comment": "Malware payload (Heodo)", "value": "bf3ff3c8887f3adf976ca4afe0c477050f6df441b70fa405d993fe734cd76f0574873d263bb3c3ec6b30e983c1f451d9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195473, "uuid": "d4810724-a82a-4fb9-bef0-58427ce9a270", "value": "T13905F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195473, "uuid": "292e9baa-ff28-4cb1-94ef-3fbc99629fe2", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195473, "uuid": "7d0ecc25-900a-4942-8e01-76d66e84cc0d", "value": "12288:aA9e3OrvpgqjtQFecB6dddifiHxoB3rNd9CDr:blrvpgqj2FeaQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195473, "uuid": "3cffdc10-098c-4182-bae8-e8d40beaad1a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195473, "uuid": "516b2b48-73b1-494a-bd66-12092320dda2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195473, "uuid": "b54d222b-3950-4abe-a864-3d0d20e2d014", "value": "UmpXyqeLCLur.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "003c638d-7e8f-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643191319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191319, "uuid": "632a21f4-6339-4770-80c6-d6e8c9281747", "comment": "Malware payload (Heodo)", "value": "b189919e6e18f90b1da5c9cfd71643c5", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191319, "uuid": "7e552b6e-6d0d-4bf6-a9db-046e69d1bf11", "comment": "Malware payload (Heodo)", "value": "56ff3b93ff214b9a56fdc55d46df7d9e269f5f0b8d8daabe67f091ac046cb5b8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191319, "uuid": "e2835e8f-4ce1-486a-a4b7-1e60547583f6", "comment": "Malware payload (Heodo)", "value": "a12036d628412f6e309ed1f3df485ac598b5a277", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191319, "uuid": "1e2842a1-efec-4252-b60e-0007cefc7aa8", "comment": "Malware payload (Heodo)", "value": "762a78ec1494c9e233ba591562e408955915977e0192bd4e0b8f396e701f8016d7a9dade1566d996a556b98ec873302b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191319, "uuid": "df575280-5a2e-4571-a23b-5c7ecdcbc242", "value": "T192E34A6576B5C9F6DA0407B10AD2CAFA2327FC739E5603E33198B30D1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191319, "uuid": "3c90a791-ad8e-4111-aa64-a39b186271c4", "value": "3072:H7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGx2:bcKoSsxzNDZLDZjlbR868O8K0c03D38f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191319, "uuid": "46d238e5-7f6e-47fc-9fc4-831c7bc25f1e", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191319, "uuid": "85491b47-858e-4407-a2f2-6738b2b7ebc0", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191319, "uuid": "15815deb-98db-455b-94bd-d124962296ac", "value": "PO 01252022.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e17fb62c-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207158, "uuid": "fa552122-7bae-4fba-9bd0-badc7cc8b63c", "comment": "Malware payload (Heodo)", "value": "fff7722273fd195808c10d6d976326f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207158, "uuid": "3bf61e48-5d06-4c69-a0c0-c1abf1f4a479", "comment": "Malware payload (Heodo)", "value": "570841bc0c764dfef6dd6774040daaba3b9aaee2db4810f41bc32aeb3875f0f8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207158, "uuid": "c5ee9396-d1ba-4198-91d4-b2e47b03e9c1", "comment": "Malware payload (Heodo)", "value": "29a109351228957e09d5eb495e999a46b91b6ee6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207158, "uuid": "27799eb4-358a-4fb7-8164-653ba86c7b22", "comment": "Malware payload (Heodo)", "value": "a9a79dda174661c7e5896a3e5c30bf266dc6873df996a0f3cf1b7ee5b8e9e7d7e7d29382d80a480eaae6faed18f529d6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207158, "uuid": "b83b0f1b-a88e-49ed-ae1d-f5d1da12953c", "value": "T1FDE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207158, "uuid": "c1311b8a-39f7-4cd8-a61b-26830068a7e8", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207158, "uuid": "7a3e3255-d691-40a8-86ee-752bd30a6b4a", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIXG0Bv1tgV:RpncLJZA2LwpJsNtZUWeG2Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207158, "uuid": "4c53c899-b614-4b23-a14e-ce835b16e6ce", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207158, "uuid": "ec53890a-5ac1-4241-9add-b58b1fa8531f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207158, "uuid": "7040398b-c2bb-446f-ab11-03d64296d42b", "value": "fff7722273fd195808c10d6d976326f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "052d2c80-7e73-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179301, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179301, "uuid": "dec81d0f-ed6c-430a-ad73-253f0a0b12bb", "comment": "Malware payload (AgentTesla)", "value": "dd0ec341e998d2a766eea9fda7b50836", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179301, "uuid": "b999ac92-56f3-4773-ad7c-5e72ec1a4985", "comment": "Malware payload (AgentTesla)", "value": "570b0067970e4e93bba161bd8f9bf3ce8a0d822a743d71c3da162f89f1ede578", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179301, "uuid": "103e11be-b69e-4ac9-b83e-c1fe5373c9ed", "comment": "Malware payload (AgentTesla)", "value": "1047cee9e6d2b5888463cf90f2b71b364bd670b2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179301, "uuid": "011336a4-e73a-4fcc-9f0e-0ac460fb2958", "comment": "Malware payload (AgentTesla)", "value": "a5ef11ed0f72f0bf74bf6508d82736d0e16334a283d664b88a940999f5a8e732686475b4c7fe613fd392250f5dc0d5ba", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179301, "uuid": "108b3b7e-7134-48e8-99cb-2322f5c750af", "value": "T14C05B07982B94831DB0D4B7C6091B50AF3BBB04766C6BEDC8F46A2C27E977417602C67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179301, "uuid": "e56b8fd3-2028-4a99-8981-fff2bbdbc2db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179301, "uuid": "66541f1c-d447-4d54-9bd8-5993f66d1229", "value": "12288:KJS1BWQDVYFOE1pxpQsL7D7Jjs0s8VwMcFD8R8raCculTgJJohAlgoa3ZzW8JQPn:9wMSw/SRwculTg9lz4W8gvuiEKg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179301, "uuid": "9b052a92-06bb-4bc1-b8ef-cadfec5ffcfd", "value": 807424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179301, "uuid": "076ee9a4-ac3f-4653-80ec-ad83a6e82389", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179301, "uuid": "4918f161-f185-42f4-aea0-f2f72e32dba5", "value": "fhcNxeJ64sueMqC.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cee7cd2-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643208224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208224, "uuid": "1444487a-02aa-446c-96fd-99e96b689eea", "comment": "Malware payload (SilentBuilder)", "value": "5ca8c23a38d5a1bdacdb21c0c43e5d25", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208224, "uuid": "ff361403-317e-4029-81e8-623ff00471cb", "comment": "Malware payload (SilentBuilder)", "value": "573e7e5985374c052b73a8c68bde64aefd2d093ad68b02c3c98a0f5f4bbb48fd", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208224, "uuid": "e73191c4-63f0-4bbe-a261-dc2f59ba3e7b", "comment": "Malware payload (SilentBuilder)", "value": "28cabd31ab8f80ab2b3020ec85fe7eb06eaea69d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208224, "uuid": "5546e431-ecf0-40a3-8171-37b8195c0673", "comment": "Malware payload (SilentBuilder)", "value": "a5d8d035af0e9dd8ddb324fd55c7c38189733fec5773eea742c3e93c99e7ac139a5b5954a7667cd324ef0a455c8eadcc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208224, "uuid": "72b86364-78b9-4674-b7ef-38d7371490c3", "value": "T11A131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208224, "uuid": "549cbc5d-c6ff-456c-b78a-6e00dd073a03", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208224, "uuid": "b7a48286-40ba-4faf-904a-8d83e8381582", "value": 45071, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208224, "uuid": "579b1317-50aa-43cd-9199-9018f10d7050", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208224, "uuid": "a414e47f-7a67-4caa-8dc0-1aa725428510", "value": "tmpln6ybr92", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de82bf19-7ead-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1643204576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204576, "uuid": "1e433d06-f0da-4c1d-99b8-d7c57eeb03dc", "comment": "Malware payload (Quakbot)", "value": "95fb7a5785e55959ebd1f8783640e491", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204576, "uuid": "b8e8e19b-6b3f-4596-9c32-4667c6ac9ae9", "comment": "Malware payload (Quakbot)", "value": "576dc48b1a4f26b779efe36ca94f2bfcb4812954063ade5f16854d4145626d80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204576, "uuid": "86faf0d5-61e2-46c0-bd4b-50435da07d05", "comment": "Malware payload (Quakbot)", "value": "021db3fcf016a75f1b8a087732b04e6dbc3e5d56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204576, "uuid": "209d0df8-8d0b-4864-81ec-155d3604c69e", "comment": "Malware payload (Quakbot)", "value": "40bad1ca4822e829c27f3a99d1d7301de749e9306e07814d158ffb0b18fae9b87e60796d9c73e322e886cd942925f029", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204576, "uuid": "64d58b31-caa2-4cc1-8491-15f3ba154f88", "value": "T131C4022B68881B92DD58A67B97AF79B1CD94C063A3F218C186431F870D1F16C1B3A777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204576, "uuid": "273b94f9-8c52-4475-8946-3b2157c22062", "value": "c9aaf76a486a4df8af078e095cac9d3c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204576, "uuid": "f72c82ef-aae8-4992-9fba-e34999d40d1c", "value": "12288:Xw6gJw6gJw6gJw6gJw6gJw6gJw6gJw6g2aNmvhAfftjDgfbhc:XSSSSSSSVMF3h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204576, "uuid": "05a32429-4c7a-4cde-b7fb-e6b5d3c0f14d", "value": 555168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204576, "uuid": "25610e56-afe0-40bc-8e52-08c7f28d4d83", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204576, "uuid": "857d35e1-d7ce-4f60-9134-13825c163f67", "value": "576dc48b1a4f26b779efe36ca94f2bfcb4812954063ade5f16854d4145626d80", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbdeeffa-7e56-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643167259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167259, "uuid": "6d652358-d7a7-4569-8ad1-b2d5787b6bac", "comment": "Malware payload (AgentTesla)", "value": "a8352b4a548ea486247748eb2ce3b039", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167259, "uuid": "fa0615fa-e355-4b15-b560-fdca58ffbdfb", "comment": "Malware payload (AgentTesla)", "value": "57c07c64de693155ca5e7ece886ec32e5c6b54244ee3634a3b1bda85f50b4078", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167259, "uuid": "f608db63-2bf5-40bd-887f-51f915715f24", "comment": "Malware payload (AgentTesla)", "value": "0c0fa9348f9ea40eacf2a9ffc34e61773efb143e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643167259, "uuid": "152d30a0-fe05-4fe3-b0a1-1de0e9070fbf", "comment": "Malware payload (AgentTesla)", "value": "bc817b8e21849a025786b6c6eed0563aab3b73001e73dc322b94ce03de53b190f0ab61ae6ae597c5353175c5a20b5abf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167259, "uuid": "e6452d01-f9d4-4c0e-9500-6ebaca5b997f", "value": "T1425512392676992ADD7BC33C4372865C4FA9723AE217F67E6C48B08C0992B444F51E63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167259, "uuid": "c369f5a8-301e-40bc-b1ca-0bc38de43d83", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167259, "uuid": "2965ec91-3536-43be-954f-19210d52b451", "value": "24576:11jAkdIDz5T4eTrObzoDiGgIAvSCsUmuRrOr2OlciWWN1tSEonI:Y6IBDib3rNvSCsSRSx5At", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643167259, "uuid": "e2348147-b37b-4b84-b094-582a198c6d62", "value": 1284608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643167259, "uuid": "508ef384-12e9-4297-99b0-0893c4b6ac67", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643167259, "uuid": "1aceecc3-2639-41f9-b48a-709b40aab28c", "value": "TANMAYI SHIPPING & LOGISTICS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fef63144-7e9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643197329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197329, "uuid": "9470a783-1570-4676-a995-738f18b2084f", "comment": "Malware payload (Gafgyt)", "value": "69f59c2c6378115383b05e2779e907db", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197329, "uuid": "fc643bc2-5805-4d0a-85b8-4e5943626be8", "comment": "Malware payload (Gafgyt)", "value": "57eb5d1735d4c7f7581f8df0a6b2928ad3e235a09a7f1ecbd31a127a714aa02c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197329, "uuid": "2ca312de-0ffd-40dd-b025-e81a14231a1e", "comment": "Malware payload (Gafgyt)", "value": "bb65f525b3318de80317d635c1be5f19ea41ae49", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197329, "uuid": "4916fc44-4a60-41c3-92b5-58c458e20e6b", "comment": "Malware payload (Gafgyt)", "value": "37fa74e8052cf4ac1879e50bac3b1eb94d4afb5d838740a7e7dd23c59fa7cbef58a4f199dddcc05911cd4ec7ff929303", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197329, "uuid": "553e6780-f8d6-4b2d-8f26-15c8b7b0ab0d", "value": "T1A9B36C1B6692C5FAC08342B92BDFA1618823F67D0B36721773D4BDA43F158CA5E6E740", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197329, "uuid": "dae50647-1ec0-4d6d-9576-bc1a0f1728a7", "value": "3072:It2nyvXaiz2B+5mxm7mQ7pephaHWo7yY20gilPCNVOXinYuM8R:qvQQmxizAphalj3BPCNVOXinYuM8R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197329, "uuid": "c3d3ac14-a0f5-49fa-a54c-ddb71d692cc7", "value": 112368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197329, "uuid": "ea9766e1-6f59-4e36-9b28-ef978deef486", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197329, "uuid": "f5435bd3-e530-4df3-93f8-2ca0db8c6c0a", "value": "assailant.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95322990-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload (Gozi)", "timestamp": 1643211325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211325, "uuid": "d422a2d5-e613-4b7a-b826-6e3448d245c6", "comment": "Malware payload (Gozi)", "value": "9acde2c3e3a375590a1bc716eabc52c5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211325, "uuid": "ddf2b642-c38a-40c7-ab2b-4b5171cc5714", "comment": "Malware payload (Gozi)", "value": "57f997217db22a4d97700768189d44034303e3b15dc08fa48ed6b91bd7051c05", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211325, "uuid": "89dbd6e5-89ab-4d6d-a08a-3174e62a601c", "comment": "Malware payload (Gozi)", "value": "e231c9ae802a9aad9916f08256f7558f531d54ce", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211325, "uuid": "ae597bfa-b460-4e6d-a752-de2dd72b6053", "comment": "Malware payload (Gozi)", "value": "e3516b9e06c435da89a4aa6325c5c8a2537b63864295eee0bb3184e78a7acd36dc3ce9d69f88a7cf6f4c2426f11d5cb0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211325, "uuid": "07f6990b-5b3f-4c14-8d47-b5fa43a6cae3", "value": "T110D48E22B2D05536C1631B3D9C2B52AC9D357E112A196C4E7BEC2D8C1F3C791363A6EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211325, "uuid": "e5f9badb-555a-45a9-9a3a-a01b22bf19b7", "value": "7f3476b35f56feee8663a4d549e47d9e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211325, "uuid": "806ed2d0-034c-4a5c-b21f-9c68057e401c", "value": "12288:CxdKNJ2yElIM31TVlVPt0+JQjahIx9Q2oleUcUGHS:CwuyElIMlTzBt0Bp3seBU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211325, "uuid": "079b46e5-25ef-4cbb-be06-a5ed844edba9", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211325, "uuid": "6d60222e-cc2b-42d1-9685-74411c9cf69c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211325, "uuid": "0baaed5e-9f9f-46a4-b95b-3cdc40a62a1a", "value": "9acde2c3e3a375590a1bc716eabc52c5.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9708b019-7e97-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643195008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195008, "uuid": "d0aab3dc-2269-48f1-9ca3-9fa12c60649f", "comment": "Malware payload (Heodo)", "value": "21c94ad18db64b3bf68ae10198647a89", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195008, "uuid": "4b9feefa-4fc4-4efe-a343-45a2188a1c08", "comment": "Malware payload (Heodo)", "value": "5828553323abbc0c0fd116a2053d9f76a474036397a54d873a8f5f3f8f243d7a", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195008, "uuid": "358967e4-f512-4a5e-8971-11dd648dee1a", "comment": "Malware payload (Heodo)", "value": "24033170cc836d4421f32996d7fe3d1cc98beb83", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195008, "uuid": "6b526002-ba1b-4ff9-8878-3f9fd8368c38", "comment": "Malware payload (Heodo)", "value": "8d1d40695715b4395ea0a31d9729f5b702f4c552c029876929eadf088bcc33cc5640f5670037de4cb0643288b7a380e3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195008, "uuid": "7b7f9ac7-425c-4502-9d05-01e714849490", "value": "T1F3E3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195008, "uuid": "f1e1c265-6354-46de-ae3e-06ab8c088dab", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195008, "uuid": "f028855b-fc9a-4ad2-aeb5-9487c46ff0bd", "value": 145825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195008, "uuid": "4489f348-3e13-499d-8d69-08b2d29ea040", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195008, "uuid": "ef969c97-275a-413d-956c-5e946e65b8b6", "value": "Doc_2601.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58b6129b-7eae-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204781, "uuid": "7ad4fdfd-25ad-4ac0-89ba-d75176dcc3c7", "comment": "Malware payload (Heodo)", "value": "27fa33dfb92995d3ea24112e7df5d088", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204781, "uuid": "621c309f-7f85-4496-9b0c-a1b4afa8b892", "comment": "Malware payload (Heodo)", "value": "584f1393f64b6b6d961591f311534178459b2cbfd7a081d2b0cc1e26ac87b44a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204781, "uuid": "7871c6e5-d3aa-48dc-8cba-2472bfb7be5a", "comment": "Malware payload (Heodo)", "value": "7aafdb63aaa2933605e4c50f03aad95f9333332c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204781, "uuid": "24592936-c2b5-4c22-a179-9f35b9be229d", "comment": "Malware payload (Heodo)", "value": "039ee1544e1ac5ce6b735b00c73ae46e8f78e319c2520b0f8575779e83fb3dbef8a25ab5b12cc6351a9f16050a54f690", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204781, "uuid": "bd20c003-422a-41e6-8a58-1ecf366ed3cc", "value": "T1F0E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204781, "uuid": "435236c3-765f-48c6-a7da-587abd89ad61", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204781, "uuid": "1cba548c-00ac-4006-a1b1-254b8dfa61a2", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIUG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGVOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204781, "uuid": "41dd66b1-4ba1-495c-99ed-3ba98ae8e5ad", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204781, "uuid": "1393a756-df28-40a8-bba3-c27de6525bd6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204781, "uuid": "53c5cc07-628a-4fb0-82fd-6912bc792c9d", "value": "emotet_exe_e4_584f1393f64b6b6d961591f311534178459b2cbfd7a081d2b0cc1e26ac87b44a_2022-01-26__134613.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "843867b0-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210438, "uuid": "3ee0ef6f-6f74-4332-aeb0-26eb74b99ee1", "comment": "Malware payload (SilentBuilder)", "value": "26b9b6888cd6ff7f47ae65cc950e3ced", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210438, "uuid": "05034d8d-3967-4ab9-ae3d-21420c5dfa34", "comment": "Malware payload (SilentBuilder)", "value": "58acd7cba307cffe4c6b307f6bc792b25104d3b5efa611797ececa2b63c20f82", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210438, "uuid": "4484ee8b-261e-4ee1-81df-fbd8d363c1ae", "comment": "Malware payload (SilentBuilder)", "value": "a7e01738042f2b00ab96c4e323b6363609b08adb", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210438, "uuid": "5372a489-a4c9-4c16-bc62-5513fb5ff442", "comment": "Malware payload (SilentBuilder)", "value": "5a6722ca7379e87ef5bc31f204e3e86f53ab9a046436ff96c97bd1f478adf80190f1cdb0ca1b5a02c2882ae7383ce283", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210438, "uuid": "84da52a3-35ea-4e3f-a1c4-de667fc0b46d", "value": "T11E131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210438, "uuid": "adfedbd1-606e-4fed-8332-550adba68855", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210438, "uuid": "f96bcfe7-eced-42a3-99d2-43188cefc484", "value": 45102, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210438, "uuid": "699efbf5-c356-481a-ab69-f32d6dfa1c36", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210438, "uuid": "2389e418-5c0f-496a-ae54-d89e750f8b0f", "value": "tmpud8po6xl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c76accf-7eb0-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1643205700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205700, "uuid": "6175f3c5-213f-4e01-9dc9-caab5cba2e1a", "comment": "Malware payload (SnakeKeylogger)", "value": "b0b3d864db05339b1f73609ce636d1c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205700, "uuid": "46f4de2e-acaa-4d86-ad82-f1f92dfa1e82", "comment": "Malware payload (SnakeKeylogger)", "value": "5944a7db8e81bc856a2723c1b07b8db76ff2408b3138562ac1d664ca37382574", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205700, "uuid": "95edc525-5db0-4db6-93cd-78e62e348d86", "comment": "Malware payload (SnakeKeylogger)", "value": "bbb9d89f447968deeb0a084c9658a668eb9cb8a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205700, "uuid": "3b9b2a36-9e36-4a26-983e-a1e7c1b8fd84", "comment": "Malware payload (SnakeKeylogger)", "value": "a841476d4101aa73c3619d87102a9cd68c57dba44e704c78fb0de19a7b548f18cc0c5226c927739d999e61b3322bb72f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205700, "uuid": "6a1eea4f-142f-4b81-a43d-b69fc9b43e9f", "value": "T19175C0F597E352D7F4365A35DB61423451327EC9A4E4DCF94AC8BA2C09302DEA21AE3C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205700, "uuid": "c9f9722d-1ee9-455b-ac3d-0f7fecdbff3b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205700, "uuid": "b814f407-226e-4f05-970c-b6074e2c3fa8", "value": "24576:LxMacrGW0LqTueAHH1FINDT2G3Q0VzO8P7wO91rGDxt0lptCzPJ:LxMJGzIueAHHUNuEP7wOfcn6PQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205700, "uuid": "79eccc73-9101-4439-a515-1004fde47506", "value": 1647616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205700, "uuid": "1f91b2df-bf58-4e42-a287-469798a7f335", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205700, "uuid": "ead78fd1-533f-4005-b976-afd658217531", "value": "Customer-Monthly-Statement-ref-57847884.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d397decc-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643215296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215296, "uuid": "969621c1-bdf2-46c1-956b-743381e844e5", "comment": "Malware payload (Mirai)", "value": "ae8529082a4166e8e748dfcafba133ae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215296, "uuid": "ba32324e-a23c-44d7-bb86-ccf2a41aaff3", "comment": "Malware payload (Mirai)", "value": "596f2db8b6b9c8fa1118289a186ebe23eb42fccf99c8024c9d0dd316e9ada543", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215296, "uuid": "955021bb-d7c6-4f71-aa75-5c06f58e8113", "comment": "Malware payload (Mirai)", "value": "678390391c81d811c35c2a755f4c7af1d5a15e7a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215296, "uuid": "cb79520a-97a8-4ab7-8908-d7c0481c10f1", "comment": "Malware payload (Mirai)", "value": "d4d83bd120fb052002c7509ec3b7b18b13f90282f0a2695f20c15ff3807fa1d82e0e77f0aa181b236ea641121fbc7c1f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215296, "uuid": "69a31709-4519-44ec-863e-e91df1e46412", "value": "T140432925AD792E26C0D8B57E11F78724F2E2620E25B8C65E3C721E4EEF04740A5537BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215296, "uuid": "730cf983-7962-4764-ae41-24dcb85489f9", "value": "768:eLobAxU6q9Hfymp0xginuYvCkLB6WsTwIC1DQdszoDaS0O+DCDP:eL0AxvSHfymp0xgunvCkV6vTMDauk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215296, "uuid": "00f29ba1-9a97-44df-96ec-b96334d062be", "value": 60412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215296, "uuid": "1a9106d8-284c-46ff-853d-56ba952d4e0f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215296, "uuid": "9c4a2ce7-f154-45c7-8c96-325c3d4442f0", "value": "ae8529082a4166e8e748dfcafba133ae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f1dacbe-7ea2-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643199638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199638, "uuid": "18e7f0c4-4641-49f4-9a74-51995ca5e5b9", "comment": "Malware payload (SilentBuilder)", "value": "f09fec9fe45f38d6c2a1afbbde5c90ae", "object_relation": "md5", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199638, "uuid": "df63ae0f-a80d-476a-a8fb-2fc417e0677c", "comment": "Malware payload (SilentBuilder)", "value": "59846d44529a17d067c939a6aa9ed937b93ca687ec4dbb626af616de0ab3fb4f", "object_relation": "sha256", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199638, "uuid": "375eebb7-4429-4aa3-b5a7-c4c22d84e226", "comment": "Malware payload (SilentBuilder)", "value": "8eea66b2f3be0b217b07bebc996cf5ccb45fc1c2", "object_relation": "sha1", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199638, "uuid": "9be1835d-6f89-49db-9f38-35eca075d536", "comment": "Malware payload (SilentBuilder)", "value": "ce51bef244241cdf976793af8e18bfc6ca808ca8630dd70b6cf031ea13e6684870e1a8f038b470964c8f38405225ffdf", "object_relation": "sha3-384", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199638, "uuid": "0265bbef-5640-4950-81d9-184bd32fc798", "value": "T192E3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199638, "uuid": "db8fc561-bf99-4c47-b743-65f773614f7d", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199638, "uuid": "d3dd0ef9-7a21-44d9-b253-e3be31e94e6b", "value": 145638, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199638, "uuid": "bb2b9ca2-5e3b-4a1a-992e-0ead19b51cab", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199638, "uuid": "18937ce6-781c-4621-8705-b216ebb61b38", "value": "xNdS-26012022.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74b44b1e-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643213418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213418, "uuid": "9a5d9164-d9b5-490c-b4ab-3f5a59549780", "comment": "Malware payload (Formbook)", "value": "4bf4e652eb6c4ddf2aad421319ffe70b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213418, "uuid": "afa25970-1c06-46f7-bfb0-5d740e3d9cad", "comment": "Malware payload (Formbook)", "value": "5a65adb2a2830e0dad5cb8d22641a71fb5a9c8141d77c64ce1e285a93954b052", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213418, "uuid": "db1f4ba5-eab5-4948-80ec-31de50570274", "comment": "Malware payload (Formbook)", "value": "be66a92051c8414a1383c414819c06a26ae1f973", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213418, "uuid": "f9226e82-716a-4d7f-afd6-aeec60913ada", "comment": "Malware payload (Formbook)", "value": "8a1b6da81f1cdffe6c836a331732bf93a5e5a2817a8e18025c6b95b11def4a3116e43cc539952be53d7d9096082ba524", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213418, "uuid": "5781ae41-e2d9-44c9-9fa4-8e8b7b209842", "value": "T131A41208BBE9DE93C097B9B04D778751A3B1DE001A1ACB83AF607F0E3E361D67545282", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213418, "uuid": "fb479289-fb03-4e39-a229-f2f9b04d97d5", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213418, "uuid": "80e61ed3-9c19-4f9c-948e-cd50e760ced1", "value": "6144:Nw2eo4zCAfgPI2lNvPUwdyDwxU/lIM/MyHnlEqhqnvPsFeq3kR5HLMj:g1zCxI2fUpEUdIM/nHnlEyqQ/URGj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213418, "uuid": "8cb6d623-2e71-40ed-b71b-73f7e5c3832c", "value": 491645, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213418, "uuid": "d8d2b0e3-c6b2-4719-bcbf-2443f70fb1a6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213418, "uuid": "f60e0b26-16b7-4a0e-b12a-6ce5b1aaa85c", "value": "4bf4e652eb6c4ddf2aad421319ffe70b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "540cabbc-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225389, "uuid": "7dad8ef9-886d-473a-b0c7-7f4a349411c8", "comment": "Malware payload", "value": "e726820fb43d6870ba5788bd91c44995", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225389, "uuid": "562edc40-6ccd-46ae-9620-b82f7c464c0c", "comment": "Malware payload", "value": "5a965a7f14851df1075226327c52176c4ee22d80fcb69dd4713c1ec243915372", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225389, "uuid": "bc177aa7-c7fb-437a-9105-db9dd9da4602", "comment": "Malware payload", "value": "db22214d653e3bd98805d6d404824438e43841e0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225389, "uuid": "70c66945-e2a6-4310-84cc-680050d9c412", "comment": "Malware payload", "value": "6ea3d2e94cdbc3f47eeb2303a225b91584c8b2ee0d69aba6aa210f7797d6040445cd3567f1398179518641961aacff92", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225389, "uuid": "138f2c58-c496-4430-969d-b0ff40de977e", "value": "T1DA05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225389, "uuid": "0ae382cd-d5f1-43a7-b222-bb7de05e2f81", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225389, "uuid": "264862b4-b5b8-43f9-96e1-929b693fc1f4", "value": "12288:aA9e3OrvpgqjtQFecn6dddifiHxoB3rNd9CDr:blrvpgqj2FeUQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225389, "uuid": "8fb52a3d-f1b2-4c5c-bd22-c4f1a06f9c0c", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225389, "uuid": "d7aff256-6a25-4329-a403-41495b56c030", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225389, "uuid": "b521d580-6d16-4b8c-a8d4-9e32a36d116f", "value": "e726820fb43d6870ba5788bd91c44995", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6aa600bd-7e7b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643182907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182907, "uuid": "b39528d7-a708-4f9c-80bb-9703e8a830bd", "comment": "Malware payload (Mirai)", "value": "890c9f73f173ba016ede99daf54885e7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182907, "uuid": "37b4b417-ab23-4f14-963f-0e35f61f7694", "comment": "Malware payload (Mirai)", "value": "5b020577cf7af3bfca18de8706b4c480c52fc239c3a2d142b282e20120b5f756", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182907, "uuid": "ffffe1d4-edb7-4296-80f1-765d357851cc", "comment": "Malware payload (Mirai)", "value": "d717e8721e37d3295f8b85088ba2ef2da95d351c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182907, "uuid": "db730ec5-b64c-40b5-a97e-081ffc255dc6", "comment": "Malware payload (Mirai)", "value": "39f679be0cafb925d329ceda5fade5447b49f887f6a00e7a693b694c23be7eb85a3a4045a47a85c0f1f468698035413a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182907, "uuid": "475560bc-81a6-4011-8ea4-8921ebe41e48", "value": "T15B33F955F8419B21D5E412BAFE1E018E33132FB8E2DE32039E156E307BEBA5D0E6B551", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182907, "uuid": "993cc9a7-ce0d-4054-aaa6-d6c7d8afc540", "value": "1536:R4nuO8qoPZh5cR7YEX8gZgRf7gQoYV36iMsOY8Fpry:pO8qoBh5cR7YEHiRzgzzu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643182907, "uuid": "abd6c3c9-5998-4daa-bcd6-9bdb0bea1aa1", "value": 54360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643182907, "uuid": "5b4cec13-b33d-40a3-b4a4-7cabd8872b32", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182907, "uuid": "1196e580-e180-4f9b-8285-9d3abd6d8413", "value": "890c9f73f173ba016ede99daf54885e7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "822178e8-7ec5-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643214729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214729, "uuid": "80b56bc5-2963-428b-8596-e009eee13092", "comment": "Malware payload (AgentTesla)", "value": "ff6359241d7894b9e552baf152d0e69a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214729, "uuid": "ea5a8655-81ef-4771-bb3e-08c25648d6c4", "comment": "Malware payload (AgentTesla)", "value": "5b0b77724a57d0cff8becd3987dd5f4f1028afaec38843f6a42d142b7c9cdda0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214729, "uuid": "7763e496-c1f4-4b8c-91bd-0fcca710c3a4", "comment": "Malware payload (AgentTesla)", "value": "e27c7986529976ef62c8441e382c699b4226c3f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214729, "uuid": "f838ab0d-9dc5-4bd3-be88-c4700c28eb9a", "comment": "Malware payload (AgentTesla)", "value": "90bfadd609e1a9d5457e3d07b15706ed3a21c124064979b4428b306814ed6ababc55ffcbe33eab049c8a9378e5b09a29", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214729, "uuid": "43a1e3ca-0f27-4e59-a96c-b463a9b4f5b3", "value": "T1A215BE67F449C826D2AC4AB681CFF40D4374BC03E9CBF5AA3ED7F5096651B46AA0910F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214729, "uuid": "cb21eea3-57a6-4814-b739-9a109eb122a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214729, "uuid": "6fcad520-878d-4189-b785-29dbe87a5b8a", "value": "24576:5pbOGl2kuMHwqk9/5cNs84kQ4WU6cCnn:ll2ktQqk7cJtQu9O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214729, "uuid": "af900eb8-28fc-4aa6-8834-6e06fd5da78a", "value": 904704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214729, "uuid": "8afc9f44-c678-4834-a8c7-f9e127b79e54", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214729, "uuid": "7644c867-02b1-459e-a0f4-bbfbd5c9a6b3", "value": "\u00c7AR\u015eAMBA TARIM SWIFT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de85fb08-7ea3-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643200281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200281, "uuid": "fcf7755b-d830-4291-9300-339713f7f31b", "comment": "Malware payload (RedLineStealer)", "value": "e850a485000a01b93df0aeffdb76cecb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200281, "uuid": "9920afe0-9f6d-4ef6-8152-9862adb30649", "comment": "Malware payload (RedLineStealer)", "value": "5b1596833c21b5c703e8939458fea7af7de21359db5fa9abf995a080d9ceebb4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200281, "uuid": "d398de31-4a35-4291-868e-4578f26b5f5f", "comment": "Malware payload (RedLineStealer)", "value": "b4e2104d8f15f0797f2e72166db1b87f432110e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200281, "uuid": "32cbf031-8bad-426c-af41-e6814186ec00", "comment": "Malware payload (RedLineStealer)", "value": "81252658401872347f8656acd3f700136aeac60899b3e775d955c096a6a1e14c7b7a13eb3656c9db257f23d7b8f3d7d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200281, "uuid": "52f61532-19a0-4986-9ee9-dd642beb8afb", "value": "T1F0748C00BBA1C035F6B712F405B9937DA53E7AE26B2551CB53D16AEE5A34AE0DC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200281, "uuid": "b73f605b-aada-491e-8901-d3c12124cc1a", "value": "4bcde812b040ca4f517d950272a8fa16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200281, "uuid": "efb1a8f5-38ec-4c69-826f-1cd64cd8ff8b", "value": "6144:84l423RptIrQ2MU8GBUa9l89hh5rw2csQywBDLsbUfrh22ie:84itU2J+ku9hh5rw2c0wBDOUfrk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200281, "uuid": "2d101153-0ad4-464d-a600-c032fe9ce9c8", "value": 341504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200281, "uuid": "10421d6d-e84b-448b-b664-0598f0ce62a8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200281, "uuid": "3e240359-518a-4411-8aef-d537d3371f9d", "value": "e850a485000a01b93df0aeffdb76cecb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03d44b64-7eeb-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643230838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230838, "uuid": "19423ec3-d5b2-4548-b7b9-4d90db027279", "comment": "Malware payload (AveMariaRAT)", "value": "5b1f8c54033f86dc045d3578987730f5", "object_relation": "md5", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230838, "uuid": "ac755314-26f5-41ab-ba8c-77af53b07ed9", "comment": "Malware payload (AveMariaRAT)", "value": "5b21ca4c644be9683120dd7c9783a22376a044f5fead7c1b889b373b217892c0", "object_relation": "sha256", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230838, "uuid": "7b117ae5-96e0-4382-89fd-024636d3c065", "comment": "Malware payload (AveMariaRAT)", "value": "461c7fc414113fcab7918470b0628bbc89bb3879", "object_relation": "sha1", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230838, "uuid": "4b1364d7-a15b-4267-a034-366dc2b3725f", "comment": "Malware payload (AveMariaRAT)", "value": "5f427f1aacc236270db920a1d0f53b1d72af3d0b014d743952e26d0b4d67eb7901ad7f581a5007e39f68894dc486207e", "object_relation": "sha3-384", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230838, "uuid": "fbc8a2f4-3cf3-47b9-bfca-4ae189fea1a0", "value": "T1064423AB732D678D4D432C76D85AD56F468826C01803A2FC6AC7FDDC145666FE088BE3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230838, "uuid": "a1989ab3-c35f-4130-a8b5-8b6e67cf4507", "value": "6144:oF4bdIgcNJLOhjVOIGi6mWe2ADVP1TvIH59fT3UBsMKvmtBX/niA:juJLSVOIGkNVP5IHbfT6Kef/niA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230838, "uuid": "9a9fe2fe-1810-4565-8cf5-a514531e4831", "value": 259889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230838, "uuid": "48dad22d-4763-4cc7-b618-40412696889e", "value": "application/gzip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230838, "uuid": "4a071b23-e3fb-402a-b4cc-7cc6ce100a64", "value": "PurchaseOrder 280181500 specification project 029452.tar.tar.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d79fe55-7eb4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207286, "uuid": "8ebafe9c-c013-444b-8503-b2392b222417", "comment": "Malware payload (Heodo)", "value": "018bdfc677f48f864f1c0fdf2aa23c21", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207286, "uuid": "83b360e1-c270-479b-a4f6-59e48be9efc0", "comment": "Malware payload (Heodo)", "value": "5b5defff8a23b9c8bc6f5ddd34fc27897c254e5eddb2360194cef0e2e7f6092b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207286, "uuid": "de237a9a-4daa-4b66-952c-21c5a5847296", "comment": "Malware payload (Heodo)", "value": "ae01be2d957aa84b957bc99ad74f43c5ea24bc3b", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207286, "uuid": "8ce77ad9-8a97-4350-b354-2490ac8af479", "comment": "Malware payload (Heodo)", "value": "8e7cb816756b04a1e9fe6b034c5bd52704546a032ddf5263e1f7374f0015df158d22bd02c908f4f1576541ab7b5706cc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207286, "uuid": "e03c87ae-2bcc-48c8-943d-71e08dcc15cc", "value": "T184D36A66B5C5E9CAC70523350A9A8BEE33676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207286, "uuid": "7c28bba2-ac26-424f-ad1b-e58388d861c6", "value": "3072:McKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx01:McKoSsxzNDZLDZjlbR868O8KlVH3jehy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207286, "uuid": "041df21c-5545-4b2b-9125-76afc720c1ae", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207286, "uuid": "e0d616ab-faff-4cd7-966a-1fd9764cce4f", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207286, "uuid": "0c0bbdda-2ce6-408b-8a73-026eb2de8a16", "value": "UEJ-010122 TCOB-260122.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45c84562-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220641, "uuid": "e562853d-7dd2-4819-aa68-7b79a3a27667", "comment": "Malware payload (SilentBuilder)", "value": "fe675fa16a9a94a81d2cf9891b77111b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220641, "uuid": "bb17911b-7d00-498d-a41e-201a69183656", "comment": "Malware payload (SilentBuilder)", "value": "5b6737a6724a2ea63d9e2eb1bac0cc52a2792cff7a7e72b3b065402ef3992beb", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220641, "uuid": "15252064-235c-40fd-bf6c-c41b7a8c1641", "comment": "Malware payload (SilentBuilder)", "value": "9c5fa8327e18b931a266979e62e5828316216fa0", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220641, "uuid": "41cf19b5-7816-477b-a282-36cf8836ba4d", "comment": "Malware payload (SilentBuilder)", "value": "11e38bfca12d37a28d783658c0ad5ea8879ab1e0af3b904a24b221c455408b6da2d84c1f858bad885d4afe583ac195c1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220641, "uuid": "b4be4c83-cadb-4b97-b4c6-183fa7cded20", "value": "T145131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220641, "uuid": "9a3bacad-17ac-4aaa-97ce-bc70c16ac648", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220641, "uuid": "9bf068b0-1ef8-4548-8746-e39ad8038c55", "value": 44664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220641, "uuid": "f32a47fb-8f3f-4d46-9bba-e310a0ad6b8a", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220641, "uuid": "4eb0d6e8-b0f1-4d08-b889-4da51553a8f0", "value": "tmpevcbroir", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "740c3dd5-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643176910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176910, "uuid": "76892e14-fb52-4dd6-89db-151eb5527fb7", "comment": "Malware payload (AgentTesla)", "value": "260b0d143515db3f2fc168efa929c4c8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176910, "uuid": "dbebcc75-d620-4629-89c8-c7722ede289b", "comment": "Malware payload (AgentTesla)", "value": "5b88f01119bccebf79a80eda53537104bae467266b5915cfce76bf84562697d7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176910, "uuid": "f3b9795a-3a05-4fc3-9048-396252c33e6a", "comment": "Malware payload (AgentTesla)", "value": "1644748fc13cde4a5d359bae015f2285e6a61d35", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643176910, "uuid": "86ccec49-cd0a-4ee9-8048-e3473445b826", "comment": "Malware payload (AgentTesla)", "value": "f68a0fbe85582fba883c649d6653d2270fd973e46cb6fa32b44760844dbcd198ca421e9780ca10ba1c82b2fb3dadd9a8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176910, "uuid": "cb163f82-d6f6-48a7-9fec-8d0c564b2553", "value": "T1C705D01A32E0C134D38D287598A47A447B73F15F38D2F960EEF2DA497BB97846610A73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176910, "uuid": "a3715bd4-4683-4a22-9167-a3d63bb1a059", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176910, "uuid": "4b849255-ab21-4c3a-9b11-347efcdb1a68", "value": "24576:MIflOF2K4zl4ffa2xT3sMbMCwFmyF5tw8WCtO:rEXT3sMIDZw8W/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643176910, "uuid": "55185f0c-cbf5-4b23-bc9a-2e7129b4324b", "value": 837120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643176910, "uuid": "428f7660-2e9e-4fe6-bc18-518fc6cd487a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643176910, "uuid": "f7c5025e-3ef8-4213-9d03-2f82feb3f487", "value": "260b0d143515db3f2fc168efa929c4c8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "609943fa-7e5d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643170005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643170005, "uuid": "f981f757-e20f-40d1-99f3-ae8da02d013e", "comment": "Malware payload (Mirai)", "value": "8a436b0493de854fec118b88b80d2c6c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643170005, "uuid": "1e68c6e2-2da7-4b1d-be5d-4b296f534077", "comment": "Malware payload (Mirai)", "value": "5b922fe3455246e9810b487ea7f47134b8e028d2d41332d272481156879afcc7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643170005, "uuid": "fb0f169a-de78-48a1-8e5a-451f507906f0", "comment": "Malware payload (Mirai)", "value": "8ecf33ecf7d78bf49ed8132448d3e98007dc2bff", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643170005, "uuid": "d0ebecbe-3f9f-477c-a908-6cb41147198a", "comment": "Malware payload (Mirai)", "value": "8bff383fd682a6392a49b2620739d44a6b2a7cb49647e63c5ed05ef9cec881e7f37fc7d3314f8cc208fcf71b4dc2f0f5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643170005, "uuid": "2cafa43c-0cd0-4c6f-8693-cf1634316e68", "value": "T177234CC5A547D9FCEC190A712177FF319AF6E83E1158DA83C359AD72E942602E90329C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643170005, "uuid": "4fdab8f1-9557-42fd-8479-04c2ae47da98", "value": "768:r+WtjNuFWuttPEszMmsdybV/co8Nz1Wfd/0g6SDZkwAo:r+cUttPEsImsduV/cLWV/0g6OZk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643170005, "uuid": "c400ea78-aae1-46dc-91f7-878c6e1d6321", "value": 49756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643170005, "uuid": "bae4e3fc-5725-4ff9-b335-7636c1e971c0", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643170005, "uuid": "ca991142-5b0d-4a81-8026-cf3a958cd615", "value": "8a436b0493de854fec118b88b80d2c6c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62b061d3-7e98-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643195349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195349, "uuid": "b702f487-bf26-4689-8b6f-5420bf192f65", "comment": "Malware payload", "value": "31d223c813a592422461f0d6707ba571", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195349, "uuid": "47221f3d-faec-44d0-bd07-44057b5611fe", "comment": "Malware payload", "value": "5bd4987db7e6946bf2ca3f73e17d6f75e2d8217df63b2f7763ea9a6ebcaf9fed", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195349, "uuid": "a6d9098c-35b8-408d-9711-a2efe1164683", "comment": "Malware payload", "value": "040a4985172c82474459b384fe9269922ac0b98e", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195349, "uuid": "0f759f90-cbd1-4b83-aff8-54b099c35a35", "comment": "Malware payload", "value": "0dc0ece947a5729fcfc62fed19c245666fd15105be19d2fc9c2b019f39f6b151722cde8efa41911fdac0f3ad69059d40", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195349, "uuid": "640d2566-8513-4be7-99ba-deebb64fc500", "value": "T1D821C9DA8E25152F6DA0776E20773E0AFB1174FE4088C2F1B93E08088BD084D6EE0B49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195349, "uuid": "e7bf8bcc-28e0-4ab7-8ad2-63576bd593be", "value": "24:3dacgolHKcwTtRaG1Y+nK79CrZT6W7wNQjywIxLpvyoneSry8Wfl0M2oudL:lKcwBRaQ2U7efwIhyclm8WdbpQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195349, "uuid": "46137366-de74-40d0-a9a7-76992985d3d9", "value": 1353, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195349, "uuid": "a3ca86cd-2b50-4cd6-952a-bc55f45d5e49", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195349, "uuid": "78977d0f-d333-497e-9ba7-6af9723faab3", "value": "s.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38b6b872-7eed-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643231786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231786, "uuid": "ab62c635-6017-4df8-ba1f-7b8bcc2ca68d", "comment": "Malware payload (Mirai)", "value": "24fbd9768eca1dca52cb8e250888cb16", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231786, "uuid": "5d6d63b0-18b2-4e91-8152-33c1cfa8399f", "comment": "Malware payload (Mirai)", "value": "5c8254bef4fb29e4a436abf086bc05bffc2bce34cd0cf73f0d82ab46ee86b5a9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231786, "uuid": "7bf4d0da-b989-48a2-92d0-057bbb66e230", "comment": "Malware payload (Mirai)", "value": "88ebe9f94f829d8f0b65d3b7e1a9d8541155ad3a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231786, "uuid": "39b09ef1-1526-4e34-a267-e25bffcda711", "comment": "Malware payload (Mirai)", "value": "76511a04ca036160508866808021fb597113b891209729c6db127ff08441dfbada45669e643507b0be5c5bf1722b6aa1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231786, "uuid": "1fdce15c-d573-4f7b-94ac-855a920b4a3c", "value": "T1A5E2E0244E2C56B0C7F0063FB191694535B91FF892BA2DF54E74A928D2A32C35B2B1DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231786, "uuid": "a0de3567-72f6-43fa-8af9-bd9b31eb3f94", "value": "768:HWPiNVPXaa3q40ji3fCsH0R+G7glHZBXTdD385wCnJas3Uoza:HWYVPKR40iqBgG7glDdA5HJXza", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643231786, "uuid": "5f58ab1d-30f1-433c-86fe-f5dec7386a12", "value": 32568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643231786, "uuid": "0aaf933d-7100-4adf-b94d-e8d6433a7c46", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231786, "uuid": "a1a0c6ec-d02f-4130-ae79-7397e60a60a0", "value": "24fbd9768eca1dca52cb8e250888cb16", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e29e0ba-7ec5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643214562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214562, "uuid": "41b2ecbf-01c9-4ce6-a16a-77adf5f6e525", "comment": "Malware payload (Heodo)", "value": "9fa443892f6121ba31b8567a5e984ade", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214562, "uuid": "46b7d144-7e14-4cf1-94e9-ab5ae023fd76", "comment": "Malware payload (Heodo)", "value": "5d63eb668503e4c015b52f8c4c48ba1bcb490475b9d6441b0b407c3e76ef3961", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214562, "uuid": "62e0e85e-0839-4354-b69f-796a1c5549d1", "comment": "Malware payload (Heodo)", "value": "12fd3b338d6ad8a9e01aa47c861c97f3bb2bff93", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214562, "uuid": "064c51f6-897b-4dde-bf4f-eee3f2aa25b3", "comment": "Malware payload (Heodo)", "value": "34d156c1aebc410ef62142346925e4cce7dbb5ac6109b3a70ccd66e496cf5fb8006d6d85ef30a20cdd49a3e1332a7343", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214562, "uuid": "7921281b-d733-480e-8f6f-c16954851f05", "value": "T1CBE3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214562, "uuid": "a93d0908-0685-4cb1-9c69-0d7e43a88d9d", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214562, "uuid": "dbfe015d-5927-49bc-afe1-edb273d8be57", "value": 147292, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214562, "uuid": "cb01a2e6-52eb-40dc-a13c-758bddbd0fdc", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214562, "uuid": "68c32c1e-5bf8-49e5-892f-89dfb9c3d28a", "value": "MES_2601.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "779f9076-7ef8-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643236616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236616, "uuid": "187d1283-35e8-49a4-95bb-3255e7da6474", "comment": "Malware payload", "value": "800f1fbfda6fa368cd469f5bdff644b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236616, "uuid": "0554e615-c5f0-4815-a986-70597b572b56", "comment": "Malware payload", "value": "5da3db74eee74412c1290393a0a0487c63b2c022e57aebcd632f0c3caf23d8bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236616, "uuid": "9eafc870-6e6f-49bd-8286-d0960e90360b", "comment": "Malware payload", "value": "fa1db6808d4b4d58de6f7798a807dd4bea5b9bf7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236616, "uuid": "a529ff97-6479-488e-80de-5375e4e3b922", "comment": "Malware payload", "value": "ad8f0a4b12211527080f3f02ac1049b3fe49cabca3263b88a610a0fe725819243b662c1d71788dd480135f0bad60eea8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236616, "uuid": "658c8861-fdd7-4275-bc09-8c854c086f56", "value": "T1C77548AFA9155C9DF83322FA282F2E294717F91F941C56CDF2A67E221F521634036B07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236616, "uuid": "24d80089-210e-463d-b29c-f7e39202e382", "value": "2939a781d38c70ea62b465a5117c9a54", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236616, "uuid": "26911b33-9fc4-404a-bfd8-5621bde314de", "value": "12288:HCDwG29LwiUqzDM4KXgG1SY1hVuGpnQ8cXUX5HopWLYDsLYZjrmkkHZkkkkkEkkL:HCDE9LYoDM4KXgGFVu+Q8cX45W/PA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643236616, "uuid": "3e3391f2-da89-4607-8c27-2e9621603691", "value": 1560008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643236616, "uuid": "2eefd765-97f8-4a63-b795-2cc7d03a3337", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236616, "uuid": "204083d7-9daa-4702-a112-f43512c694fa", "value": "800f1fbfda6fa368cd469f5bdff644b0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c51f87d-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643188789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188789, "uuid": "a81fd695-31f4-48f7-adcf-1719f162f03f", "comment": "Malware payload (Heodo)", "value": "6e5355df6fb70ea232a33587bdee3997", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188789, "uuid": "b74f1a73-e5e6-476b-b44d-5c825fb7deee", "comment": "Malware payload (Heodo)", "value": "5db92a3b069005742ffc9b55b36004ad05d854e013442ff63116f4d1adbb3d26", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188789, "uuid": "05ef13d9-318e-499d-8be4-00b0970f61a9", "comment": "Malware payload (Heodo)", "value": "51044be4dda56daa2b76aea86563fbd587c65cd6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188789, "uuid": "555f82ee-a2be-4138-ac6b-35ef9a8c7f22", "comment": "Malware payload (Heodo)", "value": "dbed6e5e01160848c5fd1496c2baf0f2595817879d6bed90e8106cbdec32c78cc41a177f7714e497a7d0c23d4a088e89", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188789, "uuid": "6a347f02-3e23-4086-9b9e-6bbe0b78e5a9", "value": "T18705F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188789, "uuid": "e7ac1a5e-7086-4a16-b59f-696dbae2f402", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188789, "uuid": "156d8c25-d93d-4a8f-a305-f34e2ff6b1e3", "value": "12288:aA9e3OrvpgqjtQFecP6dddifiHxoB3rNd9CDr:blrvpgqj2FesQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188789, "uuid": "a1136299-07f8-4b1e-bc28-e9d619025411", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188789, "uuid": "78bddb8e-031d-44f7-9c7e-2ccbf3c53d8a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188789, "uuid": "e75a47f2-6f27-49e0-8119-8607b279ac03", "value": "6e5355df6fb70ea232a33587bdee3997", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40e16ddf-7ed8-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643222780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222780, "uuid": "590042cc-14f0-4477-a56e-cf23cfbab791", "comment": "Malware payload", "value": "e9ac069f6fb869908c60903db31123e7", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222780, "uuid": "ecf6e768-bb5f-4587-8d0f-5784a9cbc7bb", "comment": "Malware payload", "value": "5ddebd878eac71208ac0b38c02524a07500993e147fe6e4a4e4b58c8fef67085", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222780, "uuid": "2fb95326-dcf5-4be8-a330-57ade79ccb90", "comment": "Malware payload", "value": "42dd7bed076e3d5227e3996d40ab1281305e2bc8", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222780, "uuid": "2714c405-43d0-4665-9767-a9bf58f1b765", "comment": "Malware payload", "value": "47af61c1ef11c0f8e616a21970f152e14bd8841dcf9cd9b8aa8712fcf54106c197484e4e43c9b9cc86026aca8ad83da3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222780, "uuid": "88a06fe3-942f-40f7-9b91-906cf81cb4cf", "value": "T16A131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222780, "uuid": "6946cd94-ffc9-444f-bd97-633877b68fc1", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222780, "uuid": "7b87ad1a-d7e3-4f45-b20b-adc1f388cda9", "value": 45083, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222780, "uuid": "b9dc6fcd-80eb-41b1-bfc7-75287ca71a6e", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222780, "uuid": "de1db827-0c89-4739-ba2f-f0454003a4ce", "value": "tmpzstd27_i", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48eb9e06-7ed2-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220217, "uuid": "dd97bd07-21d0-4729-9e49-31b917a1e6ff", "comment": "Malware payload (SilentBuilder)", "value": "b89ee72d757d092c9ddc30a53e15aabf", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220217, "uuid": "78ae8bde-be25-4662-8814-be6d24084ce1", "comment": "Malware payload (SilentBuilder)", "value": "5de50226efabfe997e67b32d8964783b994842e0f211bf965bda33dddf8ae32a", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220217, "uuid": "39ed7c28-ab01-4286-9bd0-62878aab1f90", "comment": "Malware payload (SilentBuilder)", "value": "bcb86459d0e1497b4c4e1c08c951441d85d99a97", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220217, "uuid": "985e99d9-6c1e-44d4-94ba-f171c7ba5c6a", "comment": "Malware payload (SilentBuilder)", "value": "ee5d7e42b87030e12dd640db9eeba78d856f7a943c9a7afa26d740a140369dace49227a33381ef613faab162241c358d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220217, "uuid": "b82c29ec-3d03-4d8d-9eb1-c92b45495ebd", "value": "T12E131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220217, "uuid": "b010a970-7424-4249-953a-9ea69ca7678b", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220217, "uuid": "58db9fe9-28c0-4f5f-b063-a620beef6e4e", "value": 45031, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220217, "uuid": "6597bbf3-bdc4-4090-9ff3-8a768617243d", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220217, "uuid": "e95ae82d-23b6-451b-aaf4-c923e5fb85ed", "value": "tmp7m39anvb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31f00201-7eed-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643231775, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231775, "uuid": "bdf28fd9-0864-4e76-985c-7710700f3d88", "comment": "Malware payload", "value": "46b871157380d5177d8b1218fc7a4fd4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231775, "uuid": "6a3882c9-cb14-441b-a32b-44be5f6e3e73", "comment": "Malware payload", "value": "5df508aa90ce9063008bdb018fd823b7a3a2936310dfb489a3b7f1a8ca828203", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231775, "uuid": "155c4aa8-4db8-49e0-8a31-247a3dc6746c", "comment": "Malware payload", "value": "8377614b3302fc01963c9b1a9dbcf77e77fe1cdd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643231775, "uuid": "17b9577f-a7bb-420e-b658-3533c8248b13", "comment": "Malware payload", "value": "c916d63b1309a8b29dc891e60e837089bf0c25c0e1d1344261a9141983ac961630a7c5ef7e630f3837d725dbce2551f9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231775, "uuid": "eac8457f-0d93-4583-9b14-ee5950985bac", "value": "T162B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231775, "uuid": "7f2e4837-a78a-4c40-9a42-8528c5e53761", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231775, "uuid": "9f194564-e60e-4f58-90c0-0e4b3e51bc9c", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8v9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgu0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643231775, "uuid": "507bcd16-e965-4783-8f26-47b99d29c789", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643231775, "uuid": "ec50237e-0f6a-43d2-95a1-ddceb65b98b5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643231775, "uuid": "1a33c4cd-83e3-482d-8adf-6c5d0ae34c12", "value": "46b871157380d5177d8b1218fc7a4fd4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27dba754-7e81-11ec-9275-42010a9c0029", "comment": "Malware payload (Hydra)", "timestamp": 1643185372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185372, "uuid": "2320fb63-60a3-4a77-9298-3474db75723d", "comment": "Malware payload (Hydra)", "value": "8186e5cd533ee32e030a7e8187ad3a6f", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185372, "uuid": "c07831ea-158c-498b-a22a-30443f30ffe1", "comment": "Malware payload (Hydra)", "value": "5e19b1f8567f5d6484c95b0a38420b8e5ba2c378bfd330fd69e7ff9061da2255", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185372, "uuid": "634dc615-d2fe-42f6-8082-13ddd81b76a1", "comment": "Malware payload (Hydra)", "value": "f4c9051a32d5b3f0fa329ef2edc44b1b069132ac", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185372, "uuid": "b9aea5f3-80a8-4187-9392-965ef973e024", "comment": "Malware payload (Hydra)", "value": "45ea0c1bd16b66e07f61ac0e61be4904825a00402fb767458f7e53bbdb2a13cf4b72ac43c6b876e7692490752f7064d8", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tor-hydra", "colour": "#10AB92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185372, "uuid": "8ece504d-b7f8-4bc3-89d5-418a7df0a417", "value": "T141763306F0C0A6A6EB9DAF7140E9CA0E7054AC993151DA6F52A472784CBBF7053273FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185372, "uuid": "7c30c9bf-38b3-4484-964d-e85f85c02109", "value": "196608:M5flAsKNiQLmhi4xGfikpvxhlukhrMhuyNz:GOsK5i88tcrl4u2z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643185372, "uuid": "e68ec9c0-d754-4ed6-ae01-8f34bcc27acd", "value": 7249640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643185372, "uuid": "94c25a34-d4b1-4a63-9e42-6ea7d51ebb00", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185372, "uuid": "53a484ce-6be8-45bb-b4c3-b086f0a4bc70", "value": "psk.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c2d2945-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210344, "uuid": "32e809f9-b639-4bf9-9848-16641746b40f", "comment": "Malware payload (SilentBuilder)", "value": "7dd16fb946d056057c13cd8eee27ae5e", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210344, "uuid": "a32a2726-0818-4c03-9c95-6e23a5d533c9", "comment": "Malware payload (SilentBuilder)", "value": "5e3bebf696f44ac4a320e116983592fb0e4d70fb8a84ce078b05cdf072e0c9d5", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210344, "uuid": "3a3f1678-6fd8-49d4-b40d-a2224bc1edf6", "comment": "Malware payload (SilentBuilder)", "value": "5233bfddaac0db6967cd77401e00961115243fb5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210344, "uuid": "1db5bdec-352f-4f82-bacf-19bedcd3cfcd", "comment": "Malware payload (SilentBuilder)", "value": "6f4e1b5289c9e3ddd58d2d1e86a9620e900f0d7f7f50470ecaae528f27da87d980a0f2ec2ba62220c629e396137c03d7", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210344, "uuid": "c2ce3ea5-b916-4700-89f1-078bf707698e", "value": "T1E7131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210344, "uuid": "cd1e02d1-ba1e-4cb1-b3a6-431a2c9be4fb", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210344, "uuid": "0eb95bbe-3703-4638-9d9f-800a728c209e", "value": 44942, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210344, "uuid": "d5014f1f-4552-44a4-9625-1c1b62af0585", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210344, "uuid": "f6f387b2-d8a7-487b-8b30-065e90c92296", "value": "tmpb96kkcqu", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2882f88-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643199402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199402, "uuid": "0f00962e-8b15-44e1-a070-cf3267326eb6", "comment": "Malware payload (Heodo)", "value": "d768eed6bb5131b09dc73d7b203f91bf", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199402, "uuid": "9bb588bd-b195-4b32-b471-f95d83566f27", "comment": "Malware payload (Heodo)", "value": "5ed3ebe51d0d2e11e954d9be4c3cebf44eeb86167ee5ca0ea7da83b742f1b4d9", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199402, "uuid": "b3e8e2e7-7fed-4c99-8036-1d1355958ed0", "comment": "Malware payload (Heodo)", "value": "35d8729a2b2dce26f8a3e2df84ac72b3b4d8299e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199402, "uuid": "75e9bbfa-f52d-44bc-9f2e-d4f5cd5a8e22", "comment": "Malware payload (Heodo)", "value": "f6bee21a0c436ab9143fbb9ea43b9ca420004e170ec4756fc007d03127793e5be82929991f852b8b290f2f506d2275b9", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199402, "uuid": "4e7c3ff2-5372-4b52-9915-f618c0ea2dab", "value": "T164E34A5576B5C9F6DA0407B10AD2CAFA2327FC739E5603E33198B30E1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199402, "uuid": "d5aa9936-5ced-4c57-8fdd-bdcb0e5b0a83", "value": "3072:07cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGx0:GcKoSsxzNDZLDZjlbR868O8K0c03D38B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199402, "uuid": "e2f8b5ce-ab6c-46a4-9104-70f5ae34d467", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199402, "uuid": "485fdb77-2921-4733-b92f-9ae5630c6ed5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199402, "uuid": "067395eb-efa9-49ce-8eeb-0870e0bf0fa1", "value": "OMICS Online.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e99f862-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193490, "uuid": "465bd782-d5aa-4983-9c6c-ca2d45729c3c", "comment": "Malware payload (Mirai)", "value": "fb2ca5f0a737d1b2302a2d5827743dbd", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193490, "uuid": "a64f0de7-b240-4504-8696-bc560a88e518", "comment": "Malware payload (Mirai)", "value": "5f186eee7a27af4d9b2034ca9cb2ece4028ee8cdade5699575bcd393013df69b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193490, "uuid": "3632d717-5e8c-4a85-97b4-d6e962455f22", "comment": "Malware payload (Mirai)", "value": "aaab06b2f797ae36c817241b05eca97d5cf69228", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193490, "uuid": "fbbd65db-7a5d-41ea-b9a8-851efaf09353", "comment": "Malware payload (Mirai)", "value": "0f34362f6b6eb556c63342dae6351fac6d0f020448faebb5f8eea9943fcb58d12597d63e035cacbd9906be32c01428db", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193490, "uuid": "7b4166a6-f008-4b9d-b762-7a67d784a364", "value": "T1BA044A05DA809B17C6E23BBAF79B428E3323975467D733058928ABF43FC27995E36015", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193490, "uuid": "a624181e-9050-4d88-b7eb-037422336dcc", "value": "3072:0V/Yb/dnp+eQPGp+37T/a+Brz/5TPibksbfh7x45hLaq3zVbYM/9cFommw3Bq/1A:d+v/a+BrzBTPAbfhm5hLaq3z+M/9cFoc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193490, "uuid": "22f86266-f2e5-4261-b3dc-d73bddabab71", "value": 180200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193490, "uuid": "06d5cb21-8c1f-495f-b3c2-21581eeb85be", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193490, "uuid": "6afb8ca3-bfdf-4a21-ba62-517f294f7ade", "value": "assailant.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a01b25b-7edb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224030, "uuid": "7629a374-379b-42ae-a60c-963822908961", "comment": "Malware payload (Heodo)", "value": "b88fef5d73233e4d0bf11238016b353d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224030, "uuid": "3fb9fb70-14d6-4c7b-8b12-dbd818e7169d", "comment": "Malware payload (Heodo)", "value": "5f1db4473f2e4d86dcab70e0c5eac59a72c7b2864761d6d06b39ee5833a45b5a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224030, "uuid": "df829b50-a696-4185-bf81-670931dd9989", "comment": "Malware payload (Heodo)", "value": "a713473fda612a04d9bc0bf1e7bc2b2d71cb6b2e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224030, "uuid": "95d5ec16-931c-4ecb-b8e2-04f05b8493ad", "comment": "Malware payload (Heodo)", "value": "b8421acb2ba7b155eefb8b9b06fd0e54e69e8cbcf42d7cdf24b487f470bc7045bf9c269c76078dbc6769b38b01b0b5b6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224030, "uuid": "a5ecaf7a-b718-46a1-8212-490cdd1b5397", "value": "T162E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224030, "uuid": "72653c2e-c1f7-407b-b905-cbd222d1d9fe", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224030, "uuid": "a126498b-02be-44f4-b0ae-189db2af8606", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIoG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGxOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224030, "uuid": "1a28d54f-4c69-4042-915c-640d45e1e27d", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224030, "uuid": "0d39d58a-38b4-45d5-9bbb-a27be509a6d9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224030, "uuid": "fef0a85f-30d3-44c2-8289-017d8a8623bf", "value": "zSwh1e.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "850634fa-7e5b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643169208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169208, "uuid": "36b1a3a9-b073-45f9-a457-3e58b9223516", "comment": "Malware payload (Mirai)", "value": "fdd7a5e49208b3de8b837944d1b78794", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169208, "uuid": "efe95717-409f-4a49-9b4a-2ff3b5c71f1b", "comment": "Malware payload (Mirai)", "value": "5f3a8e3fd4c87b4ffa8b67174e6ac54b83c8399406f349daf403f6f9fad5485a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169208, "uuid": "a315ad8f-f560-438e-9031-c581b8c840dd", "comment": "Malware payload (Mirai)", "value": "a0ffb84f48e4c6d689be2d26a06b172f4c7eea28", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643169208, "uuid": "870f6b6c-ae6e-49de-b208-fa20a7a23af2", "comment": "Malware payload (Mirai)", "value": "e6f784e3f9c19ca2b130e4bf15ad97168f0e98484430b878df26660dc590abfa72dde4bdcb9e14187562f4845ec6c429", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169208, "uuid": "cc26c565-8a4b-4c7a-b3c5-dc8dcac28ff8", "value": "T1293329D6B401AE7CF95BEFBE8022490AF671620151930B3B637FFD93AC322658D52D46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169208, "uuid": "da9df08c-6a12-4527-9e4d-5a2c726076fe", "value": "1536:/uVrztlv77ldfa+t1ST08iCHLnWqfCV55v9b8H:aLlFab3iAL055FY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643169208, "uuid": "de29e7ae-c4eb-4137-a6b8-9ca086f124ea", "value": 52516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643169208, "uuid": "bf1cb6f3-c0e7-499a-b125-fb8cd24406c5", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643169208, "uuid": "c7c01e44-c168-4e8d-89ec-fd8b8a54a9cc", "value": "fdd7a5e49208b3de8b837944d1b78794", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f0f0159-7e98-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643195263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195263, "uuid": "a2025d42-3f99-41bc-97f0-2859494dccaa", "comment": "Malware payload (Heodo)", "value": "d61a9a51006f1df934baa9950267ce8b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195263, "uuid": "54a53045-ed5a-4f61-b3ca-9e078275b140", "comment": "Malware payload (Heodo)", "value": "5f3f6cc534fd1682001d6cc202196300741fa6f58f6e4cf986f83658f07688ef", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195263, "uuid": "61cea5d5-78ff-4e86-8bee-67b2901bfe83", "comment": "Malware payload (Heodo)", "value": "0578c727a745a6fd0afa5a9f42a7d8c0f871b6d1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195263, "uuid": "50c729b9-28f1-42a3-a094-b566ccc25477", "comment": "Malware payload (Heodo)", "value": "03ef12bc26dc2d86d21818fd12e299906c3c01ca91d8e04aaba72f79e3cc4535578f2fa62e7e723a4fe1543c71b18139", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195263, "uuid": "013e48a4-2aba-4543-a01f-f9fa74929776", "value": "T14F05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195263, "uuid": "704d88aa-9a54-40ea-98d8-5c476e17af84", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195263, "uuid": "56676f5c-128a-4202-81c1-082bd362e4b9", "value": "12288:aA9e3OrvpgqjtQFecH6dddifiHxoB3rNd9CDr:blrvpgqj2FekQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195263, "uuid": "1f864ef0-c0ca-4e59-9ff2-4cd3d1fbb4df", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195263, "uuid": "1817e0c0-6e2f-4eba-b20b-cdd56a54623a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195263, "uuid": "43c609b7-570c-47f3-a576-2af1412fb4b0", "value": "d61a9a51006f1df934baa9950267ce8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45281d64-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643206896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206896, "uuid": "3d1ab2ee-2b2b-43cf-81d6-ec9887a43cfa", "comment": "Malware payload (Loki)", "value": "edf65a14594c7f5f3351cb40c8fd0ebd", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206896, "uuid": "f7b3b003-51df-4f15-a0d5-578ff7507c5c", "comment": "Malware payload (Loki)", "value": "5f61425b3cf5e3b6f0383d8c1c05a18e2e4c5f47e7a4c6ef4e990195f14196e3", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206896, "uuid": "60d106e5-aafd-41c4-bb32-8c91f613cab7", "comment": "Malware payload (Loki)", "value": "b50d806345d5792fdbaa6d7e77f1ea3d0d539808", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206896, "uuid": "f0fd0a15-4034-4999-9747-24edea5e7bfd", "comment": "Malware payload (Loki)", "value": "875eece3058ea31071cb7b6026fb2c2adbae43521bf08724b3aaf4cd545c5d9808383861cc58abdfc8fa413f2ffd1498", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206896, "uuid": "a6eee586-32d5-43c3-9fda-85bf23805996", "value": "T1F6F302B0FF10111CEDD38EB664A01091F49EAC64EC24DE58264DF169D9FE5AC4A2CFDA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206896, "uuid": "6ccc1548-b0ee-4ccb-a588-a6de321ad067", "value": "3072:HyRRPx8B+29B2Oy+PCh38GkdcGtJwkxnsuof9tXU5QIe2P1g5DPdActzo1+c:Ex8BJ9BRqhlGHjnsjf9lJ92P1+D1Aclc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206896, "uuid": "6b1e0610-2250-49da-8510-a43927eb3e35", "value": 169336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206896, "uuid": "3d2d311f-4d21-4ec7-b5f8-4cd5f0e22907", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206896, "uuid": "0e19eb14-ebff-4d10-a4e9-cbe3e56aaaea", "value": "Payment Advice .xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23e14d0a-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643223161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223161, "uuid": "316f9623-8281-4118-8c54-8c61a9f3eb6c", "comment": "Malware payload", "value": "eb93287305bb3ef8db36ff3e7d8dd037", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223161, "uuid": "aef1f310-9ec2-4912-a1ad-142d874da655", "comment": "Malware payload", "value": "5f6aa23cb10c1e64f2d68c1bad0d482280290ed9ee311fa4f266c893bccd41bc", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223161, "uuid": "0ba6db3b-4449-4450-9a08-4c37608c82ab", "comment": "Malware payload", "value": "49bed8717b89e5ebe6458f5ff9bcadb7e3f01acf", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223161, "uuid": "53fd0e05-2c39-409c-a858-060bf3fb9d8b", "comment": "Malware payload", "value": "e2a7f49637147951621d515487b8cfb6fad4c1fa3109ceed1892e7ae625f2820aac05ac4c9351a187f20bb4076e1ab83", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223161, "uuid": "67a7b74c-9a8b-4aab-9bcd-aacdec981d68", "value": "T169131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223161, "uuid": "40cd28be-ac95-427b-90ed-112c0d90449c", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223161, "uuid": "acd918a4-7306-4164-90c7-2e421d4d1cbb", "value": 44665, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223161, "uuid": "1842e653-3219-4e2f-a7f7-2118863787c5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223161, "uuid": "8bddf343-07e5-44db-99cf-f2c891ef6218", "value": "tmph0h_9r6s", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00bc4b4c-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177146, "uuid": "d31c6857-bb97-4558-b10e-8bf42261cedb", "comment": "Malware payload (Heodo)", "value": "57a7b3d25fff145309d57400a9773581", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177146, "uuid": "b0a24e6f-68cc-4de6-b5a1-a1aaa2083c2e", "comment": "Malware payload (Heodo)", "value": "5f76e9a2672725fa60ba0d0409e45a9ee7ddec593b1faab82329b8a5b00d262d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177146, "uuid": "ceee27a2-580b-4a94-aed0-559d22231127", "comment": "Malware payload (Heodo)", "value": "1fc0e0856ab7ebe4313988d57d19f2a56dc867d2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177146, "uuid": "bc258db5-8f3e-4568-86cf-aa7d0f646219", "comment": "Malware payload (Heodo)", "value": "8761559c25672bce06aa27a98d3e19a5e893bc8ea176ee4a07f5fb334fd0563750cb8d7926d06a2b2793f55fe7de6df9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177146, "uuid": "643fdbc6-24dd-4454-981e-ca0578180512", "value": "T1B5E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177146, "uuid": "c755c060-98bd-4ed5-ad46-3bf3ee4d04e4", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177146, "uuid": "d81602fa-5bcd-4d95-a851-35882a73036a", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lrNACHKm2tkJV8u:o87vGJzomxhwhbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177146, "uuid": "b90a7b62-2154-489c-ac2e-432ce3c5d922", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177146, "uuid": "f9afcd41-4a9d-4fa7-a343-24932081c850", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177146, "uuid": "0207db8e-0b4b-4494-b847-4e9f5d5b0834", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:46_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc87cfe6-7eea-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643230719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230719, "uuid": "075f5066-9b2b-481d-bf9d-3b203558cc9e", "comment": "Malware payload (AgentTesla)", "value": "1b4ada85c1e1e6612d2f8d5c2455cc50", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230719, "uuid": "a511cc9e-a56e-4354-b1a7-e7e672264f3b", "comment": "Malware payload (AgentTesla)", "value": "5f866b796d0dc5bdab89734314aebb99ef99955a6d483b24d6c54dbc63b0d23f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230719, "uuid": "b6758551-1c93-4050-b81e-d4f5f6c9eb3d", "comment": "Malware payload (AgentTesla)", "value": "dbb44f643add3a92bf990fc287f0cc56d551aac4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230719, "uuid": "f915e777-c615-429d-8e86-405a9eaa9382", "comment": "Malware payload (AgentTesla)", "value": "e9d72d0627b70d238ad88fcfeff124acae964689f4f331d19f0527508f3a5b79095fb033570daee6706ebc37f9203cce", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230719, "uuid": "51f58d65-f3b6-4c96-af88-a36236d4613d", "value": "T121D423DB43A8B5BAC6864D292FCA964DDD5035EE8A3894FF54DE0408934BE2CDE7430D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230719, "uuid": "12f583f4-8e60-437d-a1f3-6d8ca2b0cc83", "value": "12288:WQWmxVkOD7N352THnygXRWRIVma2Du+a/V3M3My2mi:ZWmx+OPVYTHyogIF2Duh/Vcc0i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230719, "uuid": "718d083c-361f-49a0-b1ec-c1656612adbd", "value": 636137, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230719, "uuid": "5ae9b7a7-3c22-42b5-9a3f-9d74c0a3b054", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230719, "uuid": "8af8e615-ce99-460d-8ab2-270122014854", "value": "UPDATED SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b837f175-7ebf-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643212243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212243, "uuid": "bf76e77f-1c2d-464f-89da-a824502e2bd6", "comment": "Malware payload (RedLineStealer)", "value": "dd5d9499683612b4f71730876ebf12bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212243, "uuid": "118ebd90-3fd8-4549-ad8b-8ee1c0d4ef14", "comment": "Malware payload (RedLineStealer)", "value": "5ffecf27b187bcaec80b45b570631e5bd53672b23dedb4d28d4e3dc6e81214b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212243, "uuid": "6fa1bd10-e0cf-4f2a-a0ae-77118321228d", "comment": "Malware payload (RedLineStealer)", "value": "4217af8b347effb3a97b9f47e27c20ae7a04dd19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212243, "uuid": "7fd3838d-564a-47cc-8d73-344957db74e0", "comment": "Malware payload (RedLineStealer)", "value": "ffc18eb8ce5a408b0259863c509566d81f7be9a4eadcdd18299b19339c8798903f0e958345dd93db37d915774d783a82", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212243, "uuid": "cea0882f-80bc-4f29-8925-2a44ccb703ec", "value": "T15BA4BF10B7A0C035F6B712F449BA937C653E7AE15B2450CB63D52AEA5B346E0ED3131B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212243, "uuid": "b475d30d-314c-445d-8aa6-fec4f7416692", "value": "747024b1d04ad78d24e3aa224d333747", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212243, "uuid": "807401cd-e4f3-46b9-b2c7-6ea760688dbc", "value": "12288:axBAbw2NqF8KrKRSAh+NEuw4x6aTU58zx/MF:olmKrKYufCRTU58dm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643212243, "uuid": "aa9b1560-f3e1-4414-ba73-7259b12fb0a4", "value": 454656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643212243, "uuid": "64fd979f-a1ae-41e5-9790-641dd2a30ed9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212243, "uuid": "d2905574-7451-4cca-8201-523f5736d939", "value": "dd5d9499683612b4f71730876ebf12bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0c8e161-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643215264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215264, "uuid": "fd22259f-0bef-4011-8d6c-765960f47188", "comment": "Malware payload (Mirai)", "value": "70b4d855045a04ddeaafe60f10b0b2f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215264, "uuid": "3ae30b95-ed8c-41e3-801f-90470d3d1c5c", "comment": "Malware payload (Mirai)", "value": "60420e2bf098c2e65536a8ee4cf673b987070bc8230b9487f69c81395de8dd18", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215264, "uuid": "3b0894a4-a1b3-4927-912b-e22574957bad", "comment": "Malware payload (Mirai)", "value": "525f843ddc9105a7356aa882da0ee2ce5b6877e0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215264, "uuid": "3e03b7dc-3a32-4fba-aba0-b4303d0c3569", "comment": "Malware payload (Mirai)", "value": "8c0c63b14fbc6f2f63096410bdd58b16d0333f8602ebdcfd4e9fe4d9c0c904cc02105301cc3ebae49f62ba9115524c3b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215264, "uuid": "b9f383da-4b15-4f57-a233-7a9d5b25e85d", "value": "T18FA2D1B03891DE6DD7F544B1CE15E187161E13F6E0F93238293916B9A5C281B2BB6387", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215264, "uuid": "6e4d866c-a93a-4e24-97c0-1c771f52d2d3", "value": "384:zi3UQyFDNgB36T3d7n3peSzvV3wlnxcrE4SI0mhymdGUop5hXj:ziAWMLd73dOlV4X0ms3UozJj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215264, "uuid": "584ebba1-c605-4aa3-b7d3-9c7c281d7fe2", "value": 22124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215264, "uuid": "77c650e2-c2d4-48f0-a1a2-93de9dd5f2b6", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215264, "uuid": "043d1e67-6d58-404a-b9a7-7b98249e08df", "value": "70b4d855045a04ddeaafe60f10b0b2f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2337e04-7ed9-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643223400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223400, "uuid": "cd854494-95c1-4c09-8b6c-1e7b7322ca97", "comment": "Malware payload (SilentBuilder)", "value": "b9cc03d85642aa07aa3e90fbc32ee0bd", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223400, "uuid": "4579333b-524e-48df-b6aa-f06d6ec43647", "comment": "Malware payload (SilentBuilder)", "value": "6046c1bb5be6eeb8a311ad6447de532b5a1d4e013299c67e7e38798277a39a6e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223400, "uuid": "aa4bf180-dfd8-4666-87a2-9a16e5ad12f6", "comment": "Malware payload (SilentBuilder)", "value": "dcef292423a21a415b26f330a7ac81bc58559cb1", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643223400, "uuid": "c37ec592-0fd3-4e61-bd1d-8361329e14fb", "comment": "Malware payload (SilentBuilder)", "value": "6340fda453b5d70242f36b50e9c3d7b600be316451221b9308747d9dae5d71d7eeb48d272d755b752472d04f95b26cd2", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223400, "uuid": "ad45c1db-df03-4995-886f-68acd291cda2", "value": "T104131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223400, "uuid": "77a3f292-0ab0-45a1-b119-b7baf6dae785", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643223400, "uuid": "9b240a09-cd02-46fa-98d6-54097aa220cd", "value": 45192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643223400, "uuid": "a13f448b-0752-465e-bc89-0df157e5db01", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643223400, "uuid": "e5ed74df-9e4d-49d2-a4c7-c61ba0ab6f46", "value": "tmp2umbpq5w", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8d3ee70-7ecb-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643217371, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217371, "uuid": "d7020296-9a66-4f49-84e3-103a3397ff7e", "comment": "Malware payload (AgentTesla)", "value": "c567bc20d0fa64f3ee2e55eb9610a1e4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217371, "uuid": "5b7cd2bd-ea48-4a7a-a923-2142d329f5ec", "comment": "Malware payload (AgentTesla)", "value": "60924814b2cf5a305f37d962c3aa2b6bbb1aebcc1a8be7490cdd733241915b4b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217371, "uuid": "c3892275-3850-4c09-b68f-98b7667be81f", "comment": "Malware payload (AgentTesla)", "value": "0a8821e1abfa57bbc7e57dad2d8c4c6921fcc054", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217371, "uuid": "a0d6614a-1939-49ac-89e6-6db50de0ab4e", "comment": "Malware payload (AgentTesla)", "value": "72b444a9196a67f1fa145aedb3e41bd85c3c4f183c0c85291b7d18e9604772080980e51e576f77cc1b14346cc8357385", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217371, "uuid": "8691e801-69f1-4f85-adbf-1ba5f15e7759", "value": "T1EC15BD6BF44AC466D2994A7280CFB40D47B4B813FDCBF59E3E97F1086651B46DA0A20F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217371, "uuid": "dae7fd73-ccb6-4fce-91b8-d516f368402f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217371, "uuid": "821e987a-f569-430f-9c1c-22a907575803", "value": "24576:8qJYfc+GnM2wu47BxwVNjDVfNXujxjjZOt:L+3/E9DVfN0xZC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217371, "uuid": "78f0b1e7-d6a3-4cb1-8a6e-fff8c808c110", "value": 896000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217371, "uuid": "a20db042-4a05-42cd-bd16-35243780198a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217371, "uuid": "0029add7-129f-4764-b988-f78dbe17a94a", "value": "orden de compra_________________________________________________________.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "597cdd6b-7e81-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643185455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185455, "uuid": "49d1fc25-2c7f-4506-8870-58a4058b0986", "comment": "Malware payload", "value": "a16b200b57021603686daccefeff4457", "object_relation": "md5", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185455, "uuid": "79cd1eca-8070-4f80-9030-fe150c3bccc7", "comment": "Malware payload", "value": "60932d5b63a164d4d33d000ea155b0dfdc27e69cef704cbddb8ea78ce59b0bcf", "object_relation": "sha256", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185455, "uuid": "d661efdc-6dec-4e80-84e2-0e69b5e73687", "comment": "Malware payload", "value": "9ee43b9695276543386afb2f64b851636ca797fd", "object_relation": "sha1", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185455, "uuid": "aec28827-6da2-40c9-b80b-a1b1d0ba92b1", "comment": "Malware payload", "value": "07498b7b0dac67ca924c617c17a8bae40ad58e582819235bcb96f29111bddfa0ba550d9511a6cdbca7bed9732ebf6fea", "object_relation": "sha3-384", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185455, "uuid": "822bff18-fcdf-4c0f-9ae3-4051a9ea9799", "value": "T1B8131BB30213FD8F56220E45D50C2111DC9CECB772D99DACBF4898E98FE51289DA8EB5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185455, "uuid": "fd34dcb2-f345-437d-8e78-28c34242d60e", "value": "768:YGobtohx+TwKZ4Wobm+l2kfgnt/XpXc3i:YGEo+TwMZoy+skfgt/XK3i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643185455, "uuid": "50a46f24-1a4c-4b69-a5bf-904fb14fc317", "value": 43692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643185455, "uuid": "aeeb1499-ba26-4629-a5f2-a0f77eea6e82", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185455, "uuid": "4c89d675-9b05-49ae-8578-16a0f1a2af7a", "value": "99266431614", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9a26de5-7ed0-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219627, "uuid": "c0475634-a47a-4196-8e16-8662e0e90fe7", "comment": "Malware payload (SilentBuilder)", "value": "ec757212fff1782f35f52a313fd9d5ec", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219627, "uuid": "2c540f19-4673-40d4-a825-70073f6e2cd8", "comment": "Malware payload (SilentBuilder)", "value": "60b78eb6edb2cad56573a822c844021dd669f99a3592c0a543f7d21dfd41375c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219627, "uuid": "bcadc8e6-e234-4a9a-b2bf-eea46c523be3", "comment": "Malware payload (SilentBuilder)", "value": "3b1fc2505a3d478319215aea5ca5c5d51184c74f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219627, "uuid": "98b83c88-83ea-4a7c-8b88-e1b75e20f95b", "comment": "Malware payload (SilentBuilder)", "value": "f58b86c186a3a5bf21203fe8609c31e2a3acb27bb3f5e8c8e87f35b00e13d44312fff1fad7cdc084d39960404f201392", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219627, "uuid": "a1876380-8236-400e-a68e-9e3072b8cdf4", "value": "T1E7131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219627, "uuid": "1eee419f-d68f-4e31-840c-39db1d573a8f", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219627, "uuid": "03b379f2-61ae-44a8-9ea3-4562d240665c", "value": 45450, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219627, "uuid": "824202ce-c3a9-4a13-8f7c-e0fec4ee3ec4", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219627, "uuid": "fb748dd9-909b-4b92-9edb-6f5a5c06b094", "value": "tmpq693idpr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd0cfb63-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643199393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199393, "uuid": "91675ef9-9dae-4fb1-bc34-e4fbdc4ca1e8", "comment": "Malware payload (Heodo)", "value": "33885a1e93bb9f452af84b36a0484205", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199393, "uuid": "cb1d58cf-2a14-4055-8312-20e7ad95dcac", "comment": "Malware payload (Heodo)", "value": "61086c3b7fb4953359f59489c0fb762decd08bea37e16a8401c3bb1a1d8ebf4d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199393, "uuid": "0bb7c468-d850-4a88-9bd4-e3e69c055910", "comment": "Malware payload (Heodo)", "value": "e36c069a5821129a2d754e4dcae066b15068a455", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199393, "uuid": "850ff072-0c8f-437c-b614-b32fb9a795a4", "comment": "Malware payload (Heodo)", "value": "a93ac50119849a531833bf84d31255341ced418dcee76ec3261e8c5eb4a0065c4c9a0c6833ed4574ff494067ed29f118", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199393, "uuid": "167b6d04-f989-430d-9147-068394a6712e", "value": "T102E34A6576B5C9F6DA0407B10AD2CAFA2327FC739E5603E33198B30D1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199393, "uuid": "e01a79f6-ceca-4324-a262-b62336554c12", "value": "3072:j7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGxT:vcKoSsxzNDZLDZjlbR868O8K0c03D386", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199393, "uuid": "56f5a9a9-16a3-4b49-9237-985617e3e440", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199393, "uuid": "e38caa92-2994-4e7c-93f4-800c1faa099c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199393, "uuid": "9fc893e9-3b5f-46bd-a4fa-bbad85bc5767", "value": "INNOVINC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f8b86cb-7e90-11ec-9275-42010a9c0029", "comment": "Malware payload (IcedID)", "timestamp": 1643191854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191854, "uuid": "3e48a090-62e6-4a2e-9d8f-83d16b95cdbd", "comment": "Malware payload (IcedID)", "value": "d1867adbbfd705fa4b9457442592ecbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191854, "uuid": "b144399f-c2ff-40d8-bf3f-1fc9cf1affa5", "comment": "Malware payload (IcedID)", "value": "6109dc2001914480b53cac384346eeb2e701114d836902db49cab2684305da35", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191854, "uuid": "dcdaae45-8479-4fb7-83bd-fdb4866f9789", "comment": "Malware payload (IcedID)", "value": "b91fb63e09c8d8d7cf7c9291e21f313031a1cfe5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191854, "uuid": "6865ccba-3c6b-47f8-adc6-4cad44d3c034", "comment": "Malware payload (IcedID)", "value": "108284cb90e417fbaaff3c1a23893ce49ccc1fa4b178e24c102226d33d1b6dd135301bc6540867942f7b819ce792af43", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191854, "uuid": "03060786-3dd5-48fb-b222-0de28c050c03", "value": "T1F314E6A4B947436DC6A3833D1E4F316C4FAB3FE578A4476B598CB8BA631C9C4969700C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191854, "uuid": "82df0c45-3f30-49ee-af06-574728b64f77", "value": "3072:2fWGrs9SOs49a8lN3bXlMAm9DauVTUA6mgSIs2vNJshikiOlXgxkv:2Gps49VN3btmR8SYk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191854, "uuid": "a5b628bc-5383-4a4f-84a2-a90fc63f98b7", "value": 190464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191854, "uuid": "e8d79ad0-6e49-4cbd-989a-949713d81983", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191854, "uuid": "7fd614ee-9668-459e-9141-843ec759b41a", "value": "d1867adbbfd705fa4b9457442592ecbd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4218f0b0-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "c04e3577-12d9-4cd0-a34c-11588e491de4", "comment": "Malware payload", "value": "9783743ed1bc59ff917d06ac3dd2d0a6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "ec7c4f8b-7424-41a6-949b-2bf7f80bd496", "comment": "Malware payload", "value": "611b04bfb5e5e63fff718179dac8f21867ba922944b2538de27fba28601c264d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "78987708-6f86-4da8-a510-97bd32fe649b", "comment": "Malware payload", "value": "3dfb0204c15d04e345aa3c8b86d43788052f8118", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232231, "uuid": "14b3c2b3-c0fb-4d11-915f-9b36441fb2a4", "comment": "Malware payload", "value": "2cd3f46662f5d51691efaa1474b636e027495dc27d01bb3e8c3d22a096e5d8ac00d6a412ab661c91cc72a7a6b50dd832", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "9ba7cb36-65d2-4422-b49b-20d45e54fcc0", "value": "T136B46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "af2fe14d-5f35-4e60-8669-2e7376bfdacd", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "ca4c7f7b-75b4-47fc-9ceb-2e11f748ea2c", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdSUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQXcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232231, "uuid": "4e2a4972-0337-4809-934e-845edbe0d41b", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232231, "uuid": "dbcd58dc-f01e-4261-8ad5-6a80db848838", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232231, "uuid": "63241901-99ed-4608-b806-79040f766715", "value": "emotet_exe_e5_611b04bfb5e5e63fff718179dac8f21867ba922944b2538de27fba28601c264d_2022-01-26__212337.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da614db6-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177082, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177082, "uuid": "e163611b-fa96-4c96-9dcc-fc9fce68b058", "comment": "Malware payload (Heodo)", "value": "3a30c2fba3675ea612a13aa2cc7fa4d7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177082, "uuid": "f30175ae-3e97-42a3-9dc6-07d6a7fd4de6", "comment": "Malware payload (Heodo)", "value": "616f9aff58057c63a0ca5af6b8b8cda5c5fcbe3260804d4fa43aa8d842b196ce", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177082, "uuid": "f802d67e-ac0c-41fd-a5e8-0a7fa89be68d", "comment": "Malware payload (Heodo)", "value": "6779be5891ea14b737fa0ba17d098c3936e4edf7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177082, "uuid": "d7913f30-a0f8-41f7-a2f3-d45bfe3cbc25", "comment": "Malware payload (Heodo)", "value": "34aac384156d598c468bdf1e1c5943118a8f3c8fd126d6e362c0c748092b47ba26591a45c7ad6680af211c4f0c5b7181", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177082, "uuid": "377cb0a6-4563-43b1-a1a6-e06edea62c2f", "value": "T10FE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177082, "uuid": "54852253-9454-4dbe-ae92-6de9b447d5bd", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177082, "uuid": "d62dcdb8-d042-4cd5-b233-416cf39b3305", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lSNACHKm2tkJV8u:o87vGJzomxhwibKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177082, "uuid": "6db06b3f-29b2-4fc6-8581-7125d6637997", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177082, "uuid": "5970bc97-802c-403e-8d31-32d2a858fc3b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177082, "uuid": "3188791f-868a-4980-94fa-c3265ecd4b29", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:32_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86e23bb1-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220750, "uuid": "8733c4bf-0471-44a7-8015-6ef6b7c20231", "comment": "Malware payload (Heodo)", "value": "33dc99c26ebac440e75b3f9119aef850", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220750, "uuid": "ab7bf6b3-267c-4c1e-bd32-d353c4ebf94f", "comment": "Malware payload (Heodo)", "value": "61bbc1907b1207aa2de868034febbce3870d79206401e43203e8ceff6e18e0e2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220750, "uuid": "318383e9-ebd7-4a35-bb76-61400d7f321f", "comment": "Malware payload (Heodo)", "value": "60592ce25849695a8baac8e762fccb9b2a177cd3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220750, "uuid": "2262de01-f907-420b-86c8-2fd0934757f1", "comment": "Malware payload (Heodo)", "value": "8ed4f47f66255b28361acb6f6dc9d7d85a60026b0a8a4c91f90f27fdb593a7a7edd4dc1501053f3f648aaa57d0dec21e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220750, "uuid": "9221f47a-8719-42bd-a6f2-26f869ec167d", "value": "T18405F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220750, "uuid": "9006eb87-93e7-4061-bf1b-cd091a4184a3", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220750, "uuid": "5ac02e7b-8fbc-47d2-a43e-40286900b8ac", "value": "12288:aA9e3OrvpgqjtQFecR6dddifiHxoB3rNd9CDr:blrvpgqj2FemQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220750, "uuid": "4cb362d6-477f-4e52-b50d-10975e3d6d33", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220750, "uuid": "91e7bffa-deff-4d57-b0e0-82d8ca66ac6f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220750, "uuid": "0b9a11d8-61e7-492e-9299-eee362f6c6c1", "value": "33dc99c26ebac440e75b3f9119aef850", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25fbebfa-7e9a-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643196106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196106, "uuid": "52509a9a-c5b7-4293-a9af-00b40dae010a", "comment": "Malware payload (AgentTesla)", "value": "ce5d5f66340006f47d9deeb64bd9fb85", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196106, "uuid": "b3bf4628-69d5-47e9-8ee9-e602136c363b", "comment": "Malware payload (AgentTesla)", "value": "61f6078180bd0c7db9ffafdf6570f0feb2fbd747cb804156091197a612b08ee3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196106, "uuid": "f16a8112-fb18-4377-92cd-b9c235f5d267", "comment": "Malware payload (AgentTesla)", "value": "cd0babe400a50f5d6330b052db550016753e3d64", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196106, "uuid": "bb7f7b8a-dbe7-4e61-b5be-9acb745fdb24", "comment": "Malware payload (AgentTesla)", "value": "fa8a6cfce5f309dca3c7f27648269eeab99587d94228cdd5e9f120c50517244fae35b7df8a8514a16d9298f8b64100e6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196106, "uuid": "9765bfca-3e1f-4047-b4dc-d8716cccbd8b", "value": "T15815BE6FF54CC82AD2990D7691CFB00D47A1BC03ADCBF59A7D87B50A6251F42DA0A60F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196106, "uuid": "e30b1915-a55f-4ab7-96cd-1ab115d9074c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196106, "uuid": "cfae8f8c-1340-4a9d-ac6b-98f6dc47bbdc", "value": "12288:S3i5AuQuc48Wx1X6dkspjCB08kxbKQnFdHPxpjs0s8CwaWXLQRyVmIMPk+m/Vf2/:sOAuQM6jp3bNLPMLwaSsyfMPkr/V+YI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643196106, "uuid": "6e4eb5f3-cc91-4780-9e5f-ae1872f78328", "value": 901120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643196106, "uuid": "14e97849-9ba4-451f-b87e-8689623bce94", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196106, "uuid": "0c549384-8d50-4b89-aa1d-cc21d0dd50c4", "value": "UPDATED SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bd8fd45-7ecf-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643218853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218853, "uuid": "7a1d28a8-4fd0-4afa-b448-45e99b6014a5", "comment": "Malware payload (RedLineStealer)", "value": "19d19b66faa339c96638e68887fcbc27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218853, "uuid": "2736d494-7d88-4a54-8dfa-b120afc066e3", "comment": "Malware payload (RedLineStealer)", "value": "627bc1e4c25d56aa3b16ec1ec8f98a2ff24d9ac18ef32c2dd59d1ea46f00e576", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218853, "uuid": "ce8c9696-6631-4cb5-a513-d54d0cd2d0ec", "comment": "Malware payload (RedLineStealer)", "value": "9239a9f1af64746834e7a4de54e442e44976eb87", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218853, "uuid": "5e49717d-ab2f-4876-8f89-c17068d97c0c", "comment": "Malware payload (RedLineStealer)", "value": "5c46057229ff32bdf1ff5035bf9ecbd0717101679b5d6f041dbd2972c3b188c47cecf5856353a7633cd5657063091507", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218853, "uuid": "953ffe6f-3231-4281-9036-5d29ee6f85cb", "value": "T16BA4AE10BBA0C035E5B756F445B693BCB53E7AA15B2451CB63E13BEA5A346E0EC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218853, "uuid": "3de11f56-5393-4500-9a69-01175945e9f8", "value": "aa2b22e8e3b96fd546a63d71626f45a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218853, "uuid": "bb9db69f-ff4c-48c9-9273-fd2d55215cee", "value": "6144:x3AorRbX05+Q+01aBLuNRhZ5NT1aliIY2FhN4CXzGQxK8JLDf1djYeLzO6WxWuN3:xwdn+htAzZ5R1aliIlhNrzGa/JYMqd1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218853, "uuid": "9ce33e7e-a8b1-4498-8c76-0f0c1f8ea66f", "value": 454656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218853, "uuid": "dbc6c965-c72f-4324-8940-2ea24f16d559", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218853, "uuid": "7b200f3f-c3de-4b2f-ad37-eedeaa6fc9e6", "value": "19d19b66faa339c96638e68887fcbc27.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bab2c481-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219978, "uuid": "d3f40da4-9adf-4a32-8c05-88430dca3375", "comment": "Malware payload (Heodo)", "value": "7ffe90c5c5919145246925dec4ed6d2e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219978, "uuid": "d14bee83-ffd5-4181-bbfd-fd842d47e7b8", "comment": "Malware payload (Heodo)", "value": "628120061efc42a326f48c32bfc513f96da3ff6be8e05c100a2958dd83e5f4c2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219978, "uuid": "88bbc8f6-9d17-4b5a-8dd4-7459472bc296", "comment": "Malware payload (Heodo)", "value": "10671e8183de3806fabd65bb77fdba624b0d3799", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219978, "uuid": "b5c3f66c-1ded-40ea-8ffb-18c7a63d52e8", "comment": "Malware payload (Heodo)", "value": "5d45dcd494cd3dc52ffb3999a61adc4b0dfebc8b10024b4203b1a2dab4fdfd6136c6ba2bc4bbb7dfe2f86b1ad0f2e562", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219978, "uuid": "157581b3-cbeb-4cf4-9e19-8b97bd8c069b", "value": "T14D05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219978, "uuid": "8cf7c84a-3306-4002-a2a8-b18dc8bb1896", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219978, "uuid": "d4c1b2df-8483-496b-98da-482f872fda98", "value": "12288:aA9e3OrvpgqjtQFec76dddifiHxoB3rNd9CDr:blrvpgqj2FesQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219978, "uuid": "e200ea43-c4c6-4115-b0c1-36ac61562d51", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219978, "uuid": "8b85777b-31ee-4601-96be-de1021a30296", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219978, "uuid": "4b73869b-14b7-4daf-b4a8-eabeb85e1aae", "value": "7ffe90c5c5919145246925dec4ed6d2e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0386e86a-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177151, "uuid": "9ebb7d5d-4403-407e-bb9e-e40b85bcb9c6", "comment": "Malware payload (Heodo)", "value": "6d254fbe6566234409b7c6f2cd0df8a3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177151, "uuid": "214167d8-614f-4045-9984-ab470d2dfb4c", "comment": "Malware payload (Heodo)", "value": "630f78e95266221741a88da66c9b68d50a373d22cad0056f80787fce8b4ca589", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177151, "uuid": "c2c26746-f03a-434e-af82-b128d47966a6", "comment": "Malware payload (Heodo)", "value": "6200a3a7f13ed0a30afbb4a445634b12421edb5a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177151, "uuid": "7bc15c03-4f30-43bf-bd94-42a48ac38e2c", "comment": "Malware payload (Heodo)", "value": "03d3e71f284083149f1b62181cb9ec741d99a3755b117bf8262458531c269647ae34a4968b19b6e2b95ef5064cde1917", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177151, "uuid": "9d639f46-a0dd-497a-b4c0-490b3740f94c", "value": "T12CE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177151, "uuid": "b6285489-9a8f-4b6c-a034-547806b1b5f3", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177151, "uuid": "4ccd6de7-2f78-4fc8-8730-a1c8b6fd490d", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4l8NACHKm2tkJV8u:o87vGJzomxhw8bKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177151, "uuid": "366c66a2-67e7-4ede-9b90-c1f569845a46", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177151, "uuid": "e46f9202-77b4-4680-b34b-7844e24ad28c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177151, "uuid": "2d2e33b5-860b-4c13-8734-cfb637660eff", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:47_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c87b522b-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "7565ac42-b728-46be-b4bf-32355dfcc505", "comment": "Malware payload (Heodo)", "value": "2013f2cf5455729ea5b716ce6fe2648a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "2c9d123f-12c2-4a99-b280-87555d69bb5c", "comment": "Malware payload (Heodo)", "value": "63cfe027a39d41c329e563f6e53f6833e75a1887c534160156df70b2bbc88dc8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "c3059240-2b05-44f6-8fb1-0607e863cd05", "comment": "Malware payload (Heodo)", "value": "07354ebdce9d12f5b09107d04698cbdd9ae0587d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "866475ab-fb4e-4aec-b4c1-4b5032520523", "comment": "Malware payload (Heodo)", "value": "5faaef58b3b858b2c837ea063663f48bc51d726e032cc7ce120191c33dd51070b999b2e5a570022045a5463611235ad5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "b9250154-7164-49ca-9e45-31d2ea0f5e1f", "value": "T1C5D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "3cd80d3d-f4f9-4019-a81b-c420febffcca", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "85a27c71-caf1-4c0c-b302-288fa537fa7e", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm3Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm3/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155577, "uuid": "69081583-931c-4062-ad79-89baaacbae50", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155577, "uuid": "bf5f46ec-4919-4b8f-aa31-1c80ba2a432f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "1baf1393-b3a5-4f51-b5ef-9a03f42bbdab", "value": "emotet_exe_e5_63cfe027a39d41c329e563f6e53f6833e75a1887c534160156df70b2bbc88dc8_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd796233-7ee7-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643229432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229432, "uuid": "a7c82aae-0c92-48fd-b321-168705f38d8d", "comment": "Malware payload", "value": "9856b9dcbe55777dc78532fbb170ff64", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229432, "uuid": "a3eb82c5-2875-440b-9109-23b8eb37f000", "comment": "Malware payload", "value": "63d8b5ed48256724991369af3d390fca0bba9afcc1d1dee674b6484632ed8ab5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229432, "uuid": "be6dd656-718f-4683-8896-ae08a13fa543", "comment": "Malware payload", "value": "96f764731753aafd6682fe9f4adcca85b0b2244d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229432, "uuid": "037ae679-a168-4471-845c-f664cdd0218e", "comment": "Malware payload", "value": "61d1180a289b3037e425a2a1ea37bf46847079cd670b3c771715988e94fe714e0194a1eff1abef656159a61a239263d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229432, "uuid": "874cfa2c-3d15-4715-8ce1-2eeee7c44b3a", "value": "T177333C42C6A20363D5554BF3749396C31BB1710E58E0CAAB98C9B08A4EDF30A7597FDE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229432, "uuid": "45a2a746-266e-48b4-b294-4366844f5b20", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229432, "uuid": "4b9f1b26-979f-4bad-9527-266d49f10050", "value": "1536:nPypga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLrRQ:Pypga/eHUTQQQQQQkdBft/2YWLrRQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643229432, "uuid": "df7d46fb-1341-4bc3-a95e-91106b1d5fe7", "value": 51400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643229432, "uuid": "c822f4c2-357e-4653-9675-816cda2ce5d7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229432, "uuid": "ad21a734-fbe2-4b0b-a4ce-aaeee3e100cd", "value": "SHIPPING DOCUMENTS.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f8b2fdb-7e7b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643182889, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182889, "uuid": "21773a7b-04c0-4452-bbc4-ee5ddf3f193f", "comment": "Malware payload (Mirai)", "value": "186d423c564118b917afbf6f80d9d18a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182889, "uuid": "df087776-c658-409b-b0f0-720ab794f17c", "comment": "Malware payload (Mirai)", "value": "63ff38518a5276f06ec866b7490d3ecd8a96198d16a67242525d1f8eb5016b97", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182889, "uuid": "21b13486-40ce-4326-851a-70f89962675f", "comment": "Malware payload (Mirai)", "value": "700f280ddad379647b87238746de653c85af2757", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643182889, "uuid": "a2ac5f02-1cdc-4e28-a9b0-983e92eae62c", "comment": "Malware payload (Mirai)", "value": "d5633082ae3ff462be3ee06746d7cb5d970cd1d8e40d0379dbcd993979070112a0ad72f8630d98bfba5c4cedb4d2b616", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182889, "uuid": "3bbfe69b-1e2c-4266-bb03-28c44ea99743", "value": "T179A3184AF9816B11D4D926BEFE0E118D335357A8E3EE7112DE205B2137CAA6B0F77412", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182889, "uuid": "b5464401-708b-4ed7-b8b2-fd92bb99c787", "value": "3072:ksKZKFKGKRKQSirUfIId2WmLzXaabj64LWE67YX9FOgi:KEQ9MQSTd2WmPXaabj64L/67+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643182889, "uuid": "d8da824f-f82e-467b-940a-7116cfb2668f", "value": 99932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643182889, "uuid": "28cac7ed-138a-46ba-abfb-563936375866", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643182889, "uuid": "ff472612-aa4d-4239-b6a2-665701371ecf", "value": "186d423c564118b917afbf6f80d9d18a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89f4d743-7e4e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643163632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163632, "uuid": "470cace2-7cba-4f3f-9151-05ff75bdd0b7", "comment": "Malware payload (AgentTesla)", "value": "e4f7b65fb5ea91e47cc478ee7953999f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163632, "uuid": "2bfb6a42-bfb0-4de2-8804-7cad0a025dfb", "comment": "Malware payload (AgentTesla)", "value": "641ba136cabe516b97ee3edce1119ae0e1e0be29861d06346b10fcca0bed624c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163632, "uuid": "67b4e350-4ec4-448f-be8a-28129655825d", "comment": "Malware payload (AgentTesla)", "value": "892a6c420f42b29205f9f76d5c415985c5243a74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163632, "uuid": "97eeadae-4e47-4cfb-88e4-ef5533703763", "comment": "Malware payload (AgentTesla)", "value": "d6f8b6c077f3cd894a4c49034c8781aff790a8dc8696e1dbeddb8bd8b805ae573a4e3c3d687b78871c7490bd96542831", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163632, "uuid": "1d58d487-fb58-4d39-96d1-7d66eeda8450", "value": "T13C05DF1532E0C134D28D28399CA47955EB33F06B78D2F974EEA2DA457FB97C0AA04973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163632, "uuid": "a8475dae-682d-486e-8424-0e27c84b0daa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163632, "uuid": "a5cb3d11-5c58-41e9-ad45-68add38ce978", "value": "24576:gTUDPQxUhJHjFx8j+M5MbwGABqLDQihFjte1aoDh:gRHj+MesZBqLD9hFjte1b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643163632, "uuid": "5ea8ea87-e484-4509-97a9-10f1c534eba4", "value": 841216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643163632, "uuid": "f142f400-01b8-4a02-b67c-a07d88af71f7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163632, "uuid": "9f431b9c-deac-4582-b7a2-e7b9d1ba9214", "value": "(PO#HD512-6 5700)12.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a585f41c-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643193314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193314, "uuid": "480970cc-33de-46b8-a1fa-5d2494199b3e", "comment": "Malware payload (Gafgyt)", "value": "10bdd54b419db49ffcee74b0ba491af7", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193314, "uuid": "b31e9a55-1bd5-48bb-bda4-0e839c22c105", "comment": "Malware payload (Gafgyt)", "value": "64bbc9d346a5d843a930ad51f922637b9f94ff6cae4445892a2ae0c7a164c52a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193314, "uuid": "34f2803d-0e7f-4616-9080-add09594f1cb", "comment": "Malware payload (Gafgyt)", "value": "fb3fc0912e6d1776cc015171114b3c8bff70d68d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193314, "uuid": "fd265e77-48d2-41b6-9354-1d5058362335", "comment": "Malware payload (Gafgyt)", "value": "7c0bd43255d99775d3767a14072444c5c54a5f8725a4b278f67155e07e2830e3d81c25ea95ac3659e4d48ed89492d66c", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193314, "uuid": "6703eff6-dbcf-4ac8-87c6-1426e7078435", "value": "T18EC34AA5A780D1B2D15300B2258BDF164033F6FB4A9BEA6AE7582CF0CF595C6B161F4C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193314, "uuid": "50ffddc9-6c7d-4bd3-b20c-2cf5d5f8e16e", "value": "3072:BDEMS0U8UgU2Vw1LHQxTvhZh9Ankkc5hJQ+3PPinI0/zJfNQQ2u:k0RzRVMLHQNjNkc5hu+HinI0/zJfNQQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193314, "uuid": "cdf574e7-1bb7-481b-839d-fba1b796fbc6", "value": 120435, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193314, "uuid": "af9da9cc-bbb0-4934-9b55-291fed74344a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193314, "uuid": "19f8cb2a-5fdc-422c-9ebc-980322eb7f76", "value": "Korpze1233121337.i586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad99ecc8-7ecb-11ec-9275-42010a9c0029", "comment": "Malware payload (AZORult)", "timestamp": 1643217379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217379, "uuid": "696ec795-fde1-4f6d-9fa6-65771aaa2621", "comment": "Malware payload (AZORult)", "value": "7a228e7f75f1ebf1f07497b4fbbc4048", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217379, "uuid": "4f08a9a2-cd73-4b5b-8b6a-68b60e241ad1", "comment": "Malware payload (AZORult)", "value": "64cce06138c3d1dd56f788853e60bb299f673977d1a538fcda92dd68fe5dc905", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217379, "uuid": "297065db-aba7-4eed-b04b-01bb767ed4ed", "comment": "Malware payload (AZORult)", "value": "78297771c1b95df22ddefe5c0a2be3a4068a2667", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217379, "uuid": "c20b1e0b-1f63-4cb5-acab-dccb3d66b095", "comment": "Malware payload (AZORult)", "value": "d4d1843c88495f39753e0c7ab4e2e8e3be1810e691864c3802b7a61bda5fcb9d421af0d8a35343173318ce73e491506e", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217379, "uuid": "eddb062a-a772-4492-ac68-f69c32072206", "value": "T1FFB3197AF6C19272E02808BDCD46D1B6912D76302D3918B6B2DA4F8CD5F95C26E2C3C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217379, "uuid": "28a4f739-3984-435a-9b4e-b1acd3a706df", "value": "6d1f2b41411eacafcf447fc002d8cb00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217379, "uuid": "47427623-03bd-4164-8473-c670d41a6a52", "value": "3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEY3E/Wxg/:Zzx7ZApszolIo7lf/ipT/W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217379, "uuid": "075e5f48-91ab-4b2e-b260-957fb133a364", "value": 115200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217379, "uuid": "f56f845b-8e3c-4329-a6bd-9f23fc189b0e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217379, "uuid": "0aec0eeb-a0d4-4310-8103-7765f39159d4", "value": "64CCE06138C3D1DD56F788853E60BB299F673977D1A53.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d30c9090-7eaf-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643205416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205416, "uuid": "705abd3c-3d65-4a2b-811b-7843bf10db0d", "comment": "Malware payload (Heodo)", "value": "442a96d474c7b50d214a1a7f053879a1", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205416, "uuid": "10f6abfd-dc34-4d9e-b651-a87537d20533", "comment": "Malware payload (Heodo)", "value": "654508319b25960411e1951b68ba54b381cec9e7ce842c5d5f529a07bd0152f8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205416, "uuid": "d8ba0d81-22f2-48dd-9b6c-66402899f200", "comment": "Malware payload (Heodo)", "value": "f5664f6109ba6973f93e0d813cf277233b2be0a5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205416, "uuid": "9521808f-fdce-4d4b-9e62-b8e9386bbb08", "comment": "Malware payload (Heodo)", "value": "ad96ae7da8b5270fd4137f43bd0911bedea0251d3a4a97e1986a1cb4f551c8f5c8bba2c0f83de0233c0c60db4e224f06", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205416, "uuid": "b586c552-2846-4e2f-9cf8-e1b1c2f5c4a5", "value": "T197D36B66A5C5E9CAC70523350ADA8BEE33676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205416, "uuid": "76b45971-8071-4221-9bed-65dbf225600e", "value": "3072:TcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dg5Gx0G:TcKoSsxzNDZLDZjlbR868O8KlVH3jeh+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205416, "uuid": "3ae940f1-02de-4821-a542-4b927cf5b7b8", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205416, "uuid": "7a8ee70d-2fe2-4b44-9732-ad0ffbbe35c3", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205416, "uuid": "a5cee6c0-2625-4ce0-a628-5cbed74c57d9", "value": "CLX602826945VP.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaa8e749-7ec5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643214905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214905, "uuid": "8214c20e-1f30-408e-a266-ed11ca6cfb6e", "comment": "Malware payload (SilentBuilder)", "value": "04540fe0ab292324c7e6f7a86250c993", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214905, "uuid": "b72819be-e89a-406c-8b8f-caa781b7e74a", "comment": "Malware payload (SilentBuilder)", "value": "654f3ecf5dcd0af511663f2f7e01dd8b943c3fb6a91c267a62e0f1797856c88c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214905, "uuid": "7a914617-a586-44c0-a73c-7001de2bd3e1", "comment": "Malware payload (SilentBuilder)", "value": "878b1abbc6c59ef4e67313973278a547b537d20d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214905, "uuid": "1a40a93c-6f81-4189-a215-99168a0406d3", "comment": "Malware payload (SilentBuilder)", "value": "143c192ba111528e86719208a6fd8843643ab7c920f7d2dff3697ccbff5c7e0f2d6561654f03c9d3d992d1c35195bbe5", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214905, "uuid": "be0ae90e-87a4-420f-a0f4-8fc8b69eda16", "value": "T104131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214905, "uuid": "8a76400c-e87e-4d45-b26f-588455185193", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214905, "uuid": "c871c20b-4453-4c7e-9ccf-217f783f4d4e", "value": 44557, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214905, "uuid": "3b3b65dd-80ce-489b-b33c-5e08c90d4198", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214905, "uuid": "9d417ce0-c6cd-47eb-8316-d4fa4ccfc1d0", "value": "tmpvfqyhm6d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "709acfe9-7e8d-11ec-9275-42010a9c0029", "comment": "Malware payload (IcedID)", "timestamp": 1643190648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190648, "uuid": "cb6375bb-94cb-4b97-9409-368f1fdde43f", "comment": "Malware payload (IcedID)", "value": "ea162dd06fd6e24cb6254f63537bf14d", "object_relation": "md5", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190648, "uuid": "f26557c2-f335-41b0-92f5-998f2db29240", "comment": "Malware payload (IcedID)", "value": "667443a0d8bd9497dc7df561f029b6a59367e177f39004200f1347fff2b22627", "object_relation": "sha256", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190648, "uuid": "afb1dd89-b2d0-4de1-b453-0fad469faf6f", "comment": "Malware payload (IcedID)", "value": "b1188998292a73c6290c806890e5166ee6911ddc", "object_relation": "sha1", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190648, "uuid": "00ae1295-c141-47cb-9f6a-d188017000ac", "comment": "Malware payload (IcedID)", "value": "6a8c33971cf37752a5ab5f7fdf5570d41d77f95cf866b6763de9a3dc9b470f9ec3f64c21fcfce938ce9f072de7c5b12e", "object_relation": "sha3-384", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190648, "uuid": "b7f9a34d-d89d-469b-8b3a-97c11b93f6d8", "value": "T135C302AFD520DC44D783283EC94A09FDF66C1716D4BBD08A6048B68A2A417DF5B0E7EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190648, "uuid": "c8ff2c60-875a-44c1-8a46-55cec58fc46a", "value": "3072:igF1LZQF483ux6KoT/jki1XCqRRAcQnEWzY24x:JdsrkmDRicQnE724x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643190648, "uuid": "f5c0faab-f70a-426c-aebc-832d4665de41", "value": 125734, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643190648, "uuid": "936a8870-9dc1-4ef9-8d5c-b8e18c8b722e", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190648, "uuid": "740de79c-5a14-4dda-b9cd-be289381e95b", "value": "document-812841813.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66f9bdd3-7ef2-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643234011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234011, "uuid": "d3b2f4d2-8bdb-4189-97ed-d36974bfd109", "comment": "Malware payload", "value": "3bc9eea7b8a946d9990e6a1a8a96b9e6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234011, "uuid": "99ff1a4d-decc-4122-9c56-cde7ead93187", "comment": "Malware payload", "value": "668a41ff77ec8a4f5b28e4d04d08645d7d97748caeeed8cd3df0da05b07fc390", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234011, "uuid": "534f14c3-f8d5-43b5-acdb-494f3ffc5633", "comment": "Malware payload", "value": "6f0e8ac79b9c4e9a9334b0baddbc986bd4738671", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643234011, "uuid": "f0022449-e2e2-4bb5-8f70-f7dc716c812c", "comment": "Malware payload", "value": "826a6ca0243a9b2c7153685deebf87d1e6c4302338c001ce73580508fe0894f946f7752477001aadf9b171ac0dd13c68", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234011, "uuid": "b335fdcc-509c-4a6e-b01e-b5ae0c6aacbd", "value": "T127B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234011, "uuid": "df9c5063-f9ad-4d4f-8ef4-d0c54c1e4df8", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234011, "uuid": "12251999-ac5d-4c17-96db-1401efddf722", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v84I9clB2SyI2ZJuu1OCPmF:h83YR/KMn/OJgRI0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643234011, "uuid": "bc4089c0-e04b-485d-aafe-dd676f08dd6b", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643234011, "uuid": "bbde556f-8f0e-4241-a8ce-ca758355adf4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643234011, "uuid": "4ed1b43b-1d48-49d1-9363-6258e95317cc", "value": "3bc9eea7b8a946d9990e6a1a8a96b9e6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b68d23c-7ece-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643218476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218476, "uuid": "ecd41ce8-5ba5-44d0-a305-f63a23d17c11", "comment": "Malware payload (Loki)", "value": "1108639e1402aa9817d054431b5b51e2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218476, "uuid": "6a68f076-4a12-49e6-be5d-cf6a1223e97e", "comment": "Malware payload (Loki)", "value": "669cbaf863c1884d819bf663114e4e2839d4c27a33cc4479df91b70c62fbbb6b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218476, "uuid": "01937e9c-7b57-4f03-9841-e88341d5b46d", "comment": "Malware payload (Loki)", "value": "b21956abaf054b5a51d7eedd1cff2f17fe0646c5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218476, "uuid": "e287e101-23d7-48a1-8f4f-737008581a94", "comment": "Malware payload (Loki)", "value": "066bbbd65a8d3f05c32d039b11b9f702a74dcf659b8aaea1ff8314763ecea25362941450a26919c7d19f1f76cd1d547e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218476, "uuid": "21c0231b-7225-4304-a555-4c341804ad3f", "value": "T13D34126A2CC8ED5FE59722F248770B71E2F696052AA003572F595FF6302206BAD173D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218476, "uuid": "3333b499-5b16-4586-beec-38b6e22f7a12", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218476, "uuid": "fc63331f-f391-4786-ae76-4d2badc08e3b", "value": "6144:owGx2gjqT/fQOOvzh61Xp7fxaObV59Bzy+95dPP:ak+qT/bOvzkXpxaObV59N9DP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218476, "uuid": "ae0d060d-3d70-4f82-8837-0e541a0d4058", "value": 243825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218476, "uuid": "22cb8831-02dc-4c66-b5c5-aa4ea018148d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218476, "uuid": "1e85d310-b59a-4177-9919-9c2fa76f9568", "value": "1108639e1402aa9817d054431b5b51e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5454bd34-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643203486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203486, "uuid": "686cfa73-f52d-4d5d-8769-9bcc3b5371ad", "comment": "Malware payload (Heodo)", "value": "f3d6daa38db5f48ac588d6a3f9f43592", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203486, "uuid": "e4c46d80-8d11-46ca-91ca-1e876f62d3e0", "comment": "Malware payload (Heodo)", "value": "66a7f8c3a35be7249a369e42b690c8d0a70bb001201f26919cf1cdfbe5116d47", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203486, "uuid": "070150b6-3ff1-42a8-bcec-8bdf135a9e5a", "comment": "Malware payload (Heodo)", "value": "e725e413f8e75ac79f670b351f2cfc3105a83a7f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203486, "uuid": "b05e3c35-a2ca-484d-8b31-cdd4b2854217", "comment": "Malware payload (Heodo)", "value": "e7b24acf2daf9a11e9487156eea742358055a6084e328aae19992a730624330d3787f4adb5ccee66b94d865f4bf7cfc8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203486, "uuid": "5848215a-37fd-430c-aefa-fffd42a1e739", "value": "T1B605F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203486, "uuid": "4012e376-4287-4f9e-b791-98bfea140958", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203486, "uuid": "d19bbc51-28ba-4827-b500-5b1ad86dbb3a", "value": "12288:aA9e3OrvpgqjtQFecq6dddifiHxoB3rNd9CDr:blrvpgqj2Fe/Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203486, "uuid": "a02a4f99-bb40-4ba7-936a-1f4f2475b8f4", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203486, "uuid": "54d2b84b-f999-472f-806d-d48173b3f0e9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203486, "uuid": "acf57104-a3ed-4aab-8fee-631c721e053a", "value": "BcKN.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84c273f1-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219888, "uuid": "407681ca-21d6-471f-ac06-78bef61d3dc4", "comment": "Malware payload (Heodo)", "value": "8edcb1de488af5e676143b0ccb3f6385", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219888, "uuid": "7df3f2d0-adb5-4796-94db-5c9a9f454173", "comment": "Malware payload (Heodo)", "value": "66d4baaddc93953477bc6329de5d200ee5cf1bbf5d9fd545c213389aeedff326", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219888, "uuid": "c7e5af8e-4cf5-4d83-a42b-fef296bfee37", "comment": "Malware payload (Heodo)", "value": "90b9dc3f8ca2a889a6d75324e2d7bd84587e6c59", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219888, "uuid": "a7aef6fa-8059-4fa1-a1e9-489591b90e1d", "comment": "Malware payload (Heodo)", "value": "f9be36360e9054f5fe00121d178927ccd18883d2a0c2afe813218ecbc82513068de71c9accb6799fe86b16bc185d6c33", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219888, "uuid": "97f24cf2-3c4f-443d-919b-fb36dea6b4e8", "value": "T160E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219888, "uuid": "30c38d6d-26f8-4324-b637-80c3341e6cfa", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219888, "uuid": "19cdd566-70eb-4703-b2b2-e789e442085e", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIeG0Bv1tgV:RpncLJZA2LwpJsNtZUWeG3Og", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219888, "uuid": "5d0209fa-f526-444f-9f0c-99cb1e247671", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219888, "uuid": "12a0dd8b-b0b3-4f1f-bce2-65645939f88e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219888, "uuid": "9ba0ed0e-b0aa-4049-9b30-8b40892cc41c", "value": "2xqVeoV1AsoF.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e11c5ca-7eba-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210052, "uuid": "201dcfc0-2eb1-4105-ba97-c6fff76b76d9", "comment": "Malware payload (SilentBuilder)", "value": "f3eb3239e8e1644d7a676ba0cfe67752", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210052, "uuid": "3606d18f-74f6-4312-aca4-664ef6cb8c74", "comment": "Malware payload (SilentBuilder)", "value": "6847b94c40fa6cf36cdf20d9226952b5dd0aa45a35d3f945c1170fc77ddd0fb1", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210052, "uuid": "a0ff5c61-11f9-4df0-bc58-9cdab80aa273", "comment": "Malware payload (SilentBuilder)", "value": "11fe314cea97745617cd828513eacd9f1c6dc8fe", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210052, "uuid": "a0ecc58d-4a21-4870-8b3c-5e5a453c8af8", "comment": "Malware payload (SilentBuilder)", "value": "d139f53d928fb61e8d0894c0f974ebb201e8c12fd9401d1adeb0981b39ea41db2d5197f6e7a7681cf0a88c562040c137", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210052, "uuid": "288a2f5e-6563-4602-9233-d608786299d2", "value": "T180131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210052, "uuid": "0bb26224-b36a-46ca-ad08-6d760401343f", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210052, "uuid": "b25223f1-63be-4962-b1b3-5b5ed53b83c0", "value": 44991, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210052, "uuid": "4f25a3ce-4bab-4948-8bed-8ddc3cb4a406", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210052, "uuid": "3101028f-4037-4c89-a338-4b55de4d2368", "value": "tmp00ydwgjc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50c28ea7-7e4b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643162248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162248, "uuid": "e3c6037d-3a90-462f-afac-c15c11583959", "comment": "Malware payload", "value": "aad34a9a444669f9aef24d78f5e987ba", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162248, "uuid": "c991e9bb-d4f0-46b5-abbf-3ef39c5fd2dc", "comment": "Malware payload", "value": "688f1437b273978587161e911158b678a460cb1b844d442b78b8be34f7d45d03", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162248, "uuid": "47bedeb0-154e-4d90-abf7-b4661ac2564b", "comment": "Malware payload", "value": "8138d34abf9fe0d23fabbfe219d305278ecac2e6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643162248, "uuid": "d7558392-f1ce-4d5e-9a37-454e00a9b7d7", "comment": "Malware payload", "value": "371a5322943c3402386863e8c5ef63747f8bf11a49127e010ef448e3271eb23cfb24acc9b598ce3691e756ecb91b1c0b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643162248, "uuid": "2d4dcbf1-b283-41a2-817c-97795cad91c2", "value": "T1D654C7AE9155DC32EFFA63F151E5CBB3C15B8430236849AFD7FD9072163CA989238582", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643162248, "uuid": "ae767c45-2b57-47e1-96c3-66b0c2a6c6ca", "value": "6144:cNU5LwA22222GgngDrDRVyYli/ci2tEGW78ODQiE2:x5w7YM/cYVV7E2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643162248, "uuid": "2bad9c0c-fbb5-48c0-b846-555ba56991cc", "value": 294436, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643162248, "uuid": "7ea51ba8-04bd-4106-a81b-011e62daa98c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643162248, "uuid": "398efed8-0845-43dc-8550-f9ad5f2e9c5f", "value": "emotet_exe_e5_688f1437b273978587161e911158b678a460cb1b844d442b78b8be34f7d45d03_2022-01-26__015723.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4006f854-7ec5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643214618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214618, "uuid": "7c14d9e0-9a7a-47af-9982-c02b65fb1f38", "comment": "Malware payload (Heodo)", "value": "a574ce65cdba6a753184c13d85234042", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214618, "uuid": "5d5d1b84-285d-43fb-9762-807f0740c251", "comment": "Malware payload (Heodo)", "value": "68cf5b7836b09e6a4c9fc0b523354015294ad029ce4283ccea1c727b6c80a161", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214618, "uuid": "4695adc5-12f1-4e84-9944-edd5d14d778f", "comment": "Malware payload (Heodo)", "value": "732f0cb9b2f75400ff5857fbd59c1c60771a6258", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214618, "uuid": "3a913cca-279f-433b-b01f-befa01cde780", "comment": "Malware payload (Heodo)", "value": "849d35547dc5a0a67b666bddd6ff6c7381c9f12ea1a85713a1543db96d64529ff58376b89f691600d486a660484431d4", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214618, "uuid": "1860511f-0779-4f83-8fcc-f1b18833762d", "value": "T1BEE3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214618, "uuid": "ada2fac1-7ff7-4f2b-afac-a289d842c831", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214618, "uuid": "2b08136a-ab1a-4f28-be07-2b9fafe767d0", "value": 146204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214618, "uuid": "1858cbd1-e620-4676-97ae-975f612c74dd", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214618, "uuid": "9e51c309-9192-4afe-af1d-83ad8cf99e37", "value": "SCAN_2601.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aeb64e24-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230266, "uuid": "f76f10c7-7e89-4c31-bf2d-f75aa4826a4e", "comment": "Malware payload", "value": "478f80c41a0db03c136f14b55dcbae09", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230266, "uuid": "afab76c5-8806-48cc-ba4e-86c9a9a8d9d8", "comment": "Malware payload", "value": "69c5fc62367d52eeb8e06df610527202554c51a9fc1dfa283fde17a1b4cbd74e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230266, "uuid": "02f046d4-c74c-461d-89c6-ea46bfc5e285", "comment": "Malware payload", "value": "0453cbd8568175ed329da77979690beda9d6146f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230266, "uuid": "d652dbe6-1be4-4992-b509-4ae8be659b40", "comment": "Malware payload", "value": "66e09a98fb2180cd52f98dfc45afaf35ab1cd878f3746e95688041af6d2c153c847ba6a3e19d3431ed049bba3d0b7b99", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230266, "uuid": "39798baf-a0c2-4703-8b39-8a1c2d923d2a", "value": "T1B1B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230266, "uuid": "c337ebcd-cca0-438d-b95d-a04636dfffc6", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230266, "uuid": "34c02ae1-21d4-47f7-b162-783a684408b2", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8y9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgr0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230266, "uuid": "3ec4487a-5be0-44ad-ae33-8019a161ccf5", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230266, "uuid": "b21b6232-7346-45be-ab0a-98a409fbe135", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230266, "uuid": "4766c4a3-ddff-4f18-96ae-ed0eccc00038", "value": "478f80c41a0db03c136f14b55dcbae09", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8a2d2b9-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "252e3c54-c1eb-4830-9437-63da990f0789", "comment": "Malware payload (Heodo)", "value": "a566218c5be51a617d84d0c7d7a4817a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "9bde00bc-e720-46cc-a7f3-f8e34a89f159", "comment": "Malware payload (Heodo)", "value": "69ec7ad6694517696dde537bf11eb549b6be086cfe530dc72f5b5118ec72e742", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "19c5b433-e1dd-4ab7-a71e-6ec80c036aee", "comment": "Malware payload (Heodo)", "value": "ac3b8efc7db97edbd1272190f70dd77db506ec14", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "d4d6c403-a6a0-48a7-b230-b00cec04def0", "comment": "Malware payload (Heodo)", "value": "0d825368be99d7672c79829e686fbbabf861c13209752fdc99334c53e8f181cbbb449e36ad4c81c5102c4844ca16d188", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "a4d7f9f7-eb75-41bd-a0ce-dd441aa252aa", "value": "T1D5D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "82e103e1-1389-4d67-9a50-34d7d04cbc0c", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "77bf8616-b8b5-49f5-891f-c1bf97327b51", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmsOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mms/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155577, "uuid": "3190bc3f-a6f2-45c4-a2f8-08f9e5d0c478", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155577, "uuid": "fe6445f4-1637-46ba-959a-6b316cd90e94", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "b7c83eb0-a767-4a77-bcce-4c300bfa7e62", "value": "emotet_exe_e5_69ec7ad6694517696dde537bf11eb549b6be086cfe530dc72f5b5118ec72e742_2022-01-26__000605.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b560eee5-7ec4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643214386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214386, "uuid": "044e6ce3-3b36-4513-93a4-0767f7b552da", "comment": "Malware payload", "value": "e525d0921271babfb67bf65e0d768bb0", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214386, "uuid": "8c1be7de-46b6-49bc-979e-5491d2e116f3", "comment": "Malware payload", "value": "6a531cc744b720dc6870de00878d844d31a78eebe6397ef2dc5e9c7b4d36343b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214386, "uuid": "9dd3560a-a123-43f8-b090-0755c3cb10bb", "comment": "Malware payload", "value": "8e8e99f9f9c58f8b6668841bd2195ffdcf30bc57", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214386, "uuid": "c1a0fb0d-91c3-405e-b62e-a23680712b18", "comment": "Malware payload", "value": "d365514080d2b7b3bd82a215b0519a9f9f76f676fb446c37e483211aed6f7a9b25b5ca30701a9e32cd2c139132b5c607", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214386, "uuid": "63af305a-0397-4cbd-aa68-54c5154d1e89", "value": "T136537D9E1B48695ECEB102BE5C238D7BD0E77429C7A05EEC13B53CF232522676D22949", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214386, "uuid": "147a52ec-3e1b-4e9c-8ef0-033ef3d42e44", "value": "1536:r71i0jcM7IQn1uQd3LcJQ9sWyfygV3EMzHA:b7NnXD9lY3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214386, "uuid": "6c7d930b-1b64-4c5d-95af-5fec8a04c4c0", "value": 64081, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214386, "uuid": "923f440a-5d05-4a6e-9652-042536af4d59", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214386, "uuid": "b520d1e6-1c5f-4b17-933a-8117970504f8", "value": "tmp1q3g31um", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6b38af1-7eb7-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643208831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208831, "uuid": "d3623365-ccb1-4503-960c-09630f8aa822", "comment": "Malware payload (Formbook)", "value": "1801ae11b1a9a4a0df775a4199cb66db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208831, "uuid": "472b0809-29bc-418c-a6c8-5794d305d197", "comment": "Malware payload (Formbook)", "value": "6a6963119089589ccf2549a56252f54cb62b516da7475219fab2c294e655e425", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208831, "uuid": "f64a9094-4154-4e80-8c8c-398e8522e5bb", "comment": "Malware payload (Formbook)", "value": "f5c6bba08809c42097b0ca24b161aed7e1e8d1ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208831, "uuid": "300a0de9-c59b-4a88-b720-3c553cf46a8a", "comment": "Malware payload (Formbook)", "value": "5b1441410147f44d4e36fbe9e73617829187cfa8642e73ec56b3302b451dcb099457f6ba275da20d901ee4fd5e77630c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208831, "uuid": "a49fc1d1-5c21-4118-9570-cd085d21e39c", "value": "T1A4359C087794C3E2C4ADD6B7F46D213447B92FAE653A999C28CA71C9CFF7B205450A0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208831, "uuid": "cf585f0b-d499-487f-b906-4c50a1a2c7c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208831, "uuid": "e281282a-d921-4ecb-973b-400170ad71d0", "value": "12288:MXOA3VMC8Weh/HoTctrxgxucHGUXw4FysQdQP+U2NXq:MXOAFMC8zPXgxuoyscW+J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208831, "uuid": "9fdd4b49-c97b-4abb-b171-1795a9ec15d2", "value": 1102336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208831, "uuid": "0e3515c9-d801-49b5-84ba-5878701e277b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208831, "uuid": "feb43aea-e5c6-4163-a4c5-6ff14395f4ee", "value": "list+pictures pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9a00e9c-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643198072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198072, "uuid": "bdd92b17-16b8-49cd-a77f-41fc63ff6582", "comment": "Malware payload (Gafgyt)", "value": "6e9d65df1fcb30fdf436348c7baefdf6", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198072, "uuid": "d217d126-08d7-469b-a7d4-7e3db3a283bb", "comment": "Malware payload (Gafgyt)", "value": "6adebbf9ed3c5bbe54903757b3046bceb56319c694e8c1f1f36fbc88bd0ac838", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198072, "uuid": "b2ab4c6f-295c-4f72-af82-dd4af3dce42a", "comment": "Malware payload (Gafgyt)", "value": "5753648d2f74952958025b3a053bf1453e530c35", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198072, "uuid": "a55a9d81-7f77-4983-9b99-ba9da894c18d", "comment": "Malware payload (Gafgyt)", "value": "d0bc38be2cdd4c689f8709314f7694beefafce4d9f884912120cac0a16b9225f2f99e0802b653fc8a1c0b58eb09e6690", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198072, "uuid": "ea711bcd-01e8-4c81-9e18-8ecfb4e6f96f", "value": "T189E3A51AB7619FB3D81ECE3706AA4601108DE55A02ED6F6FB6B4C51CE78B84F08E3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198072, "uuid": "6dcdc44b-4087-4341-910d-4dfa71776e8b", "value": "3072:C2ttgUm6Oq+lozx5hdCNzhsURxuZq+1uPNd5R:C2ttgxq++zx5hdC8URxuZq+1uPNd5R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643198072, "uuid": "fe3d5907-615b-4b64-a34e-17fcd1c900fa", "value": 154480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643198072, "uuid": "4531c076-860f-40ad-a1c4-bee803e582b8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198072, "uuid": "4279db83-5b1f-4ae8-96ab-abf5d27854d1", "value": "assailant.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cadfa42-7e8f-11ec-9275-42010a9c0029", "comment": "Malware payload (Gozi)", "timestamp": 1643191393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191393, "uuid": "dd4b3783-d520-496c-b892-827916eb6e9c", "comment": "Malware payload (Gozi)", "value": "493b51ed7bec3ec4276ab135d1cf4f2f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191393, "uuid": "801512bc-6660-4184-a223-d807af912ccd", "comment": "Malware payload (Gozi)", "value": "6b83a298add6e7e641b812f7c1b64742a8893a5612a0a1aaf86862e1d8c1c3bf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191393, "uuid": "194e2bc6-4569-421d-9e69-89f09c3abd91", "comment": "Malware payload (Gozi)", "value": "78e028e5218e22eb055135e29cfb00e8e8633a84", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191393, "uuid": "4b2a143d-7d12-4472-85d7-005dcadbd15b", "comment": "Malware payload (Gozi)", "value": "9513a27d6b1d719d27fa926b87fbff1225857b3fd79509b33e3c4d82d891c79fd8ef40d1965a11d9ea48f3d5c55b50c4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191393, "uuid": "5b6e2863-80c3-408d-acba-cfdce9f2ca36", "value": "T1F5138D5277E100F2C7B149706614FBB9A3FA4770627091919B67AACE2F74C63E93C20B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191393, "uuid": "d9d44dc4-f61c-40f5-b130-32bab37291f5", "value": "768:nvzrV7OnN1mH9tVsnhnBHAqCl5EhKza3u6JBJqV30ciNjOwzce10W:nvz57o1ytyhnBQl5Eb1JBJqV30fjOwzt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191393, "uuid": "2afec0bb-f765-48d7-aead-004e94d285ca", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191393, "uuid": "8bbf2c86-7ea2-46ef-b63b-a097badb9899", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191393, "uuid": "fc4d4ac5-7e1c-4453-b3aa-7e5138676965", "value": "4f20000.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff196d91-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "e60ea2b8-7edf-421f-8e60-be1d11da2d8c", "comment": "Malware payload", "value": "f2822fcd863110c5656a7b0dfc66b31a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "d1df811a-fa79-4e0f-9708-0841e8ed3b44", "comment": "Malware payload", "value": "6c2c564f3374685ccd801c1dda8c91c5870bd207f64c003f423c9bcd7c57802c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "6e1d2bf9-4f65-4ae3-adc6-0a2294d89d96", "comment": "Malware payload", "value": "6a5626fe254ca661ab3c532f6dbd66f054981809", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "b3bfa82d-272a-4076-b571-fb95eec56176", "comment": "Malware payload", "value": "d274237b2bdec33098ed5a6b318407eb230177cb44d1380036b89dfa64fb5d2657e8985025954e750b6a870c59d0fea2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "011578bd-56d4-48ed-8bbd-83071f13f512", "value": "T1A2B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "1f3064b4-15b4-48b6-8a0c-7e032721fa2a", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "707f7186-c6ff-4e53-8a5c-4ba95ecdf0a5", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8e9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgn0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224817, "uuid": "1c42f124-9932-4653-98b6-1a3ab6bfc295", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224817, "uuid": "4a3ee0cb-1394-4731-86c4-f2ec55c1e09f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "5e361e28-4458-4de0-922f-15fa8ac4dddd", "value": "emotet_exe_e4_6c2c564f3374685ccd801c1dda8c91c5870bd207f64c003f423c9bcd7c57802c_2022-01-26__192008.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11a0bed8-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193495, "uuid": "8416cdb7-e5a2-48ff-bb24-caf5636e63d6", "comment": "Malware payload (Mirai)", "value": "24afd3db5a1e7cf3edab232d3e63f180", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193495, "uuid": "5042cfdf-fec8-426e-a2ae-117016e741ff", "comment": "Malware payload (Mirai)", "value": "6c39b54bb6990c1a7d49dc99aa7fa8b2322ac06afb6b3ffd89e4e6c5970cb953", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193495, "uuid": "8c85c37f-1411-4ab8-b43e-d1722347e002", "comment": "Malware payload (Mirai)", "value": "e8fad88b06b75fb6c632e1ceba91da92fb8e9ad0", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193495, "uuid": "ce4ac841-abf1-4888-a8b4-e19ffc20808c", "comment": "Malware payload (Mirai)", "value": "3a4ded14beeced5ca1d7dfbcb736e0502d8b09666e60f40f74da69bc60eaf425891d1aa4f87741e883d3fbfc84a58d8b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193495, "uuid": "7caf16dd-610f-4669-8a44-857647f8f198", "value": "T1F9A34A82A740D5B3D1A306F6129B8B150133FB3F4A6B9EA6F35D3CF48B109C57221B99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193495, "uuid": "d48f1d0e-bc6e-4720-afe8-5669021bea33", "value": "3072:dUICodUWUh917j8mc2deiPUDAZURyPfj5hVT5vxinf0OzTyoQQub:tdRu917j8mc2H5Z5Pr5h1Vxinf0OzTyv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193495, "uuid": "872e9a23-8f9a-474c-a9c7-61f8ef7e6649", "value": 99709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193495, "uuid": "d55a851a-a6d0-4896-83df-d3f7259e786b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193495, "uuid": "e3bcdab4-5437-4d4d-972c-d60d8e386a4b", "value": "assailant.i586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4f63039-7e7d-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643183998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183998, "uuid": "e97b12f7-0185-47ae-b68f-4504dcbdb145", "comment": "Malware payload", "value": "8a4f7794001fbe25ab1820e9a66db1da", "object_relation": "md5", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183998, "uuid": "b4616fcc-6a33-49b0-a185-4773528a1db3", "comment": "Malware payload", "value": "6cbb94dab89d523749b578de2590ad064049c0574476f553df9ffcf9d13ddf51", "object_relation": "sha256", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183998, "uuid": "189385cd-e23b-4571-a0c8-c6a2f363717c", "comment": "Malware payload", "value": "fd1e5582b21480d6d19b247fe71f96d500314038", "object_relation": "sha1", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183998, "uuid": "143b4345-aa7c-41e5-99b2-eb1fc5e4624d", "comment": "Malware payload", "value": "e553fdb1136e6fd94f318caef3f6b78d6df36daf74bacf75772b7a29690f3b87df174092d81449f32621468fa49f5bd6", "object_relation": "sha3-384", "Tag": [ { "name": "192-99-190-34", "colour": "#1B18BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183998, "uuid": "3cd10c44-9206-4de0-9b08-07c36b2dd1b3", "value": "T1D27413727278A68CE0D017B71267FBF947FEB662F9295B5D54843A0907F6F8080217A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183998, "uuid": "32dbdee4-762c-4305-a911-9d4117ea9bf1", "value": "384:4JjfZfofBKUXYsAfsa6t1hnsP6U6qHsZ6e1P6g7TIbbvBuZW14:Fqsa6t1hnsP6U6qHsZ6e1P6g3x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643183998, "uuid": "9f397953-4403-4929-af8c-c4aa28f1340e", "value": 338850, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643183998, "uuid": "f0f776d9-4d12-4f4f-93c9-b5cdfc3d04a3", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183998, "uuid": "caa56452-98cd-4f93-80a5-a0406e9a1d76", "value": "NJRATCASA22.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aaa09cfe-7ed4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643221240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221240, "uuid": "223d5ae2-d54c-43d2-8e91-af41fb68cb15", "comment": "Malware payload (Heodo)", "value": "d35e3bf6db89281207a0b9e4b3dd9190", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221240, "uuid": "b5552096-e5f6-431e-b038-2a4c3e8f7060", "comment": "Malware payload (Heodo)", "value": "6d0b80c6cff2afd2748a69c70d4cb71131e095bbef2419555ec2a640edbbc521", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221240, "uuid": "a638c010-118c-48c7-9813-93293b5ab8e8", "comment": "Malware payload (Heodo)", "value": "258d48f0ce09255cf010c1382682e37366f18d78", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221240, "uuid": "77d13b30-ea09-406d-9c1f-469c80056c5f", "comment": "Malware payload (Heodo)", "value": "0de62d966d90b2b58031b1918250bab2c8d190ca73737f0532525f08865aad6b94e50c0321d2c05c763ce7d84674158a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221240, "uuid": "0c2b3842-4e63-423a-84fb-f7390578fd18", "value": "T123131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221240, "uuid": "d089ae7f-8a9a-49eb-a7a8-6981d69c27e2", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221240, "uuid": "20f95f2e-1d7e-4643-8f56-60d2b20806f2", "value": 45010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221240, "uuid": "baecbf53-0c8e-4740-ab30-5dfa5987da27", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221240, "uuid": "e8eaf71e-d9d3-4f45-9128-4377832a887a", "value": "LLC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71766e18-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155431, "uuid": "e5b2db9c-cd50-4211-a0a8-3fdc30e74a00", "comment": "Malware payload (Heodo)", "value": "429f851befd0f0009692f486a8929442", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155431, "uuid": "f947ba5a-f457-494c-a91b-6e3ed5188a17", "comment": "Malware payload (Heodo)", "value": "6d2e644e4bac70cf4ed191d1bf56f3fcfdabfffeca94887791751b9f5d502674", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155431, "uuid": "b3299eb4-9929-4214-8d61-2f45068b8be1", "comment": "Malware payload (Heodo)", "value": "9c122711050a6e243ae1bb348371b04837ddfbff", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155431, "uuid": "af8c5255-c995-44a0-8462-01523d32f0d6", "comment": "Malware payload (Heodo)", "value": "b0365b3236504ccd42ef03ca18c8ef83f5d5bbcbc803958a6d819830ad8a07e7a6eefa2b481b076b8fa5c8ab2138674c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155431, "uuid": "dd4a9592-d270-4401-ab68-593ecfb69264", "value": "T1B1E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155431, "uuid": "2d6f09ca-e32c-426f-abb6-686b2a848703", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155431, "uuid": "8db604b2-01f2-47df-9655-e5213bccc87f", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lVNACHKm2tkJV8u:o87vGJzomxhwDbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155431, "uuid": "cc6ecb35-7e60-4cab-b1a5-e34ce004098c", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155431, "uuid": "d93a1090-6cfa-4cda-920b-db45a38b5f36", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155431, "uuid": "4dcc114e-99e8-4892-8454-ec8290f39927", "value": "emotet_exe_e4_6d2e644e4bac70cf4ed191d1bf56f3fcfdabfffeca94887791751b9f5d502674_2022-01-26__000332.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78890130-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643207841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207841, "uuid": "5c96afc3-db23-4acc-88f0-585f12c868f6", "comment": "Malware payload (SilentBuilder)", "value": "6c6672677b8f88d5e78093d325ed5ce2", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207841, "uuid": "313f1dbf-539b-4ca9-ae03-52bb2f8ed234", "comment": "Malware payload (SilentBuilder)", "value": "6d6ce40dcdc7d78d5c81730303c3453f00337bf63dc89461c6ada9e72351483f", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207841, "uuid": "5f5ac596-96e9-4c23-957a-6327539dece9", "comment": "Malware payload (SilentBuilder)", "value": "2394e246381261f976850cc79bac9d18e5a040b7", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207841, "uuid": "a086143a-7474-4d37-b2b5-c7336d89a1b1", "comment": "Malware payload (SilentBuilder)", "value": "d75f97b7eebac3515bf315b642169fc907c0d545583d768979e902455a560a20155ea585d156874f90f1e9262cc8b9ab", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207841, "uuid": "4eb444d8-9887-4b0d-852a-ab1691cb95cf", "value": "T125131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207841, "uuid": "81371202-238f-4a42-b358-ad0872458dab", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207841, "uuid": "0c94748b-b6ef-4840-b82a-7fa8797894d0", "value": 45339, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207841, "uuid": "dc646cd8-022a-41ee-b889-787f7d7a3619", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207841, "uuid": "8393e0b2-da90-4a70-8a0f-1f680c8fba30", "value": "tmpy_eegif2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41148f41-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "d98fb4a1-815a-49d0-8dcb-e2d0768df7a4", "comment": "Malware payload", "value": "f7f307acf61b173c6d9069afb803813b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "1dc9beb6-cd85-4722-aa98-aadc7888296c", "comment": "Malware payload", "value": "6db89914f6e34b91a37926504f64bf743eb8a73da8028b9453462b3728980b98", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "7b4e37cf-60c8-4714-935f-c7212c513122", "comment": "Malware payload", "value": "3c49045464a2310827636f2e569b5178aa9cb430", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "4fb32332-5fe5-4d33-8c82-f635e657c8a3", "comment": "Malware payload", "value": "b07c10b6612c89b28af11214c9d52d50117f04b7780cbed974e52b230bd7d717e3dfc0897aa4dcae30275ce1b846edb6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "e9b8103d-393c-4f9e-862e-dfd2ac198f3a", "value": "T1EAB46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "33dcade5-0a22-4d62-a09c-20ff73000e0e", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "0eba3979-6f11-405e-a022-ec02567aeda1", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdyUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQTcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232230, "uuid": "e5765189-e6de-49de-bf7f-623d8324403d", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232230, "uuid": "5b8436ef-f1cf-46db-8875-8b8edd62402d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "b3fb542b-b6d7-4b74-9409-5620ba929534", "value": "emotet_exe_e5_6db89914f6e34b91a37926504f64bf743eb8a73da8028b9453462b3728980b98_2022-01-26__212334.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b73bcf35-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177023, "uuid": "6c74a21d-816d-4803-9791-3f4ab71c536b", "comment": "Malware payload (Heodo)", "value": "95f0d687115859200edccf7012625003", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177023, "uuid": "982aa447-259f-46a8-8bdc-b8c41126fd80", "comment": "Malware payload (Heodo)", "value": "6dcad63317b786e713cf820d00575eac4cc43718a91192c80af0a133838c8c80", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177023, "uuid": "0845691d-8a46-4788-adec-68764f9d2184", "comment": "Malware payload (Heodo)", "value": "dabfa2369123baebf279389c96845a185e645f76", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177023, "uuid": "d3194210-6b70-4d1b-882c-03f791b8a3c1", "comment": "Malware payload (Heodo)", "value": "7b6056415bf25dd543e8725427c5c6cd53d96e674531c69962937a664554ce16b0d98ffe77fd06a57cee54245236c0bb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177023, "uuid": "88478a61-348d-4459-b888-abb437ca94ff", "value": "T165E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177023, "uuid": "f0c81fb3-58bd-41bb-8251-e6a78a11ad84", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177023, "uuid": "bb209803-6f2a-464f-a02e-a13e8fecc949", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lxNACHKm2tkJV8u:o87vGJzomxhwfbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177023, "uuid": "329cb533-5cfb-4480-8c26-b94caba5be4c", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177023, "uuid": "bf6c544d-0a00-4cd2-a04b-aad69946b6d6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177023, "uuid": "98a92573-908a-4e98-88c4-d309cf2bdc99", "value": "emotet_list_ioc_cronupTue_Jan_25_11:47:14_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4b18b50-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643221740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221740, "uuid": "4ee92534-ced7-4e83-aee2-76d3384c332a", "comment": "Malware payload", "value": "a13e3ac8ebffbbebd599b5459a526af1", "object_relation": "md5", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "TA571", "colour": "#E157F1", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221740, "uuid": "a1704bb0-8875-459c-8511-57e6043a127a", "comment": "Malware payload", "value": "6e4021f7f0cc57e8063785df44aaaeaa80d47aaad6e668c81b4217c5fb080562", "object_relation": "sha256", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "TA571", "colour": "#E157F1", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221740, "uuid": "aa61e530-e666-43bf-9bce-564c803172b2", "comment": "Malware payload", "value": "c2cb460d5d4d9c87648cb3b3b49b19ded6a1cd7f", "object_relation": "sha1", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "TA571", "colour": "#E157F1", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221740, "uuid": "0baadc49-272a-41de-bb95-b5811e79d96d", "comment": "Malware payload", "value": "6d213f83a3245d53bb284359fa81d4de614b60b621e4f6e7549d1edddc728ffa8295453f94f404975dc6e96c076a0ec4", "object_relation": "sha3-384", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "TA571", "colour": "#E157F1", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221740, "uuid": "88954260-17af-421e-b2d3-4ec15377eae1", "value": "T1E556F2D0129C8068E561E93A67CF5257EBF73F9DE18CDF6616B09E161AC74D0F02A0E8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221740, "uuid": "5ba92053-cdbd-4b60-8d2d-9ec382999608", "value": "ab5337c34ac36f53d5ed978e9a42f919", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221740, "uuid": "eb0dd0a4-7a1e-4694-95e4-00b26bd760b1", "value": "24576:Fy6A8UiIdoyDMa1cCx+RrFutTPdp8I7ItsuMHWnpNjggtc3xXWVENBtd0gvYmy4Z:0CUrJ0wVxffW8WhKusFKvpWVC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221740, "uuid": "821fb40f-ef9e-4f20-a42e-2872e4732f72", "value": 6157312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221740, "uuid": "f5fe42ce-80a1-4c53-8165-b84f3626c8e0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221740, "uuid": "e250a322-348e-417e-ab9a-e0b719e439c9", "value": "information[2022.01.26_15-59].xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f791a3fc-7ea0-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643199035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199035, "uuid": "55ad0228-6cad-4e09-83ec-c94e1683e8de", "comment": "Malware payload (RedLineStealer)", "value": "6233d8b9604bf1c3997feff9618f8109", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199035, "uuid": "5b9de7b9-a9ae-4b13-801c-c234513444a8", "comment": "Malware payload (RedLineStealer)", "value": "6e9b7fb1fffe85b5bc6b20d031c3b48f5964d504b4e37df2624e5982c5ba3875", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199035, "uuid": "175a3ec0-5075-45d6-94a9-163f4844a540", "comment": "Malware payload (RedLineStealer)", "value": "0a17264ead7a0b8727cc69f5f2991357a23b9a17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199035, "uuid": "fdf8bbc0-4f27-41ad-8d2a-c252820d63f2", "comment": "Malware payload (RedLineStealer)", "value": "0f0316417190d73a81d6db2e657595c633a7814f2b21ec77f6949551669b18b8ce674373296457bc4127bc0497d0cd89", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199035, "uuid": "04193546-8e2b-4ea3-9a95-df199f0f3ac7", "value": "T1CAA4BE00BBA1C035F6B712F84979936CA53E7AA25B2451CB63D12BEE57346E1EC3131B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199035, "uuid": "2a45b5e2-844a-465b-8a67-4467e8fb90af", "value": "4bcde812b040ca4f517d950272a8fa16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199035, "uuid": "2594f6e2-603b-440f-9553-091224b497f3", "value": "12288:P4wXQ2t/cypBwNZyeyUEPpgVKQD8tixwiuuTQjV+F:Q1poBwN4RzRgVpQ4xkum+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199035, "uuid": "6b850909-54a4-40c2-ac78-c517dc149b32", "value": 455168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199035, "uuid": "76385d3f-e689-49e5-8e2e-610d3987bcd1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199035, "uuid": "1b08e62e-e7e7-4f2e-be66-dbc92cbac302", "value": "6233d8b9604bf1c3997feff9618f8109.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b059407-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206933, "uuid": "d5bbec48-1e1f-4c61-bc23-d64c9bc4bbe6", "comment": "Malware payload (Heodo)", "value": "7340f7e53d49fcb7ee284282f1ff0e2f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206933, "uuid": "3be256f2-0f53-40cc-9521-eda696d1c89b", "comment": "Malware payload (Heodo)", "value": "6ea554c55f095b2e1290ddf9c69216fa634359f0dea3b323feeaf6ddb8b92e10", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206933, "uuid": "63ab18cc-e4af-4c19-8593-c47dc395677e", "comment": "Malware payload (Heodo)", "value": "94eab2f46de89d64897fe4ed36752517d4b29ebc", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206933, "uuid": "b742adbd-32e0-42ea-8928-d67622fcddb6", "comment": "Malware payload (Heodo)", "value": "3dd2e48534aa24440b015ea7cf5d33a3a4738c733360990426201d5e889465514585249a4bcc120cf7e99e63bd23328b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206933, "uuid": "cd1d65cc-54ed-46b9-adc5-dfabc30e8a81", "value": "T116D36B66A5C5E9CAC70523350ADA8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206933, "uuid": "b6da7bc5-9743-49ab-b662-a9f1cb0fada6", "value": "3072:UcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0p:UcKoSsxzNDZLDZjlbR868O8KlVH3jehm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206933, "uuid": "35d7bc66-3c25-43bf-a8ca-ccbcf2b52024", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206933, "uuid": "21d66fee-724d-48bd-8967-55e9edcf173a", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206933, "uuid": "d098c374-6504-4ec1-8bac-54db049caf89", "value": "Contact.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e44987a4-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177098, "uuid": "7f2534f0-a267-46d6-94d6-a77f29d8eb80", "comment": "Malware payload (Heodo)", "value": "963fa716e4294d8af9552048aa5b3ac1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177098, "uuid": "b7a2e20e-e3b6-4be6-81c7-be2ca66d28b9", "comment": "Malware payload (Heodo)", "value": "6ec0e4228732dacd563fb79f52276ae39ee0bbce910a5ed6d207a775007ba2ce", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177098, "uuid": "8743dc0f-ae4f-47b3-be0b-ba20ed083ec0", "comment": "Malware payload (Heodo)", "value": "454027c81c699b96099534c58de3bf15d1202ae9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177098, "uuid": "81654953-5b47-47e6-aba8-e5b9067ad314", "comment": "Malware payload (Heodo)", "value": "66e8045ebfae1acbea855229d1db5d37a41ac860e056c8237f5323b3cb02054856d611e8ff4c477da4df293c4184f515", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177098, "uuid": "f2ff4215-6c1f-404d-ba75-49a085cd2f2d", "value": "T140E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177098, "uuid": "553cbab4-54f4-4ab5-8d66-37ec85039025", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177098, "uuid": "defeeeda-1749-4b0d-909d-3f02969a6b1d", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lbNACHKm2tkJV8u:o87vGJzomxhwRbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177098, "uuid": "1963d9c3-d664-4f63-a2ae-925dd0c47121", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177098, "uuid": "13496690-2fcd-4f2d-97d2-a83ebd84363b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177098, "uuid": "8b097256-b3e8-45be-89e4-33eb1b2d9401", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:35_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3769dc3-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643207135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207135, "uuid": "b0c2eafb-fbb4-458f-b73b-36b80a0035ab", "comment": "Malware payload (AgentTesla)", "value": "0eb6cd7e4d2c5d6b318057020beda4bb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207135, "uuid": "851fcc92-8746-44bf-a837-dca2adcfe6f9", "comment": "Malware payload (AgentTesla)", "value": "6ecc1b1f51c280db6475a250b8b2b3ce99b93eac60431cd0a759b296c902ccc8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207135, "uuid": "69666803-6d8e-41b8-ba43-4ccf62ef327e", "comment": "Malware payload (AgentTesla)", "value": "3421e84f05767d73a400ec0400a785ff38c8cc4a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207135, "uuid": "8c834a90-fd33-4e50-8e96-250c7cc2bf8e", "comment": "Malware payload (AgentTesla)", "value": "4cd95d9dbfaf4f0b6ff3a7807434d848e38296ae73be5daf68f76dc87f5c68f740d6e5fafb4b20424dbab76c5bb97f38", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207135, "uuid": "58001d0c-4de6-4fe7-a75e-29016b59b72c", "value": "T14C05D01932E08134D38D687998A07A406B33F15F78D3F974EEE2DA497BB9BC46610973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207135, "uuid": "2eb1b456-3896-4964-a6bf-32b92a5fdd89", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207135, "uuid": "6cb9221b-297e-466d-88e7-0c91d67fd19c", "value": "24576:qXFCV7w4rHyoTI33bMmMswTmlKtL4jsXjV:q1hl3bMlJVsgz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207135, "uuid": "230829f2-b3fd-4239-9fe2-d1604c61f447", "value": 841728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207135, "uuid": "fc07d147-8f9f-4542-88a8-c9f9ccee3b7b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207135, "uuid": "f8ca0b29-a191-4b45-9d25-538e37dff0cf", "value": "updated statement.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f0e4a36-7eb2-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643206617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206617, "uuid": "d427763b-759d-4196-a304-f03fedc07b5c", "comment": "Malware payload (Formbook)", "value": "9f262c6d365ac4bc1b8785009bbe1368", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206617, "uuid": "64b0ba6a-d851-43d0-a163-446945c17a1b", "comment": "Malware payload (Formbook)", "value": "6ee894977bb2a47f9fff347a6e29942065c1058a3a0dfd924884af1c3320d569", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206617, "uuid": "6ba6c99a-861c-4bec-aca2-f15e5a2446be", "comment": "Malware payload (Formbook)", "value": "81a240b1cc12340d0d003af33bf6e4a1c93154fe", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206617, "uuid": "8535f52b-a2d9-425d-91b0-5af921dce43a", "comment": "Malware payload (Formbook)", "value": "738a9c39e4d60104bf285d88d11059e1a293e586a1a887a9a668f72e8922867e90d68bc8841db1d75bafaf2d3275d8c9", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206617, "uuid": "7a9bf562-f3c7-4ff6-a1a5-a076fa5cd040", "value": "T18F821974F2E4CC91CA8FD5D4432FBA162971F99946C698D5E3ACFA708B802DB072F914", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206617, "uuid": "e757196b-5f40-4abb-bf62-afa820346625", "value": "192:7sxgsIxOUbasBmfzQLjJZ3HU1jSFElm+Bs2MGqx+wdz0/CZ0pcpmUHlvAo6Iz5PR:7sas1UmfzQXJ90lllpBsq3Jglv91+ED", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206617, "uuid": "12bb6676-ab9b-45b3-84d4-6572c30f8e41", "value": 18359, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206617, "uuid": "34fdc9cb-01d8-47f9-b8e6-342196208d36", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206617, "uuid": "e3cd706a-904f-4d91-8a73-bd5e1ca7f8d4", "value": "20589634.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22bca067-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643205979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205979, "uuid": "83986b9f-6e8d-4bf7-9d63-94a0c64352d2", "comment": "Malware payload (Heodo)", "value": "4d0606fbfb12626088a01485493a50d8", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205979, "uuid": "9508e0da-b70e-4656-a37b-ce0ff161b1f4", "comment": "Malware payload (Heodo)", "value": "6f10913ed31317f610254ed9dd156444a13e0cf564764b1e07cb88fa86eaedc3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205979, "uuid": "d9e44bc3-1b07-4c74-94cc-7ac9fb66b6a8", "comment": "Malware payload (Heodo)", "value": "70b5fbf1b4dbfbef7654f5d33f29799f4f97310d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205979, "uuid": "efa76eec-f581-4a3d-ae73-ff81a2913ffc", "comment": "Malware payload (Heodo)", "value": "2251ff5622a0e526266fa0d117f2a473f8409c17a58d01ce122cc2c2e98d742d4f1dd46ec69632f128d0197353f6d646", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205979, "uuid": "857aaafa-e133-4286-adba-945f1df85a1f", "value": "T1E7D36B66B5C5E9CAC70523350A9A8BEA23676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205979, "uuid": "b746a380-7503-4993-8067-3f16291fece2", "value": "3072:ocKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx00:ocKoSsxzNDZLDZjlbR868O8KlVH3jehj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205979, "uuid": "2e4898b1-2643-47ac-8cff-07feb9d8c186", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205979, "uuid": "73673aa5-f935-44ed-abe8-cc1faba1bd8b", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205979, "uuid": "1615fac0-7d7d-4a8d-9e2d-b1da34a61f38", "value": "tmpi1q8oynk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "734a8dd2-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155434, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155434, "uuid": "be2a48cc-2942-4490-837e-1c4c55ce37cd", "comment": "Malware payload (Heodo)", "value": "f3bc85e03358d917e2374d632d10dd88", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155434, "uuid": "c9eb2355-c723-4e25-9632-afc650139827", "comment": "Malware payload (Heodo)", "value": "6f340f4702bb1323cb2f3d244120973c736b1d411ce31d0e6ab6a12c71d52a01", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155434, "uuid": "6edae825-51bb-4ecd-a3b3-e81327c49afe", "comment": "Malware payload (Heodo)", "value": "fbd3a5996b545b4f871dd7688c26cc4792fa7d49", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155434, "uuid": "8d82a2b0-d3bc-4294-9e73-bb0b10af2336", "comment": "Malware payload (Heodo)", "value": "280baa35ecdd8a57f5d405874d374ca55e6ea419977a70b12b278a5dc9bd1d52aad0fb93633618a3fb4cb85298402c3d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155434, "uuid": "b399ac45-796e-4902-a5ff-d33482ce31ec", "value": "T11AE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155434, "uuid": "2903bd82-9056-48fe-8b71-d7a1f4ad8568", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155434, "uuid": "442d7ced-29ba-42ab-a0ad-b986f4c045ae", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lFNACHKm2tkJV8u:o87vGJzomxhwzbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155434, "uuid": "93c805d4-9fac-498b-9c2c-ff3993fd53e8", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155434, "uuid": "e6f55dc8-073a-4b13-ac3d-6570acda475a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155434, "uuid": "2d933eee-0333-4934-b566-a9b0d65c1047", "value": "emotet_exe_e4_6f340f4702bb1323cb2f3d244120973c736b1d411ce31d0e6ab6a12c71d52a01_2022-01-26__000332.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae5f5e6e-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225541, "uuid": "d8cb8b31-2b5a-4273-a7d7-8b831c10730f", "comment": "Malware payload", "value": "7d75ae684e23257ebe4df552ace0c483", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225541, "uuid": "0502458e-5ab6-4a1a-9501-71437b712c33", "comment": "Malware payload", "value": "6f3b4589b7984278a5a548d61d1230cde77f1bbad84ee4c6939b6e96a14adb19", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225541, "uuid": "5d429425-69b4-4f06-a018-620fa2dc1b3e", "comment": "Malware payload", "value": "ba23fb4a99f9121001a6ddf5edd87e66d5195426", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225541, "uuid": "50b88e1b-36a8-46a8-8145-a7d8076d19a1", "comment": "Malware payload", "value": "c6e3335c4b35cfeea4934df249601e9a3774107e8c905f853557284d27a615724c426d8dc14a62618fc4fb172554c412", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225541, "uuid": "adec4da7-7b96-4104-b270-2b8ecd3d7abe", "value": "T117131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225541, "uuid": "f29dd6dd-a3c2-4ef1-8e3c-879baaa84b8b", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225541, "uuid": "72731f3e-9b46-40af-bc59-279e6dc11027", "value": 45472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225541, "uuid": "c6067597-77ed-4037-a1bd-a9d1aca33fc0", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225541, "uuid": "e50ae392-9f03-4cd2-8f82-1ce137d17d18", "value": "nf.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d0436f7-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220734, "uuid": "6c562639-bb61-4cf7-9db3-a3a0049b3d91", "comment": "Malware payload (Heodo)", "value": "1a086139935490babd3331ba9b92b247", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220734, "uuid": "d36212f3-2593-4b1d-8850-40f548cad8ff", "comment": "Malware payload (Heodo)", "value": "6f4ee8116150781131847b3e1a6755d696b3a6845692139c3a6ed92e4d21a9ef", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220734, "uuid": "2b493bd4-3731-4e7a-b167-643b42c375ff", "comment": "Malware payload (Heodo)", "value": "14ee44c32d1da2b4649ac381a390ef2a0dee2dcf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220734, "uuid": "95c9ec82-185e-4aa6-adc9-7b71f8a8304d", "comment": "Malware payload (Heodo)", "value": "7c9b2ded1e471033eefce3e92703bb71da3bffde9c413020aa22df9531a647dd0e78678486ae828541bd76a3f456b5b4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220734, "uuid": "bdb72f5e-aa21-4240-9144-2da702d92db4", "value": "T19F05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220734, "uuid": "f85f992e-fc8a-41d3-b989-f8a707365a1d", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220734, "uuid": "127a8fe4-b0d5-4cb0-97de-d4885f0805da", "value": "12288:aA9e3OrvpgqjtQFecd6dddifiHxoB3rNd9CDr:blrvpgqj2FeSQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220734, "uuid": "3583e2db-3a50-4408-be04-d651b6ebc31b", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220734, "uuid": "4bd7f8ad-f2ac-48b4-831c-fe19cb2670e4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220734, "uuid": "6cd4fd25-7d48-4ee7-a177-7cd37ff50de4", "value": "1a086139935490babd3331ba9b92b247", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc7b6d11-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230289, "uuid": "13bc006e-d6f1-45ce-ac39-1558e119598b", "comment": "Malware payload", "value": "3f29b9e55b6b579ebe590a6da1e8d0ec", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230289, "uuid": "0eca0ecb-6b21-44ab-a3ea-fd2e59453139", "comment": "Malware payload", "value": "6fca54faee5cdb7466cd3333676763eae879f9f6603dc99a2f48ea6a8dbdbbc0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230289, "uuid": "85f19cd1-e342-47ba-85c3-28a7de873fa8", "comment": "Malware payload", "value": "63cc71d3673eed908c208e09bc788aef3a7f8f83", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230289, "uuid": "5d823784-5241-4a93-a1d3-35037f64f956", "comment": "Malware payload", "value": "f9fbd119fefb1d2bebf7557a5d702310d89b9a712809b1680a630aa2b1a375b74a2036db7d394af9b6d7de817c7874b0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230289, "uuid": "14a4bbfd-804e-41e0-a257-0960c1f92277", "value": "T1AEB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230289, "uuid": "df18b963-c71c-44be-9678-43c4b6e98ee4", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230289, "uuid": "7f8c2d86-3210-40dc-84c0-51042501c5ae", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8h9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgY0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230289, "uuid": "0c68983b-bb42-4227-a4cd-81d13af77683", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230289, "uuid": "45d0bba8-14a5-4042-8112-15ff7625222b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230289, "uuid": "418f1eb5-c6be-480c-b804-f49339e61ffe", "value": "3f29b9e55b6b579ebe590a6da1e8d0ec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "983019cd-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643206176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206176, "uuid": "099a0f0b-7d39-4c60-94e3-e5a11c3cdd26", "comment": "Malware payload (Heodo)", "value": "9d3049c1e33a8e0c90c61db6a7b6c27b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206176, "uuid": "6d66c4e2-6e81-4997-8b37-c91f1336f52c", "comment": "Malware payload (Heodo)", "value": "7055e2849e6ef8875472a39d005edd7d1dcee3323f30d80ca18695a372d4b51b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206176, "uuid": "72887899-356f-4122-a4a0-290e1e3f208c", "comment": "Malware payload (Heodo)", "value": "be4c7f6a36bbc92da3f0ad7c40289cf04cb9c2de", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206176, "uuid": "76821713-c9f8-4892-bf38-74a0d65b5058", "comment": "Malware payload (Heodo)", "value": "97283e770f74af1aea4274cdd455c0e95af8ddc0a3f662a96553b320c45a72d9f843e7ba4b9e0bcae65fcf9b21933d3a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206176, "uuid": "f44eabdb-d3a3-4aa2-bdd0-3497f3d9e3ad", "value": "T10ED36B66B5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206176, "uuid": "a7f94792-d33e-4dcf-8605-0ba1b05fa4ac", "value": "3072:VcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0S:VcKoSsxzNDZLDZjlbR868O8KlVH3jehR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206176, "uuid": "3de4cc0f-ad76-443c-969f-524e9b5b45f9", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206176, "uuid": "c61b36b0-4524-4efe-a7e9-5c3e5f2c5ea9", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206176, "uuid": "86a2e69c-6d04-4e56-b208-e9602356e976", "value": "tmpu2i_aczh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f657fb81-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208052, "uuid": "08998893-8506-420b-8671-c66aea4f7925", "comment": "Malware payload (Heodo)", "value": "33fb96d56c50214b15a236128a25b1cd", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208052, "uuid": "ace280d3-c117-4709-87cd-2efdb32dcf93", "comment": "Malware payload (Heodo)", "value": "709ed098a01a8c58403f206543382733fe8559c9853f0385d44ed761d502a400", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208052, "uuid": "fef842eb-67cf-4b60-b56b-aa74ca4b6d34", "comment": "Malware payload (Heodo)", "value": "f05287e5014bbea78f9ab1bc8744b21a9cdc2824", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208052, "uuid": "3128d27f-8106-4ca4-9455-6e3d47bb35b7", "comment": "Malware payload (Heodo)", "value": "35c007b2c73ee4c79655c0ef7965dc2a34b4394a8f8c6d138c08fc1c80df13e9cda1bcf32e60ce5da4d90720879e919a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208052, "uuid": "6b0ae6e5-00bb-4ba9-9c91-cc3aae9e762d", "value": "T1FED36A66A5C5E9CAC70523350ADA8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208052, "uuid": "2811905b-09ab-44d2-80c8-9760eb9fd845", "value": "3072:TcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0U:TcKoSsxzNDZLDZjlbR868O8KlVH3jeh7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208052, "uuid": "51851ab0-173a-474e-8654-dd458a48f7d8", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208052, "uuid": "3dabf3b2-1916-4d42-824f-ad620036e34f", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208052, "uuid": "883a5572-cfc5-4889-ad10-db4ab1116c82", "value": "Invoice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5551718f-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643206923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206923, "uuid": "da196a3b-a6e6-40b1-b4dc-56d5313406ce", "comment": "Malware payload (AgentTesla)", "value": "4f3a2014d22ac58b17c4a853b7ca3d0a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206923, "uuid": "a0e9862e-f39b-4486-ac57-7c806858a1e7", "comment": "Malware payload (AgentTesla)", "value": "70cebe86298e227b716f66a9ec231b8ec832af05f31c062616d8feec759f58bc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206923, "uuid": "c6ac50c6-5501-48fb-ac40-361493b4fccc", "comment": "Malware payload (AgentTesla)", "value": "cdd1219762f93cb53724231a1922f415ae7652f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206923, "uuid": "da9426c2-6a72-4b59-a485-81063ae127c5", "comment": "Malware payload (AgentTesla)", "value": "7fa9bde5f8615af5dc03ae14d59360841d3db3e0b13b9099bee5cb85eda8ec5a4099cb8b9a8e862b0f6e315ccc8381a2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206923, "uuid": "e2c48518-64f5-4c8c-8b24-dfc78c9644c6", "value": "T1E51402A83FF8B55BEBA13637174DD9891B38FE8AC52FA2497010B77BB43181AD011C95", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206923, "uuid": "85870cb5-736a-498f-8c79-d804656531f3", "value": "3072:+6KKsxeXdA6VISH+cNaeRTfkZy8is4ttbRC+if3kdJ5IkSC+ujoAoMexJ8E:/ZsCFtN7fD5XbRC+BT5P+ujh/g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206923, "uuid": "6c3966c2-4e59-42d8-b027-fc454202258d", "value": 191832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206923, "uuid": "1fd15274-e8e3-40d7-af91-29c83354ac14", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206923, "uuid": "92b3690e-1b03-4ccc-92b9-6b2faa61aadf", "value": "ORDER_PO EM60921847.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "864981ab-7e47-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1643160620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160620, "uuid": "ccb928e5-5a93-4a26-bf78-8ca019306d62", "comment": "Malware payload (RaccoonStealer)", "value": "bfad2e865c0f1b0ca54acad851aaf6c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160620, "uuid": "913b3697-ae8a-4140-b47a-87994ee8f061", "comment": "Malware payload (RaccoonStealer)", "value": "70e50de48c85c25259cf5247205792b0eb339ca700867c2a9a3ecfa7c4fca156", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160620, "uuid": "da036ba0-9cb0-459d-907a-cd4c6b47c841", "comment": "Malware payload (RaccoonStealer)", "value": "0508a000a139b7d7b83414f1e114bbdbb1083bb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160620, "uuid": "c5384921-5f9a-404e-9306-e4c101316ca1", "comment": "Malware payload (RaccoonStealer)", "value": "fe5eb060cf5bf1201b1904ba9e835a09d96e6dfe9268e496f21d750173014647f656fe22dc6dae55f4fae89e886ebd69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160620, "uuid": "50ce9d19-3a54-4b7c-896b-3f9a98d3e13a", "value": "T193F5332527DD34F1DFE0C0B90822359A7DF49409C5B2E52B7B240E0A9AF4996A49F73F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160620, "uuid": "c1ac13a1-6741-4a66-bded-11afde5311b9", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160620, "uuid": "5099092c-7d8e-4b18-bc1b-f789576a1616", "value": "49152:Egz3Kp71jnq5kHJ2gZxQt95fRpVNhTmPpKVxMCdGb3k9dG+iIilusE6p3uoc4tGK:Jy7BqJgXQdfhN4sEDgEpYsH3uoYK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643160620, "uuid": "d0f99987-3bcd-4e63-9751-4762171a7ff4", "value": 3387108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643160620, "uuid": "94dd57ee-ecc6-4c6a-b04f-fd20a75c651b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160620, "uuid": "75311588-6754-4ef2-833e-e6a40693363b", "value": "70E50DE48C85C25259CF5247205792B0EB339CA700867.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b531875d-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219969, "uuid": "728320bb-616e-4063-9e0c-7eaa4bca5527", "comment": "Malware payload (Heodo)", "value": "1f845696fc602eb17becc95ed5ef9394", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219969, "uuid": "684baa92-153e-4083-acc5-f8760668bd20", "comment": "Malware payload (Heodo)", "value": "718a9426d2fc362549d1971c1e3ad47ec3275c0e16cc0993c2bd2f60e1d4e43b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219969, "uuid": "61e7b140-cc37-47cd-bd5c-c64ddadc6016", "comment": "Malware payload (Heodo)", "value": "358ecf4e217eff931364085f13f82a8c131c50b3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219969, "uuid": "71879312-7e54-436c-806b-2f54625f8d44", "comment": "Malware payload (Heodo)", "value": "db093babc37ac694a490985f30f954dd23c8ab7c49b11d076eb54ea49967f3efca2db8c7eba0553e5e65f16483918edd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219969, "uuid": "a32e74d8-e0d7-43b6-9eaa-862745c26e32", "value": "T12505F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219969, "uuid": "65076200-3466-4648-8799-8c99ca2e1918", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219969, "uuid": "c54fe58d-872e-454f-adec-d6d2823bf32a", "value": "12288:aA9e3OrvpgqjtQFec56dddifiHxoB3rNd9CDr:blrvpgqj2Fe6Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219969, "uuid": "3ed0a796-ab22-492f-9b75-a1807a3fa899", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219969, "uuid": "6152fab4-342e-42be-8c42-60ad6ac12c7c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219969, "uuid": "e3e5d449-dd0d-4005-8ecb-6510729da789", "value": "1f845696fc602eb17becc95ed5ef9394", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e46b31de-7e7c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643183541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183541, "uuid": "cfc6e20c-8f8c-4252-984c-ccb2ea0f7548", "comment": "Malware payload", "value": "76a8c1e1ef69b587be3e7b068981d572", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183541, "uuid": "d54a6ac1-5701-4607-aa1f-3d65b1cff30d", "comment": "Malware payload", "value": "71a66c522b753cc1e6cab861b6e0b670d06faaa5d73f541f0f0a05d9456d456b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183541, "uuid": "f4b48b0b-cc01-47ce-914b-4e2bd3290465", "comment": "Malware payload", "value": "df52d2695a0271e11a2aa5f5faf1226b3ec86dd1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183541, "uuid": "37c5e9df-3fb5-43cb-8245-6f4505d60ba6", "comment": "Malware payload", "value": "ae4f47d0da3022b33540a05194f253060e4fd6004d72ae18b34500e813cc7c5fb1fddeff3bac217ac31d0398f1a64375", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183541, "uuid": "245c6e0b-07e8-4645-9351-9d99643b7702", "value": "T1EC45011632E4C170E25D28368CA4B544AB73F53F38D2F930EFA2DA057BB9B846615973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183541, "uuid": "eac38f2f-cc93-4658-a5de-0bd5b62e4c65", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183541, "uuid": "b2b2722c-51c5-41d7-ba11-5c48f44a25ac", "value": "24576:TsFN6pnlvn54YIMuMwwMjOTeQZN3bEzVUG0Pa2:TTqYIMt1jTeQ3LEzVSPl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643183541, "uuid": "7c8a1e18-b1cd-496c-a9ed-efb31f4fa6c3", "value": 1204736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643183541, "uuid": "659f33c2-ec0a-48b1-a9f4-053884d0dbde", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183541, "uuid": "10f90eab-a66d-4dd9-aea8-d0d216c4ac86", "value": "RFQ 2022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "412645b5-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "19fdf2ec-3660-4251-827f-c588edeb7853", "comment": "Malware payload", "value": "9559da92f1225922065c9052acbb971f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "79141400-bffa-46eb-b30d-f2354fe93e35", "comment": "Malware payload", "value": "725054968fae5f077e1a8887b94653eb833b3aa7f0d72df777506bedc39627e2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "9eb8c385-8dc5-496f-b628-185c498c491d", "comment": "Malware payload", "value": "f2474858208b60d28a985208031b95804a3ca2a2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232230, "uuid": "77bbb1b8-61ec-4d48-900c-03866c6b9d44", "comment": "Malware payload", "value": "ffcf76b561c8aff47c56794457e12559c7649365b4f7a0108b2c188f7ddc3b306a349304f2f644ec5c2c364baa34876d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "47559a96-1632-4cc8-9bef-13fc970e3cd7", "value": "T107B46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "228330c6-4ae7-47b0-98d2-a2b1b1afc12b", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "b061c329-dcde-4943-b6e7-c1d4de33f694", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdIUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQBcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232230, "uuid": "74f79ad1-9b1e-4cdb-81f3-f7aab1b7ced8", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232230, "uuid": "31b8975d-91bc-4af5-a1c6-0ab79e2ee991", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232230, "uuid": "e4a40106-7764-4837-bf5e-86de40d69d6e", "value": "emotet_exe_e5_725054968fae5f077e1a8887b94653eb833b3aa7f0d72df777506bedc39627e2_2022-01-26__212334.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d74231f3-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643199410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199410, "uuid": "0be93d27-6fde-4c5c-9442-6b187f6fca24", "comment": "Malware payload (Formbook)", "value": "cca6e42612b8ddae13dd03641d6ceda0", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199410, "uuid": "0f496dec-80d7-485b-aca0-0ca9ba3c5b44", "comment": "Malware payload (Formbook)", "value": "7254ad698d310793a1caa4fd73c6e3b0fa01002b5a8fb71783991fe405219283", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199410, "uuid": "cf891366-c44d-4e60-9ee2-1617abc56507", "comment": "Malware payload (Formbook)", "value": "0e1db9a63b2c78befc1e0e10e45e7730f0c086f1", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199410, "uuid": "5224e548-37d6-467d-bbd8-d50299d98115", "comment": "Malware payload (Formbook)", "value": "d8b473eb362ea41be5f8a0f9cd0ae1f39d9e29eaff689bd390673976ae51a7105f1fe8eb15fb7d0ea5d86f39ca24e943", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199410, "uuid": "0f730d1a-f195-4573-b014-b2b99018b18f", "value": "T12584237F3376CB8B6F94C862FF7581028650AC55140F5E2625CBA423BB87DD9BE084AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199410, "uuid": "b1086d41-ad02-49d5-bc67-920f93cca1d1", "value": "6144:biJPVFf7DOB/2SMC29LQ7QLtY/denbGfOoVVHMNDLp7b1iWqYXkAh722Y1qe6JvB:OJdFX02xC29LCITbqOoV9MVLF/qY0I2w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199410, "uuid": "d05805d0-8c71-441d-9e9c-fca2bb565a1b", "value": 376682, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199410, "uuid": "c93a135a-bd1b-41d7-9f67-7a9e9a2c49d5", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199410, "uuid": "98dc6b6c-8ae4-4d2a-949d-308373ca430d", "value": "pago pendiente.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26d6341a-7e46-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643160030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160030, "uuid": "a3e9ec99-74d7-4840-a4f9-720d1a4dab1c", "comment": "Malware payload (AgentTesla)", "value": "8eb6ebf27b1cf87a33471e64af6bb39e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160030, "uuid": "e5a79ce7-9141-467c-afeb-77c3abd1b547", "comment": "Malware payload (AgentTesla)", "value": "729306e1b3ccc415f0547128944ef58b2667760489be9180f7608bb0eb13a514", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160030, "uuid": "2b02ce15-0139-4899-9511-9e0136af12dd", "comment": "Malware payload (AgentTesla)", "value": "2f4e90f04036b15221a5d6bb97fb2199cf9c526e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643160030, "uuid": "346702a6-13d8-4f85-9176-4ad2a7b0ee24", "comment": "Malware payload (AgentTesla)", "value": "7e9abd359f62e6b8dbd0df483760da13b8822f541cf3f30ef91c53bf64a0acb65e88b5cc189617f5c21cd3d9156290c5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160030, "uuid": "d9283da8-239f-4f5f-b4ec-21121fc28738", "value": "T17D45127826B6DA6BDD3FC7384B72866C4FB6627AD117FA3D5C84709C0861B404E51D23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160030, "uuid": "86021f0e-a831-43cc-82ce-5f8ddd8a99a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160030, "uuid": "03022b74-471f-4c54-abf6-dd8fb6db8c7d", "value": "24576:zj9jAdehzLFCgTrc1zKViGWIANSCqCmURrOrSO/FtpS2Veun+Qrhb:/+de1d4171NNSCquRiFvpeAh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643160030, "uuid": "15d4f1d8-617e-48e1-ad6f-65361bc55db7", "value": 1244160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643160030, "uuid": "8d77e5d1-0d3c-47ca-9dd3-c6d2ef56bbed", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643160030, "uuid": "2303bbe1-dd53-4fc0-bdf1-d0037e44daaf", "value": "PAY ME.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05844583-7ec9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216238, "uuid": "a727a50f-d4e0-439a-a83e-744435217ec7", "comment": "Malware payload (Heodo)", "value": "84d3322201b4f8272c90b355fc102473", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216238, "uuid": "53df8096-030e-41ab-8c4d-abda8d33716e", "comment": "Malware payload (Heodo)", "value": "72af65d5e78e9bbb56660fbb7f15db83142c6d96d548bcbf53c6ed3595aa771d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216238, "uuid": "d9ff9f6a-b55a-4504-9d06-bc412ed3b4a8", "comment": "Malware payload (Heodo)", "value": "4db8fb7df0a09b0d2abe951ab39f822658e01dde", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216238, "uuid": "2ef779db-d7c6-4681-878a-b5eced983e76", "comment": "Malware payload (Heodo)", "value": "8b469e88d6144f1ebf252c248cf0123ae71cb888ab84e32ab543212d6094c2463e8980ec8f4a86d0f42bd5eb9ce33803", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216238, "uuid": "c01f4739-a29c-44df-a9b3-b92dcc004611", "value": "T1F9E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216238, "uuid": "e2ecd12a-ecdd-4bca-8851-86b944029bf3", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216238, "uuid": "e61ded1d-497b-43b5-bb31-ab4bb4287140", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lDNACHKm2tkJV8u:o87vGJzomxhwJbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216238, "uuid": "4435c266-4444-4d80-9d05-72fa4b542b7a", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216238, "uuid": "22952e11-c1b5-4fb6-b7dd-d993921c8126", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216238, "uuid": "55ba5f3b-8745-44e5-86ac-ae5807e91168", "value": "84d3322201b4f8272c90b355fc102473", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0311c206-7eb2-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643206356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206356, "uuid": "676dc616-2ff1-45d3-8e85-21c8a7200e1f", "comment": "Malware payload (RedLineStealer)", "value": "d145a2714e9f6a901e0c03212bc364a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206356, "uuid": "74a0afc8-27c0-44f1-a96f-360ef93495e5", "comment": "Malware payload (RedLineStealer)", "value": "72d6c13caf04858e548d6203509d3449d70782d7d21e3d6b173ec810ec609553", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206356, "uuid": "b15ba792-22ca-42a1-b468-d087b9226930", "comment": "Malware payload (RedLineStealer)", "value": "f14cff1b83baafd35f3df634016082439255d60d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206356, "uuid": "d3955c39-4d4a-47c0-96ef-3d019e4cae22", "comment": "Malware payload (RedLineStealer)", "value": "9aa46b18d39df751c2e145a2edbd35cc012f931f47dc538fbd7773453490edd63686f317fab8efe1f766657c03b6152d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206356, "uuid": "9f519d36-ed70-4c15-9b48-caa87718c10f", "value": "T144C402C1B55098F1DD394DB3AC3F892116177DBED6E4B62D288AB31A01B325386B790F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206356, "uuid": "f2f2e57d-c331-4c06-b08e-441ea66383fb", "value": "1e9d5fdb5cdeb4f77ff187ddc714386f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206356, "uuid": "e3eb6cc6-29f2-4cef-8b77-3a5456a8212b", "value": "6144:kbV9vclT+0iDpGaZcMEZq6hDhbbTgxrzI2ArsSAtjd6mKv9QaejWrbS6hB+gFe8J:aUTd3ocfZLDhExlh0jQaejWHr06T0DK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206356, "uuid": "eef409b4-e134-4b86-8ae7-f31182a21d32", "value": 556296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206356, "uuid": "0d1c38ed-aa3a-4f2a-ac7c-5a15e237b983", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206356, "uuid": "82afacb9-b07e-42a8-a415-3386e569341e", "value": "d145a2714e9f6a901e0c03212bc364a6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28cf95a3-7e66-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643173777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643173777, "uuid": "ed7074e9-5ad5-4bae-8eba-177cfcaae922", "comment": "Malware payload", "value": "ea0ef55fb088c243f914ae110f77e2d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643173777, "uuid": "4edf617f-6326-4d2c-9e64-3cf4e8d138eb", "comment": "Malware payload", "value": "72f92ba2e8c5aa27156dde91d7144cd5eb7cfc0f144fc3442725c162f9d2e25b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643173777, "uuid": "12c035d8-1480-4c9e-b56b-b66ea0cc2839", "comment": "Malware payload", "value": "a8ed7c38c9b80d2674dfb421832a9bf121da6957", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643173777, "uuid": "448d23bc-711c-4312-bddf-805338a44753", "comment": "Malware payload", "value": "79fe4ef63fd7ea46f96b14111aaf753537e639c88dc0c7c444ddc1f840ed4c8788b7e7349a29f966a00e2464ae95f1a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643173777, "uuid": "013adcaa-15b9-4d46-a229-3589310594db", "value": "T14182CD076D99E07CA980DA86C375F103F205D18269F694CDEDB7B4976A4BCCB226E7C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643173777, "uuid": "b5604a87-d228-4dbb-a78c-b02ef08dc07a", "value": "384:o3EpbUpLuLpDq7QYfLGMV+jasHHLgLxXEt23iF+4pZPt:oSJeopZV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643173777, "uuid": "bd3a64d3-62cf-4906-9624-4387f8925a1c", "value": 19286, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643173777, "uuid": "785d4f6c-a45e-4926-901a-0074b9248e36", "value": "text/x-msdos-batch", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643173777, "uuid": "72da412d-1222-4a0c-adca-192c33725bf5", "value": "N0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8c616e5-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177455, "uuid": "e788d30c-b3c7-4eb0-a5b0-22745fc30c6e", "comment": "Malware payload (Heodo)", "value": "113ba77773d87c505faf124c5ca4c161", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177455, "uuid": "466a17b7-82ff-4df7-95a3-90c3926102a8", "comment": "Malware payload (Heodo)", "value": "733af54ba0a2878f86abc471d5388ac61f838211959a4444ca6307819c4860d7", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177455, "uuid": "bde2e835-86b9-4428-b145-f242fa6e2ec4", "comment": "Malware payload (Heodo)", "value": "2e2f5334a19364ab06236121ad19a9f1470fe762", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177455, "uuid": "79152603-16dd-454e-8344-b11ffae88a76", "comment": "Malware payload (Heodo)", "value": "92bb165c23bdad98a666421d6dd93dd15aa40fe30c1707d0b39b1d5f9a558da7178b1f409e00bd9ef46b7fa2762306c6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177455, "uuid": "39939b52-97d8-4844-b502-78cb73669170", "value": "T1E233D0AFE5F1396AD226C17DD52C9351F44F92161E88F3C52D90FFA49212793069E38C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177455, "uuid": "99a7ca18-f108-4109-9b1c-59434cc0682d", "value": "768:l24OjmfxV6sbaLX8iWjzwxmCeOG2S6DaqmBVZKNAxalvxnvy1OA16Oiiiiiiiiiu:lgjmfxVXAiozeO0XVZKyalpvyR1bZ4PS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177455, "uuid": "ece5afec-4ecb-4258-ae8c-3f696540c139", "value": 50688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177455, "uuid": "a8e719cf-65ae-4bc4-b42a-1e40bb503f5a", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177455, "uuid": "f66f4275-9e0a-49a8-85f1-53faf81166b5", "value": "emotet_list_ioc_cronupTue_Jan_25_11:56:40_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75d37170-7ece-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643218574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218574, "uuid": "759b04d7-de8f-4309-951c-9352dbd3ad42", "comment": "Malware payload (SilentBuilder)", "value": "807e3f6417b3425074389a4a45e7f415", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218574, "uuid": "b8731d23-d5fd-4f0f-a4dc-804d8ba12518", "comment": "Malware payload (SilentBuilder)", "value": "734f380109a67dc02277e8e483099425e045920d0e16a7b5662197d0ca09c0ae", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218574, "uuid": "06504d50-2a53-43a5-a003-2c65adb27525", "comment": "Malware payload (SilentBuilder)", "value": "c393d19ce2012adc70a1757dfa0755ef1868e9b0", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218574, "uuid": "c3416e85-4f1c-440f-9d7d-2b461e6ac9cf", "comment": "Malware payload (SilentBuilder)", "value": "de4f073ead4a2859ea4e67c99fc8c8209ff58299328f97ba04113e0f96b5f6235cfd8b88b2b75a43440768b72284a8c2", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218574, "uuid": "0bb8126a-04c4-4339-8429-ada44d77801d", "value": "T1C4131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218574, "uuid": "45178ddf-1b64-4bb1-8e6d-4f7845c23443", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218574, "uuid": "54000b82-a8ee-4a27-85a1-7a5ec236c28a", "value": 45513, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218574, "uuid": "a6caf036-4041-4119-a1c6-a5ab97debca9", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218574, "uuid": "a38e97fe-e543-4bab-a161-1dcab811daf4", "value": "tmp84fd0c7h", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdc86d78-7ee9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643230318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230318, "uuid": "e8b51ad4-15c0-4c56-8cab-5e9c438d80ac", "comment": "Malware payload", "value": "2d277a36acf8ee84421d7e45c24e2d44", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230318, "uuid": "2efe3ca2-d790-4164-b93f-fb3084654b26", "comment": "Malware payload", "value": "735e6d8061cb3f87f33b5378e17e5ae21131e8e8103958d847547f6503305625", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230318, "uuid": "da8a60b6-6d5b-47f9-90c8-9194024772a0", "comment": "Malware payload", "value": "6427a0fb8df3cf9674de22ab08b431f544e60fa1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643230318, "uuid": "43f1d753-9bf8-4ccc-abdb-e5ce7726d4ea", "comment": "Malware payload", "value": "a87f65bf7b7fb4de7d1881df8e75e2eb9c28f425980ab805aab3fa13acb30fa98120a12ffaede5db433a635a177fec00", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230318, "uuid": "7f3e3bc5-d896-409e-a024-2061a0589fb6", "value": "T1A9B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230318, "uuid": "8907d64b-2498-44ae-a026-74654212b5ca", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230318, "uuid": "c6a5d121-38c7-40b6-abc5-7438940d42be", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8u9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgz0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643230318, "uuid": "913b67cd-b2a8-470a-9c04-e78dd845ad45", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643230318, "uuid": "e61043f2-10a4-4064-ba53-28c35ecacc0b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643230318, "uuid": "64b5d92b-69d0-44ba-bd9f-cecaf12cff40", "value": "2d277a36acf8ee84421d7e45c24e2d44", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d265ef1-7ef2-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643233995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643233995, "uuid": "b4799333-c622-4bf2-9c4c-8393cf5141e6", "comment": "Malware payload (Mirai)", "value": "6a70f65f000844dd6d67d66cf92a8f58", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643233995, "uuid": "905a85f9-ab1c-44af-9d0f-4e5d4512be4a", "comment": "Malware payload (Mirai)", "value": "7370b3c437f7827797542810b955ce3246f8b5d19128e3e1339fd045a0c82db2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643233995, "uuid": "22c92f5b-0979-47d8-8064-1b9a490ad69e", "comment": "Malware payload (Mirai)", "value": "5f1bfd3b3b7e57ee9ce6f07a643cea7c2cf08aaa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643233995, "uuid": "2cd36c37-21b2-4a7a-a0d1-01b19d0c73b3", "comment": "Malware payload (Mirai)", "value": "197986547987c5f53a3df86dd58ef661778ebbfdc6327f6d31c9efc81c88eee5cf3064e809c16bf00102997d778c0281", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643233995, "uuid": "15d80f1f-d676-4263-adb1-94fe2a00405f", "value": "T1AA734A32AE251D27C4D4A27A20F78220F2F6531E22B4851E3DB10E9DEF78A4471677B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643233995, "uuid": "04900d18-a116-4dab-adf4-66fcdb18d491", "value": "768:DsnoEjo/rmgb/ydlasD0/QPgsQqLszZO+75/GMg2FiF1tNFRmI3:wnjjo/Cgb/ydAuCBO275E/tNFRmM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643233995, "uuid": "5dccab5e-1a2d-4a27-a948-2fc312c37022", "value": 75152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643233995, "uuid": "1d92e00b-d912-48c6-a7ea-71a56b79fe59", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643233995, "uuid": "324162db-9c78-4a3a-b82f-b0e11437f324", "value": "6a70f65f000844dd6d67d66cf92a8f58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "833f8246-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643215161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215161, "uuid": "ff40f2fc-9679-4c3c-a662-5eb62e1e1e2f", "comment": "Malware payload (Heodo)", "value": "00467cb834dbbcee5284f8bb0e69b9f2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215161, "uuid": "fb5c19e8-277b-4b0a-b3e5-51a05825fcc4", "comment": "Malware payload (Heodo)", "value": "7398fa64101ebdf631fe0f3bee897145e28945bb540afd3cb9db769732642172", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215161, "uuid": "5ea63d34-1c23-4073-a536-3ebd40727cd3", "comment": "Malware payload (Heodo)", "value": "51e840372e703f0f857cc586ab35bd33cc28d857", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215161, "uuid": "ea1aa12d-5eb2-4001-9d54-c69eb4538c4f", "comment": "Malware payload (Heodo)", "value": "071c49f9d3f29212d876e58496ff7ed3487a79be053b7a7ccd3fa4d07dae96fbbdf746a5deb67ac8fc82d6a5714aa770", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215161, "uuid": "c209a0df-70af-4a19-9ea8-03cbe3f72a64", "value": "T17305F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215161, "uuid": "e60ec045-9ffa-4501-8a4f-fa484a6af033", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215161, "uuid": "0a3a10f2-9d05-4c41-b330-51c336055ec5", "value": "12288:aA9e3OrvpgqjtQFecZ6dddifiHxoB3rNd9CDr:blrvpgqj2FeqQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215161, "uuid": "91781013-a825-4c7c-ada4-52a27196890a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215161, "uuid": "191f23fb-e507-44e3-931f-ff83efadd7da", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215161, "uuid": "2aff94c3-2b15-43d9-bdaf-f4a6c36ecf7d", "value": "TxCGbkiZLHnD8prL4mr.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c98ebfac-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "8e3fdeb7-0a2e-4e44-8b56-108e5ebc163f", "comment": "Malware payload (Heodo)", "value": "ce506f0168c08f7d63529a9fc19de430", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "b95e6bbd-4334-4c35-926b-2f66ca38db3e", "comment": "Malware payload (Heodo)", "value": "739aa71e9277e2915ff7bf9cbb02348731693df0ea45c5754c69c74c67fd4871", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "c1d8b96a-ec4f-41f9-81d5-1da2d34abea8", "comment": "Malware payload (Heodo)", "value": "074f13035d3cd483c7d759230ea271015e48bdb6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155579, "uuid": "fef97573-a3a5-4d53-bfe1-281c94f61b73", "comment": "Malware payload (Heodo)", "value": "de22ae103fb685d231d993b3711134242c6b4770bfa31b359f821011010e7108a2a349e5aac4abfea24ea337a85abf6b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "3093a7dd-6d5c-416c-bb7b-320885a8cea9", "value": "T176D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "918e047c-f828-476d-b74c-82ed6d8ca0f1", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "6be14646-fe81-41d5-ba15-461f66f69634", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmIOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmI/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155579, "uuid": "e44287fe-3e88-436e-a946-ddef67a71f36", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155579, "uuid": "c0d8afd8-ddc5-4c7f-b1e2-29dd6e46efc4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155579, "uuid": "55acb64d-ee5c-4f76-8848-e21e992ac874", "value": "emotet_exe_e5_739aa71e9277e2915ff7bf9cbb02348731693df0ea45c5754c69c74c67fd4871_2022-01-26__000605.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47a3481a-7e74-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643179842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179842, "uuid": "35e97a2e-d7aa-4b93-a3d8-62be09757a20", "comment": "Malware payload (AgentTesla)", "value": "b2594f1e02ac242c3f141b13fd3d7ebd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179842, "uuid": "b59e5cc0-a0de-4bbc-ae16-53f63f4c66d6", "comment": "Malware payload (AgentTesla)", "value": "73c335483944f4e3d5a8e73b13e18e40c466f3cc494b7738b7dea4bc2faf98ef", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179842, "uuid": "d1d3adbc-92c5-4730-bb12-9f79f75bbe7c", "comment": "Malware payload (AgentTesla)", "value": "91595f8d86e9f5a7ac99bab33ce0d1d0fd02aed2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643179842, "uuid": "ca4e9258-d67b-4955-b473-2ee8fe647507", "comment": "Malware payload (AgentTesla)", "value": "f4a6b58075c479085008afb3156a8b6045f47f73a8cd02047e9d419d6615eb9f2ac6c73f8bc0084b3022dde7a53cc2f7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179842, "uuid": "72d216cf-ff36-4568-88d9-f5ac99da958e", "value": "T10BC42377B0C89137C82A45FF40B239CD98B45A606D98ED1EEA1E46C3E2574C3D8DA4F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179842, "uuid": "94e4b596-d0b5-4ae0-9bb9-11350c44d4ae", "value": "12288:kUui8iSS/wGhyY/oIVywXPLRk02T30UnzselXyKdSE7QY3:kUuZSocxDPNkTYIzsItVQY3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643179842, "uuid": "0043a545-b249-4a9b-b60f-31e5d7b1a762", "value": 567437, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643179842, "uuid": "68a33f69-17ad-4b1b-afbf-7dc284d2d2c9", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643179842, "uuid": "40c04a5b-0f06-4bfd-8788-afd77a010a22", "value": "Account Statements_pdf.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "293b19ff-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643226606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226606, "uuid": "3a8ee1d7-4e67-4ce7-bcd4-10585ba24cd2", "comment": "Malware payload (Mirai)", "value": "4709ed6902ec22c83b5da32d26944bfd", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226606, "uuid": "8d033838-9906-4022-a430-685ce976dc2f", "comment": "Malware payload (Mirai)", "value": "745033ef9826cb2de2884fa781ffb48e0fe19bf0c748e23b7e4346c565a9e8e1", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226606, "uuid": "a5775b51-c9a1-4d76-aeb2-4acd0a13b07c", "comment": "Malware payload (Mirai)", "value": "6f3484f66463aca46db4a8b14e87a8030c1a820d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226606, "uuid": "687cc834-7d29-4c91-8fe2-48228eb770fd", "comment": "Malware payload (Mirai)", "value": "2375aad7622dd0769022ee9023e14dc4b58afc095660277e1805c3ccc79982870119bd82b24ec527de1ed52d864f753b", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226606, "uuid": "7bb13696-5377-4aad-ba14-052057b8e5f6", "value": "T13843F2F8BA3D5733D825ABF0C5CD404B29A99B71024CB0235AD5EAF8B6C4E061A3DDD5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226606, "uuid": "7ac6c8e9-2fdd-4424-9852-20fc6f72b845", "value": "1536:fGhYbY0SytmfaVpgd5KBU1TwB1LPEW0NDqE4Oa1:fQ4SemiuUmlwB1LPEWsM1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226606, "uuid": "6343b498-c6a1-4f9a-9faa-9ead33f54ebb", "value": 58152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226606, "uuid": "79725c93-f740-46c1-9192-e15e28c46cc4", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226606, "uuid": "851c833c-2eef-4748-9874-cc62684308d1", "value": "Rakitin.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "503bf303-7eb8-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643209062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209062, "uuid": "4dbe0c9e-5ae7-46ac-8128-e10db95850b5", "comment": "Malware payload (SilentBuilder)", "value": "75deb5515faf56d8200ca658eb4d187b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209062, "uuid": "1604e9f6-1baf-4193-a482-6a470e037242", "comment": "Malware payload (SilentBuilder)", "value": "7476677c189a190216e94386aafba73a90d032af39e4caf7c5728ae578270418", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209062, "uuid": "3b7e3742-6fcb-4cbd-8e08-dd21312728ad", "comment": "Malware payload (SilentBuilder)", "value": "6a9f191a7633bd416501591a7acbdee302486151", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209062, "uuid": "138b8c0b-baaa-4a5b-92ab-88e899862371", "comment": "Malware payload (SilentBuilder)", "value": "b1469b7d46ef9854de3f36a01eda2fb56498205819b19c124c1061d86ea88e28e8fa38faea2f5e5e065e4f651b0a5273", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209062, "uuid": "17a35abe-d1f0-4bc6-9d46-a0367a1f8554", "value": "T10E131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209062, "uuid": "b8560c5f-963b-4dec-8002-6ff8e73caa0e", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643209062, "uuid": "081ac367-c26a-42ca-9542-e2798fafebaf", "value": 45358, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643209062, "uuid": "0934da79-f07d-4b72-8652-20cf8909411b", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209062, "uuid": "4e71ecb1-09a5-4e9f-b822-c9a6e46798f4", "value": "tmpq16kehnc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16fe8526-7ebd-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643211114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211114, "uuid": "9061c344-dad8-419e-b57e-8772e5ba8a33", "comment": "Malware payload (SilentBuilder)", "value": "81a788ada1337a41b6620fc6f1984b3c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211114, "uuid": "2ab2c90f-45e8-44a0-9042-da3561a09555", "comment": "Malware payload (SilentBuilder)", "value": "7477b3b65d98dde744809ff4a796f96b0e3b18e9999a3109cc76afe3f00452be", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211114, "uuid": "dd46e390-88f3-47b2-9d01-fe7d1b4e40df", "comment": "Malware payload (SilentBuilder)", "value": "f4d6e5b4d6e82d52de79199666eb166d08e2d640", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643211114, "uuid": "28a0c508-f12d-44a6-ba33-bf6cf52952d4", "comment": "Malware payload (SilentBuilder)", "value": "709bc065f54bdc5411dd06edd0fc3098e883fc0eb0e78f3dfdb168b5a1b6e5500dd00f9bd9b6e3a36ab91def8f9967ac", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211114, "uuid": "6f125667-7a25-4545-8ecf-600af80e3e85", "value": "T185131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211114, "uuid": "641aa599-0ad4-453f-a2f2-2c8ea04eef85", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643211114, "uuid": "3e3127c5-54ff-41ad-bca9-b68c75cd08d7", "value": 44788, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643211114, "uuid": "feabda52-0856-456e-a564-7a523e748c14", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643211114, "uuid": "984b346f-34e1-4281-af1e-489823790349", "value": "tmppnhix02i", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee9e6a63-7eb9-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643209757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209757, "uuid": "0ed030c2-6f13-404c-8592-fc92109a0c2f", "comment": "Malware payload (SilentBuilder)", "value": "6782e7944554316b05df24f4e5586701", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209757, "uuid": "2f3a3342-3d74-454a-b0c6-f0acb896097c", "comment": "Malware payload (SilentBuilder)", "value": "747926a772623443522fb1dea29266ed4bb2dc4a8071ec3e40160bd056e58ca9", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209757, "uuid": "b2747bbb-e225-4f0c-87d3-c092499b2618", "comment": "Malware payload (SilentBuilder)", "value": "ff03a7269df572ae6c5023094c53d8c4488e45e8", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209757, "uuid": "cdcf38c4-f4da-444c-a62b-dec6f6949c5b", "comment": "Malware payload (SilentBuilder)", "value": "6c394584c59aed51461314bc12f51fb6368d62e021b9ced756f36b4f2dd3ca843d09fa5c97b8cb44935cde04ca154fb5", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209757, "uuid": "ad580abe-c7fc-4a1f-be30-606c4764675d", "value": "T158131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209757, "uuid": "cb3cc96f-2e8e-4a81-9fc1-bbd5d99cac3d", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643209757, "uuid": "224c38cf-0fcc-4aa2-bd9e-5eb4e1d55940", "value": 45338, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643209757, "uuid": "8d8580f3-2a4a-4920-b3da-ab1a46551561", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209757, "uuid": "f55c7b9a-6190-42c0-96df-771f6b1f15a7", "value": "tmphnd8_37f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afcbf556-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220819, "uuid": "fda0f741-8ddb-416d-8397-dd7eb6f4f55a", "comment": "Malware payload (SilentBuilder)", "value": "63f7ed846659c5a8600f3728e8b079af", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220819, "uuid": "4d14014c-c288-4cb1-8b4f-9fac47818b43", "comment": "Malware payload (SilentBuilder)", "value": "74c7848447b609c3a55580b94a3f54c364a9f69f20639bd2eddf840aff600545", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220819, "uuid": "a4858eb5-6c3f-4979-8a0a-d6f3ad8e4a26", "comment": "Malware payload (SilentBuilder)", "value": "6417e0eded054d4c82e2d6f250f0bc134482c025", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220819, "uuid": "a82c6b59-f5d2-4623-b3d5-a2495cc17a3d", "comment": "Malware payload (SilentBuilder)", "value": "85de90d442401d13bc7efac662e91cdf8697b053b41e735c336edec27f2f8596b742badef2bec0ae7035ed1869864483", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220819, "uuid": "bf9753b1-5175-4cb0-b420-2cf649e4b9f8", "value": "T196131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220819, "uuid": "3477179d-79f7-4e5a-9fe6-26deab7e514b", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220819, "uuid": "60f6bd8e-71d6-44f6-8cdc-cb4546474c91", "value": 44720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220819, "uuid": "4aa06eb1-6a0f-4626-a19a-5c65c2246cd7", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220819, "uuid": "c1359fab-5600-4dc0-93f9-05a9332836ca", "value": "tmp4hdkg52i", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8634fa41-7ec7-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643215595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215595, "uuid": "6f4c942d-fe7e-4f14-998b-735ae992d213", "comment": "Malware payload (SilentBuilder)", "value": "153aaaa272521efda645d5960b6c5646", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215595, "uuid": "e81ff10d-4e2f-4d6b-a6d6-4d91413b2591", "comment": "Malware payload (SilentBuilder)", "value": "74d5aeb172155f40a006fd5740a41e3030d46944354f6770f4894c494a2dab4a", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215595, "uuid": "a97c1132-8d87-4743-a5aa-7c95ad9d7d1c", "comment": "Malware payload (SilentBuilder)", "value": "3b275417a39f3056fe03c0af50a302187125b01f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215595, "uuid": "4cd64601-c021-4721-8cd3-175414f11bc7", "comment": "Malware payload (SilentBuilder)", "value": "698282907b2a4765cb499ac49582432d53ab97e0622e1f37bceacb3997d6cc35fd874be2274b24d052163943920fd984", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215595, "uuid": "bc584fd1-613e-4b54-b412-b9a4931b83b6", "value": "T172131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215595, "uuid": "e0e407bf-3d16-4eb2-b1f9-14d80fa4f0b9", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215595, "uuid": "c1b31b49-1b7f-4829-adc2-8a8346a935b0", "value": 45216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215595, "uuid": "09ac5e23-6a78-4a39-a073-165443527a34", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215595, "uuid": "c848786a-0ad5-4a1d-86da-697cee2ee1cc", "value": "tmpirk8ghjn", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b193177-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Hancitor)", "timestamp": 1643217697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217697, "uuid": "b6d12ad7-8eec-46b7-a941-b3d4ef67b483", "comment": "Malware payload (Hancitor)", "value": "16b53cb2f51441477fea6ab45648adc5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217697, "uuid": "8a57eb8d-055e-42c1-9f24-3b43c37c2630", "comment": "Malware payload (Hancitor)", "value": "74dda39e6eca2da641aa05c4490d1024ba8505853a465b0d8a6293065ca8b071", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217697, "uuid": "1f36afe1-3913-46fd-97b3-01bd5b3b9fd2", "comment": "Malware payload (Hancitor)", "value": "d7376a1c8eb7e690ead484b9d5177894315f238d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217697, "uuid": "c6732540-9f4b-436c-89a5-49d5af53a2d4", "comment": "Malware payload (Hancitor)", "value": "964d6d4b794fdbf3bd73b82cee0511e759f6399365ac72dbc04a106802f64e6b72a61d679d138565096c97e5a9cf6189", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217697, "uuid": "aba61e9f-f128-4a9e-9b48-5f3447fc51e9", "value": "T111656D22BE8F9437D4BA063C8C1BA66994397D113E28946B77F41E4CCF3A7407D1929B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217697, "uuid": "b066e5c9-0bcb-43b6-be84-0039141536a9", "value": "8285bd1d71d95ff16c5d24cf9b4358b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217697, "uuid": "3a638341-39af-4bef-91d2-ec52498246f3", "value": "24576:4fB32J+LFwooyjPP0D3o+lJ83Nmj6nIuJQG9YrsReWjquQT1d:yBGciiP+ZJkIU7cW+pT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217697, "uuid": "6884e81b-d418-4769-8ff1-1678ce073502", "value": 1547776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217697, "uuid": "7bf8168e-751f-43d5-9605-7c9af011c225", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217697, "uuid": "f72b1829-06fb-4484-a041-ae7d4ebb808f", "value": "if.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "827e729c-7ef8-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643236634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236634, "uuid": "780f66e3-1517-4c97-aa64-5c4feaf08239", "comment": "Malware payload", "value": "2b2ec30a2bf1c7166055e754a04c6ecf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236634, "uuid": "9ad157bf-101d-4681-952a-ef6c52820098", "comment": "Malware payload", "value": "74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236634, "uuid": "585fd10e-f4c3-47c6-8d7f-e53a5dedad36", "comment": "Malware payload", "value": "c4d2b04eab134dd058994633765410d9aefbe837", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643236634, "uuid": "53970c2f-7560-45bf-8083-4ac112740a86", "comment": "Malware payload", "value": "5e16e47461086faf72db013a9a7844f2149a45a040d1536b77e5270bb3d29d9269f35becb90680e350def896b8ea7e64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236634, "uuid": "103f33ba-df95-4a93-a0e3-3ec3773c3bff", "value": "T155855A65753EB3F3F026913692977AC87F616E07562830B3B6C8438BD766ED005AA334", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236634, "uuid": "02d2882f-142b-4f1a-8f7a-3418e3e6e619", "value": "f215d2d21b2c3bb81a9678c44e03b1e1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236634, "uuid": "e6bc7368-6eef-490c-a6c4-cd451870e4cd", "value": "24576:Zm787TsxrqnKnXDFOTDLmb/Gr5b+WkGNYgMJaWJxALO+N90HD:Zm78HsYKXxODmrih+CWfDAnNo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643236634, "uuid": "6752b5d5-a6c8-429c-bedd-45615563f015", "value": 1757472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643236634, "uuid": "82281c84-1bb1-40b4-ac5c-0dfa54410a7d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643236634, "uuid": "fd29ac68-791c-4953-bf40-806c691f0e75", "value": "2b2ec30a2bf1c7166055e754a04c6ecf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "658d33de-7ec6-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643215111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215111, "uuid": "f4a3ef5d-a99f-467c-b052-7f4a0ddc3f27", "comment": "Malware payload (SilentBuilder)", "value": "5f8922d383773afa3eab5c66d0c5f1c4", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215111, "uuid": "01a73b21-2696-40a3-89b7-f5fd2ca8e890", "comment": "Malware payload (SilentBuilder)", "value": "74fd5b5a996c61bbc0b92796792e3128792e94d1b0b3134ac6fb443f562c4216", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215111, "uuid": "a16282b0-0317-4631-a4cb-06e5be34c835", "comment": "Malware payload (SilentBuilder)", "value": "845aa45f48462e9a2b8a351364fc02e814d18e0f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643215111, "uuid": "088a62b0-dec0-4052-a1d3-df7c9a9cf878", "comment": "Malware payload (SilentBuilder)", "value": "affe27985e88cf245d63f7d1931692582b439e9b042305d384f9ada7abc6ba527a11d8d3bcee04002b83260cbf494bd1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215111, "uuid": "4b0f2cca-0ce8-4882-90ab-d6355c41e724", "value": "T102231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215111, "uuid": "448f167d-f070-4013-b44a-093d2db1fbcb", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643215111, "uuid": "7b556b42-e1a5-4ee5-ab41-c731ec6b2a01", "value": 45570, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643215111, "uuid": "042df45a-de50-4015-912d-deb4474e107c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643215111, "uuid": "7a08ef06-2c53-4d11-9389-c25dc2c5c27a", "value": "tmpxksw3a8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "365933cf-7e7d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643183678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183678, "uuid": "da17f9a0-0185-4758-93d3-c6f3c3addfa0", "comment": "Malware payload (Mirai)", "value": "cebf74e4700ec749fba9f5027a072853", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183678, "uuid": "5e1c8b36-81c0-4c26-b48b-87658d827135", "comment": "Malware payload (Mirai)", "value": "7562dc6be63360a57843ab2645a009233af0e1b2b4f8975e98644c084b42eace", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183678, "uuid": "bbcd7104-54a5-45f5-ba1a-3760605d6d28", "comment": "Malware payload (Mirai)", "value": "ede1b3fb3ca7edebbf280a935db6bd1156beeea7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643183678, "uuid": "422132df-2db0-433f-827c-81146d1975ef", "comment": "Malware payload (Mirai)", "value": "55c6d3b1f0f71d31bbf6b46ea0abe652cc7b75d34911a5a5b85f4911432cdf75b06929b928a332233a2082b2df4dd9ae", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183678, "uuid": "a20eea11-9824-4e0e-b53c-a5ba742e019c", "value": "T16A934F8A7FA03FBFD81ECC3241A4DA0A119C991923A57FBA5F74E408B64711E59D3C9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183678, "uuid": "eabd0142-b92f-41b7-ab8a-b1afa063506d", "value": "768:zznyQyyAApJI7TJkfDhtvYj9w11Ebd0o2jjnk2kbDrnnn9QhcElF:Py3jARDhlY4Ebd01ybDrn92cEl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643183678, "uuid": "8aa5806b-50b4-4ccc-86bd-fe1f8c07fca4", "value": 92520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643183678, "uuid": "dda1e617-e7ca-47d0-9bfd-2e5f5d23372b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643183678, "uuid": "42b115c5-7813-441d-9b58-98cf2b9b51fe", "value": "cebf74e4700ec749fba9f5027a072853", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d0f286a-7edb-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224036, "uuid": "247b2b2c-794f-4d34-8eb7-3a3123741bed", "comment": "Malware payload", "value": "373d288c84dd4a06acbfada7dd1fa7ad", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224036, "uuid": "b08d5453-f473-415e-9359-e9105246c185", "comment": "Malware payload", "value": "7572beac5f24c175293b05863e57225ab9883a1e647eb988b9c2839dfe5827a1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224036, "uuid": "75b0ca34-43c7-4d82-babb-653eab9dc3bf", "comment": "Malware payload", "value": "293b5e44081ec9dedcab5d995915ec227594af67", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224036, "uuid": "6899753c-be5e-4ffa-b687-a2133d23aef2", "comment": "Malware payload", "value": "a46addf2aa841de20fe24b9937ffe3fb958baf1f034cdff170c62826b9881bb205e9569bc7c328c0ccbb77e1d3553d33", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224036, "uuid": "4eb43ea4-1258-4219-8f3f-7474c32c407d", "value": "T107E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224036, "uuid": "8b47066c-f727-42d5-af8c-af3d06823e4d", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224036, "uuid": "7afb2c6f-0ba3-4f21-a050-659c37b990a2", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIkG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGlOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224036, "uuid": "eae59c7a-3f49-470c-b518-9cd54a77a691", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224036, "uuid": "7332c898-6d8d-4a68-9da6-642334f45950", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224036, "uuid": "a062f3a5-2679-454e-899e-fb119e67050b", "value": "9k7AdRZj9udgzOeb.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dcc8a83-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643206857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206857, "uuid": "0f6e53ef-f2df-4e10-aa6c-7ee83e42ae55", "comment": "Malware payload (AgentTesla)", "value": "f6a6671c375bc875b4d3065ad0bde19f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206857, "uuid": "4f8193ca-7f14-4a05-8bae-036cba33de7f", "comment": "Malware payload (AgentTesla)", "value": "757bc84493329926ee3d6c2bea1b185bf9b67f5190989fc82f5d2f43291c6ed0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206857, "uuid": "14c0aac8-df7a-44f1-8a55-5176fedd66d2", "comment": "Malware payload (AgentTesla)", "value": "21ca95805a1a8baf66708a883086df01d3b0d131", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643206857, "uuid": "ea657840-1b60-486b-89e5-ba972e34c39b", "comment": "Malware payload (AgentTesla)", "value": "0419bf9d824a8433559646ba952a45e4a2c481c75d17027181efa2940f9e151a597bfdfd0b0a0f61939bb4ce10f6f41e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206857, "uuid": "b0d055c2-db3c-425e-a21e-b9b2d7a2d947", "value": "T181141246F4A6CA92D610E5F00CC645AB25F6DC864217CDC4E5963D2E0D3E0CDEAA0BFE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206857, "uuid": "cb642a7b-0fda-4a62-a9d7-6751f44efb08", "value": "3072:x5FNLlT72QzdRNoA/P7h8U+jEvUwPprQkBNaNgxP6V5csjvTPuIwFIGx/9/FbRcg:DFNL973neA/P6rjOpPptvP6RvTuIerbL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643206857, "uuid": "9d664861-b317-426e-9db3-ca18740ff5c8", "value": 191848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643206857, "uuid": "b3157125-1d88-406e-a075-a5117513c353", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643206857, "uuid": "c7c570b2-b9ce-47d6-a6e3-c8bb49d13e31", "value": "product_List.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1a027fc-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177067, "uuid": "0ba6e0ef-6c64-479c-a19b-98fbbb798992", "comment": "Malware payload (Heodo)", "value": "e2316c2ba01dcbb33835f347f41df4a9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177067, "uuid": "950c8fca-7aef-48f6-b64d-4d37b1108a02", "comment": "Malware payload (Heodo)", "value": "75b47f791294e54d4d3822a066736d707453b54210f56f06c2da3cf708eb4da0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177067, "uuid": "cb2e9b4a-7701-4549-9296-c2f817af4c6e", "comment": "Malware payload (Heodo)", "value": "227ae0c7b47dc8b6ca3e3f0771ebae8d64541e30", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177067, "uuid": "8a653056-cf9d-4a5b-b5bd-0d55ff1eea00", "comment": "Malware payload (Heodo)", "value": "92551d4ae98d6ab313270f45f6560ba3868e608cc3f7552377646324a225cdab0037c6f14e6ff1515c5f2c2a76e47c32", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177067, "uuid": "3d313182-32d9-436d-90c4-e8f5a4103490", "value": "T1FBE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177067, "uuid": "84e592ca-9299-4fd6-88c2-3ed07a81fa52", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177067, "uuid": "b15c84eb-f192-4208-8724-4717d2f19c88", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lrNACHKm2tkJV8u:o87vGJzomxhwhbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177067, "uuid": "5b14a316-cb33-4b35-abd8-501f869da045", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177067, "uuid": "ad005d1a-ee3d-4e1a-bcb2-edc6431bf1e2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177067, "uuid": "2e3048bd-5584-47c8-a9fe-71affcdaeff8", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:29_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c65c37e0-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643199382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199382, "uuid": "7bfcd6ab-88ea-4006-b24e-3ca8c2a734e3", "comment": "Malware payload (Heodo)", "value": "cc2e7a46692e347682d28f8f58f4d26d", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199382, "uuid": "6f55115c-af5e-486d-87d3-c01b73e850a8", "comment": "Malware payload (Heodo)", "value": "75b483a8cae5078c7326afbd5da1e0f51b0839d926e808c09c5c42e8ad96f107", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199382, "uuid": "8438b5fa-eecb-4678-addb-fc3207323a1c", "comment": "Malware payload (Heodo)", "value": "a13cd1872e5fd429c98c3ba337cca86027fbac34", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199382, "uuid": "65a288aa-d643-4e04-8fc7-5a9b9b7e948c", "comment": "Malware payload (Heodo)", "value": "c677c3471d08cc1eb53aa9b26132fc8eb7d8f2378f8e1910d80e565da9a3c12df3cbb6e4b8021954ad688bca5b358045", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199382, "uuid": "83742a35-5b3e-49c5-ae90-b9abf5fe3323", "value": "T135E35B5576B5C9F6D60407B10AD2CAFA2327FC739E5603E33198B30D1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199382, "uuid": "67c4dcf7-45b4-4c09-bb78-855aa54c12de", "value": "3072:77cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGx7:XcKoSsxzNDZLDZjlbR868O8K0c03D38W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199382, "uuid": "0b6484bb-fca6-48dd-a51a-bb8f0c252208", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199382, "uuid": "3149cae0-e56f-4edf-a81e-035a50ab17a5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199382, "uuid": "07ce2b73-d83a-40b3-8907-4b94673cc946", "value": "843442282497638273385952672.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e0fde83-7e82-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1643185866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185866, "uuid": "7128618b-3002-4498-b82c-95946bacc3af", "comment": "Malware payload (NanoCore)", "value": "0484c885885e6b4635cf330d72eaba9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185866, "uuid": "81761a40-f57d-4143-8fdc-b64972ecc93b", "comment": "Malware payload (NanoCore)", "value": "762aa095e3249e971c9b8ed7b0bf6489648db9a61496112ff237d6120f3e092b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185866, "uuid": "9edf2d24-7613-46df-917a-2da023cd03b0", "comment": "Malware payload (NanoCore)", "value": "86ed8ae352598ba36d7b58ceba43a81773ab0bb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643185866, "uuid": "b65fd328-0fe5-482e-b65e-1687435954aa", "comment": "Malware payload (NanoCore)", "value": "8a882047dccbed4f4d1558fc60a71d078783d8690cdb7d1eeeae551be35f855eb47fa0747c5ae5ceb1dd8c045534a30f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185866, "uuid": "8ad336d2-a1c1-4446-abe6-71eddf588046", "value": "T1EC75AE85EB8444F0D25D3C74927433711237BFAE75DCA9A4EAB6B8001BBA2C27476D63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185866, "uuid": "08241453-6bfa-46a9-881f-baee0dafab27", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185866, "uuid": "82efeead-97da-427c-b122-a059ed409905", "value": "24576:M0KeYYX4u9x1MbMMwqG2whjg5SithktIhbeArHmNH/GsEp:M83x1MIpZ2wWSgb5rHmNf5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643185866, "uuid": "3b5630c1-ee7c-461d-8c83-c2bbbd6df19b", "value": 1590272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643185866, "uuid": "8d92ec33-52ab-4c70-a59e-6e959b39a984", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643185866, "uuid": "54160971-3d2b-42cc-b396-0646c379399e", "value": "Order Specification.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "256cefa6-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177208, "uuid": "063dcd87-f27b-4650-a5c3-cf212bdb33fd", "comment": "Malware payload (Heodo)", "value": "855b6c7b8fd6d8d6ea5e6526b60c5e6f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177208, "uuid": "d3d7b024-a6bc-4a64-ab28-f53fdba7933e", "comment": "Malware payload (Heodo)", "value": "7647de937dd108349094135176cf5044fa7233b7f8b6e328a9546e49f5ae6938", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177208, "uuid": "f213978c-0404-4eb2-83c4-cd6637940580", "comment": "Malware payload (Heodo)", "value": "952dc0a1a5483dc23c5d2ef054bafaa0aef7af55", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177208, "uuid": "72e76a62-a984-4e21-895e-3fb8f578236d", "comment": "Malware payload (Heodo)", "value": "1161ad985fd8f82afc49da463a9a596cdca450810e3057b94bee16ae24d437ec259ea79ce9604586492d163c1a07f823", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177208, "uuid": "1e55086c-cb0b-4ba8-83c0-3d60667cd806", "value": "T14BD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177208, "uuid": "7517f606-f70c-4283-9d28-304508e9b76b", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177208, "uuid": "1f1ef669-bd4d-4665-86c0-f715183ceaea", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLvkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQbkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177208, "uuid": "65c6bcb7-ba25-44b8-88d5-189cd35b3bd1", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177208, "uuid": "b3e09463-a09e-4c2f-88e4-f4b6daeeb6bd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177208, "uuid": "16aa6945-8a96-438f-804d-4d55e47b723c", "value": "emotet_list_ioc_cronupTue_Jan_25_11:54:00_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bfdb534-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643225376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225376, "uuid": "c7fa3731-17b4-4ee6-a175-8b61ee6aefbe", "comment": "Malware payload (Heodo)", "value": "e2a30e6daa3d40b307a6a5b26d6054ec", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225376, "uuid": "aef15709-29de-4a82-a22e-895f5ad47436", "comment": "Malware payload (Heodo)", "value": "766446d088583f6d6cb509a0dac774e8bf373deba31d25eddec7e22ef44d0153", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225376, "uuid": "99827e5b-81e8-4115-92f2-698fd7bc970d", "comment": "Malware payload (Heodo)", "value": "ca72f9aefd6e80a1424f17d688fa1d3f8981078e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225376, "uuid": "f6dfab92-8d03-4c08-a29d-8b06a8ba017d", "comment": "Malware payload (Heodo)", "value": "cf95ae8a0a46ae588c289f8039ae6a48739fc2b7984de8de787943828402d4a18967747c48ac759b06d230d6cb21d23d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225376, "uuid": "aa6713d6-dc75-4d92-a7a3-7e91eb133f15", "value": "T13E05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225376, "uuid": "f196c93e-1787-4f43-9f2c-dba23ec1d9f4", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225376, "uuid": "ef10ddd2-62b9-439f-978e-cfa3fb7ccb8f", "value": "12288:aA9e3OrvpgqjtQFecJ6dddifiHxoB3rNd9CDr:blrvpgqj2FeuQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225376, "uuid": "6940b6d3-2e3f-4a25-b9a4-e5298765e3c3", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225376, "uuid": "f461aca7-df1d-45f5-a440-486a905e4670", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225376, "uuid": "df612cd1-d9b8-4004-86ee-af3dd9d65de7", "value": "e2a30e6daa3d40b307a6a5b26d6054ec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59a4c36c-7eae-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "3a2f4287-3d0e-491e-9fb0-3da9c58d83d0", "comment": "Malware payload (Heodo)", "value": "870140089170dfde800e05904e2ba924", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "4c65194c-02cd-40cb-b899-54afdf1a4cb0", "comment": "Malware payload (Heodo)", "value": "766b2970ceaf1d648e681a8b56f59bc66086963efe556ce9a8cea452d7f265e9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "9c7710a4-1e6d-4105-8353-608c4da57d14", "comment": "Malware payload (Heodo)", "value": "b4bb32cadd874525aed410ffac4b0ba5eb9099ab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "ffa8e628-afdc-493b-82c7-b26fdf6840e9", "comment": "Malware payload (Heodo)", "value": "bf9789f9f7e4e0890cfb97bd325eed71d811603bcae77feb3213c11733f3489cc9bd8d45728918718b62245285a2171a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "e2146895-8c19-4e93-86da-b67421af3372", "value": "T133E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "9179974c-1f82-4c3d-91f6-d9da2f91be77", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "99ee3084-c896-4245-b74b-866edc2bc10a", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIoG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGxOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204783, "uuid": "7a7d99f3-e955-45fa-a1f1-0984dd0b8363", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204783, "uuid": "ebd06f6d-f411-4bc4-ab13-6bdc537a2357", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "66e2b9ea-3614-4833-93f3-67dc84b4a2b9", "value": "emotet_exe_e4_766b2970ceaf1d648e681a8b56f59bc66086963efe556ce9a8cea452d7f265e9_2022-01-26__134616.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c92756a2-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "ec5f419e-7408-4049-8892-6fd09d3e38e7", "comment": "Malware payload (Heodo)", "value": "d333a52f35b8daa85181232a3f9ed56a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "7f4fa509-8b8a-47b3-afc9-2acdc7172afd", "comment": "Malware payload (Heodo)", "value": "767d21fd208baa33347982a9c7e3cbc16a376e7761375f95557e9f93718519bd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "6944cc0d-3d8f-4207-b3eb-e3f623a7e24b", "comment": "Malware payload (Heodo)", "value": "8372c153bb8cb3ad520510c4698ce64692930464", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "758ec1cb-1bb2-4a97-aa30-32a27c71d0d6", "comment": "Malware payload (Heodo)", "value": "036fdf56a9f2063e1ba25b279ed1484217368606eb412c1fb7160271a6f1bee0e9bfd82bf53305acc8d2942d8adc2c49", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "d8a8007f-9ccf-4786-a610-27a3bc258488", "value": "T145D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "0c9ba7ee-1969-4a4e-867a-e4ddced06c62", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "ba702b65-0cac-416e-9e9f-cf21a17aab28", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmMOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmM/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155578, "uuid": "0fafca6d-817c-4e9e-bcba-7ee7fdb1325e", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155578, "uuid": "6533a05d-2f1f-43f5-80cd-2cb9650f7138", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "46165217-38b2-4969-a9d6-a0d45fa10621", "value": "emotet_exe_e5_767d21fd208baa33347982a9c7e3cbc16a376e7761375f95557e9f93718519bd_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12df3095-7e9a-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643196074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196074, "uuid": "3a185a72-0e64-4ffe-b044-2c05c40ca432", "comment": "Malware payload (Heodo)", "value": "5c5dfbb6efff270f3d1cc1e6706308aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196074, "uuid": "48289bff-709d-4576-a9fb-ca616fa22a95", "comment": "Malware payload (Heodo)", "value": "770bd3b1920e4963a7d9af9b6fa839746ab917a299de33aa1be680c42619b170", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196074, "uuid": "727d6050-aeb3-4601-a373-90ba9648de52", "comment": "Malware payload (Heodo)", "value": "686e25393d9e3cc442b39e788d1dd8d32f3741b2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643196074, "uuid": "31ddddf9-8600-4619-b2c2-732b9e8f2bab", "comment": "Malware payload (Heodo)", "value": "b73c47f6a4b1ba7183aad514a42d8299188d5f39150a4ce7012f315f914211774e85b7190679820ce767040696377c06", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196074, "uuid": "7cd6a1a3-c576-426d-b535-d45ef2779c67", "value": "T1D005F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196074, "uuid": "942aa18d-5b08-4b0f-91df-352965d0a62d", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196074, "uuid": "9a176f46-0179-4b2a-b82d-3a40810218ca", "value": "12288:aA9e3OrvpgqjtQFecm6dddifiHxoB3rNd9CDr:blrvpgqj2FevQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643196074, "uuid": "9007ce81-1ea3-4575-9e52-09f2a4c55a61", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643196074, "uuid": "37887821-1c85-4450-b0d0-578e00b977d1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643196074, "uuid": "8634c4ea-e6cc-4262-8ee3-bfeba7356410", "value": "5c5dfbb6efff270f3d1cc1e6706308aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c845e83d-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "a5209842-a20e-42a3-849b-a3dba1f25d52", "comment": "Malware payload (Heodo)", "value": "8c05fe7b329343944b88b2e891996760", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "9d1e6b3a-3de7-4933-a10a-e5e7c73f3365", "comment": "Malware payload (Heodo)", "value": "7771ea75634ca27aa9cb8c7c1eaa28d81cfe7b36ba2662078b51d7d9b3a8c28e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "9b9d03bd-0d2d-42c5-90b7-ccd4b164512c", "comment": "Malware payload (Heodo)", "value": "c6a3fd0c71c0219add1e9eb1d32987155d840c04", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155576, "uuid": "75545c98-66bd-429a-ae11-6c67cd75ead2", "comment": "Malware payload (Heodo)", "value": "f9563f3f7b7209ab543019a9995ecf263db35286c880a492926f44d2a4cf85fbc6eaca61a88d005a55ab3ad7d01976d9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "1da334f5-9577-4796-9747-0cded19d0607", "value": "T189D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "2f2565ea-a8d5-435b-8e8e-ff88d0b58312", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "9fc20557-4606-4ae7-be45-de995e183783", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmaOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mma/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155576, "uuid": "b8c1a496-bff0-45c8-a50c-6ae7a883770c", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155576, "uuid": "4ed2954e-2d50-4120-92b9-8983d26d3d96", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155576, "uuid": "73f60c90-5671-4901-a8bf-4e19f705a4a5", "value": "emotet_exe_e5_7771ea75634ca27aa9cb8c7c1eaa28d81cfe7b36ba2662078b51d7d9b3a8c28e_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67206201-7e53-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643165721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165721, "uuid": "3ce93cf7-b0e7-4167-927f-53822d3e5a50", "comment": "Malware payload (Heodo)", "value": "cfd347fd4ecb93722b66c0d9d649189e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165721, "uuid": "082de267-f750-4fe3-a0d3-60c9f9abc875", "comment": "Malware payload (Heodo)", "value": "77bd38bb007666e8dab958c977f27a5d715ee7e42374486eae6e4bf92dae10ca", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165721, "uuid": "7460d99c-1eb7-42ed-ab09-b1fc385cf124", "comment": "Malware payload (Heodo)", "value": "ff7fa05c914e08b7f3501eb72a7fb0399450c1a0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643165721, "uuid": "a0e6e3f2-14f1-4908-9ea6-2f49afe29174", "comment": "Malware payload (Heodo)", "value": "e6bab00e99ff03e6549094026d2827ae4c7fdcc707c9c0b2c97563f6dc81761d47237764b6c7b9a88bdacb5cdc5f0e1e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165721, "uuid": "8e63e59c-9638-407e-b3c4-9bdbf485601d", "value": "T15CE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165721, "uuid": "800aefa0-71f3-4cd8-a40c-b726482a45f7", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165721, "uuid": "603c566b-0026-468e-ae40-aec5efc757a5", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lFNACHKm2tkJV8u:o87vGJzomxhwzbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643165721, "uuid": "84e5831d-c0a7-4009-9de0-c086845230e0", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643165721, "uuid": "289148ee-39e2-4f26-b818-678df4cfbf12", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643165721, "uuid": "2fa78ac0-b63b-4b32-bf7a-becc8db7b5c5", "value": "cfd347fd4ecb93722b66c0d9d649189e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93a09509-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220772, "uuid": "6456983d-0fff-4b8a-a475-56b51fb88864", "comment": "Malware payload (Heodo)", "value": "1833979a9f4ae792271d5dd2dc5e4e00", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220772, "uuid": "8bbec7e4-accb-484d-853b-338fd6dda616", "comment": "Malware payload (Heodo)", "value": "781a1792b811acfa0e6eb486ffbb5edb7f0df9397d933aa613d7d28008b9489b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220772, "uuid": "64d6f605-9f00-4c3c-91d4-dc2b839c36b2", "comment": "Malware payload (Heodo)", "value": "6720bf57458eefe35dddc113ddd8092e03b64fa1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220772, "uuid": "26ce4c91-35ae-47e8-a5ff-13ac865d9bf7", "comment": "Malware payload (Heodo)", "value": "f5ceb5214c834e32e7b401441626941dd3c99a8514a6454d47dabed6e6855f00d398bf99ef1f2e7ff601e7a8489f0f62", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220772, "uuid": "38dab54e-1bec-44e7-8b81-8e3652a4cc63", "value": "T1CF05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220772, "uuid": "04811ac6-cee4-48a4-a358-325307f01070", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220772, "uuid": "49f01209-603b-4812-ae79-3f23169ea3c7", "value": "12288:aA9e3OrvpgqjtQFec/6dddifiHxoB3rNd9CDr:blrvpgqj2Fe8Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220772, "uuid": "651bf1a8-0c23-4573-bada-3bd506ba7387", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220772, "uuid": "dd90f8e8-288c-47ad-8688-730d2e743c64", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220772, "uuid": "aafed5ce-ba71-4e9e-924c-bc6d3c2e29dc", "value": "1833979a9f4ae792271d5dd2dc5e4e00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "737724c2-7ed8-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643222865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222865, "uuid": "ad662848-4b68-4d7b-b31d-e957da915e09", "comment": "Malware payload (RedLineStealer)", "value": "68900761d23c77b005b89feb89876c85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222865, "uuid": "d03b4905-45ac-4fbc-9c2c-8b6ac5badc18", "comment": "Malware payload (RedLineStealer)", "value": "782f3607d63d38bd59a78ae9f219ef092850f29c3da05c019594b44f53ac84ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222865, "uuid": "d82c3385-195e-4c67-861b-748faf589f88", "comment": "Malware payload (RedLineStealer)", "value": "2d9a95cfe66fd559424957eed4ac797271a87144", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222865, "uuid": "d140a23a-ef16-4cf5-ad76-30d325384982", "comment": "Malware payload (RedLineStealer)", "value": "ac4c493d21693ac650c641877f12e08d1c7747b80353b82e1691edbcc324e23c50f678a9995c363b6f41df2838785c84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222865, "uuid": "dcd5c5ce-589c-4a12-978e-a2678788ced5", "value": "T10DB401D5CA2A111DD9DAD032973A1A26C0674FB604C66E26BAE1B11FC77B857037F332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222865, "uuid": "6e5502d8-f8be-4d3c-9244-c20f961c46c9", "value": "7cce5ee9e62671dd5b9277d511b8713a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222865, "uuid": "75d08c51-b521-4e37-991c-b1c45e54188b", "value": "12288:VYabPxccfZwTe8ENpq8UfjAzYEGFxAJg0f3qdKA3C90Bs3mHc:LbxcQZwS8EbbUfjAzn5Jgs3qdK/9Os28", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222865, "uuid": "fb3fd561-4278-4104-8085-bebbde6a8782", "value": 528048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222865, "uuid": "ea285223-8c9c-4e9d-93b6-bd85684ea3da", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222865, "uuid": "9833ca6d-ac37-42c3-b0d1-0431683e850f", "value": "68900761d23c77b005b89feb89876c85", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4eef03f2-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643213355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213355, "uuid": "b9e257c7-280d-418d-8052-006eb7452942", "comment": "Malware payload (Heodo)", "value": "c124fbad7e93a241902a6b6f924f79e2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213355, "uuid": "7f69241b-1ef5-4424-b291-6c0c7a2a2eeb", "comment": "Malware payload (Heodo)", "value": "790f0271e82cc06ab5d1881fcf87177fba0be88481bab3eeddbaa1145d4d938e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213355, "uuid": "d4e0a7b3-d19f-4f4b-8534-ef98978e3166", "comment": "Malware payload (Heodo)", "value": "19e110eb8db9f7d24b64e8a554b7adff4a41652b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213355, "uuid": "84361c67-8861-493e-85a5-39e893f85174", "comment": "Malware payload (Heodo)", "value": "1ed1c35aa7bfddbcc7c126a077a253c63fecc5f8a8b5932546577ddfb186477a7be3756b42b0e9357b7e1c0f266bbf64", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213355, "uuid": "b8908edb-1a8c-4ff1-8c79-059f9185e81a", "value": "T1DBE4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213355, "uuid": "2390073f-7456-4516-a6b9-5e5661c5740e", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213355, "uuid": "c23f4dc1-3bcc-4382-8c7e-2b0427ba7045", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orInG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGGOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213355, "uuid": "31ab0c91-d12b-490a-9c21-2344d5d5bc36", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213355, "uuid": "c61d4bd6-f442-4b05-adaf-b00ac302e492", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213355, "uuid": "afc28980-b4e2-4788-aba2-a1a158368404", "value": "c124fbad7e93a241902a6b6f924f79e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8f9888f-7ebf-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643212352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212352, "uuid": "dae54eec-446c-468f-9866-be8b080b2eec", "comment": "Malware payload (Heodo)", "value": "781a4e297c25a8b3d853824344a9a32b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212352, "uuid": "6807c1eb-17c7-4605-ba7e-4a3c57f77b8e", "comment": "Malware payload (Heodo)", "value": "79379c53a13eae1848f85bbe985fbfe36f216fc425e60a120c5558e233e728b6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212352, "uuid": "ad55286b-e9fb-4ca7-abc3-aa00e9a79231", "comment": "Malware payload (Heodo)", "value": "422a47a380a547d7ae290ee50d908f2d8d5b60b2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643212352, "uuid": "99e2c6ac-4a33-4569-96c9-6bf97b9964b2", "comment": "Malware payload (Heodo)", "value": "f498f83cd6b60231c1b5dc0696a775024d9ef99797156a33ea21605d10a01511a06122e3b11e0c825efa0dedc52d859c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212352, "uuid": "1d8100d8-8b50-4cb7-9238-73cfc45b9f92", "value": "T10F05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212352, "uuid": "6afefb39-cbb9-4942-bce7-fc6a54d052e0", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212352, "uuid": "9e97d59a-9309-4b56-91e5-1c8bcdda674b", "value": "12288:aA9e3OrvpgqjtQFecn6dddifiHxoB3rNd9CDr:blrvpgqj2FewQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643212352, "uuid": "e25e8173-9312-4665-9f25-b0250c6abaa4", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643212352, "uuid": "13cf9ada-0aa8-49ec-94b8-c5a3b69165fe", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643212352, "uuid": "cf8893e9-4283-429f-9043-aabf359e2c0c", "value": "781a4e297c25a8b3d853824344a9a32b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76955f9c-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155439, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155439, "uuid": "04d3302b-f83c-4b57-bbf1-e94ee5e3b12e", "comment": "Malware payload (Heodo)", "value": "552812d8e5700bb88fe86c4b2c55d766", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155439, "uuid": "b4e28e28-e9ee-47e8-b10e-8856abd4fe2d", "comment": "Malware payload (Heodo)", "value": "794f60fa34311a38ce0488952e106490d771e484add52004ce80ae2c1aea61d4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155439, "uuid": "c0806c0c-df9e-4d38-803b-c9a61711fca7", "comment": "Malware payload (Heodo)", "value": "c3f9ccccd4353a326b5a8487388953978d81c63f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155439, "uuid": "f1217f01-a68e-46fc-af3d-4b9e5f8d28ce", "comment": "Malware payload (Heodo)", "value": "e8e39525641c9e9e0062f559c58e11a022adb003b7e3983ee767ef7ca9e1456c2bd6494c661953225bd315905cb5fa26", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155439, "uuid": "9cb717e2-12c7-43e3-b59b-9a7dde4c78d8", "value": "T1C8E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155439, "uuid": "304838e7-c6d6-4e02-a475-4d4cbfaa9e3d", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155439, "uuid": "75184dfe-2ab6-4986-8081-d8f4351a10d2", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lGNACHKm2tkJV8u:o87vGJzomxhwGbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155439, "uuid": "e73eaecf-38f9-48bc-907f-1d710ce33ed1", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155439, "uuid": "d4a7ca6e-de93-4357-92e7-2313ecdf869b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155439, "uuid": "3ea9f818-692f-48bf-9f77-3477e294d1b0", "value": "emotet_exe_e4_794f60fa34311a38ce0488952e106490d771e484add52004ce80ae2c1aea61d4_2022-01-26__000334.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80ae20f9-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220740, "uuid": "818ca8ef-b518-41ae-b105-5e087918194a", "comment": "Malware payload (Heodo)", "value": "1d2264d27d7be2c0d837c07d526b8941", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220740, "uuid": "d197b5cb-7120-4723-aafb-be94f361b2b2", "comment": "Malware payload (Heodo)", "value": "7965b862f6952e3ce08abe35946448167f444187963cf076fb00cc93cab92cb6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220740, "uuid": "a8024d66-176f-4f80-af5c-d71f6a0ab932", "comment": "Malware payload (Heodo)", "value": "3acb302cd32070ab76737f7e4b89579ab4f000a5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220740, "uuid": "61fb15a7-e39b-463a-a269-0caaccf38ac2", "comment": "Malware payload (Heodo)", "value": "b700bf60e871e2be07b1ffc882db429a77030fb7833553462c86d2dabe29850f4099b50e00ab4b47454a9a4558b2af26", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220740, "uuid": "b40cbe76-305f-47f7-8175-7cb64d10c995", "value": "T1C005F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220740, "uuid": "9280eb1c-039f-42df-8521-802c7bea4d58", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220740, "uuid": "1314a425-0a28-487d-9e50-e7bf3331401f", "value": "12288:aA9e3OrvpgqjtQFecY6dddifiHxoB3rNd9CDr:blrvpgqj2FepQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220740, "uuid": "a8cacb57-0206-4012-b472-f02ea9a29ae0", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220740, "uuid": "7495eec0-4d7c-4924-b4e0-66be15229ef8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220740, "uuid": "6ba9f0be-8511-4b76-ba6a-87afb3f933f7", "value": "1d2264d27d7be2c0d837c07d526b8941", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3fd8fa9-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177125, "uuid": "9d198340-732a-48a7-b46a-b8a4a0805c94", "comment": "Malware payload (Heodo)", "value": "e4c45818223d03baab8767763b5c19bd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177125, "uuid": "898f456b-b160-48bc-907d-ee17204a5554", "comment": "Malware payload (Heodo)", "value": "797b0afea852d66c4334b1ea15743214e989bf4e8116c661ad2e9454896a5c97", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177125, "uuid": "c52750c2-6190-49be-b6a8-3fda37e05f6b", "comment": "Malware payload (Heodo)", "value": "0b30305f36f69409389161bd0f0661f2a7d3eaee", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177125, "uuid": "fff8e950-6c7c-4e47-9e46-ac12b4123962", "comment": "Malware payload (Heodo)", "value": "fcd01df42b283fd38db7a886e6d2af3605824c11d0c1bd163a8730a1c0076a665c23dff31461d22fbfb7f50a054d32d2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177125, "uuid": "c84e5182-3a4f-40be-ad29-d1b62b1ad9e9", "value": "T198E4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177125, "uuid": "029a4ce8-9772-4434-afef-bc751ca21d40", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177125, "uuid": "824b7e8d-f185-4de7-b9a4-148e90078194", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4lpNACHKm2tkJV8u:o87vGJzomxhwnbKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177125, "uuid": "a2cb6aec-e3c5-4c8b-b359-3b4b91996455", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177125, "uuid": "b883ba2d-7fb1-4918-8a8e-f01d64cfe1dd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177125, "uuid": "938379e1-39d5-4e7d-8dca-61e2160bc4f9", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:40_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce3acc9f-7ee7-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643229460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229460, "uuid": "f848d6d3-05b0-443e-b693-fd3264e8a8c0", "comment": "Malware payload", "value": "1f5bf118b0bcdf90d59cf4acf6b1979e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229460, "uuid": "18d2f756-6b70-40d3-b06c-096c805b5afe", "comment": "Malware payload", "value": "79b16fb115998b04f71468a0cb5fadb5b4d5eaa32660e6ead6e90108ef58b588", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229460, "uuid": "1204a5ee-5d88-49d7-8ea9-97e26cb16897", "comment": "Malware payload", "value": "8d211c6242543b6f2006374f8b55d899cb021088", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643229460, "uuid": "bc222e70-c48f-486b-b4c3-cece66fda19d", "comment": "Malware payload", "value": "57bdc92b790796831b9c171834571eedc5e2e30403a9cfa6821c49e0ffc4684e84ab3abfdc81ae94a3cb0a07abd83074", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229460, "uuid": "b7b81d83-8988-49cb-af56-3a333a8d62b6", "value": "T15FF48C7BF049C836D299497681DFF10C43B1B803BDCBF9AA2ED7F5096651B46AA0520F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229460, "uuid": "aca14b7a-514e-42f1-8027-02a69dd351a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229460, "uuid": "39d47b33-10d8-43d9-a3c5-a38caac277d2", "value": "12288:8k75usfWXmwvh0Y6aCdG4y0q8z8UyPpjs0s8nwumLVfK28Gr4Jtrfr:8k7AsyamlUyJMWwFVfh3O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643229460, "uuid": "b6c3f542-eb57-4f70-8fec-fc712a53332e", "value": 794112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643229460, "uuid": "f6f18656-c6a9-40b1-ae3f-567db7b6c48d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643229460, "uuid": "88491681-4d32-4c3e-9881-c4f93a79c989", "value": "SYwTRaSBAv9Tcx3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13608ef2-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643188774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188774, "uuid": "4a7527f3-e40a-4198-8064-7f17b1847252", "comment": "Malware payload (Heodo)", "value": "d7addc219cea45e4c158d0d5fc77bff7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188774, "uuid": "761f04b1-99ea-41d7-930e-69cef259f167", "comment": "Malware payload (Heodo)", "value": "79c76ca904e7a8cec304f12186d50c8e85fc463e0a5fd96aa55bd0ff152e3949", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188774, "uuid": "7099c4e0-3e50-4d5e-8537-8b22deec15c5", "comment": "Malware payload (Heodo)", "value": "b5d7b76cebe729588dbe07488a4e670227f584ee", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643188774, "uuid": "59b94c74-e31d-480e-9747-b133deabae09", "comment": "Malware payload (Heodo)", "value": "33f0f3467866c0a532aa599a1deb484a47f147691247e6415411aaf1a18d899ae28a37962e47b147a6eaeba704adb1df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188774, "uuid": "6235491f-f8bb-48f2-9665-f549430f73ec", "value": "T1DF05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188774, "uuid": "14e8814b-6178-4d8b-9712-1ad37ed0ced1", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188774, "uuid": "56b41179-556f-4060-9e7e-6604333b1afc", "value": "12288:aA9e3OrvpgqjtQFece6dddifiHxoB3rNd9CDr:blrvpgqj2FezQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643188774, "uuid": "77ace66b-7888-4c0b-8bb8-bbf5a1c7037d", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643188774, "uuid": "d4ebd634-3f15-4491-8c7b-d051716d3cf9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643188774, "uuid": "23e6bf5b-e046-462a-978b-e2af61a51ec8", "value": "d7addc219cea45e4c158d0d5fc77bff7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba8d2cc9-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177458, "uuid": "904c20e6-5f7b-43e1-bdfe-b21847a2607c", "comment": "Malware payload (Heodo)", "value": "6b8364305b9e8143bc9378627dc86a13", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177458, "uuid": "039ead78-c2d3-4177-8bb0-7de04c0d5b43", "comment": "Malware payload (Heodo)", "value": "79d21212ede80612cecd2e319424918b3f95dd07e305e99bb3f4941ab60ff2c4", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177458, "uuid": "5063de6e-e7a1-4025-8e2a-4166ea20d60e", "comment": "Malware payload (Heodo)", "value": "48055f0d2d41f6b09b2cd538b6fb80ff9c260111", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177458, "uuid": "e50c0ff7-c27d-454c-b8e3-78e1ade42e84", "comment": "Malware payload (Heodo)", "value": "1a9e1d1d6179a1d4676ebdb19ef500815a77aba51b85558758a059eeedade29db7b2cb333abd2599c4ddc4acf9a6ab51", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177458, "uuid": "8a67c7fd-52f5-4f62-83c2-d9aeebbddf3c", "value": "T17133D0AFE5A1357BD225C17DD96C9391F44EA2151E88F3C92DA0FFE49201792069E38C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177458, "uuid": "2dd1f0af-3da3-4f73-a685-c1382989d029", "value": "768:w494OjmfxV6sbaLX8iWjzwxmCeOG2S6DaqmBVZKNAxalvxnvy1OA16OiiiiiiiiO:VjmfxVXAiozeO0XVZKyalpvyR1bZjvS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177458, "uuid": "7c795709-4dad-4eca-8adb-cc2091e722dc", "value": 50688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177458, "uuid": "9f4eca18-5e6a-48bb-ae67-d9a39e074b52", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177458, "uuid": "2a4e84cf-e84e-4eaf-a094-c60f13812eb6", "value": "emotet_list_ioc_cronupTue_Jan_25_11:56:42_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcae6891-7e9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643197272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197272, "uuid": "f28a9bd3-e0ef-4044-8be6-e14aed0b32b2", "comment": "Malware payload (Gafgyt)", "value": "88dc4e3f966b2349447fdc3408076a3f", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197272, "uuid": "e10de908-c753-4f93-a3b1-87b0d8c7314e", "comment": "Malware payload (Gafgyt)", "value": "79e12eb9a6068a96aee1479bbdba5096e0d7b4f2a8966a43983d86151712c469", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197272, "uuid": "c077c9f7-3a8a-460b-bd96-e642502c414f", "comment": "Malware payload (Gafgyt)", "value": "c2ba3c59a8eba2ea490fffe92bc7cecc4f009465", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197272, "uuid": "3f71015b-4a1d-43f4-bcc1-513a9799e8b0", "comment": "Malware payload (Gafgyt)", "value": "37ccb58226ddac2c71c6c060aa7565a61603bca12eba4b765b4b65789155ae415d36aa1538a0211e0552c9f8805c7878", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197272, "uuid": "f0379cd6-70a0-4a25-a2dc-fa97e0277daa", "value": "T1DCC31A05FD404B27C7E227BAF79E438D773666586BD333115A296EB02FC1B982E39160", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197272, "uuid": "cf4fdd8b-574c-4890-a360-494a1ac4765e", "value": "3072:6JDZ+6lJQTnoo3/KirYKYAXg65h3itu+SrRA3TqojwQQRh6RYAvZR:5YKtg65h3ituBojwQQRh6RYAvZR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197272, "uuid": "ec2a1edc-8f31-4f38-8178-254e082e1ccb", "value": 128317, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197272, "uuid": "76e60ed0-855e-408a-bb2b-c05e4278e992", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197272, "uuid": "65e5a441-05a6-4e50-9597-042431503a1b", "value": "assailant.arm4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd3c76b4-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643207124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207124, "uuid": "a1dd0379-51c5-46ff-a616-870fd1d05ca6", "comment": "Malware payload (Formbook)", "value": "cdc3220cc6be8eb55796d538a32233d8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207124, "uuid": "4e4c4e1d-4176-45f1-aa52-b8cc1bf7db48", "comment": "Malware payload (Formbook)", "value": "7a39f705b79a26591fa930c917ebf37ac8f0394017521970a45cb8c49c3bbb65", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207124, "uuid": "57e6d837-7d54-4cb5-ab96-0f26a8d7e217", "comment": "Malware payload (Formbook)", "value": "44a4112f85212f4be348c42710009fcec6337063", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207124, "uuid": "34c28ce3-055a-4f36-a036-345772cdb596", "comment": "Malware payload (Formbook)", "value": "66ffd8f1dd96009d9422cecee5ea0a90a9b1bc4e0b36cbbea088b92242cfee4730c8b69f336850f48caa36df82fe9f99", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207124, "uuid": "63383dd0-a9ce-4793-8126-66844046a73c", "value": "T16B05AD2BF448C876D299897241DFF00C43B5B803FACBF59A3E97F10A6551B47AA0592F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207124, "uuid": "0a5759f8-f280-46d8-ac65-9fdc72965b16", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207124, "uuid": "5474ecf4-30c2-4bc4-b217-80c8e51a333b", "value": "12288:jbNROqNXhqJLu+3I5LCthCR48hpjs0s8MwgNbgStWorNqYDEuTtO8gBghLsq:jbvG7rb0Mtwg9dtW1LuTtXLF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207124, "uuid": "bae3f3ec-1df5-4d90-8132-d2ebfb119fef", "value": 859136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207124, "uuid": "3f041e45-962d-4961-b351-fba2e4389c72", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207124, "uuid": "e02918e0-531e-47d9-a72e-d13aaa37467c", "value": "cdc3220cc6be8eb55796d538a32233d8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9966b1d8-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1643207896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207896, "uuid": "6972d4c4-8fad-4af9-a886-6671ac0dcbf8", "comment": "Malware payload (AveMariaRAT)", "value": "10a12fe7f5f7115ec2e7905863bdeb6f", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207896, "uuid": "b4b7b0ac-a8fe-4d34-860a-f3570550b3a6", "comment": "Malware payload (AveMariaRAT)", "value": "7a5846b1a7c0bbada0892d8b315bef3b4682192268da9ea779e98449681dd7ed", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207896, "uuid": "d4a2719d-b097-4242-821f-4ccbcf94474c", "comment": "Malware payload (AveMariaRAT)", "value": "5cae7df33f1341f37b641bdbd762d422ddeb94e7", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207896, "uuid": "467ebbb5-5ead-4f90-b77d-b66111d04c88", "comment": "Malware payload (AveMariaRAT)", "value": "cbb1a2c7c0bdcd1bfad96f3f0286c4ce4dc197917343b7f17a17608857ef50a0dc9b93664d0a93b9d45fa257540635f7", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207896, "uuid": "4818fd32-3844-4964-b1dd-4fabd45bdb69", "value": "T19E157D12E6D15837D0371A3C6D1B93996829BE113E687C4B7BF45E4C2F34381B92AE87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207896, "uuid": "77a923d3-11de-4cd4-8f4f-721228e2ef9e", "value": "ce06f30a84c8c346f27e8a9923034116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207896, "uuid": "63259b5a-00b3-461a-84a7-9d36590c3dd9", "value": "12288:PThv2OxtKzJyD6Zsc0KqU3l2P8gULCvkZwP4hmiOVKtqz+W7T3bnvw:r1xAJyD6Zsc0KqUEPf5vkSdorKT7v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207896, "uuid": "c35e368f-25ab-45e7-87e4-c4a8fa54ca03", "value": 890368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207896, "uuid": "88f8bda0-1af0-4459-9178-d80fab57d6ad", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207896, "uuid": "fdab48c6-7395-4567-a733-52ca96084050", "value": "REVISED INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "652a296b-7ea3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643200078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200078, "uuid": "85b7fa60-19fb-4fe8-9ecd-5c2f6bf2e30c", "comment": "Malware payload (Formbook)", "value": "073a56cf012776f595d4a6b3fe8db7d9", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200078, "uuid": "51541762-79bd-4ab1-ba39-7470b790b28c", "comment": "Malware payload (Formbook)", "value": "7a5a6d15651f1da626bdf3859936a578e326fe9bae889a5424fae4ec553924ec", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200078, "uuid": "1dbdf602-8823-4cfb-8e84-94426870699e", "comment": "Malware payload (Formbook)", "value": "af45c60581e83fa5397a555941881ff1348eaae8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643200078, "uuid": "d866451b-c540-494c-8cc3-9df991eadcf0", "comment": "Malware payload (Formbook)", "value": "6a9620d48784df3a81635bc4cd5640b66634f88bda012c5de0ec7c5eab58c0ad441d2f11368364e59b4a9a70ddb5deb9", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200078, "uuid": "5cc86e7e-c750-4092-ba93-073e6b301175", "value": "T1BC6533801D340A7DC213ACEA00AD66140AB713F56053ADB535B6FC8D76BDBD38EA8DE5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200078, "uuid": "c773a94a-631a-405f-8eeb-f0d07a37b8d8", "value": "24576:aGFtR97B1rnzy4uc6RNFMxEHupyCG/2hsyHdldmaLCPEJjKB+mBl3JWxVQIiHnc:aitRJBdy436bmEHuIledHt4PEJ2B5Ble", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643200078, "uuid": "5cd53194-21ce-4c8f-9074-259205ab3aa0", "value": 1474979, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643200078, "uuid": "cf5f8867-4aa8-439c-83c0-e0502269d841", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643200078, "uuid": "558eba2e-fb5a-48b1-9d0d-05e9c99f4f85", "value": "RFQ2201002 PFK.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff79aea3-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "b1801ab4-3c18-431f-81cd-d7d146becaa9", "comment": "Malware payload", "value": "b45b4ea346c8120843a89011e0eb83c0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "63d71bc1-5a25-443e-bc7b-f66bcc70901a", "comment": "Malware payload", "value": "7a6e4610cdc8bd63fa48a1108766ea2695c357da75489a9590e6a8ccc7a9b4a8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "f2224d2a-72a6-4cd8-9caa-392b84702d45", "comment": "Malware payload", "value": "d6fea193b5f0625eb503ac9121893744e9035229", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "732aa35b-96a1-40f1-9b75-77adf0128ff2", "comment": "Malware payload", "value": "5ee17beb65b98fe385d0f41fb94bb3be3c7e15e3c8920566adf4da8cad93126bf7a395e0ad9a514ac430d85a9fb4c598", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "68d42ec8-4039-4fb1-99fb-df70d3cdea4a", "value": "T17CB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "5657e231-9863-46fb-a31c-88d162119426", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "45e7d6ee-7d39-4995-b439-859f767a58d8", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8V9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgo0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224818, "uuid": "15b1ac8f-cd13-43c4-8faa-79ab7f9179fe", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224818, "uuid": "b2e64b88-0396-4dac-a2ed-7293477e27f4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "4a9809ee-609f-4a3a-91e2-a4d9b3511cff", "value": "emotet_exe_e4_7a6e4610cdc8bd63fa48a1108766ea2695c357da75489a9590e6a8ccc7a9b4a8_2022-01-26__192010.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bf67ae6-7ef6-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643235764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235764, "uuid": "a3cb7142-2ff0-4721-a845-4a4f6e31c9dd", "comment": "Malware payload", "value": "7fd3465c2f1baa4d2a966861d621cc9d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235764, "uuid": "474a37fa-04ea-4f73-aba1-df4ec150c42c", "comment": "Malware payload", "value": "7ab35d8c174eb6fad79689210b2fa4e9cbbfa9a8be6b1357eaceade99bf3f4ce", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235764, "uuid": "f3f965f5-a6e4-4144-9aad-21d9fbeb8f47", "comment": "Malware payload", "value": "0c7c703a0a69f37671cb15f897a75003f9b966cb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235764, "uuid": "c9229e0c-e51d-463b-9f35-6d214edebdd0", "comment": "Malware payload", "value": "f152c063aec696e89fa1c7286c15a1b3e7a8eccde58bede68d143b3a7353f80dd6c0ef90f1ae8a1cb336ba3a2202c4b6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235764, "uuid": "abc691d0-3104-4b37-b1a9-91a9655179d3", "value": "T1A6B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235764, "uuid": "99f4e561-7e19-4ba4-b665-4e788e53cb68", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235764, "uuid": "f4b6c70d-bcfc-43bd-b4f4-5963957776a1", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8N9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgg0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643235764, "uuid": "2f093f09-5759-4a54-836f-b3cf722e1b16", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643235764, "uuid": "1521fcea-77d1-4f7e-855b-cdc3fae189b6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235764, "uuid": "30d6dc45-7bcf-497f-b3f5-4ee2d1d98a7d", "value": "7fd3465c2f1baa4d2a966861d621cc9d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1973344-7e97-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643195025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195025, "uuid": "b6f1654f-3991-431b-a21d-376a594495c0", "comment": "Malware payload (SilentBuilder)", "value": "ba031c742ba08599033ea024ef44c9b0", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195025, "uuid": "4e31ff18-1f6a-4f13-966f-d1ca1d1394e4", "comment": "Malware payload (SilentBuilder)", "value": "7b1b3b13217e0a7c8d6b78209662c22b569857722f1d2930d72928ad1ff51e96", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195025, "uuid": "b33baca9-799c-4b84-a582-6ffb86021d40", "comment": "Malware payload (SilentBuilder)", "value": "46b5973b279b5a8bbea71045ac35e0e243002852", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643195025, "uuid": "002e072f-8895-4e7f-90e7-c5e89d9d1c0a", "comment": "Malware payload (SilentBuilder)", "value": "b18000e30cf4957ae20c342befbd06b4e51f01305e2920f2528fce5319685f4a51b43569ca1dd6d6c451a488359f671b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195025, "uuid": "2f16daf6-9c46-47fd-852e-e8c5f5ba7005", "value": "T1BBE3BFD766C7588ADE25037E8DB636D85653EC718BE393CB1346B3169DB0AC08D03A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195025, "uuid": "adc15f75-3b63-471d-9886-06a13a83b6cb", "value": "3072:Yn+HymsUk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIgNIxJ3B7aD15BIjMAVn/9LFK:m+HymsUk3hbdlylKsgqopeJBWhZFVE+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643195025, "uuid": "07c7a1dc-3ff2-42b9-8e3a-15ee1f3a01ff", "value": 146317, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643195025, "uuid": "1d9767cd-31f9-4764-9af9-f99e57da1d2b", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643195025, "uuid": "aa6e8733-731d-438e-8804-c15e98398890", "value": "Info-01291220.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5996ce42-7eae-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "83f72fc5-1b28-4395-9465-d32d061dd95a", "comment": "Malware payload (Heodo)", "value": "70c19264f69195bd29697a1aa905f0df", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "51b5ad7e-137d-4ab4-862b-1a8f3ffebdac", "comment": "Malware payload (Heodo)", "value": "7b2c28dae622e462e2b74fed68273ab172a64adf558422f2360b6aeea48d529e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "f58d72a9-fb65-4efa-8e0d-27a3c6244710", "comment": "Malware payload (Heodo)", "value": "0d7c6bb5454a28da41e10bc7b601d4b5674463a1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "cdc444f2-526e-4995-98cc-2ced26cb766f", "comment": "Malware payload (Heodo)", "value": "a1a8b7ccee83563adaf7a6b0a73600fe1e6592a28e331aec18167005167372bffff3a7511653b9ebb59e885490c28d98", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "c23f47d9-70af-4878-8990-03dc91421122", "value": "T152E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "f7df154f-b085-4f52-88b9-0f0011fe1678", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "ed262d80-2849-4542-9586-85279d723da1", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIGG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGPOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204783, "uuid": "09160809-26b9-4fb9-83eb-251b38d3f1a9", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204783, "uuid": "c6f08047-2374-4729-ab02-8e281ded769f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "7a6c7316-fc88-4fa2-b997-7aef2f9bc585", "value": "emotet_exe_e4_7b2c28dae622e462e2b74fed68273ab172a64adf558422f2360b6aeea48d529e_2022-01-26__134617.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bda9deaf-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208387, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208387, "uuid": "b41b8488-73cf-4c20-92fd-06b1897248f1", "comment": "Malware payload (Heodo)", "value": "e2e8505dc7352575f32a6e298834a933", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208387, "uuid": "6098a056-0660-4dac-860d-989194b12477", "comment": "Malware payload (Heodo)", "value": "7bb5667a296f5e5471676bfa90327d81e9834628750d009efef95cb5cb79a83c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208387, "uuid": "504b3232-be1b-427b-9ee3-0977338710e8", "comment": "Malware payload (Heodo)", "value": "29eafd1339d3ce51b3f44398ca7f9b947e6e15b2", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208387, "uuid": "603d1dde-8c6a-4098-a8b5-032f5d33a1f9", "comment": "Malware payload (Heodo)", "value": "84c4bf303366cee85a491ac4e9b825f6c8135024b5026c10d6bcca8b7d8d1ecb30da0bbe0c93c5f15cd801b410731a6d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208387, "uuid": "574c3557-6161-4ebb-9839-93a921340188", "value": "T194D36A66B5C5E9CAD70523350A9A8BEE33676C478E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208387, "uuid": "a8257f0e-3b53-4b5d-8eac-87748a6c4d2f", "value": "3072:LcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dgEGx0g:LcKoSsxzNDZLDZjlbR868O8KlVH3jehL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208387, "uuid": "468432ba-4528-4f15-9a4b-a965897fc96d", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208387, "uuid": "83d6e925-c4ba-46c2-8804-1f9b01f556fe", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208387, "uuid": "86bd0629-ff77-40f5-9bc0-267bf150adfa", "value": "Scan20222601811547.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fb25116-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "41d34fc7-6c97-4b25-ab6a-09490c2a1559", "comment": "Malware payload", "value": "f39061b3a72ecad02e49db41e4142b9a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "9b733ff9-417d-4775-bd70-6075cfa55732", "comment": "Malware payload", "value": "7bf5b5f1ada8299a6a3e1b5ae410cd841573526f2f94560abdd15f8cd3314524", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "a67192f7-0cf5-422a-82f4-51360139aeef", "comment": "Malware payload", "value": "29831ff58c0f0777d00de468702fb82b3cecbc06", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232227, "uuid": "aada52e6-e144-48a0-8e22-66dcc75329aa", "comment": "Malware payload", "value": "024730ed783ba2232b7cf9f8bd9eb06b3d89ebc458f38a8481f13bf89698cbaaba48059f80c3ae412e45fd73324435d6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "b784899c-669c-46f3-8f3e-bbe2a4e0ca49", "value": "T1F3B46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE3FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "f3015adc-6d99-468a-abd9-629adb5ffcf2", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "c7c61de2-fba4-4bf6-b09a-60a2c666aae1", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsd9UPlhLYfZDqvasLD2d:n8nYRvJhjvGpQocGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232227, "uuid": "551669b8-8715-4917-8807-eb133005493e", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232227, "uuid": "07ba1ab9-0f4d-426b-ba1d-c64fb95eb2c0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232227, "uuid": "de9bf305-5219-43f6-b53a-8f74ca253b05", "value": "emotet_exe_e5_7bf5b5f1ada8299a6a3e1b5ae410cd841573526f2f94560abdd15f8cd3314524_2022-01-26__212333.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f7414ed-7ee1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643226697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226697, "uuid": "c3069699-910e-4d0e-8843-36e34f3b137b", "comment": "Malware payload", "value": "7474122c1affb90327d9fa14bf5f99dc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226697, "uuid": "eaaf59b7-f912-40e2-8699-800f13ce2030", "comment": "Malware payload", "value": "7c2e89427485c55ae688604de70e60fdbe603bd155b53168dc09284e1aee9827", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226697, "uuid": "d020946d-69e5-4d12-9fb2-dbda03e5074b", "comment": "Malware payload", "value": "49a5e5561cbda0bd3aeccc9d5972e9c4f816f288", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643226697, "uuid": "b71c6e4b-039c-4aef-b9f7-1a5267ccc3e5", "comment": "Malware payload", "value": "9080282251f237f49e5143a825e6c9c23740cc6a8eec58991035ad92541edbeefb0c261f12110afcbe8eec0a3e64df4f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226697, "uuid": "2ba2a0b5-8648-4955-bf5b-54c442aa8ae7", "value": "T14D05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226697, "uuid": "52d53c56-8346-452f-81cc-727ae671952d", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226697, "uuid": "9497aab1-54fe-4785-8a1e-f1de1b2a3889", "value": "12288:aA9e3OrvpgqjtQFecF6dddifiHxoB3rNd9CDr:blrvpgqj2FeaQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643226697, "uuid": "8a749837-8546-4864-be53-891a6262b12a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643226697, "uuid": "4a6e3d54-6fb1-4aa6-a20c-c90ef435a7e9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643226697, "uuid": "909fe200-b923-4db0-ab8c-4b1257e84264", "value": "DXXalH0ru169YZUM5.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fe97a42-7eb4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207290, "uuid": "4143b8d7-e918-42b3-b886-f621178c4e05", "comment": "Malware payload (Heodo)", "value": "e891e006aabdd9e8bd969edc2225a505", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207290, "uuid": "f50fe89d-0ae9-42c7-a3d3-b83caa422cdc", "comment": "Malware payload (Heodo)", "value": "7d13ba1fab62f6dcfb6e75de1fe2d27ccbcb8748e9d1e4a163e0c8209154b0c5", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207290, "uuid": "902fb719-db11-4474-8314-2642e163c984", "comment": "Malware payload (Heodo)", "value": "38782e6dec6dc0aac9be4a3f471afe6370f1289e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207290, "uuid": "de204a06-5b23-475a-8327-9892d544118e", "comment": "Malware payload (Heodo)", "value": "66d3f982e604545717ec07942f6107dda0374a3421e699869643dcd1496441eb7465c2f13e8ace6b2534e551622410b3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207290, "uuid": "692c2b71-588d-4449-9ff9-9e6ca6633508", "value": "T1C0D36B66B5C5E9CAC70523350A9A8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207290, "uuid": "a32b0f1b-7c4e-48f7-881a-4f8e4e236e7c", "value": "3072:7cKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0m:7cKoSsxzNDZLDZjlbR868O8KlVH3jeht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207290, "uuid": "634f03a4-4978-4484-9839-8a6aaa0f209e", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207290, "uuid": "3e9fb729-fb0b-4cc6-a275-a74bed4313a2", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207290, "uuid": "2644ed0f-cd26-4318-87bb-d43008b2a32f", "value": "Form.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04c659d6-7e95-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643193903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193903, "uuid": "ea6b9b00-f10c-4096-b979-c243bfbdcb4a", "comment": "Malware payload (RedLineStealer)", "value": "d46075cb382533e72d02901dda9eef83", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193903, "uuid": "506f81f2-98fe-452c-9f96-0392b0e762eb", "comment": "Malware payload (RedLineStealer)", "value": "7d81e0d4857c80f4dad4acbd5258cb8f6d967b942ede5c18f076c617a9103f7c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193903, "uuid": "f6fbb572-cb24-412c-b2b0-cb860b72b479", "comment": "Malware payload (RedLineStealer)", "value": "0f0e8464ba481c3c9268031ae9790e219b635e4a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193903, "uuid": "ab805b78-a0bd-4a91-959a-4aaeb7a6ecb2", "comment": "Malware payload (RedLineStealer)", "value": "c203cb1687094ad96f04c2534e5cf1213f950a73db28b3679c0afc3603481d2a9370b87b4152b305db4aab69b88c1876", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193903, "uuid": "ba80c5c7-1896-490b-b7cd-71def301597e", "value": "T134163302BAE584B2E42608370D44A3D69DBC7E302E21C5DE57C85F2DDD399B26235BB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193903, "uuid": "6adc9a11-4b79-4f04-9449-e517f091d3fd", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193903, "uuid": "87355d93-4a25-4b85-a617-5aa411db171b", "value": "98304:V5UDPvvT2L3yRO0pARbIF6al9Z/FWbOz5OTrjRwBcc+:VEiL3/eUC66zdPz4TOBc1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193903, "uuid": "f524088c-0c6e-41cb-a57e-a08330215056", "value": 4312907, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193903, "uuid": "67d17dc5-7ea2-45a6-898b-6031f95a53e5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193903, "uuid": "537ee06b-c864-41e9-a1e6-6718f0a5ebb1", "value": "d46075cb382533e72d02901dda9eef83", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5984b349-7eae-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "29b02e06-cf5a-4a3d-834b-6263d5ebc777", "comment": "Malware payload (Heodo)", "value": "4296b4fa6326eb62673be065f3bc5724", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "fdb71ecc-a32a-4e08-9bcd-27c37be0c9c9", "comment": "Malware payload (Heodo)", "value": "7de399fb143637f17427dc4ad656cd457ec9d54333b62b96db0fa82350f0aa02", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "00dd4bcb-ca1e-4c3e-b8d1-71e7c2995570", "comment": "Malware payload (Heodo)", "value": "20edff7d147b48719bc2530aea2413b1c301f7f2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "c63162b6-7555-4ff0-922a-a21d4d9e7d91", "comment": "Malware payload (Heodo)", "value": "4cee51b0afcdd6001f92b3b719210afeadc752c4024f905448b4cbdb2027f73d6577b727a82a2481af82015f94148910", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "ca38abd1-7b98-4abf-8860-a5b22938f024", "value": "T137E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "1d384699-52a2-44d4-a004-f670d3bb1439", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "95a4dc85-624d-420c-a73c-fc2a406e06b0", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIOG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGnOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204783, "uuid": "cea1110e-b332-46f9-b45c-3f7ddc261450", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204783, "uuid": "432d3f11-e8c6-4b63-8bb3-63f2f0b3d049", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "795d7c6d-1338-473c-9f69-178dd2c679a5", "value": "emotet_exe_e4_7de399fb143637f17427dc4ad656cd457ec9d54333b62b96db0fa82350f0aa02_2022-01-26__134613.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9135018f-7ec4-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643214325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214325, "uuid": "67fcc4fa-66d5-4d8f-a104-edb099aa429e", "comment": "Malware payload (Mirai)", "value": "088ceac360ec58f12086a74c4a57ce1a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214325, "uuid": "51f60877-4805-4e0d-9334-bb252a1544ef", "comment": "Malware payload (Mirai)", "value": "7df613bf6010e3b333246cedb8418f37d9fe0bd4d11aa0c118ae7d4b453ee6c6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214325, "uuid": "ea982aac-5f8e-4e2c-8934-eea145bc4eb5", "comment": "Malware payload (Mirai)", "value": "e33942b91a37c0d7be2440e8c755530bc9f32f95", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643214325, "uuid": "6d979904-8ad4-46a1-b213-b96bb84965db", "comment": "Malware payload (Mirai)", "value": "3f522517da6a29b672eb52add78c8366e07a851ca56bd999f7c73ac711947aec9921c4122b16983ed80005b610317913", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214325, "uuid": "7a76b0d2-578a-4ce7-88d8-58ba178ecec4", "value": "T133D2F1625A21FEF2C5F10B39FB778EC7257A5EB9E190308A2B7844E8A481F054DF8443", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214325, "uuid": "44295c0d-4592-4c6a-9982-94af13f86ad8", "value": "768:7usHfRavjycYC5HkU82CgLOQcVyaWn4RNSGaH9q3UEL4j:jRwydCRh8mKQcVblTpaWLQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643214325, "uuid": "0f89fc45-c1be-4458-a868-df2a588c3b86", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643214325, "uuid": "cc826589-ba76-47d5-8484-da99c6131079", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643214325, "uuid": "9b67b3e7-af4d-4a48-be62-41ba1c7d6842", "value": "088ceac360ec58f12086a74c4a57ce1a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f15cf238-7e93-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193441, "uuid": "71cf876b-4452-4545-8c96-2d3ff0aa6c95", "comment": "Malware payload (Mirai)", "value": "5f81b4e2e7e16ecf3021a9580fb1b38c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193441, "uuid": "f3ba4a64-d1a1-44ba-91d7-c62e5c9b6903", "comment": "Malware payload (Mirai)", "value": "7e01b368bdf3556d4be78f712c98c2aaeda6151db4cf4adb86766ed3ff9fa3a3", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193441, "uuid": "a6b25c27-2712-4fb6-a105-7f25860ac29d", "comment": "Malware payload (Mirai)", "value": "5bcb266b3a006ccf6565ca0a3bd453a76239d7b5", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193441, "uuid": "0511f89e-06d6-4d4c-9e80-de3513b9e7c2", "comment": "Malware payload (Mirai)", "value": "b87d1f4854eef57dbbfd3f4b1f699c43206303c0bcdfc63b1df147e131d38ad1a230bd642d3a7b6dbadcf348de663bbc", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193441, "uuid": "56b7221e-685e-49dc-9a2b-bbdd30ea8a94", "value": "T154D33B05D8909767C6D227BAF79E428D73236B68A7D733115A28AFB02FC1B9D1D7D020", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193441, "uuid": "8b2e1179-f48c-4366-97b2-3e93e8d16590", "value": "3072:IVfyQ+d+pceQGftb3za5fJhWOiwTteOHi45hLMO3K4G5ZZPMmydQCYMhEFg:ub3za5fJhoIH95hLMO3GvkmydQCYMhE+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193441, "uuid": "88b009ee-fcd7-4176-9802-47eaef7d0bf7", "value": 142751, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193441, "uuid": "4b44fb22-1e8c-44a2-be9c-5c15096a0275", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193441, "uuid": "a9c26209-d7e7-4d72-be85-d87c92630a89", "value": "assailant.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb217b1b-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643199390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199390, "uuid": "5f6f2c3d-3e4f-4af6-b869-c99dcb53cf87", "comment": "Malware payload (Heodo)", "value": "923f3fe62b16dfbbe02b6760e117d664", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199390, "uuid": "0257463f-5429-442a-b8c2-ea7f84c47f32", "comment": "Malware payload (Heodo)", "value": "7e4389d8d8ec12528176650ef99c15da8827de95c13c81992daa5db423e45b0b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199390, "uuid": "ac0bc955-04bc-4ea0-a52d-57dc92574874", "comment": "Malware payload (Heodo)", "value": "ad795faee857b8dce9fd91c63b9f64c9079914a5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199390, "uuid": "cfd38068-6134-40b1-8958-2cbb1df8e2bb", "comment": "Malware payload (Heodo)", "value": "96745a1204d15d11123f3d617a86e688fcac3ba1967dcdbc50d1cbc3bafeb1658d914d29581b80d95a665087396916cd", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199390, "uuid": "dd2fcbc4-43fc-4bac-af4e-b3434dba775d", "value": "T13DE35B5576B5C9F6DA0407B10AD2CAFA2327FC739E5603E33198B30E1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199390, "uuid": "16dc6965-387e-428f-b2e5-86c2d0ab25ed", "value": "3072:j7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGxi:vcKoSsxzNDZLDZjlbR868O8K0c03D38L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199390, "uuid": "44e2448a-f423-4c93-b885-47e0c4d62715", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199390, "uuid": "97fdf638-ee95-4e11-92bb-8e74989270da", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199390, "uuid": "a932e77a-0b99-4371-9a9b-5732da17c37b", "value": "INNOVINC International.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa3ad642-7ebc-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643210931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210931, "uuid": "ee235cf7-ac3d-4450-8aa4-7d997c084ecd", "comment": "Malware payload (Mirai)", "value": "5f2846cdbbfa3611f832bf2576bd49a4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210931, "uuid": "cc994d8d-8de1-43c1-af4a-d23801ed8f06", "comment": "Malware payload (Mirai)", "value": "7e6f59f12d137e05588b5d62dc1e3d086c6359e221b6ee456c20acbdb9f96f6f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210931, "uuid": "c7fb8f9e-1b7f-4eaa-b3f7-8a18114a2b7a", "comment": "Malware payload (Mirai)", "value": "ebb35a6581cea5f6a95c0e8c1d117cf2de05de5b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210931, "uuid": "e5ac8291-db4a-4763-8a73-8439574ad660", "comment": "Malware payload (Mirai)", "value": "6f5d345e2be6e0a107ed40006a529fa1630bb248df1f46ef9922ce46f65917bd1559784db228136ee4a214cdf7d0ed61", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210931, "uuid": "ca00bd96-c421-46a6-a9c6-b5b06c4b5104", "value": "T1B0532A51B8819A13C5D4137AF6BE428D3B3523E8E2DF3217AD222F41378A82F1D67E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210931, "uuid": "d77bf511-a466-4f00-b081-276cd60488b8", "value": "1536:NOAEKjZ/KVnWTFhkr7U4QhfpuuDjJa10yr+:NOAEVQhfpbj4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210931, "uuid": "f2872e2c-7d4a-4e27-ac52-0e5572e1dc06", "value": 60776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210931, "uuid": "240765da-fb7b-4bfa-84a9-f93aaa8b8ab3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210931, "uuid": "d92b9323-6745-4432-b9a5-aee5bc1a3d15", "value": "5f2846cdbbfa3611f832bf2576bd49a4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26a794a0-7eba-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643209851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209851, "uuid": "21850442-6177-46a2-9d21-1687af26aefc", "comment": "Malware payload (SilentBuilder)", "value": "7cd34ffc1741af0ce8aace8664da4c77", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209851, "uuid": "de5c0610-13a6-4f3f-8ae2-9d2b74677240", "comment": "Malware payload (SilentBuilder)", "value": "7ea578b008e35af29eb19f9996f60d6dbcd0e1977d7cc1ae798829e099a99244", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209851, "uuid": "6077e701-7f00-4a59-9cc2-9cfa5548d3d1", "comment": "Malware payload (SilentBuilder)", "value": "1085b2186c3769fe4b43f8b234c9bec3bc022e03", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209851, "uuid": "9e7857be-060a-4874-92e7-0b5f761dc2d0", "comment": "Malware payload (SilentBuilder)", "value": "047c8b602727cb0e307cce6a475da4aa57c487e382b865992f46cb6d4b90cea88183d5ea91e2963be16e6754a1808f1b", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209851, "uuid": "08259fb0-221f-4adb-8716-3d35920f82fa", "value": "T135131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209851, "uuid": "9c06ee8b-42d3-4e85-8177-09ac1e6f06a5", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643209851, "uuid": "e783fbb1-d94b-4c06-9b53-3ca135fe54cc", "value": 44559, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643209851, "uuid": "434039fc-15b0-4e91-9fbc-b9ce72d9443e", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209851, "uuid": "cff2d572-4085-42ec-9e8f-8b4079f0e7c6", "value": "tmpwa_v6687", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4394a71-7e6d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177071, "uuid": "9c45f7a2-ff1e-4e01-9a4f-31ff3475aec9", "comment": "Malware payload (Heodo)", "value": "72a1a718eb55872fffebdacee60b4200", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177071, "uuid": "ec3c8506-b765-4d21-837d-0a41650a17d8", "comment": "Malware payload (Heodo)", "value": "7ead1e26db3d44fb78584d894a97114375d5980fa7228f5d44db43e8d609b916", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177071, "uuid": "bb4f81c6-6906-465d-b794-d5050a78436c", "comment": "Malware payload (Heodo)", "value": "15fb5c1e7c23d8071173befaf6ee6e423ab185a0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177071, "uuid": "386ad61a-fd9e-447d-97ed-462c3d442793", "comment": "Malware payload (Heodo)", "value": "c579be33f712b47cccdb1dc73f9bb1bd07a55e2b030152f9839ca1750830ca28465ea4ce2f02c2a98fba8162887ed7b1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177071, "uuid": "ff5acc81-0377-4a50-bdf8-6a56885b5e5c", "value": "T19FE4C002B191C072C1AE02B85947ABD9B2F8FE504B399DE3D7D43B9E3E71AC19536316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177071, "uuid": "ad51b14f-ef19-4214-8f1f-b40e8ca1ebfa", "value": "5292b0afb12939cb3a86034c8a283858", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177071, "uuid": "c0d26b72-522a-4fd3-a143-74e9b896ee21", "value": "12288:tGv8HbMqGJOMFfp76mfz9hzJ8Yd4leNACHKm2tkJV8u:o87vGJzomxhwubKZ+8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177071, "uuid": "4a43155a-9720-4069-97ce-dd32de86996c", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177071, "uuid": "31b609e5-e6c4-4e17-85f0-2bfc5b67aa9d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177071, "uuid": "e8e5a7bc-401c-421d-aba8-10ca70a08a28", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:30_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66fa9daa-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643213395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213395, "uuid": "724c9955-9a6a-4fba-95cb-b69b878657da", "comment": "Malware payload (Loki)", "value": "0ba950214d6561801df0ddca2f7aa49a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213395, "uuid": "1e262b85-9726-46d4-a04b-e0eb0f7dc1e2", "comment": "Malware payload (Loki)", "value": "7eba58136282484386fc69526fe5ead87a86d69f806ebc4e221e0879f895bfe4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213395, "uuid": "05be659f-ef3d-4801-8050-7949dac3667b", "comment": "Malware payload (Loki)", "value": "cb3b4fb1f3323c6e62f79d9b80663bca84cca229", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213395, "uuid": "3e980724-a180-4e9b-a55a-c84a8b855530", "comment": "Malware payload (Loki)", "value": "b35145a896b041b7fed40fe02763548b9e2a85003347705d954e6c37bc3eaa24c4389ab7b4f234f6d1e8c1c51619c1c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213395, "uuid": "e64ef90e-3e21-47e4-8caf-0ee7559c0afa", "value": "T1B734122E52E1876FC8950BB711A59B7BF2B1CB04041484A77750FFB73E7D2D27A48A82", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213395, "uuid": "fd3c519d-11b6-4601-9cb4-08e75c7e1b48", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213395, "uuid": "66ab31af-797f-4250-ab36-0dc6ad6ea4a7", "value": "6144:owgGlRzKIgSicvA/rftH7iqC+aSfCdcYpiMinKBtgs:cRFXhbW+dYwVcgs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213395, "uuid": "2e034420-d572-4f21-b94a-ea7065b15e82", "value": 245518, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213395, "uuid": "637a4c4d-c2eb-4b04-bfb3-7a27818f9b27", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213395, "uuid": "755052bc-bc84-41bb-8491-2410fdbf4b57", "value": "0ba950214d6561801df0ddca2f7aa49a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13567aa5-7eb4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207242, "uuid": "0cff2e89-ad9e-4c7a-abdf-6bf0610b53ce", "comment": "Malware payload (Heodo)", "value": "1e5d5ad58c93edaf20eb0e125049d116", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207242, "uuid": "5bc51096-27e1-4f7d-a88f-2ee7b7a1dbb6", "comment": "Malware payload (Heodo)", "value": "7eef4810de68ac27340951b3399639e7850b9d29082893409c5484289d5455da", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207242, "uuid": "b0383bd0-3ce0-4403-9aad-470d9504d733", "comment": "Malware payload (Heodo)", "value": "c4d0b6d86140c5d7d0f670fb2f949a41abd994fc", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207242, "uuid": "5805472b-f98a-4ada-8e54-ed2a87a6a090", "comment": "Malware payload (Heodo)", "value": "79897990e5246b6c5495aaaed65049bc21e23cf3f46a1253ad62a7b257cbdaa1071c010948c4bb6fd9686cbd7db7c3a6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207242, "uuid": "8fdcf127-3c22-4ddc-bcca-35fb84da09a4", "value": "T18BD36A66B5C5E9CAD70523350ADA8BEA33276C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207242, "uuid": "14a8700e-56fa-4834-8152-c2660e1adf26", "value": "3072:0cKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0M:0cKoSsxzNDZLDZjlbR868O8KlVH3jeh7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207242, "uuid": "320e7225-1041-42e2-bcf3-b31111d582b0", "value": 136708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207242, "uuid": "f0302ba5-4e9e-4caa-a638-4f67af422605", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207242, "uuid": "59f200f1-0bce-4b5a-8e9b-672269c6103c", "value": "tmp1177z7t4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca6e04cb-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643199389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199389, "uuid": "afd1870b-28cb-45b9-b969-cd312c426ce7", "comment": "Malware payload (Formbook)", "value": "bdcb1b52e773de9a1e7de8ae25df8eb9", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199389, "uuid": "9a2fba05-50a3-43a6-88ff-4ecf3f8b956f", "comment": "Malware payload (Formbook)", "value": "7f8229a539018ae9322b849fce445e7c57c2e76413449ea3c674ce1b2ed12037", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199389, "uuid": "81c43964-ee2a-4bf3-9943-fca00217d1f4", "comment": "Malware payload (Formbook)", "value": "97455175157d4f2be52e7a243ecc7b75c47575cf", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199389, "uuid": "680a1169-dc3f-403c-9d99-81be28bc8cfd", "comment": "Malware payload (Formbook)", "value": "a9f54f234383cf48d34055dec90f3e80c462cc175d3e0e299193ed5ff8a7de9d813781109d7db5bf95d2696891dea97f", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199389, "uuid": "310112fc-80d9-45b1-8961-e8160d507c90", "value": "T10FE423669EF8CEDE74E3C83673D95292322945DC13259923F62A5C19702DC38AEB532C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199389, "uuid": "fcec64a1-3859-4fbb-ac32-8385cf1a4778", "value": "12288:cFKU1Y0vW0d2P/66NhQwJ6VKx1k4UCk5ePWjGCspyjLUcv6Zq:qkxRQU6Vekp5ePUJ4gocv6Zq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199389, "uuid": "90869831-ecfb-4740-a9f7-857b037db3cc", "value": 702044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199389, "uuid": "ae52a475-7647-475c-9c1a-5d5f9b7e151d", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199389, "uuid": "f6e3aab3-ea08-4df4-b83e-6508ec21d10d", "value": "FACTURA PENDIENTES.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c95f73b1-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "9d87a9c5-59f7-4702-8621-4472461eef09", "comment": "Malware payload (Heodo)", "value": "a8249e0eddb0104fe200dc6284cd236a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "1ca8e734-18d5-42cf-a0aa-a472c7c7afa2", "comment": "Malware payload (Heodo)", "value": "7f9248e2203f1b6ab11673a30b40c6f9d17b05ea4556b03c9313bf5b23de23e3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "6ac5fca8-a95e-4309-90e9-7ae48b4aca96", "comment": "Malware payload (Heodo)", "value": "841071366187b504389e31fa149465f0ad92f162", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155578, "uuid": "97d63414-f024-4f65-88c1-f9bc6be25400", "comment": "Malware payload (Heodo)", "value": "836a24977d7315c51a2b007449e3e1fe2d8256e37012ef751a405c10ac7ab07758ed81dd39d4f6f6c839a23b2b59de72", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "922d9d23-941a-4747-afa6-ceb824171106", "value": "T1DED49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F92D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "a05f52d2-acea-42f7-82df-ca145a32900f", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "342e72fc-7375-45e4-b729-8dcc0756836b", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4MmYOfg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4MmY/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155578, "uuid": "6e89a23c-e69f-4266-b853-e6de50c86dc8", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155578, "uuid": "b6ea9de6-fae4-4c3c-beab-988e635e43e2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155578, "uuid": "8a0a07ef-313c-4c14-ab67-14ef20354613", "value": "emotet_exe_e5_7f9248e2203f1b6ab11673a30b40c6f9d17b05ea4556b03c9313bf5b23de23e3_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1259d993-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643210247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210247, "uuid": "cc3e63bc-9a06-4e6c-84dd-a228dcdf2bcb", "comment": "Malware payload (SilentBuilder)", "value": "f1be153f854181e97d2e676f7bda364a", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210247, "uuid": "8a22bdfe-7fcf-4079-add6-91f3b2b997f4", "comment": "Malware payload (SilentBuilder)", "value": "7ff09bfece2b13659cc62712b0ec0462142d0969e1a9bb0a1c9841dfbcd99d1c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210247, "uuid": "2d0e3431-5bc8-4937-8fae-5f4f52efe90b", "comment": "Malware payload (SilentBuilder)", "value": "c62511f0028f44baccf79a6303abc9e45d581b3e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210247, "uuid": "88e76fd5-96cf-45ba-86af-4e83f7b608c9", "comment": "Malware payload (SilentBuilder)", "value": "3c158a03d2718373f808103a55445b47599cead094a752c05c3ed4199bd14884ee6c45ce8150ae1833493f00f8397702", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210247, "uuid": "0ff3093d-c619-45f0-8ca2-f8161eaeaeca", "value": "T16A131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210247, "uuid": "97af33c4-164a-4fbf-85aa-e07386bb26b3", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210247, "uuid": "59926523-92ad-4eb2-9b8d-147cbb4ddd69", "value": 44956, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210247, "uuid": "38b45dbf-c4ac-4cc5-9517-451c96204d78", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210247, "uuid": "acaf4fc3-7ab8-4ef4-bc75-de7a5f2094d4", "value": "tmpsl2r9npn", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0e31555-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643198057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198057, "uuid": "0509aa47-224f-49f3-84bd-c6ae7beb18db", "comment": "Malware payload (Gafgyt)", "value": "a29c4d30f99b0ce66e107bf6bd315871", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198057, "uuid": "3844df34-9f92-4180-97aa-a5b4c4d70745", "comment": "Malware payload (Gafgyt)", "value": "80157a1ae7efa42610d4903c5d616a86848b0659a0df58521dda50b38d21fdc4", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198057, "uuid": "9cc3aea8-b2eb-4f51-818c-dc200e8ae831", "comment": "Malware payload (Gafgyt)", "value": "c6a014ac5b7ed69e56a267a510959a74eea02569", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198057, "uuid": "ec05064d-d1da-49ae-992f-effb557a2637", "comment": "Malware payload (Gafgyt)", "value": "4a09dfc976ab7f17fa8c7cc9a8afaf47f3277222ce8c107831f0b59040cefc1320cf0b9153d0dcdd5f72687096f56302", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198057, "uuid": "27da1f42-5f79-4c6a-a614-e8b62f70913d", "value": "T151A35B82D642C2F3C4430AF1029F965A0532FB3A8E3B9EAAF75D7CF49B129D53115B91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198057, "uuid": "f760837e-d806-46ef-a062-11f380e15961", "value": "3072:aPaqjPQP39VjGWX98732V7kGyNVw5heTe7FXnf0OzTyoQQub:ahQP39VjGWXW9NVw5h+0FXnf0OzTyoQ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643198057, "uuid": "381c865f-0458-4a9e-9e9a-3f407de41ff2", "value": 99709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643198057, "uuid": "6aad1b2c-7531-4462-8755-994568d9e076", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198057, "uuid": "2ad6deb9-27a2-4135-83e6-8744a52b85fa", "value": "assailant.i686", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce6b1d0a-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643199395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199395, "uuid": "c0840651-5656-434a-afc1-3cc7aec90557", "comment": "Malware payload (AgentTesla)", "value": "97b0624d3c2c6393757d797ce76f3dc1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199395, "uuid": "16ea55fc-6799-4266-9c78-481f56366a1f", "comment": "Malware payload (AgentTesla)", "value": "80506adeb165d809cd89d2d28693f815256017b2700c49cdb48d65810756c2c1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199395, "uuid": "1984bd67-79f7-44a7-892a-f7cc4dad18d1", "comment": "Malware payload (AgentTesla)", "value": "e33820c096b2d14760fae9d3018a0156a92f76f8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199395, "uuid": "e1fae17b-c96b-444a-95ba-36fdf2ff2bb6", "comment": "Malware payload (AgentTesla)", "value": "4d3f26ce3680d99fa53d36c62752c7c5247b8691a8903774c8409eeb9aa9357810a16d88757eea98754f6977935c9288", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199395, "uuid": "b59e4417-5ab0-4723-8497-b799c5ef0d6e", "value": "T142C423B15E4D20ECCAA09B1523060095A1547B1F0FFB7821E292BD3B7793B958C9E3DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199395, "uuid": "6dde9063-4b74-4751-933e-bd1c7a82d656", "value": "12288:bjjcelH3DS8o9p5UCCfb80c4RcjdvbLkDwL5pZJPv1:bjjcgH3+8o9QCQ80c4RchvbY691", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199395, "uuid": "a4bf75a3-ecb9-4361-aad6-ffaa7abcd955", "value": 564224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199395, "uuid": "b5b75823-e1e8-4b94-af98-b2f5ad838769", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199395, "uuid": "c436ef4a-5a03-406e-acf2-7785ef8f8771", "value": "Invoice review.bz2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85da944d-7e96-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643194549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194549, "uuid": "5b125201-7e69-418e-950b-be376f91ad48", "comment": "Malware payload (Formbook)", "value": "8462340c82e4e5d05cfec9a30a8a2908", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194549, "uuid": "69f4aa80-dd08-4b1c-9cdb-beab38c8309b", "comment": "Malware payload (Formbook)", "value": "808826487862576a6f122b29fcb6dbec1d63dfad4761bfa4520002811e7cd929", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194549, "uuid": "28061884-0cff-41ee-b710-763014eb60a1", "comment": "Malware payload (Formbook)", "value": "4af973675db6501b181e4077aa045d6520e52c3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643194549, "uuid": "1433823d-f01f-43fc-ab63-84705564f236", "comment": "Malware payload (Formbook)", "value": "70f51ed6f18424de3f2878432ba23644568bd2a3717d4e34f2ae34afb7bdc26cd14f1efec28d5dd076f01e0b6d31d7ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194549, "uuid": "c417c28e-d0b8-4a7a-84ea-c3285ffacdaa", "value": "T1F005AD2BF458C936D19E4C7291CFB00D43B5B403BDCBF69E3E97E509A661B469A0920F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194549, "uuid": "d4035087-206f-4e94-b34b-21be109a656b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194549, "uuid": "4d0115e7-7aaf-4499-a9c6-f131055da36b", "value": "12288:iD1fWoH5VZdCf5mvWZ5OwHC60Dmzkpjs0s8twPw+CaBrMqqQJXS/U:VoH6mumDrMkwPd1MmiM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643194549, "uuid": "8d9cb7ae-12f8-4b38-990b-bd12a2e8c2dc", "value": 841728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643194549, "uuid": "f2405ead-1dd3-4f19-ab9d-1407895de50d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643194549, "uuid": "f9d143d5-e184-4fcf-8bd0-ce08e3aadf7e", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f8be9f6-7ed2-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220335, "uuid": "f9f3a1f2-1d2e-42b1-a04a-931456a5740f", "comment": "Malware payload (SilentBuilder)", "value": "07933a092480c7afd3361383482fa17b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220335, "uuid": "c9d37ed1-37f2-42c3-a201-9b927a73015d", "comment": "Malware payload (SilentBuilder)", "value": "80d1466bf36c9a8d3c8c93674c27d60db45d038a87a8b0f0f94a1c8d43e011a0", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220335, "uuid": "a9e7cb3d-a2ae-4970-a6c6-515d774869a1", "comment": "Malware payload (SilentBuilder)", "value": "5b1048332e6a7215586ec874549d8b677a0bb39c", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220335, "uuid": "85992465-0835-4caa-b558-ded9e611db3f", "comment": "Malware payload (SilentBuilder)", "value": "b3337a95bb2e8b32f1ecc835c0160ccd3376082b90b9c9d34395a9c863e3df631e9a124669040517ff3d0928d921f20c", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220335, "uuid": "0849a376-7b11-4ba9-899b-9393bef3009f", "value": "T160131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220335, "uuid": "c2db173a-34c6-410e-b847-2542df65d8f6", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220335, "uuid": "83c6a183-4bf3-4b03-b7b0-505c0807f9bb", "value": 45400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220335, "uuid": "738e53a7-8ba1-4f98-ad2f-1fd642feafd4", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220335, "uuid": "c9e9c5d7-1d7a-4626-810f-ad624f7b262a", "value": "tmp8e493x_m", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e948888-7ef5-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643235339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235339, "uuid": "d1378423-5fde-4122-8bb8-dd7098664ad4", "comment": "Malware payload (AgentTesla)", "value": "927aa4e0fbe7c15220c27ec09ed04b39", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235339, "uuid": "40be8cd3-b846-44bd-95c3-7e82c80fbf85", "comment": "Malware payload (AgentTesla)", "value": "810917136090895a8d91d454af777d064ed20ad89b6e54143572a193ab9d1019", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235339, "uuid": "ce8efd75-dc98-4c89-8552-9ce5c46b5c6d", "comment": "Malware payload (AgentTesla)", "value": "950a02bd38f746183d17b649618472703a7d89ef", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235339, "uuid": "228b829c-c086-4644-9ea6-81b16b3dbb4e", "comment": "Malware payload (AgentTesla)", "value": "52dc93ffbe1f9444e37c317effaa63a00971916fa4f1cdc88477f4339d574fbcfe72c50b896054c11cd5da2597661d7e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235339, "uuid": "5bf63afa-53eb-4785-a5ef-d85d6ba98c9b", "value": "T173739D3A26ACC0D5D705D17AD047E301132AAE93B741862FB3597F8E2CB7785CE9DA81", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235339, "uuid": "a9685833-25a2-4756-b10e-7b95253628c8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235339, "uuid": "ff97a170-119c-42e9-9ed4-57ab3e09a276", "value": "1536:gFpwubGtbGZya7GK5hM96kH1HJ0cYeWQzPhOvVihneW9+u:6wubGtbGZya7GK5hM96kHP0wz5OdRSx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643235339, "uuid": "2f24a16a-9806-4f2f-b8b3-5e02a882f9c0", "value": 75264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643235339, "uuid": "3572bee9-db76-4ad4-9cf5-323f8ae19d69", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235339, "uuid": "613cab29-7e1b-4afb-a5d4-5b2ff83a8891", "value": "conocimiento de embarque y factura comercial.XLSx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7863211b-7ed1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643219867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219867, "uuid": "7d7218c5-92b1-43f0-bd27-fbb01d8059ef", "comment": "Malware payload (Heodo)", "value": "28c3d26335b31971165ed55de7d431d9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219867, "uuid": "33078085-5b9d-43ce-8210-bc7c3ba45b9f", "comment": "Malware payload (Heodo)", "value": "8118dc9e68d39f3969861481081848c45a89c64d715b4f924b381244101f1439", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219867, "uuid": "b3f0da35-f39f-46ab-828e-3c82cc59eb7c", "comment": "Malware payload (Heodo)", "value": "38d26cc229dc03d5309a58b2a58dea14c757439b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219867, "uuid": "ecfbfa5f-6052-4528-81ce-4e24649a3bf2", "comment": "Malware payload (Heodo)", "value": "6085ef9dca073e1077f25c72c4d4d97c8de1333f364a5c59f8eb97b5df995ba9f738d2131aa2b29ad5846551dbf1d9d9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219867, "uuid": "d9ab8393-2034-4359-bcad-9936216ae772", "value": "T152E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219867, "uuid": "9a7b3bf5-45bf-422d-9ed8-60cebee37d5f", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219867, "uuid": "c1ad62bc-9326-4854-8d57-c6d0384e3ea7", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIkG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGlOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219867, "uuid": "7baa2a7d-cd69-4b60-8fcd-a4733cfbfcb4", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219867, "uuid": "c5233150-1669-471a-98dd-60b49f5422ce", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219867, "uuid": "cf092f80-5df4-4300-8c3a-2f9fbebcdc9f", "value": "s.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed8ae8d4-7e9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643197300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197300, "uuid": "026c34b5-d10b-4902-9e30-5543cdb6feac", "comment": "Malware payload (Gafgyt)", "value": "53bf1a02b584c18265ab7f08e89a815f", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197300, "uuid": "36592af0-9d74-4573-9f08-618ec2f5051a", "comment": "Malware payload (Gafgyt)", "value": "8148cbdab1dfa31979b12a30945513ef6f4f1b3802569067823b5cb6bcff9b2c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197300, "uuid": "44a991c4-c820-4a0a-8d4d-cc7554e41731", "comment": "Malware payload (Gafgyt)", "value": "a9ed88857255d9f49eb7c2df7e1322c84ca518f4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643197300, "uuid": "0f23873f-e964-4727-8f19-f805eda53025", "comment": "Malware payload (Gafgyt)", "value": "fcb4233f1d9a052c1ee75b19c0b2b04a2c624ec12d7d26c5e18636be26cdcb5930e21d165f12e74affdb206c72515bfc", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197300, "uuid": "cb0fe5bd-360e-40cf-a3d4-d5fb54d4a1d8", "value": "T1E7C32A93F800DE66F40AAA7605D70725B630FB720F531A7273573AA69E362E47827F41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197300, "uuid": "0289dcc4-34ee-4f09-a677-b3c9fb975e24", "value": "3072:9QOrL1xJV8hVEwLL37EyH1o/y2Y5J3GKpZSmvI0PDGnSQNER:9QO31HV8hVEwP7DVo/y2gJ3RXSmvI0PF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643197300, "uuid": "e0a2d45a-7038-4c64-a8d1-348acf96f129", "value": 118310, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643197300, "uuid": "da8cae02-793b-4920-b381-8958b469e853", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643197300, "uuid": "ae758f76-978d-4fbc-810a-50b7a0a182d3", "value": "assailant.m68k", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "453d6be2-7e4e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643163517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163517, "uuid": "869ab34a-ca1f-4841-aee3-d0adea7e3c1f", "comment": "Malware payload (Heodo)", "value": "c8ce0a70c42bc6cd7fba5b5f9555e3b7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163517, "uuid": "ea896a73-9ad6-4937-8523-dca3e5571d4f", "comment": "Malware payload (Heodo)", "value": "815315bc0d2089332d8c0e14537ff0b4adc9b572692241d14bfdfdbb7cc2c0ee", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163517, "uuid": "d9a64e33-88ce-4383-ac7f-0d0eb32edb85", "comment": "Malware payload (Heodo)", "value": "9cff01ae141f4aac6ae5301948b32e3c85582375", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643163517, "uuid": "605b8148-ad50-4878-8fe9-fa0537baee34", "comment": "Malware payload (Heodo)", "value": "f9081ef1b45d4e81923a2ed58d486d272fbb15386732111a613153763bba485df6f9f855716e401466592795c6e89751", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163517, "uuid": "7867d63f-bbe7-4c7d-a688-8d019af221f7", "value": "T181A45C9EA105DC31EFFE63F151E5CBA3C15B9430275849AFE7FD91361A3CA889238582", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163517, "uuid": "2e9e571b-d555-4d5e-ac9d-983bc434fafe", "value": "7f57698bb210fa88a6b01b1feaf20957", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163517, "uuid": "119281e4-5016-4f1a-af25-176a8d8ed662", "value": "6144:cNU5LwA22222GgngDrDRVyYli/ci2tEGW78ODQiEBtvOSk5DKXOW14IkFxVFgY4A:x5w7YM/cYVV7EmOpOJ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643163517, "uuid": "7df80ded-923e-44a3-8eb4-4b90ea13236f", "value": 458168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643163517, "uuid": "52d73c16-9cb2-4028-a600-6ac128ab5da1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643163517, "uuid": "634e4627-43b8-4d20-a2c8-27083e83fe27", "value": "emotet_exe_e5_815315bc0d2089332d8c0e14537ff0b4adc9b572692241d14bfdfdbb7cc2c0ee_2022-01-26__021832.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbf36d00-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643207095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "0683748e-d2ce-4a9c-8d2a-0cf5310e7804", "comment": "Malware payload (AgentTesla)", "value": "2ab250006477245168ac320d41f4054e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "9536fbb8-3059-4833-bafa-27a534f91cb8", "comment": "Malware payload (AgentTesla)", "value": "8157565ca2963faffb611f319cf45ce63e3d20693caa085a9e8ef8138c56faf7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "996a066a-943e-4921-9381-d4c2fc7a3f7a", "comment": "Malware payload (AgentTesla)", "value": "7e42a652030630d6a439fadc885ca1852e0d7bcd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207095, "uuid": "92390585-e21b-45d5-a8f6-1f14bf95bb4d", "comment": "Malware payload (AgentTesla)", "value": "6637ce4c99218a083624899e897b9fa1b6414fe0f82f6279998d2480349ee4165e8371179c1fe8e04922b5cf7018590b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "5cfec191-07e4-42dd-a171-311022e87524", "value": "T1FA15BE7BF44DC426C2A9087641CFB40843B4B913ADDBF5AE3E97F9096551F8B9A0920F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "f2e5dc02-c6fa-4c75-be64-4db59e697966", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "d9308f70-abcc-457c-9941-4ec1b71af537", "value": "12288:7T0cLbRJDxg04sOK+zlsCvDFTd4cMepjs0s8Lwn2yRNp4QYsCFDRCf+l/9fe53fi:7TPLqWoDniiMywOhR6+bm53f5Hn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207095, "uuid": "0f3be39a-ecb1-4dff-b430-edfb1af652e7", "value": 905216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207095, "uuid": "b6e07c67-aa06-49ce-be78-a598e5ac18a5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207095, "uuid": "6aa0952e-0b33-4a73-9180-17f6d9a253e4", "value": "dhl delivery receipt.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ff7d609-7e8f-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643191399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191399, "uuid": "1fe0a17b-aac3-4df5-8b78-009800d68539", "comment": "Malware payload (Heodo)", "value": "40839f8902e07e4e4ab600d54f913b1a", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191399, "uuid": "763b69f5-78ef-4c13-846b-31dbe7930bee", "comment": "Malware payload (Heodo)", "value": "81593db93c788dc8799f1fb638396aec67452b6d6d63e0a59cf8b95e5a75a610", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191399, "uuid": "2001a4cd-1f59-40d6-8524-5f281a55879e", "comment": "Malware payload (Heodo)", "value": "3050e70e96e13cc10553ad66ec0f4f7a0603acdf", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643191399, "uuid": "51ba2cc1-7764-4ceb-9d7c-0c909e7d7335", "comment": "Malware payload (Heodo)", "value": "72f76b8843ce93e12e5db8983f35eda34bf680d1ff6c1fcafb40bad255632e8f6ade37733f51d60108d832ed8403ad73", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191399, "uuid": "1d92ddaf-8876-4540-b230-a9c37169b92e", "value": "T1EFE35B5576B5C9F6CA0407B10AD2CAFA2327FC779E5603E33198B30E1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191399, "uuid": "d5a8ee68-e618-4a78-bb96-785753d2351b", "value": "3072:97cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI4Gxl:JcKoSsxzNDZLDZjlbR868O8K0c03D38Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643191399, "uuid": "73ce6745-2f03-4e8e-86f6-82f93433a5ee", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643191399, "uuid": "ef3c9196-fba9-43af-8927-ca66fb53e18c", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643191399, "uuid": "f49aa9aa-d71e-42b4-b88a-bfe0cf2fa3b7", "value": "KO-2699 report.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "576b17a2-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177291, "uuid": "3d5f3a6e-08ac-4d3f-8a4a-ba2dd6975ca3", "comment": "Malware payload (Heodo)", "value": "5fc018538b34e891e67d7ccd6a6f5169", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177291, "uuid": "574d0841-8a62-4d13-a54d-abac4ac18a9b", "comment": "Malware payload (Heodo)", "value": "8187fdab6cf2ae48adace0a38973b64d2164aeddd5ee27eca0c55f5f8683bfaf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177291, "uuid": "2644c879-b1e0-4384-9418-ae6afbd6fa51", "comment": "Malware payload (Heodo)", "value": "f23a6451bdaf70ae014a4286b12e28f265bfe52d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177291, "uuid": "ca5b7d60-9a8b-49b7-8c54-77614e4c3f4b", "comment": "Malware payload (Heodo)", "value": "aaa5d34dc7612f74025b5dae080f9ef80600a311b97dd1131c94257be21e2203a616a7474aa30d1cc6367145b714247f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177291, "uuid": "db33fa60-be69-4552-954e-78daa154e6ae", "value": "T1EFD4BF11B2D2C07AC1AF1674596393A463F9BE90DAF9C257FFC06A4F1E315828B39712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177291, "uuid": "50571b3b-f0d9-4c50-b14d-6c9c3b1dfe17", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177291, "uuid": "ea628bc3-c6b8-4e46-8a32-947428952786", "value": "12288:kqdJaxkOWFornPmGZqnTFWbDtUYVubhesslBvQqEPO7:kOOsornPTwFWb6YVohevBoi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177291, "uuid": "e40772e3-86f9-4817-9af0-ad2ad624cc25", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177291, "uuid": "10d4ffc1-d702-470c-a9be-bc713506b040", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177291, "uuid": "4d7c08b3-d68d-447e-88f5-ed6acde47264", "value": "emotet_list_ioc_cronupTue_Jan_25_11:54:52_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7b51589-7e63-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643172729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643172729, "uuid": "52d4751d-edc7-46e1-b60e-f4b967888522", "comment": "Malware payload (AgentTesla)", "value": "63ca0e217ee3fa0454cf5fab2be02f25", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643172729, "uuid": "379c1c6c-e377-43cc-af39-033600c4e213", "comment": "Malware payload (AgentTesla)", "value": "81888a71e82738381fc4fc404317d4a23f0ed35e3b0cc8efbc3645fcd84e8b0b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643172729, "uuid": "06a7a8b9-f6f8-4d4d-b922-2cdbfa8a8f75", "comment": "Malware payload (AgentTesla)", "value": "f439752e2eeff415161d41ea0a77bf32e7050cc6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643172729, "uuid": "34264929-24cd-4bac-af7e-e6aab3f4f963", "comment": "Malware payload (AgentTesla)", "value": "bd2eed4124bb759bf693fa5e0198a80e1709f64469beb821666bc0c6c51a4a63d042c045c4fb673d1e25abc122ed88a3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643172729, "uuid": "82c64590-7f70-4b0b-af9d-e11a125e1b22", "value": "T1C005DF1532E0C234C29D283588A07955AF33F1AF78D2F964EEA2DA457FF97C4A604973", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643172729, "uuid": "eedbf223-ac0c-4668-92ce-aefc9fcce6e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643172729, "uuid": "6e763bb8-698b-4cce-ac4a-a796d469ffe7", "value": "24576:W0yluxEhbHcLyeo1+M6M3w0VnkwrCppHWOCp+SMx1Q2:WG41+MRA0lgYOQ+i2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643172729, "uuid": "20c60a2c-e21b-4e1c-be9e-0a09ee10b579", "value": 840704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643172729, "uuid": "9009ae1c-86b1-4f4a-82ae-c0d949375889", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643172729, "uuid": "1f2f324e-86e4-4176-8591-fd140b0742f9", "value": "Order#586382_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29a0d166-7e94-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1643193536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193536, "uuid": "d07e521d-4d33-4909-85f5-3860deddf0dd", "comment": "Malware payload (Mirai)", "value": "5b54ab3843dc18f86a13c075b676e801", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193536, "uuid": "d264106e-1e68-4486-ba88-ca7f65bea494", "comment": "Malware payload (Mirai)", "value": "8188c32e7959c70b6baadc4c0e953029f0f0c0c2bf386f4661284039aef4c8b7", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193536, "uuid": "30377d28-c111-4699-99e2-5ded0d160951", "comment": "Malware payload (Mirai)", "value": "0e44405f298a7a8bb0cdbe0428eb0a727b84bc79", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643193536, "uuid": "932c5afc-ecea-410b-b245-c4113d0bfedf", "comment": "Malware payload (Mirai)", "value": "ccd88f89f377e2d6a3f179548fd31ca2ccd59d32a669af03ea17219c7dda0975c7af71cd19af4f799c864db37091cc7b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193536, "uuid": "5e0c5279-8336-4feb-abdb-561ca1640530", "value": "T1F0B36C176692C6F6C08342B92BDBA1618823F6790B37331773D5BDA43F158CA6E6E740", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193536, "uuid": "6a314572-2eb6-44ed-857e-66698041ea2a", "value": "3072:Zt2nlia9qRBFZm4z1EYfcbJuphawfuJv03CKPCNVOXinYuM8R:MsVm4z6YgEphasqcFPCNVOXinYuM8R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643193536, "uuid": "00016ed8-bc64-401b-8d5f-0068eb880b38", "value": 112336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643193536, "uuid": "d99db459-a73a-48e5-bd77-93a622b24abc", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643193536, "uuid": "5d2f9afe-5de1-4c78-9dcb-af608286b6f5", "value": "assailant.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "794e0c58-7eb0-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1643205695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205695, "uuid": "f9d55005-b50c-4379-98b5-9b01b5367f62", "comment": "Malware payload (SnakeKeylogger)", "value": "5587b9c4c39d34f9b97273bf26298316", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205695, "uuid": "0d7d15ec-bb5f-4c50-9821-31b5f08875d9", "comment": "Malware payload (SnakeKeylogger)", "value": "81d07ac6ee61abe7a6df07d913bfb5a55b010b168139e5ee21089e2f3d2d3f8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205695, "uuid": "86fce409-23b8-455a-8913-817e2d91e52a", "comment": "Malware payload (SnakeKeylogger)", "value": "32622a5618c2f277c41aac502fb8470ed4dacb94", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205695, "uuid": "654d99c6-5995-496a-9c83-34861af4e4f0", "comment": "Malware payload (SnakeKeylogger)", "value": "841ede48e5474e8abe57984413b9589e897c74bd70bd451212adbc0e3492b759dbad30fb5ae0b2079753629c920ee52a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205695, "uuid": "f36a36d1-14da-4a12-b625-f65d54532a44", "value": "T1E0F49D6BF448C83AD29E497681CFF40E03B1B843EACBF59E3E97F5456251B87A60510B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205695, "uuid": "4cd2e512-9fa9-4f16-9307-663f230f1cbc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205695, "uuid": "cc7ab561-e990-4f94-af7b-22a4ec0ce024", "value": "12288:sG9TmGWdiATf4UMzsh1yM5kErRpUqnpjs0s8LwTMqoXWdC7lTiZI7sd:X9TmcNkrhMWwTplk0Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205695, "uuid": "0f551211-0c46-4567-a4bb-cd230e13e636", "value": 784896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205695, "uuid": "3f609585-bfef-4e8f-8bf7-79414d20f0a2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205695, "uuid": "49425837-eef4-42e7-91f7-2adf12d55027", "value": "Proforma Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d013b887-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643199398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199398, "uuid": "4ca640c0-5bc1-4353-8ccf-456654910ef0", "comment": "Malware payload", "value": "baeccea9a78d5c5c5caef71c0cb66967", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199398, "uuid": "eb987a5d-a294-4bc2-a837-34d1bc2d20ef", "comment": "Malware payload", "value": "81f8c92e675564f602600944669fb068241e0d831ef7e41dc61cf69bae565ad2", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199398, "uuid": "9c86fc3c-6a4a-44a5-9986-14a6e2488a83", "comment": "Malware payload", "value": "8163970f794bc6603a4dccc85d777c3698eece73", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199398, "uuid": "3c9c4686-ce6e-4953-9ea1-bd4c5c2905c5", "comment": "Malware payload", "value": "87b359a64582a99f800a4fea6f383869ed8db9d898802c1731244d3f111089298898f67ce35ad72a187d62be1769c32d", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199398, "uuid": "6ec773e1-e360-4d33-80ca-f53153aa10aa", "value": "T17BE35B6576B5C9F6C60407B10AD2CAFA2327FC779E5603E33198B30E1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199398, "uuid": "36a86b9f-80a9-4f32-8c77-2470329f0475", "value": "3072:M7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIUGxu:ucKoSsxzNDZLDZjlbR868O8K0c03D38f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199398, "uuid": "b71765d8-3e62-4bff-8140-b416d7c1adce", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199398, "uuid": "fcce3802-cc9b-47db-b039-e98888ce50ae", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199398, "uuid": "52312f41-cf4d-4f15-a8a8-832264bbaad7", "value": "OMICS Group.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "065475d2-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177155, "uuid": "de2f9cb3-e19d-47bd-9297-584bf46ae9ab", "comment": "Malware payload (Heodo)", "value": "fbce72214abd7368a170846a46566e51", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177155, "uuid": "48e47230-470d-44f8-9b09-a7cca2f94505", "comment": "Malware payload (Heodo)", "value": "82180f13666c5b3d587b8ff068952ecc6a5898b594014a202aa98378e91f1113", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177155, "uuid": "117821fd-7e30-4025-a2aa-38a40f6ca58a", "comment": "Malware payload (Heodo)", "value": "b09eea8bdc092e94f574892fd64c14aa68cfcea7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177155, "uuid": "81d3e758-548a-4a5c-b493-eca21e0f42b1", "comment": "Malware payload (Heodo)", "value": "b450d4dba9485eff5feadacef06136ec94e21102e29711f02bd0124aa8e1f5c71fab4c3c51e864abe298b0f915c71a05", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177155, "uuid": "3a9346e1-0ed8-475d-a69f-553d55af5caa", "value": "T1D3E4BE217AC2C037C16E22749117D77562F9ACB08D399607BBD82F7F6F741829A3970A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177155, "uuid": "020bb062-1321-47de-a9fd-eed5f665e19f", "value": "035e8ec1c3fbf22ba7aa008cf81b57e3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177155, "uuid": "d01c96f7-4d11-432f-b895-4a3f249db62a", "value": "12288:SKErLbWywuqBlzeWJsc4guGuLfG6M6AhPoTVHeo0Wq7giXg:SK8EuqLzeWeKupLxM6MwTfq7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177155, "uuid": "31e18752-7ccf-459b-b6c4-1029e442cd2b", "value": 657920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177155, "uuid": "ddb5c849-7629-48c4-8f2b-00adc567a100", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177155, "uuid": "76961df0-013a-4835-81e5-8b5fd747efd4", "value": "emotet_list_ioc_cronupTue_Jan_25_11:53:48_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1587352f-7e8d-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643190495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190495, "uuid": "f7faaf46-b937-426d-bcf8-eb29397b74e7", "comment": "Malware payload (Formbook)", "value": "58caf63f996ce6c9355fd77de7f03ba6", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190495, "uuid": "12432646-e05c-46a3-a683-45ca9c4c8b00", "comment": "Malware payload (Formbook)", "value": "8229a6818eba99a00484434b9af969c782a22f88e9d7589a431d373c56e5cf8b", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190495, "uuid": "81263675-f423-4646-a2e5-9a3ad364a77c", "comment": "Malware payload (Formbook)", "value": "27ed08f7da1df739c84c9e629b1db50ad4511b20", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643190495, "uuid": "941ffb46-f14f-473f-ada7-9c231d9e35b3", "comment": "Malware payload (Formbook)", "value": "d8cb6295b12887d609f1d3ddd0f9deede4c6f939037d0b58f0da2f9d41b196d45ce98f3c5ac2c2f75d7a83f154b41b76", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190495, "uuid": "2574cbde-8ade-4145-953d-4c18454c055c", "value": "T1EC742342EC275BE1DB043E00CF013EB5C909DB07C9654D37E0AB9560EE69727BD98A32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190495, "uuid": "6fcddc56-443f-4f4b-be46-1c90de13cc26", "value": "6144:T1Esn3mJtvn7H5dm3RtlSHgeRghUjJwyJIVAJRDn5GTL9VS5OBd7j:5Esn3Wtf7H5cHUrjDtRtGTRV7Bd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643190495, "uuid": "c93f4284-a292-400b-969c-5ad13b6a4769", "value": 355240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643190495, "uuid": "c062274d-be5b-494d-95ba-fbce4fcf1b92", "value": "application/x-xz", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643190495, "uuid": "51187ef2-a993-41fd-bc5f-8d56327fd12d", "value": "TRANSFER schnell pdf.exe.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb1021b5-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220865, "uuid": "d62adf35-b65f-4f61-89ca-8bba03797b1e", "comment": "Malware payload (SilentBuilder)", "value": "bca052dd79cf1388fd6e218891220e02", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220865, "uuid": "5bf8b6e2-dbef-4956-b8ad-d6ccae8b49bb", "comment": "Malware payload (SilentBuilder)", "value": "82e8da4aa8509022d543b4edb24cf74c874047c7c27caf4488779223f9aaa08e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220865, "uuid": "cc8aeb24-9303-492e-b66d-18b06011a24a", "comment": "Malware payload (SilentBuilder)", "value": "ac1136f8d5adc3f0783c18a6cf73b3e801e16859", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220865, "uuid": "d0d8d8c7-5a16-4541-ad37-05c2ee1c02b3", "comment": "Malware payload (SilentBuilder)", "value": "e8c13b836cf4553a05b741159276beaa60297346ea2e5124f9dd06f5e469446697ac633cc247db8a28646d0242ec3e11", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220865, "uuid": "0da9125d-5205-44d7-8ea0-c244d153800f", "value": "T1FD131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220865, "uuid": "8a7fcf2d-88b1-4f1b-86af-a298e265c7ad", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220865, "uuid": "c862b8a5-7c98-4b15-9953-922f2fc8c73a", "value": 45287, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220865, "uuid": "ab1c2ac1-41d2-4f67-9d55-ce9195b711f8", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220865, "uuid": "2d323f05-1223-453d-a175-d5942bb374da", "value": "tmprcfyzv88", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20df384f-7ebb-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643210271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210271, "uuid": "54658bad-ef52-4ddb-89bd-5b9103f9f0f7", "comment": "Malware payload (Loki)", "value": "7a57e9393cf9fe8644b8eb89d2fab5db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210271, "uuid": "1c15662b-da54-4d36-b61a-7b5fc99e5754", "comment": "Malware payload (Loki)", "value": "833165744abc9fbfb3c0218e390eccb5dd9456bdbd65c6082fe1c3bb8f1a79cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210271, "uuid": "79f80b08-ec9a-4cc5-8563-ae68e70eb79c", "comment": "Malware payload (Loki)", "value": "a0a33e439b818aa79cbdb6581e9c76366a132acf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643210271, "uuid": "fc20cced-a569-482a-9a0c-0e161f2ed049", "comment": "Malware payload (Loki)", "value": "1ec656292e41818ee1cce9a964286c443a7f4e5d593746724e30730562e763099efb12c0abc68c7d32ecb42c90404a41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210271, "uuid": "3e9c282f-007d-47fe-819a-bec111de0c5b", "value": "T16434124B35C9D8FBD80729B315B3D79ACAA5F2011152004B87F12FAEB5E80D7B5162FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210271, "uuid": "65ee23f9-95b5-4e9c-814c-a2ab2696a508", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210271, "uuid": "662dda2c-d15b-4e3e-b13a-0cf4fe45ea38", "value": "6144:owB4LJbZuygMfkDHJfsHXjwmYeSFUOxL3e75oQ91R8lnVFZ:edZuGfwVsHd5OxL34oiElVFZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643210271, "uuid": "790309ff-6f01-467c-9d60-ff3ad934dc62", "value": 246924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643210271, "uuid": "48d8affa-ac9e-4c88-bc8d-f0ef01a8dc1b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643210271, "uuid": "01c29cd1-ac7a-4af8-8c80-b9d4bcb29798", "value": "vbc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "135aedd2-7eb1-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643205954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205954, "uuid": "5a16c6bb-f498-456d-880f-9719a806a670", "comment": "Malware payload (RedLineStealer)", "value": "a9b738007a4c425a4dafe2e90af02207", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205954, "uuid": "f2558bc8-dbdf-4268-aa1a-101c9bc047b6", "comment": "Malware payload (RedLineStealer)", "value": "834da6d982eabadc0518f149d8832f421d8d3c2943033ff19c1a84874b88148b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205954, "uuid": "3a915101-7135-4d5c-9280-f540574d47fb", "comment": "Malware payload (RedLineStealer)", "value": "38826225afa929215e895ab1233bdd72c5887883", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643205954, "uuid": "d945eb23-b1bd-49fc-9b64-bc01be44da41", "comment": "Malware payload (RedLineStealer)", "value": "b684c86e030c9fd041a42c374c083d7e2e32daaa67b4535f464ac69056246c30ab769e5d7bedebad6e595be3ff761af3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205954, "uuid": "5dccb04b-bc52-4ed5-af69-e454405343c6", "value": "T16CA4BE00B6A0D035E5B712F515BA937CB63E7AE16B2450CB63D52BEE56396E0EC3031B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205954, "uuid": "1a1ed5aa-57c1-4a82-abc5-38cda8beab09", "value": "747024b1d04ad78d24e3aa224d333747", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205954, "uuid": "a779446a-499b-49a4-8986-b824b5d3e932", "value": "12288:XpauH+RmC8+SU3uN5lS3AaCS4zoygPNV/x:5dJ+SU+jE3AjSl5V/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643205954, "uuid": "d662223d-d998-4693-86d6-fe5dbf0d8728", "value": 453632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643205954, "uuid": "3eca90d2-34ce-4875-991c-89121250b194", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643205954, "uuid": "ba85382c-ca9c-4b44-a8ab-e1f80d50c12c", "value": "a9b738007a4c425a4dafe2e90af02207.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65f74301-7ec9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643216400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216400, "uuid": "48f10de6-123c-4229-bd05-4cf63dd343d6", "comment": "Malware payload", "value": "dccad0c11ad18b67dfd2f65904426d25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "log4j", "colour": "#B82EEC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216400, "uuid": "73acae0c-2ec6-4b42-9124-7538ab28fb0b", "comment": "Malware payload", "value": "8350a3a65abbc7a2ecb5c8d997341289370d26d1f6ad65e9bd99f04c806baa89", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "log4j", "colour": "#B82EEC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216400, "uuid": "c5966e51-2543-4e69-9bc9-b882537f19bc", "comment": "Malware payload", "value": "623613ceb5b14c50294bfd06189fa81b8404b313", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "log4j", "colour": "#B82EEC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216400, "uuid": "cdaca4e4-0b58-43ac-a0e3-ed9397b5192f", "comment": "Malware payload", "value": "6225ee69f47777d3d90a57906c7682641f4f51d297d2fd6644db7a83e7f2225bb34516f11fdfcd25b621f83e29935bd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "log4j", "colour": "#B82EEC", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216400, "uuid": "65258cf4-9cf6-43d4-a959-9e3dc90e5ad2", "value": "T17AF5AE02FB828571F9E706B911BB637E5D7D79600324D4C387D029E98D356E0AE3B39A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216400, "uuid": "327d1146-1556-4a03-a975-c11650cd1845", "value": "ed247defdf55df48d454dce13155cd56", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216400, "uuid": "3687b443-d927-4842-b0b8-9f336560d01f", "value": "49152:XWSikVeAnHMOFGbrZ1MlE/33nem4VpQqGvDPihADa3z:GSiWHNYGnLXGvgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216400, "uuid": "fd045971-1b8e-4f51-ba37-93734f28235e", "value": 3486808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216400, "uuid": "787c0bf5-0802-4477-a714-24fc23d853c7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216400, "uuid": "d5798130-5f14-4d90-8bf0-adf0d37b88f5", "value": "meshagent.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8422124-7eaa-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1643203251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203251, "uuid": "1fc1a01a-c116-42ef-8afd-5a9b406864e3", "comment": "Malware payload (RedLineStealer)", "value": "1138566c2dc75fd97735373798d050b6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203251, "uuid": "3728189d-0d6c-40fd-99d2-1a2d5d67a87a", "comment": "Malware payload (RedLineStealer)", "value": "8370bc92f5cb661bd26f3bd5abb51f6d56c48acb438ae48aa3351044cd55678f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203251, "uuid": "99216db1-8834-460b-8df9-84a951f79a05", "comment": "Malware payload (RedLineStealer)", "value": "8b6fbc0d77a58352a47f22967c75587e035eb357", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203251, "uuid": "709bc331-8b17-489e-811a-5eaa296a2a35", "comment": "Malware payload (RedLineStealer)", "value": "70b4c109edd1a107a5de8cf02fbe788a54fdc61ede20f29bd1aadd5f919d0d74a39623788b26b6270eeed74dea75f65a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203251, "uuid": "288d890e-6a18-49a0-baac-ead6ab11dc56", "value": "T126A4AF10BB90C035F5B716F449BA9378A63E7AE15B2490CB63D52BEE5A346E0DC3035B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203251, "uuid": "79092a80-6080-4d4d-9ac0-ed184347477a", "value": "747024b1d04ad78d24e3aa224d333747", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203251, "uuid": "78d19349-53fc-41d1-ae6b-6f221b2d9cd1", "value": "6144:DF7tjrH2bZgOhRRxxLhCaigqdFKS8eGTvKdFj9ma3qJBgDnY598ICrcKHVg1GhWZ:DFBa73NYFgqjKNe399j3mgDmtyKoW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203251, "uuid": "511b3134-387d-4f30-b721-a958880a0468", "value": 454656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203251, "uuid": "e3f334ec-26cd-4847-babb-6f32a3e51e8a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203251, "uuid": "b6380406-7ba7-4fff-8a12-9e55cdcbed7d", "value": "1138566c2dc75fd97735373798d050b6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "495c04be-7eb6-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643208192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208192, "uuid": "c7316b9d-c5b1-4a14-8c4e-1596e6d18826", "comment": "Malware payload (Heodo)", "value": "04695de3d9345cb4562a2ca056f1cd21", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208192, "uuid": "b9814f28-a113-4cc0-9893-51c1d2cb4896", "comment": "Malware payload (Heodo)", "value": "83c8e390d3a6babbd0950ada6fbd43fa009e05693e2be1f2279696f1bf9eced2", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208192, "uuid": "5c527748-75d3-48f5-91f0-0fdc604cf94c", "comment": "Malware payload (Heodo)", "value": "475960c58cdf0dd92187345d6e53c68989bc0526", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643208192, "uuid": "bf666101-7c34-4734-b131-1e0e573c01e0", "comment": "Malware payload (Heodo)", "value": "2c382d78115575cc05c3b8d35812c2d0a44a6891d2753815a653a1968e5e44ca67592b6df6a07d9ff48caf7837e2ba75", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208192, "uuid": "24cd6c46-2db5-4447-9ec8-bb1c51f355fc", "value": "T136D36A66B5C5E9CAD70523350ADA8BEA33276C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208192, "uuid": "abda3c49-0ffd-419f-b1ee-702dd0e977f2", "value": "3072:0cKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0M:0cKoSsxzNDZLDZjlbR868O8KlVH3jeh7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643208192, "uuid": "2c39ae58-5359-445e-8f7c-12b2ae7d99cd", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643208192, "uuid": "3c975f37-698c-4e84-9200-ea862fe81f36", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643208192, "uuid": "afab65a8-faa5-489f-bf2b-8be601f06aa0", "value": "Peak distribution LLC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae08c307-7e9e-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1643198053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198053, "uuid": "f1989f73-1168-48ae-8f3a-4f2a4a4d1711", "comment": "Malware payload (Gafgyt)", "value": "b7323d927cfd0763996f5eda216ec364", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198053, "uuid": "b1314542-977f-424f-8db0-d5ea3d294948", "comment": "Malware payload (Gafgyt)", "value": "83da18bc693e0636e98ef6c8ed803106ad3d025c5ed8a1c25fee9c8c34686f6b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198053, "uuid": "39ffc537-c3f5-4ec9-954c-cc8975c78ea1", "comment": "Malware payload (Gafgyt)", "value": "fb129bd4da4fa6e9808d6aa6d36178d7cd5c2d46", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643198053, "uuid": "90c96000-9f8f-4bd8-b7f6-a653fe4aa576", "comment": "Malware payload (Gafgyt)", "value": "0969fd5c49c3776007fe0c5e76f72a622171a7253390003818d1d12f2e978c06431dc0d65713d17a02b80b8a46f1ecfb", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198053, "uuid": "c8391978-0411-4c55-ae09-26045535de11", "value": "T1ADA34A82A740D5B3D1A306F6129B8B150133FB3F4A6B9EA6F35D3CF48B509C57221B99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198053, "uuid": "14ded606-edf5-498b-b924-b437c718044d", "value": "3072:Jg4eodUWUh917j8mc2deiPUDAZURyPf55hQTSvxinf0OzTyoQQub:JdRu917j8mc2H5Z5PB5h8cxinf0OzTyv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643198053, "uuid": "3d1875ff-4099-4ede-aa12-c428315d203c", "value": 99709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643198053, "uuid": "7fe6e3e6-edd5-4d2d-b01c-7921ad844abb", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643198053, "uuid": "3cc45d7e-ea64-4ca0-9083-1eb584813c5d", "value": "assailant.i586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2686b7e0-7eb9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643209422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209422, "uuid": "94039d80-13cd-4fff-8833-57f8a181a589", "comment": "Malware payload (Heodo)", "value": "84d56b7862b069f0973a5ca03a2532bc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209422, "uuid": "cb5b9495-fc74-423e-87b2-1076686ecc11", "comment": "Malware payload (Heodo)", "value": "83de1925d8b151e4d006f58904bccee80bcd14fbb6f39b83d4d6435ec0949f78", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209422, "uuid": "cd417bbd-209a-43e1-97d6-e34a8d637d06", "comment": "Malware payload (Heodo)", "value": "63162bfde966d98f063324ff276afd7c54c66a05", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643209422, "uuid": "257e62ed-f848-458d-b243-73ca1f6e73bd", "comment": "Malware payload (Heodo)", "value": "0e372e8e02d685a4276c81aa4476538a34a863704b62393e8b883e97101c8f12a6a44f51f2f3b17ff0d1e5d2a2997cf8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209422, "uuid": "025d99ca-e0fc-42ef-a705-2661d3f9de07", "value": "T130E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209422, "uuid": "02174480-4cd7-41b0-8d86-0a8f465ef574", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209422, "uuid": "9d11bb5c-4816-4b2a-82ec-7e045e023caf", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIIG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGROg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643209422, "uuid": "5481be1c-7db1-432e-bf51-e389ee898f1a", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643209422, "uuid": "7595bb90-12b2-43fe-a85e-95bb9f465b10", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643209422, "uuid": "c0eabefe-78a3-424e-a993-212075a268e7", "value": "84d56b7862b069f0973a5ca03a2532bc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f05d10bb-7eef-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232953, "uuid": "180647f5-31a4-4f2d-a6dc-16caa0b5dcbb", "comment": "Malware payload", "value": "d4876c878f7043a7a61a2d0807c85447", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232953, "uuid": "029b0f29-1785-43c4-ba77-e181612fa594", "comment": "Malware payload", "value": "83e0727614d15e3b27b2b0c71f15462e9887bef568e3a9af5a7b5099052e3846", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232953, "uuid": "01e5cbd6-acf4-49e6-a4e8-a17290dc5185", "comment": "Malware payload", "value": "5531e2d0888f20cb5842acf270550edab92cc4b0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232953, "uuid": "6755e02e-bbfe-4a56-8544-a5cb4290b2c6", "comment": "Malware payload", "value": "1348ab7955fe287ea8dda0769abb987ebc4dcb0549ee8ffc3fe8a495808f828076b0ce2046945629afbeb8153098865b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232953, "uuid": "ff610257-9b8e-490d-b056-f0a9d7550eeb", "value": "T16FB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232953, "uuid": "fa5dae68-4a15-4ea7-828a-b20add52eb92", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232953, "uuid": "339faa5e-1264-4e69-8202-1de5a0b54d46", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v849clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgZ0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232953, "uuid": "38cc3717-66ee-46e2-98ca-34f21c4b04da", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232953, "uuid": "65598ba5-d6ae-4f4d-aa2e-c4fd2af329ec", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232953, "uuid": "388c9b7a-442d-4abf-bcd0-9c77b6112d3e", "value": "d4876c878f7043a7a61a2d0807c85447", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2735e7ef-7edb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224026, "uuid": "390dd7a4-86b9-4194-a77f-9adca9602aad", "comment": "Malware payload (Heodo)", "value": "42796fc533dee087ecb8cc45dac928d9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224026, "uuid": "2b2506df-100a-4c46-819d-747db71b2a37", "comment": "Malware payload (Heodo)", "value": "841fbca9259f993a071186464c0788ca0d9ebca41b63a95c8567f8fe107edf6a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224026, "uuid": "81275ce3-9baa-4beb-9f59-d28f2ec7c79c", "comment": "Malware payload (Heodo)", "value": "9390cb336181f8fd2c915fd319a2f6321b0bf992", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224026, "uuid": "5ed73dde-c70f-4b33-96e3-d2cd157d8a3a", "comment": "Malware payload (Heodo)", "value": "fa95e1f28b496dfc6d2261d061b09f3baf7962e13b1c3584246760d9783ee21ddbed57a9fb2035a2f19c87f48b995d3f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224026, "uuid": "82ef0fe6-b07f-44f3-a217-9c8a26d503d2", "value": "T1E7E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224026, "uuid": "24a43e29-bef3-4c41-8c39-9d3ceac2c5f6", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224026, "uuid": "b008fa7b-da25-44db-a48a-d59caae3997d", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIQG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGJOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224026, "uuid": "bced5f70-793c-49b7-8438-d72033827b41", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224026, "uuid": "e8ad59f8-3879-43f3-ba13-28f11196ae9c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224026, "uuid": "8f93bb6f-71ae-492e-ac78-9fa4a604b352", "value": "f.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9631aaf2-7eca-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216910, "uuid": "837fffe8-deba-4161-acb1-23b4377b39be", "comment": "Malware payload (Heodo)", "value": "ac1e9bc8492fc9a6fb749886352792d5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216910, "uuid": "98cc00a7-7af1-4ee9-b927-cb3a1f597895", "comment": "Malware payload (Heodo)", "value": "8424f1cdda30b565f1905bbd4996ef49988388c3c73ee18e13ca6f794bdc90fe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216910, "uuid": "5063c436-f8d7-4882-a80e-b59d9f6952d1", "comment": "Malware payload (Heodo)", "value": "f0689b02fc9482df5a3deb4a8be1d1383bdca73c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216910, "uuid": "ac7087c6-be54-4672-a06e-82ccef7d2557", "comment": "Malware payload (Heodo)", "value": "cf33a074bdbdf671536d37dd3ce5ff24ce0dfc89b28323b46c4c9453cc6ff1219b890fc7b43cf96f8b66c24e5d50f71d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216910, "uuid": "1bf2cacf-52ff-42d9-96d2-d5529700cc4d", "value": "T12005F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216910, "uuid": "a502cd5f-4d01-4ac7-95f7-b86ba419124f", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216910, "uuid": "c257bc7a-ad7c-4b52-bd04-a5237ab373a1", "value": "12288:aA9e3OrvpgqjtQFec66dddifiHxoB3rNd9CDr:blrvpgqj2FeLQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216910, "uuid": "5bf6ca21-24c9-4d02-bc2c-c1beb9456eea", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216910, "uuid": "f56fea19-cf7d-454f-a365-3fa9a375ce37", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216910, "uuid": "4b059b45-8503-45a8-9ed7-d767a2608448", "value": "ac1e9bc8492fc9a6fb749886352792d5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af47c418-7ece-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643218671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218671, "uuid": "e4a170a1-e4ab-4dff-9e8b-681452511ea0", "comment": "Malware payload (SilentBuilder)", "value": "61f31f0718e69d4b0cd4466441d08ce5", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218671, "uuid": "d184929f-eebe-478d-915c-37f0a01d88fb", "comment": "Malware payload (SilentBuilder)", "value": "844a0501579a9989a70150e8bac90c07df1c28103869a825bffdd4830f05acb1", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218671, "uuid": "fdcaf03c-f855-43b1-88fc-129bd02c6255", "comment": "Malware payload (SilentBuilder)", "value": "964378c20c778db237273808bd1c189b758f3966", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643218671, "uuid": "8504114f-78de-49a9-bfef-5c7507cf2b0e", "comment": "Malware payload (SilentBuilder)", "value": "6c2d8c43a32ee04272dc37015848162b2f66eef07bdcce42897669d30f6dd5552a1e84c13e5669378fd3c549c251778c", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218671, "uuid": "8860f6c5-957d-427d-a28e-a5a3a145d52b", "value": "T1C6131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218671, "uuid": "6978c16b-a6d6-4986-984c-fc204bdf6365", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643218671, "uuid": "08c832ca-0a3e-43f2-93c0-578f813711fd", "value": 45476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643218671, "uuid": "596f60bd-f904-4a94-b139-7cc2100c37e5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643218671, "uuid": "1462e96d-6602-41fe-8375-9b41c58901cf", "value": "tmpzl9vbum9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b4b78f4-7e51-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643164869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164869, "uuid": "406a05e8-9b0e-42fe-a59a-0dbbb60a4196", "comment": "Malware payload (AgentTesla)", "value": "c5269488d3c5c0c4ede93503ac0ac93b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164869, "uuid": "e1996a55-f53c-4121-b3a0-f9b04931989a", "comment": "Malware payload (AgentTesla)", "value": "84d28955c12749e987c47b3bd12e34b59e6b9a491b05fc66ed33775be71d0eab", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164869, "uuid": "ad095c93-b3ae-45cc-a05e-b25777bfdbaa", "comment": "Malware payload (AgentTesla)", "value": "d0c6394eea1bd335b891bf3dc8253ae081a76b17", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643164869, "uuid": "53a5b0ac-2400-457e-814f-1968b6f7118d", "comment": "Malware payload (AgentTesla)", "value": "0aa85a2f7cd188e2083f02095a0050b2bed31a8a8014338c0958c66fdb4f5317787bd330fa72707e38d09437106fbf44", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164869, "uuid": "958088ad-b00b-4b2a-9a45-06b98e35c491", "value": "T1635512382AB6D92AED3BC73C5771836C0FAA623AD11BF67E6D44B14C0951B444F42A73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164869, "uuid": "32881fb5-210a-44cf-a448-a0ed622275b9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164869, "uuid": "52fd4e8b-893b-42c0-b83d-243bef315b55", "value": "24576:HjjAIehzYcaFyaVTxN0g+R4Yu1YDFCgTrc1zKViGWIANSCqCmURrOrSO/:gIeW9U4T30X8Id4171NNSCquRiF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643164869, "uuid": "f5bb6503-5f5d-4fa1-a526-872e26ba2cdc", "value": 1293824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643164869, "uuid": "a8a20044-057c-4cc2-8e52-e00539a857be", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643164869, "uuid": "3b9db02c-ba3d-4460-9ad0-dd998f67647a", "value": "Purchase Inquiries.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "180fdcc1-7ea7-11ec-9275-42010a9c0029", "comment": "Malware payload (Guildma)", "timestamp": 1643201666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201666, "uuid": "97b68006-e088-4c0f-b3f8-6c3caf400e3b", "comment": "Malware payload (Guildma)", "value": "24a22def0ae91f1f019a6132920bd362", "object_relation": "md5", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201666, "uuid": "70e10c03-aaca-4fa1-83aa-9d2700097e42", "comment": "Malware payload (Guildma)", "value": "855067e76beaf49e97534724f564082345f6cdf58b53ba053f7fc6f8dfa72e80", "object_relation": "sha256", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201666, "uuid": "9942f1a8-5944-4645-9166-a7529f15c0a7", "comment": "Malware payload (Guildma)", "value": "594f4d4c3208acfd5f557d37e4470103830e9525", "object_relation": "sha1", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643201666, "uuid": "74961474-24a3-41c7-9be4-a4909ede0314", "comment": "Malware payload (Guildma)", "value": "00830a8b805d338b083ea4ba9f395f03515fdb1e4003791df7e2f92db0ed49f9a6aef30d6f99d3ba5a4f53bc3df42462", "object_relation": "sha3-384", "Tag": [ { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201666, "uuid": "6bc0ed27-54dd-46bd-a0d5-78d10665bf39", "value": "T113A0228CACF0FC0080EF800002B00828EE202A000200F02C82CCCB28BF2CE02B3CCB02", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201666, "uuid": "b0ffb827-685d-4443-9187-d952de5febed", "value": "3:P2AMjFdB29Fg7AGRXKRSEmL7EuiKHu:i5X7AchvEmu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643201666, "uuid": "50116c79-0a93-4b99-b703-c613177798a4", "value": 70, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643201666, "uuid": "df3346a2-7433-4335-b115-0909c2a4578a", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643201666, "uuid": "9a4347e7-1aa8-4fe0-91f1-458d6b9860ac", "value": "Anexo_6864345352.612307.19873\u00e3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "778ae078-7ef6-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643235757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235757, "uuid": "7a1fcb08-0c47-49c0-a371-c50c4f84dc05", "comment": "Malware payload", "value": "7ae00e30a3c5489afd854b688d5f085f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235757, "uuid": "34fe08d1-ccee-4f47-9a7c-bc11c47e64a4", "comment": "Malware payload", "value": "858fc75ee17bfd598aa70cc3b684f24822ca84dfa7f1358511a5b95abd5d54db", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235757, "uuid": "81f46936-dfbf-4d44-bbcb-ffd9bf3cb6b0", "comment": "Malware payload", "value": "2685c5511cdc5e47e8f4bd672a49a4f5cfa71b1b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643235757, "uuid": "f3318f0d-56f4-4376-858b-0ef6765c541d", "comment": "Malware payload", "value": "69abfa485cc46260de0b898a92a827172d6f4f31385389e56b7710a5839aae12a14cd20c0a3f26c545aa3ba36e5a3387", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235757, "uuid": "6696bf36-3d2c-48e2-ab52-def81781bd12", "value": "T164B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235757, "uuid": "16235e49-6dec-454c-823c-b211baca0a5d", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235757, "uuid": "9ab1a9a7-62d2-4377-a9db-57a77fffcf4e", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8Y9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgd0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643235757, "uuid": "7b87ec40-d7ad-4817-9def-6f3e477c376e", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643235757, "uuid": "44a6e875-d439-4a7e-b561-901b564af002", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643235757, "uuid": "6ada3ee7-46e0-4750-9159-9229c6a8323d", "value": "7ae00e30a3c5489afd854b688d5f085f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73aab98f-7ed0-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643219430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219430, "uuid": "4c953330-bf6b-4e09-a670-1906eb8a2c09", "comment": "Malware payload (SilentBuilder)", "value": "929b788149b08315ac7132eb1ed206ad", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219430, "uuid": "0d227d67-1b5b-4acb-ba54-15b9d05ccfd0", "comment": "Malware payload (SilentBuilder)", "value": "8613762e544fa077b17fefa2e5e31237bedacaa78a12d823eb42d7404f846942", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219430, "uuid": "9b243b9e-cca4-4f3d-bf5e-575483d3859f", "comment": "Malware payload (SilentBuilder)", "value": "1d716585703ae6d9295a52c0ebce8660b0ac0973", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643219430, "uuid": "ffaaecd3-aac5-44cb-a0cf-5c7aaf18970f", "comment": "Malware payload (SilentBuilder)", "value": "63e5e4368a16c9ff181090eef6e94221d362ff9128f4955153d7ef2d48adb1ed0ee2d01d92ad543968fd452e1d1580b6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219430, "uuid": "52425e69-e98d-4324-8e3f-dc4e43456948", "value": "T160231953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219430, "uuid": "b50d38fb-b246-4afd-900f-bf4db69181aa", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643219430, "uuid": "573f8d33-1d67-4d61-8a34-30f58e8cb245", "value": 45654, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643219430, "uuid": "f745d8fd-d549-447b-b39e-ebeca5145ba5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643219430, "uuid": "c05acb21-85a0-453d-aac4-74025001ee97", "value": "Insight Medical Publishing.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "472ebb3a-7eb4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207329, "uuid": "44667a88-ab07-4aeb-a678-daf9e031e1aa", "comment": "Malware payload (Heodo)", "value": "b28b5754cc1754e46ada156722b91354", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207329, "uuid": "cf65b6db-dc7b-411f-9262-f90ae3af2cef", "comment": "Malware payload (Heodo)", "value": "861cae65e16818f4213c88c0ea033f03abaab598624853ae3e3604f7d1cdd80d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207329, "uuid": "b7e25116-57ca-44d0-94a1-52eedde0b1df", "comment": "Malware payload (Heodo)", "value": "bc17cb21187bdf86fae84d9f58a60c473d77be0a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207329, "uuid": "c4dc6bb1-bd9d-4c5d-aecb-66d0b0774b2f", "comment": "Malware payload (Heodo)", "value": "ebbe44eaac2c9a9c74a499ebd3494d2cf1fa6728d69981a742e72456c621bf7d1aec69bc2d0ded2521985a9bf81bddbd", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207329, "uuid": "b433277e-dec0-47e9-bcf3-18f7251bdaff", "value": "T184D36B66A5C5E9CAC70523350ADA8BEE23676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207329, "uuid": "c5208eb5-718c-4254-b528-dda689d37ac9", "value": "3072:4cKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dgcGx0+:4cKoSsxzNDZLDZjlbR868O8KlVH3jehh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207329, "uuid": "a568aa25-3c34-4df2-bc6a-7c3d1df02b42", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207329, "uuid": "ddc0f95c-e6ac-45d5-bbac-90ff9850cda1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207329, "uuid": "878ba528-39ae-45f7-b861-5fd2049fe926", "value": "Hotel Herzog Heinrich.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2b198a1-7eb3-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643207134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207134, "uuid": "3ade69ec-ab33-4af7-8663-2c9c562649e1", "comment": "Malware payload (AgentTesla)", "value": "ab0c8adc4ce5489aef2404229f8a4541", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207134, "uuid": "89b61e19-43d7-484e-a0e1-6a39d4ecf6d0", "comment": "Malware payload (AgentTesla)", "value": "862a33c7b4ff14df0d0fce347a3bb943c927e5a8dc5fbe4ff6ad9b54e7863099", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207134, "uuid": "f5127c94-fd24-4673-8137-31e673620068", "comment": "Malware payload (AgentTesla)", "value": "95438706a9e2c70cc0a39e7f4b086c03a15db9ed", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207134, "uuid": "d9ba1cc8-ea7f-4104-98d1-b0a3b734b2aa", "comment": "Malware payload (AgentTesla)", "value": "f1ef1380241c62537c682940fe1f9ca71def8ef203569bf56dbcc09bc52dffd40ccfa1ff74a0f3736593ec6ab7de1184", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207134, "uuid": "4e7bf32e-628c-40bb-9a50-c6066127f7d5", "value": "T1FE15BEABF448C866E19D497581CFB00C4BB4B823FDCBF69E3F97E5096161B469A0520F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207134, "uuid": "7d9f3453-2d3e-4863-a2fd-fc7109e7f9b5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207134, "uuid": "ef65dfea-fdee-4320-8cab-d3bd29f80e2e", "value": "24576:PI4AeKBZiLMMwkSREJ9AErEYSDlDyrSeSDFo:P3KhpYJGE/S1PTD+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207134, "uuid": "2e717a79-1eb2-44c7-920d-f720c2c3555f", "value": 902656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207134, "uuid": "2b4ff634-9adb-4a2c-b42d-bd9c1b6e5447", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207134, "uuid": "04d70210-5476-411e-b8ef-9d41c23b1442", "value": "DHL Shipping Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57dda90d-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225396, "uuid": "45a3bf9e-d0c7-49c1-8ced-d0fdeb8cd193", "comment": "Malware payload", "value": "e43ea4bc375f099b58c0e7d1cc56bbb7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225396, "uuid": "28db2da1-4acf-4cca-99c4-b166d3384ec8", "comment": "Malware payload", "value": "863ddf8694ff5c59f7fab148543062355a06ff78fbab93eb123724283e23bf71", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225396, "uuid": "a59ed9d7-3a75-4ea7-853c-c52cd8fa2099", "comment": "Malware payload", "value": "16e26c60471dd412499af805d1c19d648844b5c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225396, "uuid": "c5dc9bc9-c83e-4492-b294-8b89862602d2", "comment": "Malware payload", "value": "9510f1a34bc85b40d7d52bc83ddc0b401435d4f8aacb013a1458604f8d9bb46d0cedc5682373d27debefd6c5b0f015a1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225396, "uuid": "6b9a8e37-58e4-4b49-8826-154f1b221e5f", "value": "T18205F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225396, "uuid": "3c4efe5b-2726-4b6a-88f0-6eeaa06f5bc0", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225396, "uuid": "45431fac-0c1d-44fc-b570-1a7b9272c268", "value": "12288:aA9e3OrvpgqjtQFecT6dddifiHxoB3rNd9CDr:blrvpgqj2FecQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225396, "uuid": "1e4999a3-dfe3-4622-aeed-b90c222fa2db", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225396, "uuid": "6e252665-2199-459d-b3ee-d24e62e72597", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225396, "uuid": "0e95bd95-5c83-4fcb-9942-4ff1052aced5", "value": "e43ea4bc375f099b58c0e7d1cc56bbb7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffb225b5-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "454138b2-c927-46fa-83af-a86578c14477", "comment": "Malware payload (Heodo)", "value": "8255a4289d671fb8a1a31541088e01ff", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "e9b39afb-21dd-42ea-83ec-3ea546999b7a", "comment": "Malware payload (Heodo)", "value": "868d29ec2d3a588d882f0f2cec1153afa788f34e9c9cd2f67da912e62aa2cdc9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "0c687aa1-06c0-40ef-92d1-181ad38c82fa", "comment": "Malware payload (Heodo)", "value": "8586d77f7c97b2eb1b0c7ce71f0a77a0d77aa5cf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224818, "uuid": "9968bdf7-70c2-4a2a-aa1e-679a530786e7", "comment": "Malware payload (Heodo)", "value": "18d77780301cc8ea710a34909e9fec36f4604f3fd28e2c9cca64a8dd3aea6c4e2323b4db183d7e68029b21d3dbcf6956", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "fe12b350-ab96-40bd-a14d-3e88ad4f14c6", "value": "T14DB46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "d54d5c21-aa13-4011-be46-7cfb199e03fc", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "8d1f72a1-391d-44da-bce1-40e00675703c", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8k9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgV0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224818, "uuid": "472ad193-9c87-493d-aafb-4eabf0fa233a", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224818, "uuid": "d4990bd5-82cd-496a-9097-661e3776cd4f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224818, "uuid": "9963ceae-efce-4ad3-8f89-e5aa1e70193a", "value": "emotet_exe_e4_868d29ec2d3a588d882f0f2cec1153afa788f34e9c9cd2f67da912e62aa2cdc9_2022-01-26__192009.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58ca19a8-7eae-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204782, "uuid": "64ad439e-f28f-47ef-8705-b6d50db0d6f5", "comment": "Malware payload (Heodo)", "value": "bec1f98543391ea671b1aa739afe49a3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204782, "uuid": "73f93818-f7d0-4421-8b78-33408fb2a73c", "comment": "Malware payload (Heodo)", "value": "86bf4566c5d3b383a06d62171faf797367f474d33b35b63c5536a1043a26e02d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204782, "uuid": "a9657077-792e-49c4-81ff-fce2d65d771c", "comment": "Malware payload (Heodo)", "value": "c9f0f27a6082bea26014c060d46999868f52cf55", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204782, "uuid": "64f3c82c-a24f-426c-afb6-53f79e252646", "comment": "Malware payload (Heodo)", "value": "706579adb0afeb7daf71284329cfe2be34e28d8916664d0b6b3a25ad64dbd9df64352c04a1bd6f90d3ef4828c46e480d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204782, "uuid": "12936e59-0178-4694-8a04-776def4f66c5", "value": "T1F8E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204782, "uuid": "aff51f82-e07a-4bbc-b35e-664090daa11b", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204782, "uuid": "ade8eaa2-9b5d-49b6-b6b0-7c02581e6355", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIGG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGPOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204782, "uuid": "b09194b9-4517-490c-af56-7427a582e24f", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204782, "uuid": "a55da6a3-a646-4808-8725-550fe42351c9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204782, "uuid": "2ef04634-7c63-4320-875e-b0c639964112", "value": "emotet_exe_e4_86bf4566c5d3b383a06d62171faf797367f474d33b35b63c5536a1043a26e02d_2022-01-26__134613.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f810921-7ec2-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643213436, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213436, "uuid": "a36b716c-771c-4b3f-87f7-efa43aa654a1", "comment": "Malware payload (AgentTesla)", "value": "e354f51cd94ee958848ea95345e2bbd0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213436, "uuid": "407c9a2e-a13c-49ec-8c6b-8bad0fb45806", "comment": "Malware payload (AgentTesla)", "value": "87190f16b5c0407e233729b8373eb902865616a743cf50f7943db1b697acbd3b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213436, "uuid": "d6b5c5ac-02d7-41dc-8afa-ad59c308235f", "comment": "Malware payload (AgentTesla)", "value": "9cb06419e1bc5880ba484f474282713954bbe768", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643213436, "uuid": "9eee471a-1ba4-4794-ad73-b0a960c76679", "comment": "Malware payload (AgentTesla)", "value": "114ae63fe9bb772bd588253e1afe410059e628ec1fe52eed02b82d500f58e0e48565c703c6f5e69026cc84f8e04627ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213436, "uuid": "5b17af83-585b-4630-b610-b5a3102afa29", "value": "T15B15BE6BF459C826D2A94D7290CFB40C43B1B803FDCBF5AA3E97F6096611F46AA0514F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213436, "uuid": "aed33108-4fff-46d2-8ad2-020d2cd94f2f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213436, "uuid": "b3e86d8e-8593-479f-9b6e-3027c140861b", "value": "24576:evIGj4kfMmwK+tqVp64im02vY86EtBFRB:dC+vHtqELu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643213436, "uuid": "5057cac7-0e22-4511-aece-19294cc3f219", "value": 893952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643213436, "uuid": "fcf03800-9ef2-4c6c-b748-19e067f70e7e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643213436, "uuid": "7177cab4-d4d1-4864-bc8a-7768058ecbdf", "value": "e354f51cd94ee958848ea95345e2bbd0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "599b89d8-7eae-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643204783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "ff10155e-bedf-47a1-aa9e-3f2c1a42ce5d", "comment": "Malware payload (Heodo)", "value": "d79e06f71854bc18180cc024bb773ada", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "db917d3c-cbfd-4a87-a7a3-47012fa0a192", "comment": "Malware payload (Heodo)", "value": "87f3625c6983449558ea77be254798135e74db28f35f910dc24e0df444b86c40", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "fc13f021-f1f1-47c2-9964-be041c3f7ef6", "comment": "Malware payload (Heodo)", "value": "6c94c0d27fcd5ba271f446283c338c24620fb7d7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643204783, "uuid": "c17546a8-5254-4599-9bb7-4728f269d9d1", "comment": "Malware payload (Heodo)", "value": "bd72b9d9c568ac8628ccae8f429a483b5924f34d5e823e7bd7c9a1d80fbd681da8a082c41688113c01f54dac789d881d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "20b652cc-d743-4a5a-ae43-11cb6a89535f", "value": "T129E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "2e81c9c5-57fb-4193-8520-fd4504f4a761", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "f7f08184-7714-4333-97d1-9db0b116db6e", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIHG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGmOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643204783, "uuid": "3e2006ba-f3ac-4ebd-8c2c-4d713b3dff91", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643204783, "uuid": "74ae0705-8667-4731-a575-9503ffc81545", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643204783, "uuid": "7418b05d-e5e7-43b5-b69d-c76f57788e8d", "value": "emotet_exe_e4_87f3625c6983449558ea77be254798135e74db28f35f910dc24e0df444b86c40_2022-01-26__134615.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c4bffef-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643225403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225403, "uuid": "0c2e187d-91d9-4323-83f6-bb95288c5e47", "comment": "Malware payload (Heodo)", "value": "91f5e9c5f75a618a457c54db09a96d25", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225403, "uuid": "10cc3e41-8076-47ad-ad30-500ccd814eb7", "comment": "Malware payload (Heodo)", "value": "884bc17d1407bbd2208584460acbd9afae2ef7e2941f237d3544a6c6f3469469", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225403, "uuid": "f20694e4-7ae1-478b-926e-4375b6cd825e", "comment": "Malware payload (Heodo)", "value": "f520ca72b9e7ee9ffa1fefc195ebeae977b20510", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225403, "uuid": "22662781-23b0-4c90-92eb-1931c4d725c5", "comment": "Malware payload (Heodo)", "value": "10e739e277536556168386268cef083c267c84f1f2d48e07aa47f4a29a756652a5b0f6106c5f6acd4739972e2a5856f1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225403, "uuid": "0f2bfe2a-3a28-4f1d-8588-b7af17780db1", "value": "T15105F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225403, "uuid": "ba9a1ec1-1b6e-45d8-af4b-c36e0d3ee94f", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225403, "uuid": "429d975b-a9e9-4102-b1ec-f5d2585cd2c6", "value": "12288:aA9e3OrvpgqjtQFecz6dddifiHxoB3rNd9CDr:blrvpgqj2FeMQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643225403, "uuid": "f3027f29-8c1e-450c-9bf7-cc8d0e822b34", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643225403, "uuid": "50e77e9f-a7db-4fae-827c-fa46d4b66e54", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225403, "uuid": "047bc1be-ac7e-434d-95e7-9783e59862e9", "value": "91f5e9c5f75a618a457c54db09a96d25", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe9c9804-7edc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643224817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "f2a06ead-28b1-41d9-9747-5782379a2c59", "comment": "Malware payload", "value": "54fa50aa9285a19e228ca2282cb862df", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "a3950046-7dc6-452e-94be-0fd597f9d58c", "comment": "Malware payload", "value": "8852421c0089e5243feff4b7cf2da442973c5fbb200002a11f617bd07f0f6337", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "00ac0fca-8f55-4183-9221-9275b10d3f18", "comment": "Malware payload", "value": "c7be3c840a46dabd377f6770b5ef40700a3de2a0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224817, "uuid": "23754bc2-5d70-4808-8ae6-298988757818", "comment": "Malware payload", "value": "7f0173789954849d2516bb1cd5203609f53aceb0a7fa1eeb477e6ddaec8c9306a90c43a3a6cf9f39128d83a5549e1bb8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "30be626a-4d4b-4b68-85bd-5fe4ec42019e", "value": "T163B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "b8b1fe82-6e2f-44fd-8c9b-9ee2051a718f", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "8759aa71-c1e1-4a33-acba-7f83b95fcd93", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8F9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgI0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224817, "uuid": "83417204-c06f-4b86-afbe-e9c911206640", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224817, "uuid": "217762a1-8953-4f95-bc0b-a959fa71e788", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224817, "uuid": "6a9761b1-997d-41a2-bca1-9d7663017b42", "value": "emotet_exe_e4_8852421c0089e5243feff4b7cf2da442973c5fbb200002a11f617bd07f0f6337_2022-01-26__192007.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae843901-7ed8-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643222964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222964, "uuid": "16ae333b-7abc-404d-93a1-245fcb6a39a2", "comment": "Malware payload (SilentBuilder)", "value": "b24cf208059ed6fcb8ac2488c0ab40a7", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222964, "uuid": "b4a1e997-c385-4ce8-88d5-46517518bb03", "comment": "Malware payload (SilentBuilder)", "value": "88593c958e6ab6b8d6c115685014a745cde8fbaf98290585e8af6c6ab8697fd7", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222964, "uuid": "85872b8a-d199-4cc8-9486-c4c2c987d2ed", "comment": "Malware payload (SilentBuilder)", "value": "1c9cf851510f7b7257deb9d40ad70c457b58b82a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643222964, "uuid": "e6ebd2e8-86b3-45cb-8f45-af317c884271", "comment": "Malware payload (SilentBuilder)", "value": "cc9e08c076933cc7fbcd219fa50bdc07134487b0c93e0177e533daea420c1541945b7bc2062c56c32660261b013f2f4d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222964, "uuid": "ac0d36e6-93f1-46a4-8632-2ac0c517c6b2", "value": "T1F7131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222964, "uuid": "b77f0be6-98ab-4426-989b-a85f8e751faf", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643222964, "uuid": "81cc6596-6c7c-4f86-83f4-e86f889439d2", "value": 44619, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643222964, "uuid": "319cac4a-beb5-4ab5-95c6-de58015ae5f7", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643222964, "uuid": "9c2a8c5d-5f8f-4eb7-a429-6daad7caac19", "value": "tmppibpt_r8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f359d5-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1643203624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203624, "uuid": "02152f8d-e3c7-4ada-ad72-c5ee7b8975fc", "comment": "Malware payload (Loki)", "value": "a0e4e69681ea631c00453adafa64f4f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203624, "uuid": "c68e14b7-9c9a-45c4-8426-83abe06d86df", "comment": "Malware payload (Loki)", "value": "8889fd2d8b91eb602d00c8e43f9c6b1202038bc8972b6cbb6c2154202b007602", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203624, "uuid": "f19a14e6-4c44-4aa5-85e6-af1b5da59107", "comment": "Malware payload (Loki)", "value": "1d29d6942e156c355ceef2767c4b161c77d7b08b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203624, "uuid": "227b607a-3ff0-412f-829b-c0d0356f3e98", "comment": "Malware payload (Loki)", "value": "526069d9f2749c0de5cf980fe882b9dfa074db1721301cd013c5101b1edae5b1d2acb4e4cf312a15e273154db74983e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203624, "uuid": "9bc1d528-8983-4f88-a5fa-8148a54b05b6", "value": "T1819447B73F8BB495E0C897715E5AA7A41B2ADD08292397DFC2143DA53F7A2879D310C0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203624, "uuid": "0948b6fc-c090-473b-ab21-06358641ca8e", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203624, "uuid": "427ea5be-fc58-42e7-b024-590ec1d1b926", "value": "6144:9wXCKmc00czsoXPflqxgrYSmhpfhdfqDq6tkHbZmfzpMLFhAogOR/fZV8:wfffL6k7wfzILfZV8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203624, "uuid": "ad02a512-df93-440c-9167-955925e60318", "value": 435669, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203624, "uuid": "3b4d3ba6-4c3b-4b73-b652-6be8273153b4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203624, "uuid": "918dbb75-05bb-4ed1-83d1-a88d5bcdb5b6", "value": "Account Reconfiguration File.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "822a20df-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220742, "uuid": "5e1eb1b1-1360-4890-b03b-3b3ce5759eeb", "comment": "Malware payload (Heodo)", "value": "5ac4fa766224092093989a1e11ac4133", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220742, "uuid": "9684cdd7-3ccd-43c5-bcbd-676d3d6c40be", "comment": "Malware payload (Heodo)", "value": "889296e47b646fcaf5657eee37343a90c27377f9bce4fba30ed4d3a8a734f41f", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220742, "uuid": "d559f99d-105d-4cb9-b4a7-2ce918db1a9a", "comment": "Malware payload (Heodo)", "value": "50b30237fba35a19569dab5c8bda514d659649d6", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220742, "uuid": "870a35be-d652-4ee1-a9c9-fd33a8a59835", "comment": "Malware payload (Heodo)", "value": "a065bd07e24c6a317e5261f988817d7fd38c084ab621aab669c86cfd014589b3a5ce73d8ada59f2316256b8c4954c61a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220742, "uuid": "165cac4f-0a52-434e-8957-97bb9b1e0aa2", "value": "T11A131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220742, "uuid": "52ec5244-3600-42ef-aaf4-35623b9a9e21", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220742, "uuid": "5bf7c1c9-715e-4ddc-b68c-750d9cc14a71", "value": 44817, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220742, "uuid": "2edd59e7-6fea-47b3-8de0-12318f8e4b47", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220742, "uuid": "dc67aff3-94b1-4504-9585-ff14cb261b99", "value": "OMICS.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08e5914d-7ec9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216244, "uuid": "0c2bcdb9-4c31-4d3f-a8a1-18b5bc132ae1", "comment": "Malware payload (Heodo)", "value": "c598fda043a24cc644b6b701eee1587b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216244, "uuid": "42d16b40-eeea-44df-b608-f1e00d648b24", "comment": "Malware payload (Heodo)", "value": "889f92acbcfb1e06b0deb5c8c13db1dd3b3039a8bae9f2e9aeada4c20e23f010", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216244, "uuid": "b5834af0-f90c-43c3-a4a5-37761303c0ad", "comment": "Malware payload (Heodo)", "value": "29f5cd3f7266278a1ca9d6afd1cbe4092bc94def", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216244, "uuid": "d350030c-7484-4950-9ebf-ea827e36db68", "comment": "Malware payload (Heodo)", "value": "da88f94cc4b848e714099562c3dff33fae277d7e9d628ae84df644ad6e19719cda660dc3980b7c95e31c2c0e2c260eae", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216244, "uuid": "8fc33897-8902-4377-b56e-46616f617ccb", "value": "T1E7E4AE217691C172C1BE35B04506E3B927F9AD708DB9661BBFD02B3F5E742C1DA3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216244, "uuid": "694508f7-edfa-44be-9f5a-241a5c1af2bc", "value": "8b684886803e8aa64184c77e8cd7fbfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216244, "uuid": "45874b5f-aab2-471b-b4d7-4830d2d99249", "value": "12288:+AnhPnRuQ422ZA2uWwMaJsN6Q7z0CUWe0orIEG0Bv1tgV:RpncLJZA2LwpJsNtZUWeGFOg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216244, "uuid": "cb17cdeb-6732-4c62-8993-ff51f4ae067b", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216244, "uuid": "51db38ce-1276-4b25-ba4b-53904885a74f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216244, "uuid": "593e0753-53a3-435e-b35c-7fc484e2b634", "value": "c598fda043a24cc644b6b701eee1587b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8855069-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643155577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "339b70ba-9276-4539-9deb-4937649fb5da", "comment": "Malware payload (Heodo)", "value": "c542315364f5ea224fbd2ab445234c0d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "9baa343e-82cc-45ae-8e9e-91074f416c04", "comment": "Malware payload (Heodo)", "value": "88a5ded377ba68ff3642270b8eac983426593a88176d81cd27c702103bc9430f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "ec936180-4381-4da9-92c2-4f8988646896", "comment": "Malware payload (Heodo)", "value": "fcb3d8c45637bfc8ce87073e2e4f78298dbea0a3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155577, "uuid": "e533b85a-18b0-4a9b-9123-7fd3147a1d5e", "comment": "Malware payload (Heodo)", "value": "c28c0773aca79c42f4def010ab8966de7de215f713c7bb0cd43e19c66e1bfd6da88841d12fa6a7025d5b600c8a779a95", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "71c21185-7c59-4631-a7c2-c2d134a24cf6", "value": "T186D49C2233DCC8B9E0AE1D3D290297D523E9AE140B93C58FA640FB9E5D3B2C155F52D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "edaa2642-2a48-4b47-9c02-a453f0a59596", "value": "4b3c6568be69655a83355a8193247571", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "01509342-9d7d-4144-81f1-a1cb83dd66a0", "value": "6144:8B4oWMvCBs0YaUG7qJFzR4Dpw0yHz4Mm6Ofg54hOSRhnID3FQizX5+IgtidXX5+o:8uLMviuaUsqTd45yHz4Mm6/STe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155577, "uuid": "91dc8a47-4d4b-4527-870a-52f4ec1abcce", "value": 610304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155577, "uuid": "4a51335e-dec2-45ab-9b9a-72fc4006de2a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155577, "uuid": "fec37920-2fa9-4dc8-84c0-1e539808b124", "value": "emotet_exe_e5_88a5ded377ba68ff3642270b8eac983426593a88176d81cd27c702103bc9430f_2022-01-26__000604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc43488a-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643199392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199392, "uuid": "b10654a4-f938-49db-8141-eb874f3aecd0", "comment": "Malware payload", "value": "5c7b7c07127135dbb039da4e6f6cc53e", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199392, "uuid": "a1a952ad-8924-4676-98ca-1b86026e7a10", "comment": "Malware payload", "value": "88e9ba67cbfb6785f3ac45d3e44e5cb45505cced5ad82957130c61599112d22e", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199392, "uuid": "2fa787e1-f40a-4187-8bde-6b6e81156ec1", "comment": "Malware payload", "value": "2fec18685f4bc45fffabc5c2a07f87f82d2dd079", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199392, "uuid": "c6239561-0c2a-4a7f-b811-4ba6146ecbe2", "comment": "Malware payload", "value": "2e3f09086fe3c922d72484f6cba8ed27196940d1b9140130e7aada137c620a6e5c5fb754b917f1c3980b3f8b70bfa203", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199392, "uuid": "12ab57b6-488d-4403-9d6f-87f014d4e82d", "value": "T150E34A5576B5C9F6DA0407B10AD2CAFA3227FC739E5603E33198B30E1FB91509AD26C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199392, "uuid": "e5021ba3-267c-4ab4-8a3b-0c2fafa3663b", "value": "3072:e7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI4Gx6:AcKoSsxzNDZLDZjlbR868O8K0c03D38b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199392, "uuid": "6bb8f1d5-bbda-49bc-873d-4f434b273881", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199392, "uuid": "a386c386-d574-491b-897a-3f115ba58272", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199392, "uuid": "70441c80-4077-4f8d-891e-194b17d1a628", "value": "innovinc.org.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e35be9d1-7ea1-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1643199431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199431, "uuid": "e7a9167d-3674-40ea-8988-bc3089faa0ac", "comment": "Malware payload (Formbook)", "value": "785e24054c8eb471f6aa9e3e7c5d5ba4", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199431, "uuid": "f8f07e08-d926-4021-b5ec-7e44782b2741", "comment": "Malware payload (Formbook)", "value": "893a3c6badb0d09647f186bf27bd12725384990311b8bf9ceb7e548eef49c6fd", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199431, "uuid": "2f4d4b76-c9dc-4d49-a9c8-7c2d9fd62c46", "comment": "Malware payload (Formbook)", "value": "e794b041af656663d0c05a8617ab462bb4d04374", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643199431, "uuid": "3d489834-d5e9-4ff7-a28f-5bb88cdfffa7", "comment": "Malware payload (Formbook)", "value": "e923b1596107e1219ea5dc7448146297315a852d6590de61b5a1832fc3330962099ccd18dec52733a0ea26eeed7876f5", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199431, "uuid": "8bdb88d0-1c3c-4f3a-82f5-17f490cd1076", "value": "T1C314123D67544E86D81520FB82D552F27B22ED86644EB35AB9F37B8E3536C00B2E6433", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199431, "uuid": "37603dd8-24d3-4a04-ac47-c512a10a6ed2", "value": "3072:uRwGMu7eKLHOkfN0CJN7wqqcPS5SadhBsX7h4cITzEEDfSCa5Sv7Wtu4hrl18CL:KeuaKL/l0e7wqqwSLVAd4cIXEifRvWYU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643199431, "uuid": "dadf0474-61d6-44a1-a2b3-1c704cd2dc86", "value": 191784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643199431, "uuid": "5fe47fb2-e2a2-4fc6-8c9e-020fcee27e22", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643199431, "uuid": "518d8583-9e01-4bbc-af04-d8c8c56cffc4", "value": "W6902.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0008b00e-7edd-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643224819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "2f07f44b-6aad-4054-844b-82ed6fef5d2d", "comment": "Malware payload (Heodo)", "value": "e1c1b3d3fc4a0e2d9fe7dc3fede33f83", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "5f1c49ea-438e-4d95-83da-05e910e45b6e", "comment": "Malware payload (Heodo)", "value": "894510c2665a680ba845fb3364a935db9d627cd54ff0119f923b99f19233b85c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "05077c89-9461-4af3-8ba1-0bf5552360b0", "comment": "Malware payload (Heodo)", "value": "abec8f7f763fd52438665bc78f5b1a80e5075062", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643224819, "uuid": "44da898d-0b84-4646-9766-b7caae70cd46", "comment": "Malware payload (Heodo)", "value": "4f2f77d5b1995c94244097c027f825c5b916fae86639afeace4f48ee6d4de51796e5792431ab13399f555ee48e4fc526", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "d679ce6e-5b30-46e9-915a-8a5b82ae935a", "value": "T1B2B46B5AB177D870E3FEA3F4A4A5DB93C1DFA82027245567E7FC025E0A3DC86423494A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "c491961c-5026-4281-9a4a-0b314a2aa4cd", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "3bb5c171-53f9-4efd-8831-5ef0ed5d60c8", "value": "6144:1nxxxxt33333333hCCT8YyYRbLNMbMnFR3eJgNq30v8Z9clB2SyI2ZJuu1OCPmwI:h83YR/KMn/OJgc0uLJ1Lmuw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643224819, "uuid": "fa129197-2e7e-4914-b1b9-9ce468d4588c", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643224819, "uuid": "9b75c451-1516-4a4e-9e6f-8caa03c32fd0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643224819, "uuid": "e9214a3d-a3c5-489e-ab77-cd8a23a960bc", "value": "emotet_exe_e4_894510c2665a680ba845fb3364a935db9d627cd54ff0119f923b99f19233b85c_2022-01-26__192011.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdd4ec9b-7e89-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1643189060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189060, "uuid": "1164d8f5-74ee-488a-939e-34d4a48089b3", "comment": "Malware payload (AgentTesla)", "value": "38b7fabb70bc9cce60fb270c48368253", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189060, "uuid": "85ba605b-b90d-4f57-bda5-a5eb05ff61ce", "comment": "Malware payload (AgentTesla)", "value": "8998202c218bc7d8dc5de31f0d4ae74c7f71cc41e308beea66cda25353b7c93c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189060, "uuid": "6a9c7f44-d76b-408f-838e-00b311364741", "comment": "Malware payload (AgentTesla)", "value": "a7ba499086b585a86ad77ed0d4385a1d5b38ed02", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643189060, "uuid": "c0d3ab8d-014a-4808-9cc0-32ea79c56a85", "comment": "Malware payload (AgentTesla)", "value": "ec49e61853d3022c23843ccd38eeceb9c6f47fdc9f3eb62ac12274250da11d98072730a2cd3c460a9ba05e0a53b796e0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189060, "uuid": "77709f10-d613-481b-8e27-31ecb29cfb8f", "value": "T14D15BE6BF449C436D29D097280DFB04C43B5B903B9CBF29A3E97F6496661F47AA0520F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189060, "uuid": "d5fabd32-4ccc-4b85-bc19-0e651c559743", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189060, "uuid": "c48d69c4-ca02-40f6-913b-2c5916f67f81", "value": "12288:YJ9aIEg31TbdCbdD1bBr7cHIYZn6XjLCpjs0s8Cwddpp+C3HyS48axpb2FpSsDjy:e9azvyonL+Mzw/pp+oHL6pbcSsDjnSJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643189060, "uuid": "824cd559-1a90-487c-b25d-86ce162ad54c", "value": 900608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643189060, "uuid": "ea9970d1-aba5-4485-a280-8586a4adbd3d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643189060, "uuid": "97bad71f-30f0-4ecf-92e6-9e4e02e891fb", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22db125b-7ed2-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1643220153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220153, "uuid": "6bc2616b-18dd-45a9-9d5a-733d1d06dbe9", "comment": "Malware payload (SilentBuilder)", "value": "4ec3e6a081765498adbbe05d2a580f54", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220153, "uuid": "0d6a8b65-fad3-4f14-816c-b6904ceaf75d", "comment": "Malware payload (SilentBuilder)", "value": "8998d02bcfb1b4acb1f39c29958dbec8b029bf7ac21f1262bd963d56f8ff9254", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220153, "uuid": "717a009e-2e30-4033-99e5-06cdc4d55857", "comment": "Malware payload (SilentBuilder)", "value": "94380ea805b2dea9fb86fcd14d3a72f3f915b4e3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220153, "uuid": "63c442ae-f1da-42e4-9ad6-d6d9d74ccf8a", "comment": "Malware payload (SilentBuilder)", "value": "e6f9c9f63544db888919c0ef2bfd27b4426f05d77dc581f8517f88de00f7163ed41add7302320aa8bac7a43aa96d1639", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220153, "uuid": "a5c75f26-0f8a-41a0-9552-adc3735e479a", "value": "T1D3131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220153, "uuid": "23fb9b7f-eaf6-4458-bfaf-400da6436524", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220153, "uuid": "fb24c37f-f69b-4b8b-bf9b-20faaceda3d8", "value": 45187, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220153, "uuid": "49f0e7df-91f2-4e41-aef1-a6883aa5d1a6", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220153, "uuid": "76d51a5d-6376-427a-bf20-afd54f90353b", "value": "tmppqh1vfjs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d7f5614-7eab-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643203420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203420, "uuid": "4cf14762-a13c-48a0-b9d8-fc935e83ae1f", "comment": "Malware payload (Heodo)", "value": "ca9ea0b16b728998114d4a4421b1c6e2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203420, "uuid": "1f3f491d-d1f3-4bd9-8db2-2fbf3994467a", "comment": "Malware payload (Heodo)", "value": "89f64cb155d3597bd0afa74c8fbac93bf410f88ee3fdbf4843b272efd8b62b67", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203420, "uuid": "6fb1b811-d6f4-4ba6-bf4e-164ba5a1073d", "comment": "Malware payload (Heodo)", "value": "099ea58c2671f068b6f85ed8f6f68536d9e597bb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643203420, "uuid": "299fbfef-c43b-482f-984c-af7153021458", "comment": "Malware payload (Heodo)", "value": "586ae1b31517a47f26ee0162835ccd4b525232bd31e24d67d39bd367e16ee9bd906586ae9144ef11c7c59f4b66851301", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203420, "uuid": "63f33804-6c2e-4c32-8c2b-e0402ef5c1a7", "value": "T11D05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203420, "uuid": "f9e505e9-ff7c-4147-86ed-297682073b38", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203420, "uuid": "754cc58f-bfd3-4eee-9aaa-190cf80fd446", "value": "12288:aA9e3OrvpgqjtQFecT6dddifiHxoB3rNd9CDr:blrvpgqj2Fe0Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643203420, "uuid": "5feaba08-b965-4945-bf99-25949aa1e60a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643203420, "uuid": "b9fa5892-6fd8-4a2e-afe8-8f2b05d0fdb6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643203420, "uuid": "b017f7bc-c654-413e-9401-988ac978dba6", "value": "19v1TPeCeoBpW5.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bed6259-7eca-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643216893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216893, "uuid": "5ea8da60-fae4-437e-9312-3f8632e0ef40", "comment": "Malware payload (Heodo)", "value": "d8f6fb83f0f3a10a34690e51c493a089", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216893, "uuid": "e8285b59-26df-4440-a38d-00996eaf7978", "comment": "Malware payload (Heodo)", "value": "89fa7aab6f924e81c13ca6bd1c7b7683d4a853ca6b296387af5f6121eadb509e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216893, "uuid": "0f1b8094-cfd0-48cc-9ee7-0a0e7c280dc8", "comment": "Malware payload (Heodo)", "value": "7ae0e39fe3a0f5f2afff6319f631414e4463befd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643216893, "uuid": "52878070-3578-4ac4-b823-5f1153dc2a9e", "comment": "Malware payload (Heodo)", "value": "4d88e74e09b6428a1b2a68d5cac644b92c222b29f3361e76de05cef69023a3f4d5b2c0342fdae05719d1a2a5ae522b45", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216893, "uuid": "7cd7cf9d-228d-4ef5-a988-c2d6989fc783", "value": "T11705F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216893, "uuid": "8a7beca1-c7e7-463a-b19b-01040ddb3737", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216893, "uuid": "c2809de5-915f-4625-a5d1-4fafe4399169", "value": "12288:aA9e3OrvpgqjtQFecH6dddifiHxoB3rNd9CDr:blrvpgqj2FecQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643216893, "uuid": "e30d1acc-a2a2-45d6-8eab-8ac68789c6de", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643216893, "uuid": "cee9349c-cbbe-4e02-b35f-5c017e4ab652", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643216893, "uuid": "9cc70a74-99fc-4434-b5da-13b940f8bd09", "value": "d8f6fb83f0f3a10a34690e51c493a089", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62c19a65-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217683, "uuid": "2ad72f46-e991-48de-b4a9-c9e8bc5e2b3b", "comment": "Malware payload (Heodo)", "value": "1ce3929dbb76d2b2ddc1a3a600b116af", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217683, "uuid": "9fa53700-eb93-4d2b-9635-ef97f3766a84", "comment": "Malware payload (Heodo)", "value": "8aad002b68d56e4052e1544904ff2b7f955ae8a685da61fe5871b118a43758cd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217683, "uuid": "2873c72e-8fad-4a33-9681-a4d9e59cb437", "comment": "Malware payload (Heodo)", "value": "e5cc780db72e2f03c81c4cd393146c121fffc83c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217683, "uuid": "b0eb8675-fcca-4ba5-b585-7849ccca4616", "comment": "Malware payload (Heodo)", "value": "444c53e244a25386a2d3b1d2dbae61880cec924edb0593baf8fa45ccfd46571345ee1caa1d39be062786cadd6b4a7767", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217683, "uuid": "5df175a3-a3b7-4340-a328-29ad5056f80f", "value": "T1FA05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217683, "uuid": "d42ce3b5-3589-45c7-a019-964d7aa90b25", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217683, "uuid": "ee454fd6-ef54-4d4d-8336-acd2e3bdaecb", "value": "12288:aA9e3OrvpgqjtQFecy6dddifiHxoB3rNd9CDr:blrvpgqj2FebQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217683, "uuid": "155bfd4e-281f-4712-bdcd-05effef70801", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217683, "uuid": "615f8cf6-f100-49e4-bb0a-df0a1e5c35d5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217683, "uuid": "e840c104-4c34-4542-9f3d-eff7dd8bc6fa", "value": "1ce3929dbb76d2b2ddc1a3a600b116af", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9f37062-7eb5-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643207924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207924, "uuid": "f82727d4-1c9e-4a6b-9680-1cd947d5e629", "comment": "Malware payload (Heodo)", "value": "bb7efee7b91da7b678391e7c2b255a75", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207924, "uuid": "6b276525-5434-44ac-8871-f36e07d4320e", "comment": "Malware payload (Heodo)", "value": "8adefee5d22be5282f66fbc8973efcd7c7a94f607d00c7f2f5776e3a7338b604", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207924, "uuid": "9b9e8320-4c23-4bf2-b40f-f457c9e09fdb", "comment": "Malware payload (Heodo)", "value": "1af75ae49e7208ca54fe7b3403d59046bee33bdb", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643207924, "uuid": "88606090-4a9f-4cc4-848f-f26604a26093", "comment": "Malware payload (Heodo)", "value": "f0c6af4e31700051830bf81ae53f0e3f2f04af4cfc2e8d18bf7cd69f9288bfb519b164a92163e61f135e985af66cd1e7", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207924, "uuid": "a0401b67-b288-40a4-bbfd-c437ae8fa751", "value": "T1FCD36B66A5C5E9CAC70523350ADA8BEE33676C479E7603C73258F30E1DBB1909AC2747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207924, "uuid": "18ea77f7-b67e-47c9-b319-1ab0392a19bc", "value": "3072:IcKoSsxzNDZLDZjlbR868O8KlVH3jehvMqAPjxO5xyZUE5V5xtezEVg8/dggGx0b:IcKoSsxzNDZLDZjlbR868O8KlVH3jehc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643207924, "uuid": "0da01e6a-3c72-4373-9496-be7797896c32", "value": 136704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643207924, "uuid": "1d12fe5c-ba7b-4ebc-8bf3-3ba687c135f9", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643207924, "uuid": "f17aa443-6a88-4688-bc77-8d053081d38a", "value": "Recourse Communications, Inc.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72b2ce62-7ecc-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643217710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217710, "uuid": "e0024f27-a868-45e8-8b75-45ea9a9738a7", "comment": "Malware payload (Heodo)", "value": "0ffec93724211c791364a6962b7681a5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217710, "uuid": "6b6fbbef-1d95-4c7a-9a04-9e491ee25efe", "comment": "Malware payload (Heodo)", "value": "8ae2db297acd8ba2eca402d430e020bf2d60bcd3195977a7a543d22574ed2077", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217710, "uuid": "4d856ba6-a69c-4257-b9a5-0f085d413f02", "comment": "Malware payload (Heodo)", "value": "0460567ebaeeedd7838fb781d69ded6245ef3b07", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643217710, "uuid": "db92eda5-b818-4982-87a7-40f40fc52557", "comment": "Malware payload (Heodo)", "value": "fda0407d279a1882b9b7c79310f4191963946ca5b8d6daaa0922370c173d16df16d8ba4d2a989f729075be7dc0e4e397", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217710, "uuid": "6c3c681c-9c10-4f37-ad3d-eb15fd3d6316", "value": "T18E05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217710, "uuid": "543a544d-7fa1-4f62-a802-85020772e719", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217710, "uuid": "eaaa74c0-bc2b-4256-a8ae-7538d46494c7", "value": "12288:aA9e3OrvpgqjtQFecd6dddifiHxoB3rNd9CDr:blrvpgqj2FeWQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643217710, "uuid": "d04b7c46-3651-453c-9fc6-e7bb6c28f01d", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643217710, "uuid": "d0ea0b3a-72af-48c4-89dc-c9ca2cbd5434", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643217710, "uuid": "e4e73d0e-d0ca-45fa-b3a1-03ab8f6e6134", "value": "0ffec93724211c791364a6962b7681a5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40e38925-7e6e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643177254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177254, "uuid": "bb024cf1-9782-465a-8d5f-907af6f94802", "comment": "Malware payload (Heodo)", "value": "0b7502fa49459f1a6a45e5d75c6fea7f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177254, "uuid": "b0d05eb2-872a-4027-bf82-0c2ffdaacb3a", "comment": "Malware payload (Heodo)", "value": "8b6c3d1c1c4f0194ac14f20217620719ae9888660cfc5b07fdc42970e6fd377e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177254, "uuid": "9cfe5ee8-2bb8-47e2-b42d-57334af7e37e", "comment": "Malware payload (Heodo)", "value": "3e5c42dc657fa01b2e7f0b53bd78d8c3e2323055", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643177254, "uuid": "5a7775fd-62d5-48a5-8a11-72f78308c515", "comment": "Malware payload (Heodo)", "value": "12f5af42f4f792f404143ecf197bd31f255d6d5d5c3565a114c71faa24340634d70041e10c36bc23afc614cb6ce36d03", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "malw", "colour": "#9CEE7A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177254, "uuid": "ccf9c38e-1150-48f2-8783-532c05232c48", "value": "T11A33D0AFE2E1356BD225C17DD92C9391F44E92151E88F7C92D90FFA4921279206AE3CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177254, "uuid": "82bc4187-e178-4456-bbac-9dbef8c3cfb8", "value": "768:cj4OjmfxV6sbaLX8iWjzwxmCeOG2S6DaqmBVZKNAxalvxnvy1OA16Oiiiiiiiiii:OjmfxVXAiozeO0XVZKyalpvyR1bZDzl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643177254, "uuid": "ab2da57f-b8c5-4c07-9511-55123b1f3745", "value": 50687, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643177254, "uuid": "74bd8852-196c-4e50-9ee9-58cebabf08a1", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643177254, "uuid": "67ed3329-ce7a-4098-8086-cc028429d822", "value": "emotet_list_ioc_cronupTue_Jan_25_11:54:31_PM_CST_2022.malw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8527a9f-7ed5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643221773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221773, "uuid": "ac73e1a8-5b9c-4927-a62d-c0ef15fc9ebb", "comment": "Malware payload", "value": "46420db90f643d559fb4ccb043953a6f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221773, "uuid": "d310b0e3-a112-46db-a2bc-df778eca7804", "comment": "Malware payload", "value": "8b7e3befe7526b4cfc3adf9a694b3029dbfd2d36314321ed20506d430eb2fb20", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221773, "uuid": "09e3f3da-9fba-4fed-8c57-4391a403613a", "comment": "Malware payload", "value": "ef2bd4cbb5f789dff81565df0e952c4fe15d16d6", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643221773, "uuid": "ee364e0d-4b8d-42a2-bcdf-a064b9b642d1", "comment": "Malware payload", "value": "4e3bfee9b9d61a2cf8664f2cba8fadda8ecc9c61e1efdd7e41dc7380f4d0a1c011bc29a97d9595140c970e7e3d9be19e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221773, "uuid": "d00d1134-b2fd-4bff-b087-3d7742570dd6", "value": "T1F3131953BA86DE4AEA5903380DB386696707FC159F6B57873244F3193FB89E0890361F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221773, "uuid": "bc80c348-c003-4f6a-96d9-85769c22a1e7", "value": "768:hm+mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJsvcJ8vHK0BTmDKmHL/veso:I+mk3hbdlylKsgqopeJBWhZFGkE+cL2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643221773, "uuid": "9c66801e-3ed8-4be5-bb02-0db31b69efa0", "value": 45150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643221773, "uuid": "16fb9a18-6fac-4521-85ae-24244ed87a84", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643221773, "uuid": "1e3f286e-c966-4c7d-82da-2abba1ff7557", "value": "tmpg2liifdb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fbcaca8-7e3b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643155508, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155508, "uuid": "03766d09-8bed-47c4-a021-fd4fcdecbe98", "comment": "Malware payload", "value": "f4f2cc8679f0721fbf3a6566a4c94669", "object_relation": "md5", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155508, "uuid": "8078ddc7-e06f-4662-8118-8709107f79ac", "comment": "Malware payload", "value": "8b9c40247bc441c187c94f9231d14e15c12786b4cd18753c06bad53ccf7201cb", "object_relation": "sha256", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155508, "uuid": "dd1d5a1d-c4ac-43a7-b4b2-76293b523198", "comment": "Malware payload", "value": "d9005e449de3e87f4b24d97980ce076411cad393", "object_relation": "sha1", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643155508, "uuid": "abeb9d67-3de7-424b-9cff-e1a8c353c14f", "comment": "Malware payload", "value": "28078a4acc4cbcec2d17a0a9f53d523180b545c1c104049ab47c2e1c2fdaa71bd04f619109f2e30afa4370b4e0084a3a", "object_relation": "sha3-384", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155508, "uuid": "770c0a62-c2ba-4df0-82d8-0ec4687b93a8", "value": "T16A36F1C9E6D2ED4F3088BA153967A8AB6A3533FB1008131C736B4CCDD556AD9BD0C96C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155508, "uuid": "fbc345f2-0b29-44a6-b774-8cd69b8d08a0", "value": "98304:5Gh6TA+kv3LQlduNwLkiPR/5u2RoQbKLV7CL2lErDljS8W5sqaYF/e:4h6TA+kv3LQlduNwLkm/5NRoQMeL2GYA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643155508, "uuid": "60b547e1-d967-4c1e-abf4-d31dfe8e82f1", "value": 4913153, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643155508, "uuid": "586c2efa-a49d-4ef9-aed7-dfb0251b2343", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643155508, "uuid": "9f4d6e1c-5f60-41d9-9295-949989838370", "value": "ucd111.11d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42a42b74-7eee-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643232232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232232, "uuid": "f4596983-1d0a-4a0d-9574-ce05cca73fbd", "comment": "Malware payload", "value": "ce8017ba9d7c0517decbdcc6826c8b49", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232232, "uuid": "090bc374-6043-4ba9-a982-2110a898f44f", "comment": "Malware payload", "value": "8c1a1d589043897454e2debd07d2f46fc0399ec31d1f1001d950357b86950454", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232232, "uuid": "22046400-302d-40a0-b5b1-cf89164ea083", "comment": "Malware payload", "value": "a595d182e59f6297f7f83321351b9aa5cc391e87", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643232232, "uuid": "976bf847-5aed-4c11-aec6-397f079e1e3c", "comment": "Malware payload", "value": "a24e0bb7958e388d91a824a7a62cc905a1b8dd26b19b0d0cbad4c7394f961f5549d4aa5796aef8ace150d34aeb4b586f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232232, "uuid": "118f9afe-46dc-48e5-8eb3-a8ae1332e830", "value": "T16BB46B1AB172D871E3FEA3F1B5A4CB93C1EFA820275455ABE7FC025F4A2DC464234949", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232232, "uuid": "f2d358b1-6881-4997-aeac-d1f7851f5e59", "value": "8774c2a2048003b6fbdcee97110d5bd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232232, "uuid": "32d6abd1-3064-4408-b942-43c80d0a46cf", "value": "6144:Y7eUxxxxt33333333hCC28YiYRrLKyx3jvfIfpQdKXoJsdOUPlhLYfZDqvasLD2d:n8nYRvJhjvGpQXcGDO3JtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643232232, "uuid": "51ba1269-6ed2-4cd2-80a7-90056d4799d9", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643232232, "uuid": "37aedb43-b8b2-45e7-bd2d-5a5b84997bc2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643232232, "uuid": "5d1e4935-8608-431d-b51c-1386bcf484da", "value": "emotet_exe_e5_8c1a1d589043897454e2debd07d2f46fc0399ec31d1f1001d950357b86950454_2022-01-26__212337.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7706c743-7ed3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1643220724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220724, "uuid": "9204b77f-a5c5-466d-b65e-4c4790534c5a", "comment": "Malware payload (Heodo)", "value": "f07e6e1616eea36877f3b7d966d78d71", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220724, "uuid": "37029567-d648-41e3-863c-e40ee563521b", "comment": "Malware payload (Heodo)", "value": "8c36f0213455c2bcd250f99b41c9178d3a0d23839a803bd50647fc37c5ebf920", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220724, "uuid": "aa6cd976-2dc2-4478-9817-dfab0af51f1e", "comment": "Malware payload (Heodo)", "value": "ef348341c2b0e69197722fb3937efcdd2e6ba47f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643220724, "uuid": "a1223618-c8f3-44e4-9d63-f184c7b750db", "comment": "Malware payload (Heodo)", "value": "e58d586b378f5a2d16ec17a50c7bdad64cc4d913138105915426c116dc9c496ee3191ac1a659c1fcfe76f84d2f4c225e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220724, "uuid": "4d00ee30-6a59-405c-bb6c-e8001cff5148", "value": "T19505F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220724, "uuid": "d2daebf6-2b04-4e31-a371-d0d7b502c32a", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220724, "uuid": "a09b4d44-ec50-489a-acca-c56eb4d5983b", "value": "12288:aA9e3OrvpgqjtQFech6dddifiHxoB3rNd9CDr:blrvpgqj2Fe2Qc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643220724, "uuid": "e38f6259-6dbc-4234-8a4f-785fefad1d6b", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643220724, "uuid": "07769af6-f964-4900-8c30-8034865c72da", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643220724, "uuid": "7d2075df-aacb-410f-ab69-6037e213b34d", "value": "f07e6e1616eea36877f3b7d966d78d71", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35794e66-7e80-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1643184965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184965, "uuid": "0f037667-6553-4f1c-98f9-68ee9fcf0087", "comment": "Malware payload (NanoCore)", "value": "8aa38313a97d72b6d14b4d067f125086", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184965, "uuid": "4cc3c6da-eec0-474a-949f-9b7802d19245", "comment": "Malware payload (NanoCore)", "value": "8d1d485136c3e142c31a382e508ed735ad6e290574fe21f754cdfc7cf61abc43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184965, "uuid": "1edaaa67-8a41-45c3-b2ea-761e63687599", "comment": "Malware payload (NanoCore)", "value": "fa8b4c59dcd2f226d3dca64a4b1c8a656f033bd1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643184965, "uuid": "36741c7f-0f62-4898-b82c-dbeb44d95288", "comment": "Malware payload (NanoCore)", "value": "b50dba9ec13ff0c452cf83feefecbaa8388a605e55b1100c1398d6d20e344b8665e5da223bf05cd208445e89ee3dbf6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184965, "uuid": "dfc19156-5396-43a8-8093-0afba0861466", "value": "T11175AE56E388D8DCD24A2C329878752150B3BF8B98ED9529FC327A499BF13C13539C5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184965, "uuid": "0cec66ad-4aa2-4d88-a6ed-4d58f72e05cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184965, "uuid": "fe1986ec-647c-4966-b35e-5d46b2de25e8", "value": "49152:gu2h3XxMPoYfBCaTnOfSepK6NNgeG68Nq9Hr2839Y2YXC8bx7wwI3nwiY4gZcaff:uYzfIEOfSP6NNgeG68Nq9Hr2839Y2YXJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1643184965, "uuid": "ebd4acfd-b98e-4604-ad23-a4cd29cf2efb", "value": 1601024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1643184965, "uuid": "c6887541-5fc2-4a9e-ae11-2f92338654f2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1643184965, "uuid": "175c6c08-645f-415f-836b-0e80986e4fc6", "value": "Order Sheet.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4605e86f-7ede-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1643225366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225366, "uuid": "e33badb0-11ff-473b-a8ef-1f2d3bf52609", "comment": "Malware payload", "value": "f473473fb4fc8bf71d6e4941d39523c8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225366, "uuid": "2b9edd6a-a1b8-4169-9f0b-5fe12842ebca", "comment": "Malware payload", "value": "8d4012f168114315fe289c671291687939c9fa3c7c5123c38b4827884f513918", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225366, "uuid": "9631f02a-c838-4fba-a7e9-7e56bd3c097c", "comment": "Malware payload", "value": "0a955b24a43c056956483414b1a5a3383d3c4c81", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1643225366, "uuid": "1f60d28b-7161-40c7-a97e-d9a0b7941746", "comment": "Malware payload", "value": "8318ce30a91dba2a39c511df35c1a37006d8dcdb976e80aec4c8a107139bb7622f72ab0cbacdfb2561c7234962a401bc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225366, "uuid": "5ec1b0a7-dfda-43a9-a488-a81e5253d9c8", "value": "T1CB05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1643225366, "uuid": "68986ed2-2eca-4eb3-b47e-c8136eb6aa76", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type