{ "Event": { "published": true, "date": "2021-07-29", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2021-07-29", "timestamp": 1627603381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "fc7751f6-a757-4603-926d-5afc94afffbd", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7651bd5-f077-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627568307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568307, "uuid": "f9416f8b-070b-458f-a987-df52dac983b7", "comment": "Malware payload (AgentTesla)", "value": "9477ff1fff1743d5827b38a616d15e7a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568307, "uuid": "e290824a-93a8-43e0-be27-4eb74bdb9941", "comment": "Malware payload (AgentTesla)", "value": "0031cd1224753ae328feaf528ecc73e2d8c5dc966e73b46b18f7308f4c4b9221", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568307, "uuid": "2fbee384-549a-4892-8215-bd78b184a01f", "comment": "Malware payload (AgentTesla)", "value": "71490b78a16db4038219920755bd0d9f851d0f98", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568307, "uuid": "e7755bf8-dfc0-4bf0-92e0-c0c45f7f6e5b", "comment": "Malware payload (AgentTesla)", "value": "769a213447403a440de4d65cc05c9fefbe527968cf9db9f246671efc347ddfe7c6a91314334ccf9ee1bc51ad66297136", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568307, "uuid": "64157d66-0661-4bda-bc19-25c0d51cbd0d", "value": "T15045E028C98C9F9ACC5803740E5846741EF5ADE6F2B0D8AC3D8D31B5B7F1825EA76346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568307, "uuid": "59921c04-d5a6-4d9b-aa5d-cd50d589bac1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568307, "uuid": "cc35fca3-ef3c-4093-8da8-8c6f6c4d44f5", "value": "24576:9iS/d3eKzksUks2y8jCrIiCddom/runBZ0y4FW8N6ZNdZ:SKtQIiCckrqi/N6ZNd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627568307, "uuid": "75784daf-9ae1-4991-a04d-d87a0937259d", "value": 1272832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627568307, "uuid": "bda1a021-442b-4576-a6d4-5e77b2b61950", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568307, "uuid": "7d66fc6a-08f4-41b2-8bc5-b2d6026ea789", "value": "FACTURA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2ea4619-f061-11eb-875b-42010a9c0053", "comment": "Malware payload (RemcosRAT)", "timestamp": 1627558904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558904, "uuid": "337e3a0d-f117-4ad3-902b-7565670904b7", "comment": "Malware payload (RemcosRAT)", "value": "8c6310883496c8b128afb34a4c922554", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558904, "uuid": "ddcc413b-6dd2-4147-b432-06ee882bc2b0", "comment": "Malware payload (RemcosRAT)", "value": "00d52b668be725580bf1233a8bc805f62831f96ca8f7cf50807cd3481727981a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558904, "uuid": "54736d80-89a7-4031-a51c-f01e46a253d0", "comment": "Malware payload (RemcosRAT)", "value": "1f5fa188d9e0ea6f3dbf138b14b3af8cea21b968", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558904, "uuid": "f93b048f-2f64-4572-8a9c-5539ef94de4c", "comment": "Malware payload (RemcosRAT)", "value": "118eb4a93fe543e901cafea51b98b16a213f81a47f287a0ca3a53d4de7fc6bb09a6b74ce8fcad57ba04449a4cd0e8ecb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558904, "uuid": "b6943e43-940e-4b94-984f-0659d30bad73", "value": "T19E65F124898C9F9ACC5803780B5846345EF0AEF6F270D4AC3D8D31B5B7F2929E6B5746", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558904, "uuid": "010b9872-523d-4160-93dc-23b584982814", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558904, "uuid": "02a74afe-4b1f-4541-a668-ad8ecd5188c4", "value": "24576:SYS/d3DKzks4ksWPSOHjOxltQ6HqAkycbgERgfwui+jR23r7y8jhMN6ZNmZ:EKhPDDOpvkycUERgouiceXSN6ZNm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558904, "uuid": "b4cd961e-ed3f-44c2-8894-f7ac9a204d4f", "value": 1521152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558904, "uuid": "0088eb9d-ba4b-4917-8fd3-e177e0777ab4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558904, "uuid": "26daa5cc-a36c-4016-803a-3cf3294ea76e", "value": "RA1_20210729.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9593cde-f029-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627534863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534863, "uuid": "bb5f1da4-bcea-4adc-b8d9-2049038c6d36", "comment": "Malware payload (SnakeKeylogger)", "value": "dd04b002364ba4c2bfa9ee34465bc23c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534863, "uuid": "c8e5dd5a-e99c-4d84-8414-5be5e7a29409", "comment": "Malware payload (SnakeKeylogger)", "value": "0138e060a226925970f5b9488babd201daa2968bada87a281732a701c6da8789", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534863, "uuid": "e0e29c52-3824-4b00-981f-22dedb5fa89c", "comment": "Malware payload (SnakeKeylogger)", "value": "55d515d1b98e4024aa00e87630340adb7f7b9603", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534863, "uuid": "8f261286-5f71-4ac1-b84f-02a6cabb0182", "comment": "Malware payload (SnakeKeylogger)", "value": "b710518145049de7dfce57fd1b24d3c584cf4023408c6e027ff638747155f1069f527c30529c971f5c0d17a6032aff6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534863, "uuid": "519ef11e-e8b0-4bef-b34a-58822f3a2be8", "value": "T195C48D64848CDF9BDC5C03B4CB8802F42EF19CA6E0B1D6633E857DB1B4B0A55D9B9786", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534863, "uuid": "ea3d68ae-82ff-40c6-8cb0-24cae5bc5fb4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534863, "uuid": "3f618a26-a276-4939-8e81-c12e94e47f0b", "value": "12288:wcP3/Awk/7iS/d348sJTflM6qTwz9FhC5lruNjkDUcv:wkAwkuS/d3kTfm6qTwJKYj4/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534863, "uuid": "fbafcde5-09a5-4c8c-9c19-578e87958dcf", "value": 569344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534863, "uuid": "3036c77b-2501-4d4c-9522-009d611f10b8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534863, "uuid": "c662ab4c-315d-43b7-a8a2-e9e7631f5011", "value": "New Order EF56446.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dd502f7-f09c-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627584101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584101, "uuid": "10aba6ee-0a70-4b47-9911-99b78124483f", "comment": "Malware payload", "value": "7012aa551f9581a91907c323110d2755", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584101, "uuid": "89eebc03-3eb2-492d-b5cb-d658153ad126", "comment": "Malware payload", "value": "01dc2b66bc278481b1bf07ddcd260c0c59d697063d9aa8cb136ef5e0b3659f15", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584101, "uuid": "79a07b88-933d-4bad-b0bc-d4ab35b71bcc", "comment": "Malware payload", "value": "ec5df93ee70bef86d135baa9a4dfcbdb7f24380e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584101, "uuid": "8ffb9b5b-b9a5-44f9-85c6-5960a548de55", "comment": "Malware payload", "value": "4ffdc5186d9ec02c3aa539efa20680e4e1abab2df8aa6bf33c6e0d45a4ebabb98d33cdc77c8b03e8e0d133a399d1a13d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584101, "uuid": "9056bac2-03e9-4eaf-8529-dd6c54893acb", "value": "T16082D037968DED60CA205837DD7CCA971ECA2FBCD1D63236291DA238C6C020ACA7D147", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584101, "uuid": "01fd5619-f3f2-4be9-95b7-bc35da94a401", "value": "384:NCe8i0513TzmjmYI1SLNcp+vPx2J+iVzg0UIM1hymdGUop5hs74:0el055mK1Syq0Ui7M1s3UozG74", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627584101, "uuid": "b9a0d1d1-71da-415d-a665-67fe5b8323ca", "value": 18636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627584101, "uuid": "d615ae48-30b1-415b-8707-d9d7aced2263", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584101, "uuid": "8affc7ea-135c-446e-9bee-5d76ead154d5", "value": "7012aa551f9581a91907c323110d2755", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "159830d0-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627574853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574853, "uuid": "bc1debca-b54a-4f7c-bff3-b5cca0164d0e", "comment": "Malware payload (Loki)", "value": "fc030e6077d1a645b2bb1e0d77cc778d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574853, "uuid": "fd0f4011-b325-4452-9ba8-382cc4b36d02", "comment": "Malware payload (Loki)", "value": "0293d5dfdc4a137166aebb05f2c1b7b4819846032b6c1cd6431f83b4f282cf88", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574853, "uuid": "d4091164-7d8d-49ba-96c3-f72c7d9aea24", "comment": "Malware payload (Loki)", "value": "b513f93e5baa9b6a892f0fdf431a8d3813eebe38", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574853, "uuid": "db284b17-db91-486e-9080-a9e9287ed499", "comment": "Malware payload (Loki)", "value": "379603b825c7c50aae94c78874f9e13cc2041bfcff0f4bd4afebd00b4070123ba739f96621f550ff7c8f0baecf446da6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574853, "uuid": "2035f78f-911b-4951-8459-eda9e3a2926b", "value": "T143259D2176C4DB29E52E533A8FDF60208BFCFE023532A7646DF512B9650AF52D8741CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574853, "uuid": "ea786b42-72d9-4833-8df3-255bff61f6ed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574853, "uuid": "c822cad4-4195-4193-a955-08b61cd94393", "value": "12288:d/K2wx768UCS0MVy6//wgDk+5hKN9xXhTr5/dKoBoRoDoyoDc5v2jVQTigBxHZw/:fIcrHKBN5/dKK64JV5v2j4ccnGj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574853, "uuid": "ac411f91-e09b-4088-8723-11cd869161d4", "value": 1030656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574853, "uuid": "00646a39-f2d6-4dde-aff6-b5315415621b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574853, "uuid": "99019f8d-200b-4861-aba3-9afe81b822f4", "value": "fc030e6077d1a645b2bb1e0d77cc778d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f68c0a09-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535288, "uuid": "d5b4741b-2d54-46c3-9edf-d2b64edd12c6", "comment": "Malware payload (TrickBot)", "value": "ac33cb35647f6013e6cab4cd724afcd5", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535288, "uuid": "c676b967-5b67-427a-8249-20cd25683b87", "comment": "Malware payload (TrickBot)", "value": "031897ea742575693a46a7a20b5c1fbc79324c9215a9b8c5f311237f641e28d8", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535288, "uuid": "9321b988-3a4c-48e9-86fc-e4cb8b4336f1", "comment": "Malware payload (TrickBot)", "value": "4e59a65a3408e14b6848b63c56da5217479061fe", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535288, "uuid": "15e0ba22-9093-402e-a2d6-18b802ce7d54", "comment": "Malware payload (TrickBot)", "value": "7579782bb3776a0e874e4ad2ebabfdcc46ce3abb0685af29aadb1f807447484758c930279a63a02b2afc1757ee103717", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535288, "uuid": "f4cda55e-9bb4-4601-b52b-1dc7453d724b", "value": "T1B65355E82AD1E417338D2F17FE0A7AEAD1BA6C9796C47507D1587A5C24EC21BC5A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535288, "uuid": "8808bd3b-6d69-41a5-952a-868bd8b5c012", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/ot:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535288, "uuid": "00e49f46-0728-4c8f-8206-8888d98cc3ea", "value": 61591, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535288, "uuid": "d07bb46e-dc37-4696-a9e4-eac6634e8847", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535288, "uuid": "b4d00bd5-76a1-4fa6-90a2-d2e3ad06ce45", "value": "2021APT-28_16272453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "743e7b7f-f045-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627546665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546665, "uuid": "30c2b74d-347e-4da5-878e-8374a282044a", "comment": "Malware payload", "value": "00edd268effc5d2ac25eb35081c80a99", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546665, "uuid": "bf2f9c67-811f-48c9-b5ab-fda28bca26f3", "comment": "Malware payload", "value": "039c252556bb4fd9a531964737a05c0756763fc853f3ba42180c03c4d105c038", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546665, "uuid": "974a41a6-36dd-47f1-8aad-b48390d96914", "comment": "Malware payload", "value": "734b29e500127971fe48766c0edfcaf3fd2add5a", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546665, "uuid": "134f5a23-ec45-4756-8e9f-cba91fa54ffc", "comment": "Malware payload", "value": "5a0d99a51daead1bdda825b1c21f7c54f4c85fac982a70aa12027a047111fed7ca137ac5d67e6bc442bc331f203fd10f", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546665, "uuid": "d8aed2fe-37c6-4f8c-a08b-8ffd4d6db51f", "value": "T13865125FEC127F15C331D56F1B8AC5203DA741BFAEA3DB27756AA8874EC0885B02944B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546665, "uuid": "aa06eb8a-7bf8-4662-9ca6-626b35d791bd", "value": "24576:BiaR6L56Xf/xAhi1clHj28nqlVXHSsrFPVCDxzpB4HKfM9N+rowt+WI8h:MCA56XBAMMDfqPrrFdgxzpIao2IE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627546665, "uuid": "c193db8e-e458-4e8b-beeb-9f31d0337324", "value": 1494361, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627546665, "uuid": "befb649e-0813-434a-b577-d7c173e3b71e", "value": "application/x-7z-compressed", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546665, "uuid": "e81f5fa9-6ba5-4fd5-a811-d8ff90a9a429", "value": "Setup-v1..exe.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86cfa38e-f07a-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627569460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569460, "uuid": "8b69431f-79f2-428c-b5cf-e2cb5cc1b7cb", "comment": "Malware payload", "value": "0fce81d198f7cf63af9e9d4a759d05f8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569460, "uuid": "4dc1580a-1118-4255-a1cb-cc7bff5c3ab1", "comment": "Malware payload", "value": "03de127a1f1535a8c3d5255e3cc39523cfd2bcba144fa3dcc2b7697317a0d1d3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569460, "uuid": "2be598db-160a-4004-8f5c-74db949b3a35", "comment": "Malware payload", "value": "d987e7fdee11e8b49e4efaaadf122512d1f4fe28", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569460, "uuid": "26163146-aba0-4117-b6b0-eb4f32099dc0", "comment": "Malware payload", "value": "00802fddc17bbae0adb4ae9357a9c469d1beb24c3f79e32e50930e69ecd835d541f0d6e0c3a5e7aa2448643aab3780c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569460, "uuid": "0d2e1219-6e38-4fdf-8f80-db1c92e32bb4", "value": "T11F03F25FA4C66CCEC68EACFDC2E931507DEA96F5A14F5AD047508C19CB3A44BF95E080", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569460, "uuid": "d5f3b4cc-130e-4cf1-b3e9-5ac5289761e7", "value": "768:kYB6b3kaciEsql1Kj6SIBQ0DWerly/xfnI9RxYWR0xvVJ8:kY3ac7TgAQifivI6vz8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569460, "uuid": "69619846-5017-4054-a920-d16cb9d08430", "value": 40924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569460, "uuid": "6a8f900c-4f5d-4762-817e-69a8bf8ba932", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569460, "uuid": "a19d43a6-a8c0-45d5-84b1-f709fc064554", "value": "0fce81d198f7cf63af9e9d4a759d05f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64454677-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535472, "uuid": "dc4f3dc4-5c83-4037-8747-475553f46058", "comment": "Malware payload (TrickBot)", "value": "83df9f0359d8ba6f4206c33767e8c30c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535472, "uuid": "b0763d93-4787-4c51-bf54-9a68d2764fe6", "comment": "Malware payload (TrickBot)", "value": "03fb6b5df5638935be98f1580f12bbeedcc2794c1357914cb7ced422b432dc22", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535472, "uuid": "2012ba8a-6573-4bf3-b0ff-dde2802763be", "comment": "Malware payload (TrickBot)", "value": "9c1f3737462dad3deb8f32ae8d3aef5816c4051e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535472, "uuid": "1212be8d-1311-492e-beb7-212ed3016e28", "comment": "Malware payload (TrickBot)", "value": "a8e28b550c705245e48417c06b856bb9f489ea7c398ebae0556db42e3aeb4b830b229cf550610547163e7d53d2595075", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535472, "uuid": "82e1b55f-57b3-477b-97c7-06dfa17b11cc", "value": "T1506398E82AD1E417338D2F17FE093AEAD1BA6C9796C47507D1587A4C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535472, "uuid": "3588b53f-3226-4993-b165-ca1634bda51c", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oc:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535472, "uuid": "b9b43b9d-1f84-4b22-8a6e-02e9e2bc6e51", "value": 73016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535472, "uuid": "8e39e339-c04e-4dff-be33-29ddfc4f6cfc", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535472, "uuid": "ec42bad2-513f-4464-b927-7dccc8e0046b", "value": "2021APT-28_65052453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c3b5ec5-f073-11eb-875b-42010a9c0053", "comment": "Malware payload (Socelars)", "timestamp": 1627566248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566248, "uuid": "dd4ca4dd-3820-4178-a6f0-688b23f3f949", "comment": "Malware payload (Socelars)", "value": "ef07bdb06bb72802df7cc3e7ebb13014", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566248, "uuid": "5381e234-15cd-4d6d-9b1c-4b10a64c0de6", "comment": "Malware payload (Socelars)", "value": "0438d9333fdb810b6ca113c17017f0051077c542bab7d34646be272f575cc5b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566248, "uuid": "31d69580-feaa-4fb4-a2b6-5653c4f097a0", "comment": "Malware payload (Socelars)", "value": "efcb922f43033ea3166fc1fde3d842799faf5552", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566248, "uuid": "b3f9ae46-4b3e-4376-845a-ed075a9f4e31", "comment": "Malware payload (Socelars)", "value": "1ad578d66293fd895b717a18720c302c9cdaf0e1e6f689068f3a7b39de5b813236ec8eff644112fb072d1c3110959c9f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566248, "uuid": "48feca09-7a9b-4ef4-bef7-902cabdd4cc6", "value": "T189658F21F6429036F8E310B686FE477E8D6CBA21031494D7E3C42D5A9E719E27A37727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566248, "uuid": "f1dc3c00-acf8-4a3a-a4da-d30b0c4cf9ae", "value": "4f0608b5638c60342069764638589dcf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566248, "uuid": "6f3ea596-7c85-42e9-8902-7ed6778c2ac3", "value": "24576:eTj7ope1XnPzDuPxy3nyjmaRNKMZFHhrFCKezhDgWFdSiA993qz7ea:G7opuPXuM3nomCNnBhCnRdFdSi093qXN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627566248, "uuid": "024f34f1-cc29-43a0-a9bf-8fc4b15e9b17", "value": 1448448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627566248, "uuid": "8b0f1a8d-984a-4c93-8629-536c8692c573", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566248, "uuid": "28c3ade7-13ac-4fc7-95f5-acb84f6a473e", "value": "ef07bdb06bb72802df7cc3e7ebb13014", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18c82b02-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627568846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568846, "uuid": "9996b4b1-9a06-46d2-b066-cb381bb3f286", "comment": "Malware payload (Gafgyt)", "value": "81409cf2594130742de8a53eaf9f3490", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568846, "uuid": "4d98d512-554e-49bc-a80a-943d4cd0f5bb", "comment": "Malware payload (Gafgyt)", "value": "043e481109ec7d14fdf465daba8a008a75536fea0ba5f6b9503121bc3c10dbdd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568846, "uuid": "509a6c54-a264-423f-8c91-cf536c3dcb29", "comment": "Malware payload (Gafgyt)", "value": "b0f87e48aab5d2aafdc96826ab26678b0b0fdf03", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568846, "uuid": "197c1ae6-d10e-481d-ba10-8919b4365f82", "comment": "Malware payload (Gafgyt)", "value": "82d454a526f13280634178efd73d40e73f2554bde572ca84f30cca4de8dc428b315732eba5640b7403567b25d64a22e4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568846, "uuid": "b17d207e-2433-4ab5-a695-28c78b9d2940", "value": "T13BF2F1C2D389DB15C858E737941FA9021C6867AFDA8DC9B7BFA039694812F10170CFD6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568846, "uuid": "aaa28d79-2f26-48ee-8366-9a076be74125", "value": "768:pRabASvNBC5eCzn4In53CffrN8BnbcuyD7UryqJUPYzdmAK:HabeACTtnFsjinouy8mquYpmv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627568846, "uuid": "3f5aa1c9-a1e4-45ce-b447-f92df85f747b", "value": 36996, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627568846, "uuid": "bf4d9705-8903-4dc2-b497-bb753e2c12ec", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568846, "uuid": "ac3bc25b-3e87-4ffd-828d-c8e6e419ee2e", "value": "81409cf2594130742de8a53eaf9f3490", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2344dee4-f059-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627555119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555119, "uuid": "05d9ec8c-1659-4d1a-8d34-70c374422899", "comment": "Malware payload (AgentTesla)", "value": "f3f1698a9f2556aa55fb6d2d8a9780ed", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555119, "uuid": "4f75df8b-cabc-4879-ae0a-6aac104ddfe5", "comment": "Malware payload (AgentTesla)", "value": "04abe8fc5cb9dba72eb551898f98bd364e9acbee33064308b8d6c0d9a02e9ceb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555119, "uuid": "cc818f7d-b122-4f52-8261-b3085db7185c", "comment": "Malware payload (AgentTesla)", "value": "89810f2c1baf5f587b97ebae27c9cfddb0d531ad", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555119, "uuid": "a82adb85-2e33-4bce-8716-fb0956ba2188", "comment": "Malware payload (AgentTesla)", "value": "2a12a187ba38927dfa6f80b83c632c5884f48fa29f928d3bd33d400e4b6194c1ce608adcb44ac3a777ca36db93df4b2a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555119, "uuid": "a4fa8c0e-7a1e-4288-aae0-189df1c31ced", "value": "T1FC72A136F258C635D42FC63A9A62BD0C02A0F1C7D4E68E9963BC1D1A0E11FDF2D916E4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555119, "uuid": "b4be62fb-5c3d-4339-8770-fb440ec96d43", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555119, "uuid": "544f6566-e15c-4949-b303-527c6f0d06da", "value": "192:A128MoaqW9CywPTmhGIKXkIdCRF3smZJjKcidWwFGF/Fer6:A1NMjETPTmhYU0CRF3syKld3Gter", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555119, "uuid": "fb4b82fa-6849-4be8-bb5b-9fc9d084e8ad", "value": 16896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555119, "uuid": "71bcdae7-ef36-4964-a44c-b7ebafc9e279", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555119, "uuid": "8888cc31-607e-408f-bf29-a5019465f6a8", "value": "solicitud de d\u00e9bito de la cuenta-santander-n\u00famero de notificaci\u00f3n-20210728073043975201.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d9235ce-f031-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627538091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538091, "uuid": "ac8327a7-5668-4597-b8ea-577d1c349d35", "comment": "Malware payload", "value": "f1fa53c4e5c47dbbdaf0e156f9ca57ec", "object_relation": "md5", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538091, "uuid": "6f04be60-05b8-4732-a3f3-b7f44611834c", "comment": "Malware payload", "value": "055a295ad0700f072699b3e299aa19da42c4b34c96ff4e6224c6e0c3775778a3", "object_relation": "sha256", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538091, "uuid": "ba2ef08f-4056-4c42-9033-db652bcd43a9", "comment": "Malware payload", "value": "76360a8bd2775530cc5fa8b37c9b7099091c4c04", "object_relation": "sha1", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538091, "uuid": "3cd7b2bb-f570-455d-be99-7ba168f390a0", "comment": "Malware payload", "value": "1ac700c9871946bd69b9faac3eea53cf5892f3cea108163e8fc4a64db207f71f9fcdbfe8b59f41d14900cd1a5dde8de3", "object_relation": "sha3-384", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538091, "uuid": "f75679e6-58ac-4089-9213-a89df8b24d30", "value": "T169A5121AFE8DD89BD153F1348164A65FCD4480885A98FA5F6BA6904C4EFBC40C78BFC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538091, "uuid": "40684e17-0e74-4b52-89c8-5bc7b691a0ac", "value": "49152:r3XNn6T0x13Go0A4XqzG49NuHtuTj0wL7/BOgJoAEv:rnN6gxgo0xqzG4OuT//9J+v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627538091, "uuid": "098c2551-f17c-4c8f-b1b9-ed59fe918339", "value": 2187819, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627538091, "uuid": "f39ac87c-850a-4029-a725-31c2f6d44c4c", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538091, "uuid": "448252eb-6820-4b0d-94d4-8e601d76030f", "value": "055a295ad0700f072699b3e299aa19da42c4b34c96ff4e6224c6e0c3775778a3.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a375b7d8-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535578, "uuid": "37908090-6806-47f9-aaf1-7c7898fe9355", "comment": "Malware payload (TrickBot)", "value": "2b1f27eaf1041f4ef85d0694afb9c1e8", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535578, "uuid": "f41dd5a5-e447-406b-8d5a-39975e5122fb", "comment": "Malware payload (TrickBot)", "value": "064fbaf7a03740cb01d6ed9e173c834ac64eb659198b8dd000414fc88657a757", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535578, "uuid": "bae947a8-c461-4a01-82ab-ffcefabb8068", "comment": "Malware payload (TrickBot)", "value": "31cdf93da17be159783f54b595f888c80429a837", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535578, "uuid": "6f17ee2d-1184-452a-a7d0-ae42a31843c9", "comment": "Malware payload (TrickBot)", "value": "ee8fa8644b63460157261641bb3c3da87fdea0e4adf01d294eef522ebb12f54d71205ec502f2e3c4c94037b87d0cb464", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535578, "uuid": "25295029-69a9-4221-aad2-53cdb39bf8d0", "value": "T1DC62C055E2D24F0DEF671E38BA088ED4A8E2A3EF48C9C695D6106C195EC48D3099EBC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535578, "uuid": "64b5bed4-4036-48de-a59e-bbd23b91d52e", "value": "384:uObxvqlJYz/y/oDKd0ZCG1BJq9lC+r1gDU0hf9i:uydYJYzIrdUlBJ67B/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535578, "uuid": "bb428ae6-c0e6-4d14-8653-b17cfcef6934", "value": 15720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535578, "uuid": "d4e1b712-45fb-4151-8942-91d95e4063eb", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535578, "uuid": "f10addb5-e1ae-418e-83ca-e3a9aa5ff8fe", "value": "2021APT-28_36090453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7e606c2-f083-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627573461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573461, "uuid": "8b1f1af2-9644-4596-bfc1-5edbd9c83434", "comment": "Malware payload (AgentTesla)", "value": "5e883d9256f88672a36090101a223d8c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573461, "uuid": "5fe311ac-7d00-4026-9025-f0f37743af31", "comment": "Malware payload (AgentTesla)", "value": "06727ec8f5dc2c12fbfde5df6299c715c3143a7b3c3a8ad5e19ffa317ceb059a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573461, "uuid": "86176884-b1e1-4f1b-94c0-0f91680f13c8", "comment": "Malware payload (AgentTesla)", "value": "68bb3ead4b32206a72db47b12eb2e1ba0be98b64", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573461, "uuid": "22bc0109-01c9-40de-a007-a809f4cb7529", "comment": "Malware payload (AgentTesla)", "value": "51c93458843a048581df915b54feeb4e9929990c43db5edec3f9b8abf64f798049eb1b559ce13b46736fcfb9b601d5f4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573461, "uuid": "80a1c866-bb1f-4256-86db-7335ffcdcf4b", "value": "T15E15BF2085CCDB9DE8BD0374176C02786FF0A942E1B4EF287E9585B5AC91B61F5BE306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573461, "uuid": "47ebfd37-4242-4b90-adad-c95e2dd55ac5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573461, "uuid": "ceae0163-bfd2-40da-b43d-f89f799e453e", "value": "12288:loLDczUJW/7iS/d34859tzwafKeXAEG+6ypynQRzoE/k5y3GiBhyyE9nB:yDSvuS/d31tzEeXM+6KyQJoQ2iaZb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627573461, "uuid": "e3d3ebd1-b5af-4a73-8013-4c29c0edc752", "value": 920064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627573461, "uuid": "2abadfbe-e01c-487f-871d-6620070cbd1c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573461, "uuid": "b018b9d2-1358-4096-abe0-e1a296d186bb", "value": "2129-20 30% CLAIM - PO SPO21-01-072.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "848783a3-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (Redosdru)", "timestamp": 1627571174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571174, "uuid": "6926c496-7d2e-4b56-80f5-256c2bc50293", "comment": "Malware payload (Redosdru)", "value": "b62139a6173c3492b4cef1570ea17d8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redosdru", "colour": "#9040F0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571174, "uuid": "82450fb6-7208-410e-a825-a52c1642d805", "comment": "Malware payload (Redosdru)", "value": "06c56274fc1db5ddff596e3c3ba6e332cdb8f2329e295b1515bcc1f9493464bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redosdru", "colour": "#9040F0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571174, "uuid": "274ccd61-bc35-47f0-ad13-a66ce4da69e4", "comment": "Malware payload (Redosdru)", "value": "7a5cb8cf87245b5fe58322ea326f2b0fef5eeac9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redosdru", "colour": "#9040F0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571174, "uuid": "5db836e9-e949-4655-a8a8-3f62fb81a751", "comment": "Malware payload (Redosdru)", "value": "556c09b7de07bf13c188ca7a23ffa43a8b4a32b3f12109a1c1b42ada8070883ad71ae7108a41824e3f8c898ce7f773c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redosdru", "colour": "#9040F0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571174, "uuid": "76cb1a76-2fac-4e62-afe2-6dd646877baa", "value": "T1551227465B5290B3F782EABA427EA7BFC96613431752EF12CB95EC900C12504F52E39F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571174, "uuid": "1920cb59-cf82-4323-82e4-4627868073f3", "value": "e78eab4985965e46cae096eee6530936", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571174, "uuid": "a4f81ad1-1809-44b3-a65e-c92af9dfa17c", "value": "192:ih1u/Os1q4gZe0KxfSEn+S5cPj4wMuP1oynOy:L0KZSy+1swMY1Ey", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571174, "uuid": "52ce99f1-2d38-4e35-a159-8d37e648c1dd", "value": 9216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571174, "uuid": "946b156c-9816-4732-a415-52045243da89", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571174, "uuid": "1246819b-8848-4cdf-b024-cfd6600fabef", "value": "b62139a6173c3492b4cef1570ea17d8f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e130067c-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535252, "uuid": "50252124-2a68-4d38-8ef4-d64992906aa0", "comment": "Malware payload (TrickBot)", "value": "c08f2e2c909a77dead8d94d44fcbf03a", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535252, "uuid": "b6324bda-0b50-49a0-a70d-632e08f511f2", "comment": "Malware payload (TrickBot)", "value": "071e2829b90e92202f1fdd8fcba3d7c8f6bd2fceab7ede345ded4dcebd50e8ab", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535252, "uuid": "f3b821a7-124b-4433-9d8b-f10ef60848d7", "comment": "Malware payload (TrickBot)", "value": "596623e2e3cf6051ef289601892bc395e31eea00", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535252, "uuid": "2b34f4b6-d2e7-47cb-acd5-5915a398058a", "comment": "Malware payload (TrickBot)", "value": "542a7fc0e7422c89fe8742a8730aade0e98798b6b0e120c6547162363266e53c8263e4826890aad3973bfc487225b3ca", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535252, "uuid": "d7b75959-d795-43ae-a513-37be34ee91ee", "value": "T19DC2F102BB656D81D49BE8D1A11A3F6B5DFA7B3E21CCFC4BF20778B31CA0519A9065C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535252, "uuid": "8a3c7026-85d8-44c3-88ee-4da07eec1d3a", "value": "384:gir+urSCtRiqt3wcktW/j41o4FVhR0iZu44vW3sJ1ptX7MF7hu2WkxikBm/8iHjW:n+kStqOc1f4FVhyvlJ1LMF7hTvQzTHjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535252, "uuid": "54ac89b5-d117-4add-9150-8a211ab40c5a", "value": 26155, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535252, "uuid": "2eb63306-b6e8-4f6d-9d68-80232d0c1970", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535252, "uuid": "9d488fa6-8b0f-4f10-8d6f-9adc2bce0b71", "value": "2021APT-28_73170453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e40c70bb-f061-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558879, "uuid": "1d6dc853-1871-4e76-a456-28ab0ec44e3c", "comment": "Malware payload", "value": "694a89c43d506d56ce3cece6cf772c02", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558879, "uuid": "e7d9cff8-7892-4561-8e5d-66e1248552a7", "comment": "Malware payload", "value": "07bc756e9f681b733754ccf7a3981e454be5e0a01da030e08aa039c2f4c18426", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558879, "uuid": "7ea7561a-b40f-4a19-b9cb-7d898aa964ae", "comment": "Malware payload", "value": "a0624d42ea889e4acc95795b5f00c4b053f2212c", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558879, "uuid": "73b66f1f-fa61-43c3-83e7-e3ee38e54d3c", "comment": "Malware payload", "value": "399aa3639ca64dc8fe003b223f48fe6af80c58127f576c926f54a0bece274740c06d4b6ce26e19cb7745bc20f31fc289", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558879, "uuid": "8f77191e-8b34-4cd2-a120-663bb6d6c563", "value": "T1BB051311A9A5897FD28C85F4489E4FFDE7D69E1C7631A91B2B30E21D37AB708EC46340", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558879, "uuid": "0271e639-a120-4858-af55-bc26982418d2", "value": "12288:mu9cPexsYepFX4Pv1maGm529gEZpNm1fMzS06V07+1JU1U:8YebsmG5sgEo1EOeDO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558879, "uuid": "8a04af0a-9866-4cdf-8369-6302b9e34c6b", "value": 812544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558879, "uuid": "38a60692-8688-4e36-a33b-6ecae5bee3ca", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558879, "uuid": "36cf6521-ff0c-40f7-ac06-eb80a82d3edf", "value": "paym_reminder_488876.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f82dc426-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627571368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571368, "uuid": "8a2021cf-edc6-4e0c-9eef-e528c591b66d", "comment": "Malware payload (RedLineStealer)", "value": "1ca294b7a56fb940e2d17063af420096", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571368, "uuid": "f196759e-4ec9-4fd4-bcc9-5b762f5791d6", "comment": "Malware payload (RedLineStealer)", "value": "07db3d8283898b5615932a01314bba462c4ca9667ed256be7363dec83314ace3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571368, "uuid": "e01858f6-46fd-4826-879e-f024b36fdfbc", "comment": "Malware payload (RedLineStealer)", "value": "7402a2b9b6290b8b3df62cecad5f2934fbb75a6c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571368, "uuid": "5ec21b01-5e29-427c-bef6-893c298c6890", "comment": "Malware payload (RedLineStealer)", "value": "dbba192552c4eb5669f96a1ba32701a49aab995ecea545073e2addf97ed839e36dd1d19db012f64d06ccc45da7e8bbb9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571368, "uuid": "68a9b71e-5629-445d-b61f-68844462877d", "value": "T1E4E4F130AA90C432F4B712F846BAD3B9742DBEA15B2444CB52D13BEE56356E9EC30747", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571368, "uuid": "2e2ee3e6-9471-4487-954c-b7f2454a7209", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571368, "uuid": "1d6d77ce-9879-48d8-96c0-3d201ac783d7", "value": "12288:ePyVS0UjF0TuBOXK6fm5M+2nkakFDFd+fu73smJMSmSTDP5H4c9nAU9+9H:9S0UjAuL6Ob2kamDD+m8maODWcRA7h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571368, "uuid": "4291605f-15c7-4494-ab1e-07ebaee89804", "value": 716800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571368, "uuid": "be6eebc6-6baf-4c53-89f8-94cb1e1528ce", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571368, "uuid": "b52a9a3a-cb9d-4061-8680-8244679699e0", "value": "1ca294b7a56fb940e2d17063af420096.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dde6b72f-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (AsyncRAT)", "timestamp": 1627547702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547702, "uuid": "c29c1df2-9fa1-4ea0-891d-8c7e18df3789", "comment": "Malware payload (AsyncRAT)", "value": "4f944b4b02d3838c0ab0342ca3b9dd37", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547702, "uuid": "8884e3f4-6ddb-42f3-9c69-8d55f371d5b0", "comment": "Malware payload (AsyncRAT)", "value": "0841c287a81172aa672852d3cc3a0c143ece5ff84ebb5de62812ee8b497bcb99", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547702, "uuid": "e83a5b55-0744-469a-81d1-dd27e267fd38", "comment": "Malware payload (AsyncRAT)", "value": "64f0aab2a8d4a827daa801fca6bad248020ba16c", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547702, "uuid": "e00f74dd-7f2e-457e-a2ad-32748acf886a", "comment": "Malware payload (AsyncRAT)", "value": "e371cf195200fec9d085a353479eda0c28d0cea550194863bfeb2665c7096b4bd8e37ab6e8bd5edc083b555463162631", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547702, "uuid": "9bf9e3ed-eeb0-4bda-a5cf-fb23029a1366", "value": "T1F2C44A23E660A04DC54680B058A6EB7AB9093D350194DE17FBD09F4E36729E3B8F971F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547702, "uuid": "7464f048-4e96-4574-9168-deb312ff8284", "value": "c767f01e3de8ac58d39924f9b18a620d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547702, "uuid": "8bb6385d-0680-4a4a-8a6a-342c337c8aed", "value": "6144:u7pekQ6NUWtSyAjoTcJyJmH8K7fKYQViCa1CEzaFhyryadjdAKSyn:uxQ66KSyqoW2Eza4ye69O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547702, "uuid": "cc275be6-06a1-4cc8-bc3d-6486d1f2bc5c", "value": 551845, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547702, "uuid": "f6a20869-a527-489d-93b2-6ff265977689", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547702, "uuid": "481b2a04-230d-4eab-8da3-e4bed4e56c60", "value": "4f944b4b02d3838c0ab0342ca3b9dd37.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fc91161-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535410, "uuid": "600eb246-5903-4c5a-aa65-3d45a9c8fb63", "comment": "Malware payload (TrickBot)", "value": "2070ac87ea96550bbfa416efa84846bf", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535410, "uuid": "94838431-bd63-4e4f-843e-23c10899811c", "comment": "Malware payload (TrickBot)", "value": "09ff8b5b4a33eca7565cf1eaeb82fd7f3676ccbec9b79ffdb2439a248ada8e3d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535410, "uuid": "136b9f17-e7af-4b7c-8e50-2136d3ff21d7", "comment": "Malware payload (TrickBot)", "value": "a309435897fc9e0394ca1cbe54e96b59d03097a7", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535410, "uuid": "97231589-362e-4d6d-ab5f-705148b1dd52", "comment": "Malware payload (TrickBot)", "value": "a9e1d5fc94f54a5dcfa041a7ca6bbdd024dfcd3490b2318a2cc9dd9bdf750665e8ff2e563666ce59b8994aa6cb98a512", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535410, "uuid": "2cf1f6bf-4b28-4d5d-8c47-b634aab9b70a", "value": "T13D6378E82AD1E417338D2F17FE0A3AEAD1BA6C5796C47507D1587A5C24ED21BC5A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535410, "uuid": "817bb7c7-dd1c-4f93-b0ce-b6d40e8a65a2", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oM:59Ry98guHVBqqg2bcruzUHmLKeMMU7G6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535410, "uuid": "a249a591-60f8-448e-99c7-c1f6cc99b2de", "value": 68516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535410, "uuid": "917cc1a8-a88d-48ea-95a0-3dc18116ac3a", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535410, "uuid": "fcc440e8-1db5-468c-8512-d087b0739351", "value": "2021APT-28_2346453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd40ccac-f046-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627547271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547271, "uuid": "54b63384-9d26-4f61-b420-4189ae1a3167", "comment": "Malware payload", "value": "d085b218204e78871af0d26527452b0b", "object_relation": "md5", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547271, "uuid": "c47d34f4-f709-4f14-b75c-99658a6a83c6", "comment": "Malware payload", "value": "0aa4d40021f2c34236ec01a2c99eb8d2b41dda8e3f24b6044a0993a1e6bbf076", "object_relation": "sha256", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547271, "uuid": "c7c8d032-ace2-4763-90f7-94bad73adea6", "comment": "Malware payload", "value": "61a95642d0bde8d89f16ffc26d4f739226bfb1b8", "object_relation": "sha1", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547271, "uuid": "1e354941-0dc9-458d-9aec-73217545d8ac", "comment": "Malware payload", "value": "7b40c5dbc1105d3071a904ea25929fdb7a2ab3b8f6149734f4e6d51d778e0d9dba69d5c8b9cb78bea39e22c4d613b0ae", "object_relation": "sha3-384", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547271, "uuid": "0ab82222-7146-40a7-97c3-b3a26af12df1", "value": "T1D435A6CC7E3387CD821598B709F73BA73DB615B871328A95F013FB27688584D4AA065E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547271, "uuid": "230a6920-190a-4004-bc60-b1e0317f74e7", "value": "24576:sWQsrhB4HhRSiS2RZYDrVpoMMoHoMgo/oO5ovIoRoYont2rn:bHrhz1phWM0rn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547271, "uuid": "0cfb2e25-f448-4d97-88aa-2af1b32ec6cc", "value": 1155140, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547271, "uuid": "8ef5751b-094a-4afd-ad5b-e9798111ee57", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547271, "uuid": "c9ce1fbc-b485-4bee-b7cd-543908813560", "value": "R", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82edb493-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627547549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547549, "uuid": "6f210b0f-e424-4970-9eb6-c72998e9474b", "comment": "Malware payload (RaccoonStealer)", "value": "be1766f3ec3060119007a54500fc64ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547549, "uuid": "e3fdfa7b-1625-4690-bd66-b8f032a76386", "comment": "Malware payload (RaccoonStealer)", "value": "0b138671b6b534306994daf163d36498a7b2dff3969931ac9b84d3eb6d1cc460", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547549, "uuid": "2c299855-ebe9-45f3-9e9e-a43411af6f6f", "comment": "Malware payload (RaccoonStealer)", "value": "0a4ef4fedc18983021a5c5b7daa1de591bc8cf02", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547549, "uuid": "bf74cfe3-450c-4b11-bc02-30f51b76aab8", "comment": "Malware payload (RaccoonStealer)", "value": "a49125e230e8e99963d027176f4b62374ea622521d5a6beee99c62651f0c73f4ba0d5a103cab53ddc5718f81544d70d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547549, "uuid": "1672e867-25c7-462a-bc2c-1c90b9e4f033", "value": "T1F9C4F130BA90C035F4B722F80ABA93B9782D7AA05B3450CF62D55AED07356E9DC31397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547549, "uuid": "3aa13c70-b37f-4081-a2af-6f32e0d9f998", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547549, "uuid": "a7006501-2362-4937-8911-601cf45f0439", "value": "12288:3Snuhrfnncy2PRXI7qFEOhdl0bPfoPdJm32VqaHoJ83qX:GuhrfnNp7qyuizfadQFaHy86", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547549, "uuid": "2209b749-8e6f-4a57-9bc0-f5abfb1ec496", "value": 592896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547549, "uuid": "10e8be63-0fb2-4e59-ac94-3c37ff9dfeb6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547549, "uuid": "bde78bb5-3dec-487c-86f5-12c8dfd59027", "value": "be1766f3ec3060119007a54500fc64ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce7802e2-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535650, "uuid": "f402cd45-82c9-4817-bec7-c6c32a33242a", "comment": "Malware payload (TrickBot)", "value": "5baa5dca1583315a7add9e550dde40fc", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535650, "uuid": "bb542cda-d2d6-4d61-b456-0d998f77970c", "comment": "Malware payload (TrickBot)", "value": "0b82619071f194db8381fe5253b0c11d3f0eb951c85f944d679faed1b249a112", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535650, "uuid": "3aae6393-470b-4155-bea0-e946e4e87c31", "comment": "Malware payload (TrickBot)", "value": "b3860a972400764b183cf501908a3f1e15934f50", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535650, "uuid": "7e72cd22-97d9-4313-a8a8-67d5f0c37bda", "comment": "Malware payload (TrickBot)", "value": "cce0511d7e874b7fa1c7018f967f848ca82f5411de96398160cd43ecb784491a888e72a007fa77e09cfcb13b62f9941d", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535650, "uuid": "115f1ecb-3c1f-4916-b26d-d0756e51c4aa", "value": "T1212302F943C98C78D29BF777F4886E450F48ED467A6AD563272358D37E868422B72302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535650, "uuid": "7b8b0f53-1685-47cd-9cdf-ee746419a09a", "value": "768:b0lr8TfPbTIrujrXENNJU0izu3tm/2/aO597RQCgHTZfA3CCY1:b0uTPTjzEN8OWUaA9VPgHTZH1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535650, "uuid": "a0dc88c6-5d12-4f1b-bcaf-2a466b44a493", "value": 47836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535650, "uuid": "ad4f7992-faaa-47d2-a605-3c94a8ca5df9", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535650, "uuid": "06113faa-08a5-42da-9f8b-91a232b8d496", "value": "2021APT-28_71700453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9de7c140-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535139, "uuid": "67adc4c3-15ef-4b9a-81c1-0c742924f0e4", "comment": "Malware payload (TrickBot)", "value": "f12119a61710f460b889d71fec8f4217", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535139, "uuid": "85495eed-69cc-4705-83db-8d9007df17f2", "comment": "Malware payload (TrickBot)", "value": "0c40462e298ec3b262498d1db189d4e2915bf07c80e40981fc43914a0bc7266a", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535139, "uuid": "25f7b5e1-86d5-4354-b9fe-ed43bc1eb860", "comment": "Malware payload (TrickBot)", "value": "09c303a01b3a28d7b7d14d60cfb42e796c5a911f", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535139, "uuid": "83a42682-cfa3-479a-bb47-1807920daa33", "comment": "Malware payload (TrickBot)", "value": "5f89da4b05adf0d22bff86cc1a27d4250ea9e81e990a73b8d099e6ecf879b20421fd1e00aeaf846c14fc46804872b3b8", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535139, "uuid": "9f73acc3-2121-4f5d-9662-4c24a017d8b8", "value": "T11A03E1742A5363B0CA140D71E2E98D09DCBD3CA875E98934AF46B4BAF7CC4442636776", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535139, "uuid": "b67b0c11-35e4-47da-9535-33538d44241c", "value": "768:+iCcml0Ql3+Fii9BGDvVwJ1mFEQwj9nj7K1kGJXx:+iCXl0q3jirG72JEWQw1y1keB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535139, "uuid": "47fce0a4-6c79-4453-87e1-8dbd6f185b5a", "value": 40484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535139, "uuid": "4177c300-0471-4413-899d-e55318ca8d4b", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535139, "uuid": "9d9d690d-4258-4404-b478-107fec3e2959", "value": "2021APT-28_86826453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a4e4244-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535455, "uuid": "e662cdf6-4ed5-4d2c-9839-4b372cdfcaa6", "comment": "Malware payload (TrickBot)", "value": "396232832c561ea732eff4a7d5206d90", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535455, "uuid": "0c18c587-a710-4dfb-93d8-addc285467f0", "comment": "Malware payload (TrickBot)", "value": "0e13e640ab9888c076f142cd4da8bd7c87015562216605f0bd4497cd9303ebce", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535455, "uuid": "79d1e8e3-233a-463b-858a-dbe308ffd134", "comment": "Malware payload (TrickBot)", "value": "129ed7cec7baa00f2bceab4997b9eea582eba061", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535455, "uuid": "71ddf4b9-9cce-4e51-ac95-5f698431c484", "comment": "Malware payload (TrickBot)", "value": "9b2acf26ddac048ca4bce4e1644f1015f579dc2f2c1c8bc702acba2fad24c4adb2d1fd0bb203af9688db5b4f9a439303", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535455, "uuid": "671894ac-f524-48c4-add4-083f930bb336", "value": "T14A72D0F606102AEFA44A86666B5088A3FE4BF163CCAD7C885E9062FAC5F114F6525830", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535455, "uuid": "25524a2d-47c1-41bf-bffa-d336ee6b4186", "value": "384:3i8i5/KnzVu5wedMF51DGvUh5fAJjaDINaGPS6JNIRp5:365/M45wSY5gYfAZDaGPSxRp5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535455, "uuid": "19af3f6a-f7a8-4a4c-866f-86ae0c0e7206", "value": 17501, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535455, "uuid": "51d9a151-ce77-48a2-bba3-6fde1f88dad7", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535455, "uuid": "e578b337-8f08-4a72-b5db-285c8c2c53c5", "value": "2021APT-28_12042453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7baeea9b-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535081, "uuid": "791880b3-089b-42f4-a65f-bd8a1cb85b71", "comment": "Malware payload (TrickBot)", "value": "d418c8d973ee5ec4abc0ebbc660a135c", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535081, "uuid": "d62992ae-251c-4572-a792-283b9639800a", "comment": "Malware payload (TrickBot)", "value": "0f1d3fc163f73faa8c0331342efd9aac2d23810303bd3ab03cf4efebf2d0c316", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535081, "uuid": "b00ed426-d4d5-4b04-ab8b-8ec827c97bcc", "comment": "Malware payload (TrickBot)", "value": "f0904d9e786b3294f6901d6271c7bf02947c9127", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535081, "uuid": "112bc601-a88d-470c-b82b-e7e2a05d5981", "comment": "Malware payload (TrickBot)", "value": "a3f4d8ff224a0f7636a5f8dc249123ad556a8a2105d46aaf629047b26d36ccc8e0261a983f8d24572415deae343b2338", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535081, "uuid": "4046aab1-e95e-4b0c-98c6-61924d29d16d", "value": "T18682D09E59BCF9198D663B3B9A4A7CC95281EE61C4AF804FFF0B5F130D314692588C38", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535081, "uuid": "6e2b5238-f0f6-4445-8314-ac40e84bf4b2", "value": "384:XC8WSxHrX3RKMmoB5LtDM2iaoN0WF80bHIhC2Bk+bEFOD40E8GHnDWIyp05F:t9rHzmoB1tDL65Hx2WAEFOLGHyIP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535081, "uuid": "5a51bd93-2fc0-4f37-a6ef-c1b3a540ec97", "value": 19119, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535081, "uuid": "59701545-2604-497b-ab6a-60257eb85df7", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535081, "uuid": "eb558ef9-5b31-4c8a-b8ae-15c8f29d3b8f", "value": "2021APT-28_65346453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98c6ad53-f094-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627580657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580657, "uuid": "45d4a9eb-054f-474e-9167-1552a99a34be", "comment": "Malware payload (RaccoonStealer)", "value": "00198c27970e0bf383f9763bd4c7a9ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580657, "uuid": "9e7ca1bf-eb55-45e3-b830-e68468ba7fe7", "comment": "Malware payload (RaccoonStealer)", "value": "0f520e19f5601f23c1bf783ac0ded333f68fd1a171a0529fb5051505e30a0add", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580657, "uuid": "650d7670-c834-4fe3-8d00-67851ced7ee7", "comment": "Malware payload (RaccoonStealer)", "value": "1fa41d93ca97e92007632aa23111deee8479d6de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580657, "uuid": "adc52f7e-d99f-4140-9391-b6f54369d534", "comment": "Malware payload (RaccoonStealer)", "value": "a170d6fb5289b355459a634239225bfdded4ca476e67ad14ea1a1993b9534ba228cb6c73effa4fb676ce8c4351d08c45", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580657, "uuid": "8e28ab9b-d1a4-4967-959c-56615b39bab0", "value": "T1F5D4E030A690C038E5BB65F845B993BCB82CBEA15B3450CFA2D526EE82356F5DC31357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580657, "uuid": "e7510b24-efed-4e2f-8dc6-9f90767394a4", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580657, "uuid": "2561c073-8cf4-45af-8ae7-b6fcde47c713", "value": "12288:sEJhfcVCcW+T/+XXPQ2vZRytcB2QxnzWDj8qE0kCwD6C:jfyCGZ8y2BVdSDj8qQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580657, "uuid": "4bee8df0-141f-4100-a352-8c9e841d868b", "value": 607232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580657, "uuid": "dcf1c627-ed4f-4cda-9871-64aa10affb6f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580657, "uuid": "5fd21cc1-741b-4eea-aa7f-2d57953da334", "value": "00198c27970e0bf383f9763bd4c7a9ba.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8bd0cc8-f0a6-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627588549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627588549, "uuid": "93727cee-9ab3-44d8-abc2-935eb5f5c979", "comment": "Malware payload (RedLineStealer)", "value": "1bf2866754b5576e8181b118717a4781", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627588549, "uuid": "8d0a3985-0e9b-46ae-ac99-1c7abd1b35cb", "comment": "Malware payload (RedLineStealer)", "value": "0fb7d001e28f45c69936e416afbb84866b1d24d3c53a6f0cd3452a2272baa313", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627588549, "uuid": "a35200ed-4355-477c-9c1b-a15e0ec89167", "comment": "Malware payload (RedLineStealer)", "value": "07b94122552efb48d658331785a1c4c62454011f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627588549, "uuid": "e9fa089f-71a5-41f5-ae16-75ab63c1d1ed", "comment": "Malware payload (RedLineStealer)", "value": "f17df566804955e6e16727b64f0caa37d6192e3d871983f8c9f881f0edc92440ffda570d88f551e3baf1411d0edbe16b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627588549, "uuid": "3b0085d4-a422-4266-ba5d-96aefe714f0e", "value": "T12E84442868BFC01980E3EEA12DDCA8FBD99A55E7640D743701B4633B8B51B84DE4F479", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627588549, "uuid": "10f86fb0-1d6c-41f2-a784-572aa7cd7146", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627588549, "uuid": "866e682e-7cad-4050-a6d3-a51542c74198", "value": "6144:fM4Ry8K8EqakgEb3qeSagNV/svDbLpA5ApGW3OKn7Caok8umy:fM4Ef8EqakgEb3qeSagNV/svDbLpA5AF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627588549, "uuid": "fb8e61e1-65be-42bc-9f68-edc311d917c4", "value": 378880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627588549, "uuid": "60e7e7c3-4627-4b1a-af18-5019ed0549ab", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627588549, "uuid": "42d38d0d-da79-424c-bf70-5159069ff57a", "value": "1bf2866754b5576e8181b118717a4781.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92e99946-f097-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627581936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627581936, "uuid": "8afb84ac-39d0-46fc-9d1f-7359c67496d4", "comment": "Malware payload (Formbook)", "value": "2c79280e2f2b844fe611531a4fd2938b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627581936, "uuid": "94ea7862-0b53-48d2-9029-7565dc4828c6", "comment": "Malware payload (Formbook)", "value": "0fd4759551d1a32568250aac71951d0eec9d673e205644a45e9cbf2192de2c40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627581936, "uuid": "559698ef-6d91-4ccc-8522-cabb68070829", "comment": "Malware payload (Formbook)", "value": "fc3dc5190bac9432f7e09cc98a50abcb04c88b71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627581936, "uuid": "3132560b-0604-4be3-9180-89b081772d5f", "comment": "Malware payload (Formbook)", "value": "af2a76cee222ece1fc6e9f3497d274d4ad12fa91cf6fec0958803f251916219594cc9b77d9b679b3de5f3a65c3311115", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627581936, "uuid": "adecd2e5-925a-458c-ab87-f2cab00df7d0", "value": "T1C1340259DBD66264E1F7B2333BB72B818F1D35589C69E6CCFA451EB9B970480C828313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627581936, "uuid": "34900caf-85b2-4034-b0ed-b08f47a9b3f9", "value": "913f6d6ea2411a4c15c51f2a8b2b970a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627581936, "uuid": "75e63ceb-484e-4cef-a904-14ab701de53b", "value": "6144:FRQl0TMPxXFwgrrAtU5rIddZkLJtw94cJ5A+iFXIcP:vT0wggsraZktqWcJuXpP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627581936, "uuid": "9e81221a-e6df-41ab-aec7-8ad547cdd199", "value": 248658, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627581936, "uuid": "82f62410-9f0e-4069-a053-e1fa67226259", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627581936, "uuid": "446331f0-09d1-42b1-aa24-2aa19cc65a87", "value": "rock556123.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "242b0829-f0a1-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627586045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586045, "uuid": "08c916f9-9730-4f60-b643-f747a0d81251", "comment": "Malware payload", "value": "a0867d9089bda8af44c72a9165ed99bd", "object_relation": "md5", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586045, "uuid": "f57bb970-f6df-4fdb-9b62-c113168982ca", "comment": "Malware payload", "value": "1039602fc744770fbf900b6cb8f66ca8d751faf9e072130e5b4035caf046511a", "object_relation": "sha256", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586045, "uuid": "d7c4dc12-f1a4-4b43-a304-fbd3e0fee3aa", "comment": "Malware payload", "value": "0f39a6ea3fafef298685abe8e229f1d2bbefdea2", "object_relation": "sha1", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586045, "uuid": "e0d3fb7b-c9e4-4867-bcde-f343b5047a18", "comment": "Malware payload", "value": "386cfdf8341030220e4bbb4dbd818535f7b2568d2b51f16d5058c391de100377b49538b8cfec995f7291d95c8683f048", "object_relation": "sha3-384", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586045, "uuid": "a779f86a-a121-4405-a521-29b04544c1ac", "value": "T1BAC42303A396D46882FE53F458A6F7D0E772D782EC6C704E4782187D0B69F6C4AF9660", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586045, "uuid": "f2b7068d-4954-4511-a2b8-d626a28fd4b4", "value": "12288:o54cGJMEUX8DTJWg6KU1dV339r5uOM5ic4lP7xhrQH93XNX10:o54/UcTJnlSnr3M5iceTxhEf+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627586045, "uuid": "2a2a565b-f6b6-4037-816f-e1b43577f811", "value": 593710, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627586045, "uuid": "f0d06385-dcd3-42e9-8068-cb0390ca2c72", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586045, "uuid": "761d39ba-491e-4190-bd10-171f00a302e8", "value": "RFQ-110146.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "500c3f64-f092-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627579676, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579676, "uuid": "f06b882b-325f-423f-a6e6-667f8d052718", "comment": "Malware payload (SnakeKeylogger)", "value": "c9cfbd1c9147f53f778a2fbfb3c3fc78", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579676, "uuid": "1cede94a-8eb8-4bdc-9010-20c48ed3d273", "comment": "Malware payload (SnakeKeylogger)", "value": "108fe65a7d577684e24b5cfc1f31a99fdc2582077047a9ae7ee7edc9915125c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579676, "uuid": "5b7c6336-4b34-4f65-b6ce-06763f6b28f5", "comment": "Malware payload (SnakeKeylogger)", "value": "68e4c8322a77098b508b9d8031190626a04d07a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579676, "uuid": "b986d820-f4ba-43ec-a7c4-e6c6dd6e2dd0", "comment": "Malware payload (SnakeKeylogger)", "value": "d7a4b0b14f73661ac0409b3d980c5e0b82e2f8d6e92d41721f515e3171d6a3e4635372756e2c0a21eb1934970ec5acf2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579676, "uuid": "a46e28f7-5064-4233-bdd6-223741271056", "value": "T15C05AE2085C8DB5ED8BD0375175802B46FF0A852E2F1EF283F9585B4AC91B91F9BE316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579676, "uuid": "d82174f3-31e7-4a08-a513-2de59ec22739", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579676, "uuid": "fc3844d8-7636-4f87-86bc-9f6f5b09bb3f", "value": "12288:7lnB2RMII1cq7iS/d348b134vEZfw9A8nqX7SizQxXEAlCjMXrfNShyZn:5BSMIIy1S/d3Xen9vqXWq0EAUkrfNVZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627579676, "uuid": "153fec73-588f-460e-a36e-59208aa3bf66", "value": 836608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627579676, "uuid": "2affc9d7-9631-47ab-b115-a1a33579e526", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579676, "uuid": "3479187b-7216-4804-85eb-1363e302f04d", "value": "INVOICE - Q0002255 - LKJIN001 (29-07-21)-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01b43071-f045-11eb-875b-42010a9c0053", "comment": "Malware payload (AsyncRAT)", "timestamp": 1627546473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546473, "uuid": "c8fcdca1-1f3e-4e51-a203-007f46af0499", "comment": "Malware payload (AsyncRAT)", "value": "04197776e79da1798a4f0e00db91c260", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546473, "uuid": "d94fc1a5-f841-4565-9bdd-40db4acb1535", "comment": "Malware payload (AsyncRAT)", "value": "123254e65caf36bce659476df2d8cf316a00039bcf105fad2595093844e87d7e", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546473, "uuid": "4a78b81d-8dea-4486-813c-6a2e02a81c4f", "comment": "Malware payload (AsyncRAT)", "value": "48a7a02037d70145a97207dac9635fe21359fa12", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546473, "uuid": "4e1f0666-d571-4ae4-9a1e-7fe8d91bdb49", "comment": "Malware payload (AsyncRAT)", "value": "b2d5198d5f8ed894e256da7669282d8257649c3dce5b553d5d0bbd2c85bfe4339899be914dc428012883df38904d9a9a", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546473, "uuid": "85458f0b-7f5f-4688-8d74-2c9ddf7c9837", "value": "T144232B003FE8812BF6BE5F7898F25145857AB2A33603D5491CC452DB5A13FC69A43AFE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546473, "uuid": "4872cdf1-0491-415a-a21d-b1fae78e3551", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546473, "uuid": "6f6737b8-16c9-42c6-a6e3-c7a205047070", "value": "768:EuEeVTnk6gWXWUr+C1mo2qDbKjGKG6PIyzjbFgX3if9IwKLhXt9ahNBDZTx:EuEeVTn8Y2qKYDy3bCXSlIPjsdTx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627546473, "uuid": "435e5b34-2421-444b-957e-995eefc753bc", "value": 46080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627546473, "uuid": "ee06dac8-3176-4ef5-80da-6140c49da310", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546473, "uuid": "20ae61c6-720e-464d-bd61-8a67e2ccc2ad", "value": "04197776e79da1798a4f0e00db91c260.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72721f60-f08d-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627577586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577586, "uuid": "ca7ae528-6e6e-48e3-b197-f08178a07fe5", "comment": "Malware payload (Formbook)", "value": "0c90a502cf1d5e66b289b82a22fc1693", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577586, "uuid": "d821d11d-d600-4364-94aa-1a477489e710", "comment": "Malware payload (Formbook)", "value": "12d89c6e8e3ef2ec6ae4fda7dce291a2418a51daa9eba44a583ced847c9e4e42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577586, "uuid": "f1ce998c-eaab-49a5-9e7f-7f99d784187b", "comment": "Malware payload (Formbook)", "value": "b7309e98f9d8b58442a77e1619e4524efd7f6a35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577586, "uuid": "f468f9ea-d32c-4be5-b3e9-7eeb89ef4aae", "comment": "Malware payload (Formbook)", "value": "4ef11d87a32a3c87be91b82c00f933ccd96277893c42ddd3274c1fa04ab5f58701484d1273cd3921be6894df9a546b79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577586, "uuid": "438ee8a7-ab34-4642-b2c6-217ac9ae4d3f", "value": "T11655F028888C9FA6CC2D03750FA849341DF5ADA6B1B0D8AC3DDD71B0BBF2959D5B4346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577586, "uuid": "30430dc0-c92d-4460-89fb-92836f443c3e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577586, "uuid": "294c43e1-b890-4076-9352-80703c1eed35", "value": "24576:RZKjksXks2y8j19UAWU6rXVoHHsxZmJYis4xBZMN6Z7nsG/d60wZ:RZKaPUjU6rXVosx8J24xgN6Z7n8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627577586, "uuid": "43c9bd37-0709-4fc6-82ba-0043ba336acd", "value": 1332736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627577586, "uuid": "e85dcc32-f5f0-443c-927f-0083e3683334", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577586, "uuid": "26d03f62-4567-4d0d-9e49-8dafb9376577", "value": "Payment_Advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddf7554f-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (njrat)", "timestamp": 1627580343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580343, "uuid": "03b22830-5e01-4ac0-a9d0-9481866f5282", "comment": "Malware payload (njrat)", "value": "404eadbb772fa9e1bb8c1d70710ceddb", "object_relation": "md5", "Tag": [ { "name": "aggah", "colour": "#8F68CE", "exportable": true, "hide_tag": false }, { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580343, "uuid": "e491ce04-b1ff-45bf-9095-864b885998b0", "comment": "Malware payload (njrat)", "value": "13f297d03a1dea9495fbd57508fdf3bc1975954ed97338bb4d35adcd9e02536d", "object_relation": "sha256", "Tag": [ { "name": "aggah", "colour": "#8F68CE", "exportable": true, "hide_tag": false }, { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580343, "uuid": "26667d74-2c6f-466c-b3e4-71c9d4fb5603", "comment": "Malware payload (njrat)", "value": "18f8d6499158fd1e6d976d7ddbb3a19c9ff021ea", "object_relation": "sha1", "Tag": [ { "name": "aggah", "colour": "#8F68CE", "exportable": true, "hide_tag": false }, { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580343, "uuid": "bdb76b80-3fbc-4a7f-8e8c-86df47748e59", "comment": "Malware payload (njrat)", "value": "ce18ab977bab49255fd19af8e058a18b42158b50796fca0897902106054928f3e46020846f464490c6f51579f8a89af1", "object_relation": "sha3-384", "Tag": [ { "name": "aggah", "colour": "#8F68CE", "exportable": true, "hide_tag": false }, { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580343, "uuid": "4b08e2aa-2db3-45ab-9b1a-81d61ccaa0dd", "value": "T1CC2100243A0FF1354549E2C65DFA9A24F7AB62ABC5641885323CC188507B4EE29C3FCE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580343, "uuid": "908c1d06-dc0e-4277-acbe-d60cb3f6e99f", "value": "24:APQ1B03WktAzeArpIqmnAMvAN5STD69P1EI3SDKV:gWz5rK/AN5SPc1EI3D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580343, "uuid": "79999123-2b21-4d31-abb7-27cc19806d88", "value": 1136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580343, "uuid": "7caeb3a5-815c-4ee4-9b89-19dfc917a22c", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580343, "uuid": "e5586180-76cc-4263-8c09-dfb2e35a897c", "value": "Invoice #20291.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bba59990-f05a-11eb-875b-42010a9c0053", "comment": "Malware payload (BitRAT)", "timestamp": 1627555805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555805, "uuid": "7e687f82-8c6c-428a-8099-82b916aeb1f3", "comment": "Malware payload (BitRAT)", "value": "7538dd6e69d0c65d2dc0eb091c3ced18", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555805, "uuid": "cf972839-5cb2-44f4-94b6-0f466edcd127", "comment": "Malware payload (BitRAT)", "value": "142a30f9ba3c2e1efbdf15241721da3b20d7b6436761d3eaafdcc095dc681fc4", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555805, "uuid": "69719ac2-3b61-4cdb-b208-52546df1155e", "comment": "Malware payload (BitRAT)", "value": "9d91e4cc3c59c258ae2655119692c13c899d68d2", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555805, "uuid": "33c3a711-3cc5-4811-8cf5-0c4aa28d3e2c", "comment": "Malware payload (BitRAT)", "value": "02b9efd2d17f646c223fe5a81a7d683804fd1f14345f91ad377f4ab623a3bb201b95c5fbb07dd73cfbb17f2e4dd1be4f", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555805, "uuid": "772c667d-89a3-4897-8c08-ed009af13bba", "value": "T12506CF02FA46C562D2570230A96E77BA053CFD344B2085C3B3947A6C59B66D17A3BF3B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555805, "uuid": "10a3b163-622d-4544-8dfa-c49169195efe", "value": "98304:D77Pmq33rE/JDLPWZADUGer7B6iY74M/mmlwXVZaFB:L+R/eZADUXR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555805, "uuid": "7dac1f02-33c8-41fc-8a7b-4c7557a4380d", "value": 3969024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555805, "uuid": "32853dc6-383f-4a76-b36a-fafdfc1ca624", "value": "application/x-msi", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555805, "uuid": "334f7de2-0826-488d-b305-17ca1a685a41", "value": "spworks.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "236fa330-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627574877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "6d1eb36a-5bd8-4500-919f-bf9a27ee47c0", "comment": "Malware payload (SnakeKeylogger)", "value": "2efb7a094b303bdb0caf62dd8d676963", "object_relation": "md5", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "31a7eec7-b93f-4789-ab16-e96b0f3d11a7", "comment": "Malware payload (SnakeKeylogger)", "value": "14b33650cf6497ab5a9f973f61ca8b43ad33a0b1a85f378345f51855567f4d2a", "object_relation": "sha256", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "cc2ad494-06bd-4d0c-9c66-3ffd6814249c", "comment": "Malware payload (SnakeKeylogger)", "value": "70a4fdaff3eb7dcefe8b472a515341ad216c2e49", "object_relation": "sha1", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "59337287-7a6d-4f40-a530-41e6d6a30411", "comment": "Malware payload (SnakeKeylogger)", "value": "7cec36e42c1c63e8cd79cdee0e7f8ead34a297e45167b9acb6e9e0b139e562c9eaea3deedb455d072910ab136cc64b08", "object_relation": "sha3-384", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "e85005b2-7053-4e0a-bfb8-ff5d782cf0a8", "value": "T15205BE20858CEBADD8BE0375176C02646FF0A842E1F0EF683F5545B4AC91B51FABE356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "5407fa9b-fa2f-4741-892e-d8ec093cab4e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "fc45dc5c-b9c1-401a-9d21-8ea17985ed4c", "value": "12288:b2VrmcC2EsNa7iS/d348n0PhybuVj5T8h7GzULMMENOvgfXtUKA4qX:MrzVhlS/d3j6Vj5ghp2NOYqKS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574877, "uuid": "46c34a64-48a8-4127-ad27-adf5a1edecfc", "value": 864768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574877, "uuid": "8eec447b-98b5-4117-90da-12337e4b49be", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "2ba168b9-3f95-405d-a6b1-bef350f336fd", "value": "Einzelheiten_29072021.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4c36813-f03b-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627542532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542532, "uuid": "afe4ba73-a5b5-4dc2-ae7a-69653d8f8e83", "comment": "Malware payload (Mirai)", "value": "cb05dfe1bc686c127460563abe417d4e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542532, "uuid": "9c39ddbf-de2f-4f7c-9585-bc7f8814cf10", "comment": "Malware payload (Mirai)", "value": "17957f8b1911ad06c422dfc3359a1d8158f60374482b475f7c4a6533f0fbd6e9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542532, "uuid": "6dd579dd-f309-442d-8a2b-0f2e06ae862a", "comment": "Malware payload (Mirai)", "value": "20a3e107eba45c08ac34134f79d7636d45e9a4c8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542532, "uuid": "f02127a5-e51a-4479-9cf0-a0c3e8e623cf", "comment": "Malware payload (Mirai)", "value": "f69c26e30726b656cac279b6b45d8dc683525e0c0f17b1c60bfe69a04ca5e78c1c0c5fd696242134e7695029bf8d6cf8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542532, "uuid": "41d3ad2d-5214-46a4-aa74-339195a1f938", "value": "T19383E90ABFA00FEBEC6FCD3341B45B4539CD664622B52B757638C928B65A50F19E3C60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542532, "uuid": "91322d75-9aa1-4bd4-8f59-74d1840f7ee7", "value": "1536:FUcM84IlogCoDIonoIRElzUrEZyYMpiqIC/dfOZHlsyrj1kGjCn:7M84IldCaIwTzrE0/dfOt1tCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542532, "uuid": "c58af99c-cd8c-4ce3-befd-68d8b0d87700", "value": 86484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542532, "uuid": "aad5b85f-9437-42d1-b5f0-68d73dbef46a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542532, "uuid": "6299026e-d7fb-4c33-ac41-7cc51a2c2f19", "value": "cb05dfe1bc686c127460563abe417d4e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32b76c9f-f08f-11eb-875b-42010a9c0053", "comment": "Malware payload (BitRAT)", "timestamp": 1627578338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578338, "uuid": "ff7378c8-283a-4eb6-8f32-3fa24daf0a72", "comment": "Malware payload (BitRAT)", "value": "6a2cf7ab3cdc6f7eb2743a941d70e39a", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578338, "uuid": "7d6dd0ac-c338-4c8c-a1a5-921372bd38c1", "comment": "Malware payload (BitRAT)", "value": "185d25898a718d3e3ff6d12a3ad18f12734c73859ed4ff1993ce1e4a011485f2", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578338, "uuid": "7f4305e5-b3c9-47bd-b52a-b4b3a8b58f05", "comment": "Malware payload (BitRAT)", "value": "08dc28e43ffe977e4e8f0fd31b3a26d1684bea12", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578338, "uuid": "2cdd0cbf-cbc5-4f01-b402-0c91c6d9c0c4", "comment": "Malware payload (BitRAT)", "value": "c13113702731a889cdf2790df4e9ee65c92a423cef5354b75d721de80a2f673325942431413d729b7ff21252a71a1436", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578338, "uuid": "764d69fe-72c3-40db-8011-474e8539c93a", "value": "T1FDD30C21B3EC5248F2F76E79427545244B733DA98C79D62C0D9994AE0EB3F40CE62B36", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578338, "uuid": "a1381a11-1db2-4d0d-b31b-d6be34e52ad3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578338, "uuid": "c740f428-621a-45ca-9d10-930ea3612a98", "value": "1536:PwIOiU5aRa6u6etvWQUyyYDNIrzrqzzStminRnQQ/Mfiswog:YSIkWJWQWYeqzzStminRnQQ/Mfih", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627578338, "uuid": "db906a5d-1ab1-45b5-93f7-f1825e747ad8", "value": 133120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627578338, "uuid": "aa45ec54-20fa-4f7f-993b-8964e714c121", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578338, "uuid": "ad7cbee8-81b7-48ac-b92f-648f2a2fd5aa", "value": "6A2CF7AB3CDC6F7EB2743A941D70E39A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a71cece4-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535584, "uuid": "220c9f05-f9d0-4af9-9793-e867be8fcaf2", "comment": "Malware payload (TrickBot)", "value": "b1a088682b915be88386cad01bbcb781", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535584, "uuid": "51c84631-242e-442f-b41b-58d8c06a1b35", "comment": "Malware payload (TrickBot)", "value": "18ae6f113c0c96c8788a9366731dcfa398c9033ccfb0f3186bb2a149c483a6bb", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535584, "uuid": "ef7e5d10-e50d-40de-8313-297b88fb688b", "comment": "Malware payload (TrickBot)", "value": "e13e29c185713cd300bb98972ba87e6d0370ad32", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535584, "uuid": "c61071ad-3705-4f14-96b1-06ebe0e0c2a9", "comment": "Malware payload (TrickBot)", "value": "658d85669d48a3750c7f4c26ca843b36232d98861cb4fe83eb93c9b5f69f457325cb8929fe3b5fd53227c4d2b88d3a03", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535584, "uuid": "ab693b7b-8584-40de-b176-dd2bc17053dc", "value": "T1515355E82AD1E417338D2F17FE0A3AEAD1BA6C9796C47507D1587A5C24ED21BC5A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535584, "uuid": "d0f1e9cd-ba96-440b-a4d8-8f07751eacbd", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/o3:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535584, "uuid": "8110687c-9f9c-4941-b017-0e2704ecf546", "value": 63441, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535584, "uuid": "78eaeb30-4ed5-47d4-b7c1-dca1ca2e0cb0", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535584, "uuid": "543d1f7c-ad87-43fe-be8f-f4aa7dfadc66", "value": "2021APT-28_36090453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "035049c8-f0b1-11eb-875b-42010a9c0053", "comment": "Malware payload (BitRAT)", "timestamp": 1627592862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592862, "uuid": "36a2aa62-a05b-4c2e-aaed-7761602b0926", "comment": "Malware payload (BitRAT)", "value": "955ac34a2a20fd96b038376ec0ed5142", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592862, "uuid": "50ce8c2d-9ab5-4cc6-94c0-9770c24e3d4c", "comment": "Malware payload (BitRAT)", "value": "18b96a50da281d031e2ce58c2143a9c1bf4868c710bbcc61b7d147038b449e2b", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592862, "uuid": "d589c3bf-341d-4e05-825d-c80b68723ebe", "comment": "Malware payload (BitRAT)", "value": "d38a1ba30cd2711ffb46fa72bdaf0f29cb7d1964", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592862, "uuid": "d13946b4-6c4a-4e1e-840b-7bb0359181af", "comment": "Malware payload (BitRAT)", "value": "0c6283f8e40bc26fbb065a0e501e3a5bc22557642201b951e57dc5c861cf9865addc792f1133a7f986a2225de0318cc4", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592862, "uuid": "3f52e3e3-368d-451a-8e2d-4bd170d28989", "value": "T1818522307AA0D436E1EB56F981B593A9B81C7F71973440CB62ED3AEA52322F59C31347", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592862, "uuid": "b59074eb-603f-4632-bc19-36e83e2a02e1", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592862, "uuid": "60093f02-e7a4-4507-a284-db35604a5c50", "value": "24576:ufNb0+uSi+JZxvZZHUqDBUP+OeEQIehk8BylYTiKjX8aHEYn0NLG8drnJviDEAoL:Oi+JZplKP+OeIO5CUgLG9DWKDEb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627592862, "uuid": "85426355-d0dc-4994-ab89-17f86f5777c0", "value": 1801216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627592862, "uuid": "08328899-7d33-494a-b24a-a938e8996ef0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592862, "uuid": "bdcdc0a5-d0fc-466a-9946-b40caff50a96", "value": "INVOICE2021-07.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d362cafc-f0bc-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627597935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597935, "uuid": "ae479533-2b6a-4425-8ec2-514fab75776e", "comment": "Malware payload", "value": "ee0db0d992b91602dc370fd3b289e040", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597935, "uuid": "38dbe0d4-a35a-4fe1-8f2a-07bb305e6aed", "comment": "Malware payload", "value": "1999b409b4fdabafe9343b5a7d3f4ac0a019fe8f1f5d7ca3caf9fbe051c01ca8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597935, "uuid": "77cb1c09-d17c-4c7d-bf1f-f49f9915f51a", "comment": "Malware payload", "value": "10413c0c637d0cfcb6c56d3b912d6b40b3e69543", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597935, "uuid": "1161698c-2395-4a4b-9818-26256f5de173", "comment": "Malware payload", "value": "0f7c2b5e20f761000c14269f52bde0da7e925bc5a33da6be2522fb01fcd7c9a0613e32058a20ff336abc3b839a3d6cc3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597935, "uuid": "8ac0ab96-4fb7-4c8b-b71a-f5ec997dd257", "value": "T1E90502735641AC85C8A71532D402E9758F32AD174BB211FB799C3E067B3BA53832EF29", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597935, "uuid": "2fb8a576-62c0-47db-917b-52f77df41833", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597935, "uuid": "bdcebc2a-4790-47be-a1b5-51c4bf264320", "value": "12288:hdmDH6faxM31tqsf4oeOqrXj9AR5dn3d26lsMYRFTJgrfMDJXKiOp5O8kpnES3s:hdwaQM31tqm4MOCld2678fVaiO5Qn3s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627597935, "uuid": "027c56bd-295f-48d2-bd22-3aff81b19e5e", "value": 808448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627597935, "uuid": "e1f988d5-80e3-4f08-ac37-77b1f94eeb91", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597935, "uuid": "3376fd2c-25f2-4211-a3d7-07704195a962", "value": "Adrienne_Voy.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5281d239-f041-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627544891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544891, "uuid": "7d919c83-0e75-4eba-800d-404f654f6fec", "comment": "Malware payload", "value": "a4f0737d78567dedb5d5a9125f75ae52", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544891, "uuid": "06351a0a-b841-4277-bf9a-8908104ec1d5", "comment": "Malware payload", "value": "1af0cf5441051d2de05b123c9dfe4a5ebfd368cd6ad0e7ea0556b282c24d4d0f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544891, "uuid": "458d9202-80d3-4968-850f-a857a961ba4f", "comment": "Malware payload", "value": "50ddc5973c49494ad2634a8eda4fba08e2c708f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544891, "uuid": "cb04e07a-f5ca-4d10-b44e-eb2c3a07cb43", "comment": "Malware payload", "value": "6fec991a94ca530c9b140f8966959fac5c2077bf68d275a57ea048e8d76d7c39d4af9275c65a360099bdd8f30e56eba7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544891, "uuid": "06ff67b4-1c47-4367-ad72-477afe163112", "value": "T17755F131898CEF9ADC6803751F4816741EF18CA7E370D5683D8E72F0A5F0925DABA74A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544891, "uuid": "cfbaf861-9d13-43b0-95e9-2d55faf89b2b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544891, "uuid": "15f1f2ee-e69a-4bdd-bcf7-4e6a304c553f", "value": "24576:GfS/d3jKzksdks2y8jvV13fZL5ijEAN3XQNABQS6KsE5fzMeIryphW4LF6e8N6Z+:nKADZL0LNHCPOsE9LJh7LEN6ZNg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627544891, "uuid": "519444a0-eed5-4e54-ba99-536084af1dda", "value": 1404928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627544891, "uuid": "ad8293ef-5ecc-4864-8598-928105a79642", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544891, "uuid": "2ba544a5-f4b4-4dbb-9508-4a041457d6cf", "value": "Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f42a69fe-f029-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627534854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534854, "uuid": "061ec8a8-a146-48e5-983c-fb84f4f56598", "comment": "Malware payload (SnakeKeylogger)", "value": "471d0946334187943f3c21f48782585b", "object_relation": "md5", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534854, "uuid": "d04d241e-3815-4a89-8488-603952db84c8", "comment": "Malware payload (SnakeKeylogger)", "value": "1b4ea4b952c900c367d633a1cd94cd0a158e40f91e82cf6efd3593d4c655df6f", "object_relation": "sha256", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534854, "uuid": "efda4655-5b12-46b7-ae85-207d4777570e", "comment": "Malware payload (SnakeKeylogger)", "value": "d0d275ba1f6d59258f97176298d1a4822b9274fe", "object_relation": "sha1", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534854, "uuid": "98f02f66-827c-434b-9297-67efb2a7db4e", "comment": "Malware payload (SnakeKeylogger)", "value": "6972c05fc2be76e6b7b3296e1b61c0a8e48e64701642d8a84247de4494c3619e9579a1d3c8724348ccac545890bbe3b8", "object_relation": "sha3-384", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534854, "uuid": "6619e80d-4eb2-4fe6-9410-207acf3b7d86", "value": "T1A48423618FFE2133FF245A56F296B87B45111E7FD633E83116B4EF600242981BAB3694", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534854, "uuid": "3a58cf65-acb5-43fa-9815-8040bf697e99", "value": "6144:yQHlbihUYfxC3TPgwSG2NLyB2JpczLKH5zGmUo4xdu931z1xE0wglnj6Xp3pW99s:yQFbilp4EwrBouNrO9lz1xPvWks", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534854, "uuid": "c05fd78e-c287-4c11-a5f5-e384fa1d2faa", "value": 385690, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534854, "uuid": "6ad9a1c4-8b6e-4abb-a0c5-c6de7c2afd50", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534854, "uuid": "d4f2138d-845f-46b7-b139-257dbf421dcd", "value": "New Order EF56446.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e09c071f-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627548565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548565, "uuid": "acb864a9-0818-49d4-81d8-f023a2256ed5", "comment": "Malware payload (Smoke Loader)", "value": "c1b707cdbe2f9c5939e1320b389e58f7", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548565, "uuid": "1bbc88eb-76cb-45cd-8db9-4efe2d53fb66", "comment": "Malware payload (Smoke Loader)", "value": "1bf74cb8e8298fe42ed4956def3e9fce1d095a138516487b378935455223d112", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548565, "uuid": "1ef6ce9b-332d-41e3-901d-90317724dda1", "comment": "Malware payload (Smoke Loader)", "value": "57e5a45f5cd7c9961004accaf09b743ae0b76471", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548565, "uuid": "8a482f79-8b4c-4382-b7d2-b907ff3887ed", "comment": "Malware payload (Smoke Loader)", "value": "749d48e21ea4431f2c5629dce257fc47c479431e07841fd6b93639dd5ee26dd38e8b79ff85e165bedcd6889111e690c0", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548565, "uuid": "1965b55e-bd73-492b-93c1-2454d300bdd9", "value": "T14F449E30AA90C035F4B722F856BAD36CB82D7E616B3450CF52D51AEE06346E9EC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548565, "uuid": "7c03e7c0-1569-4347-8826-6150bfe87256", "value": "255f8d5c29d68d23ef9b098d124cc19f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548565, "uuid": "de08bb37-d5ab-4acb-b379-d7ab268b62d4", "value": "6144:c0+yFTourXR6xiUZdZP4Ae9XZxmFXxRCuAb:8yFEurXR6xldZP4N3mRxRJA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548565, "uuid": "b8876d82-35d0-4c66-ba41-9ffa48a2aafe", "value": 266240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548565, "uuid": "386292cc-bde1-43f5-bb49-01fd225145fc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548565, "uuid": "7ae6dc08-c0f1-4f9f-8e5e-b9af5a94887c", "value": "c1b707cdbe2f9c5939e1320b389e58f7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f694b4a0-f085-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627574372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574372, "uuid": "6f6a9612-77bf-4263-91aa-39037a3b91a0", "comment": "Malware payload", "value": "90eb803d0e395eab28a6dc39a7504cc4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574372, "uuid": "9d5b2012-58ff-4fd6-85aa-7382708bd514", "comment": "Malware payload", "value": "1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574372, "uuid": "320217fe-c6b0-485e-8a33-9d272175c07b", "comment": "Malware payload", "value": "7a0410c3b8827a9542003982308c5ad06fdf473f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574372, "uuid": "140f25cd-6ce0-4fdf-be70-6c3e7555b684", "comment": "Malware payload", "value": "9202abf60f3be1303d4131b7c7ca7da3c1b29e86cb866023229df5cb694299fe4f67dcc5f1062a13b5ce6bc3812b451d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574372, "uuid": "55222a02-1438-40f1-84b4-a47d6a2d3410", "value": "T1B87501387D88CED9EE5E0736CB8E0168AEF0895170F1D6763E5D32359980A27F8786C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574372, "uuid": "b5752aee-fc07-4bf0-a92f-cf4a00bbdb3a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574372, "uuid": "4923524f-1853-419d-a0b7-a704dafec2c3", "value": "49152:wtKkGZirUZUAQAh0QETjHW3iFZmBN6Z7:iKnMAULnFHHEn4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574372, "uuid": "f8195de2-05e1-4a10-b02a-c6584add09ea", "value": 1659904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574372, "uuid": "eb2cfaaf-2e5c-4655-b1e7-42c4325e4f82", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574372, "uuid": "5694e2e8-5c15-470b-b5aa-9991f711eeca", "value": "90eb803d0e395eab28a6dc39a7504cc4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bd9c2cf-f094-11eb-875b-42010a9c0053", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1627580635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580635, "uuid": "7298890d-2944-4ef3-912c-892bc852db0c", "comment": "Malware payload (ArkeiStealer)", "value": "0885a80ad7eb86de69423569774b5fc4", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580635, "uuid": "b4e2281c-703f-4b22-aa0b-f74d0c21afbe", "comment": "Malware payload (ArkeiStealer)", "value": "1d3d7f1b094a1a1207d4c9d139fb288109ebf20d2872c00071e192553e750744", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580635, "uuid": "3e341d66-b994-40da-a653-70fa4131df15", "comment": "Malware payload (ArkeiStealer)", "value": "1481f2d299eef8be4bf7eab7209833914989749b", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580635, "uuid": "167b5d13-31e2-4ec3-8366-3144b8cfb4e6", "comment": "Malware payload (ArkeiStealer)", "value": "b932964213fbe1f50fd7d2ae98ebabf501102b7788cab83a83a715aa2d8ea4528a22b094eeabb4f3b549affd3fa8bbc9", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580635, "uuid": "436c2085-d5a9-49d2-872e-562c191534a1", "value": "T160E4F130B690C036E5B726F844B9C37C652DBEE2AB2441CF62E436EE66356E49C31747", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580635, "uuid": "bfb20b95-e8a3-451f-9969-d3dcbe45f329", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580635, "uuid": "815e7f3c-6219-486c-a716-431e5f07314f", "value": "12288:Vu2DH2w1NhqLh1Mkxcs4h8ByI9bJfOCNZWwK8oRnR06b62:BHd1GtEbOyQwCNYw9AOQ6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580635, "uuid": "d0151b6e-4660-43ca-ab45-f075f9998e78", "value": 691200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580635, "uuid": "6ff27cd6-be12-4f2d-9f24-48ba2ac9b0ac", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580635, "uuid": "d2f7e486-f7db-43ae-9ebb-3571bcca2452", "value": "0885a80ad7eb86de69423569774b5fc4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37a05c7c-f06d-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627563744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563744, "uuid": "87a4800e-8a97-4dd6-93ee-860deeb845fe", "comment": "Malware payload (SnakeKeylogger)", "value": "3486a4225000e1a6c18d790cb47f4bb4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563744, "uuid": "d0c34b3e-f3f5-4679-8559-719ca1ff9a5b", "comment": "Malware payload (SnakeKeylogger)", "value": "1d3dae6be6290d3aec300cb83809ca29b5c5b8b8a9c11cd78bfa73ed9d3a43d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563744, "uuid": "4d179ac2-bcb6-47fd-8b86-c504db30b37b", "comment": "Malware payload (SnakeKeylogger)", "value": "51efeb82759821c381e9a735bba09d7db51a488f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563744, "uuid": "3862ba50-8240-4096-9a81-d9adb6ebf521", "comment": "Malware payload (SnakeKeylogger)", "value": "13769e6ce1ec10d1552446a8d32213650df27898b556f17baad4768a2d79d73e196f92da033510b39d79997b8b24e59d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563744, "uuid": "fc925e71-19ea-4690-97cf-606772774c4d", "value": "T12645E028C98C9BD6CC6C03740A9846346EF1ADE6B1B0D8AC3D8D75F0A7F2E15E5B5346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563744, "uuid": "3c61b223-7ee9-4ee9-ae3a-7bae7973cea6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563744, "uuid": "48cc5f4f-a37d-45e1-ad46-e13fb2f0f23d", "value": "24576:kIS/d3/KVksGksTtHuotahrBpaRjX2py8jPYN6Z/ZZ:+KCJzta9B8RYwN6Z/Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627563744, "uuid": "7c5d70ed-1612-4745-a0d5-922867c288e6", "value": 1233920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627563744, "uuid": "1fc6266c-9042-43cc-89ec-9c8c30292fab", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563744, "uuid": "01b68f4a-8bba-4758-9fa7-e93895320424", "value": "DHL-SHIPPING-DOC-PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2966bad-f04f-11eb-875b-42010a9c0053", "comment": "Malware payload (DCRat)", "timestamp": 1627551172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551172, "uuid": "4a576378-2a0a-470f-be76-da1bb57bd329", "comment": "Malware payload (DCRat)", "value": "cd0b926202baba9c26fde1d71e6b38a7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551172, "uuid": "ef65b475-447b-490a-bc92-99da3e10b8ea", "comment": "Malware payload (DCRat)", "value": "1d50e2d78f933c77c53253df393839673c730d3aed70610b579bd178aed3a1ff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551172, "uuid": "309c630b-40fd-4229-8eb2-39ca4d86db42", "comment": "Malware payload (DCRat)", "value": "4adfcd6234a5ac50ef78cb1f50b95a8163050783", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551172, "uuid": "f3ce9a02-bb6f-498e-b309-c07d58695405", "comment": "Malware payload (DCRat)", "value": "30418bf188c19b85a18aea12e25b22bd6ccb93a4ba41bcddf6a412022d8be6367d16d3d5df88c9dde2aaf936c917719f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551172, "uuid": "7c405619-d4ae-48b5-8e7a-d99d6230db44", "value": "T1C14528127A4ADD02C0691B37C9EF843857A8FD417B66DA1A7E9F335D60523A70D0E2CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551172, "uuid": "91817466-f101-4415-9f95-518e5e9296bc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551172, "uuid": "ff85c8d8-ad2d-4caf-9d68-0d2f81a14cad", "value": "24576:2clIzew7NGwa5aJkMi2SwTwKYTPkpD+4:gp5kISMczF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627551172, "uuid": "94075957-ebb0-4356-95b6-384ab307459f", "value": 1242112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627551172, "uuid": "c2f52c8e-e143-41e2-8fd2-47b502fa1b26", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551172, "uuid": "74fa0440-1421-4807-a0c9-52bd0c44ec85", "value": "cd0b926202baba9c26fde1d71e6b38a7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11ae2f08-f060-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558096, "uuid": "2b8f14af-ff35-448f-973c-437e51ca1d84", "comment": "Malware payload", "value": "59442e94eade947216a648270636ce92", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558096, "uuid": "da54551d-8051-48d1-b783-a4d7673820be", "comment": "Malware payload", "value": "1dc0359eed7876256fff7187db4e9a9b3a1f5e9b84cf31044a4f91778eda2f8c", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558096, "uuid": "439fa05a-d0d6-4fad-aa6d-5231880b20f4", "comment": "Malware payload", "value": "3fea2b4e74fdb680e3ebecb5a6618fc143361b01", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558096, "uuid": "9c9b43f2-6700-4c68-8e86-3157501318fb", "comment": "Malware payload", "value": "5a48491dfee2a18c3e1c730ff23ed5854b29acd5eb572825945aa4834788f4b18c0a6d6d19a60071ba02d6c96598a9a1", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558096, "uuid": "fb151f58-5a34-4844-a682-44db9755d422", "value": "T172552230BE541619E74356F9CB9EDD988A74AD1D839080BE718D370EE43ED2285B33B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558096, "uuid": "57952b2b-4043-4a59-ba94-2eeb8e772f0c", "value": "24576:X7n3kiL/seBufSq5hlDfon/xi4/RiVUjzXFojHb+Nq7cpPWnIxxuTrXJ:rn3ZTSSq8V/RyUjhAeieuJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558096, "uuid": "d9c55586-025c-4fe4-a90a-0225897537bd", "value": 1325568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558096, "uuid": "65535361-b37c-43fb-abd4-24c1510d7ab7", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558096, "uuid": "67a48d38-c162-4d9f-9db3-c7009044a1a6", "value": "Honey Requirment.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a075a1b-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535052, "uuid": "b0b4b47a-b971-4d5b-8497-ce9717c0f3d1", "comment": "Malware payload (TrickBot)", "value": "6e97d3248be719d62ab5371d03f5588b", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535052, "uuid": "f821b71d-4bd3-4fd7-8acc-1be3b1a6b2bf", "comment": "Malware payload (TrickBot)", "value": "1e66c01d3e2c896aea6f9608ac121048bb93fc182a61d6554ed92052fa638fc8", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535052, "uuid": "50dbbfa4-062c-4497-a7ff-ebd5e3052b8d", "comment": "Malware payload (TrickBot)", "value": "3a6af84d1cd133c603eb66f15e082995ea03ca8f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535052, "uuid": "35252c28-f1eb-4a81-be40-f0e2c79d3dc7", "comment": "Malware payload (TrickBot)", "value": "64c932763888ef9bca87956b77903f4997b1cef567ce1510f63a056260fb401b81477abbc5fd1b3b1acb6ab9de08f9d0", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535052, "uuid": "6f57abe0-9c57-46be-a178-9b9628c0e580", "value": "T15D83ECE82AD1E413338D2F17FE0A3AEAD1BA6C5796C47507D1587A5C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535052, "uuid": "22693e9d-d05e-4b27-add9-acfbdfc145d4", "value": "1536:EzaOOiannvsqGDSEI9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8B:EGO2kqGDfI9Ry98guHVBqqg2bcruzUH3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535052, "uuid": "1c391c69-a36f-4d8c-914a-a62222687b50", "value": 82465, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535052, "uuid": "55db1a32-ff08-44db-908b-98cadecf65cd", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535052, "uuid": "bffd801d-c2bd-4f51-a865-58005a722ecc", "value": "2021APT-28_33816453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc91073c-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535190, "uuid": "2beb7c0d-d502-4040-a540-cbe15b4c9e07", "comment": "Malware payload (TrickBot)", "value": "56926f7198e89403ee85c4902cbe3750", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535190, "uuid": "dde970e8-1540-4b62-ac73-eae1f48df167", "comment": "Malware payload (TrickBot)", "value": "1e71a41e86585e59352f8c6634999484d3279c9858b5edcdde596e157d5b1c8a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535190, "uuid": "297c0505-8bf5-418a-bd49-3dc2e33bf80e", "comment": "Malware payload (TrickBot)", "value": "74057e83b202d37bb2a368c1d38b9d653bf85e5a", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535190, "uuid": "1f7b3120-de7f-432b-bfaa-5e5fa4b8b5ee", "comment": "Malware payload (TrickBot)", "value": "88cfe2f4bcfa425a280447ac10e43a77094bb4ee2853a158ee2d0684a1b8ec560bec1e9f0eadf6d670f43cd6ec4d5446", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535190, "uuid": "0925117b-62a4-42c3-8295-5c4fcd8ec11e", "value": "T1BEC3A2E86AC0E417338D2F17FE0A3AEAD17A985796C43607D15C7A5C28ED11BC6A0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535190, "uuid": "78745da7-231d-4539-9318-aeac19e70656", "value": "3072:HYUo9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5f:HYR9Ry9RuXqW4SzUHmLKeMMU7GwWBPw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535190, "uuid": "905d4ea4-ca33-4c85-89dd-038624c5995a", "value": 124255, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535190, "uuid": "9c8692d6-98ec-4931-894f-12fd9ace8db4", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535190, "uuid": "15b84e7a-8937-4abc-826e-3842b473443e", "value": "2021APT-28_43734453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f4c1ab3-f04c-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627549529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549529, "uuid": "839fcfa0-97c1-4dbb-8bd7-52be6970c007", "comment": "Malware payload (Loki)", "value": "27e3f4a8ea3e5f82c0e363527f289985", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549529, "uuid": "3dd616be-294f-4197-b4d7-c0d108e2f0e8", "comment": "Malware payload (Loki)", "value": "1ff53011d1b3d8598e8244aca7539ddd8ffc9e205212de251e06457d18fa8b95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549529, "uuid": "96ce26fd-5ef0-4993-be03-e791daa5c31c", "comment": "Malware payload (Loki)", "value": "f9c1b4f09b93df48e2689113f4505a51e01ecae6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549529, "uuid": "67c5147a-09e1-42c2-8edd-0bde1e0b9f61", "comment": "Malware payload (Loki)", "value": "bed2bfc539a00593566c607e59bd99724c73af7f5d4c33ae75f147098b0b4d310e37677d2a95c60b341de7d1ac0c83b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549529, "uuid": "c6ea407b-07e4-4e83-b1e2-79cea899451e", "value": "T166259D2576C8DA1AE51FD3768EDF901047FCF9023D72A768AEE223B90905F61D9301DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549529, "uuid": "527d03c7-8a6b-44b5-9edf-405b3bb08204", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549529, "uuid": "93eb8973-90cb-4a89-bf15-b777a687b9b7", "value": "24576:FZjc7gpO/d3FK64JCTxsDsZXr/REyCz1:FtsK64JmswZbZEyC5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627549529, "uuid": "b18d8e90-4826-44e8-8d97-6c6ceaff1659", "value": 1014784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627549529, "uuid": "58c6109f-d0f5-46c1-83f5-0eeae1cfeecd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549529, "uuid": "c06eaf4a-5fd0-4cc7-af72-187ca6cd8147", "value": "PO 210729-012.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d806089-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535460, "uuid": "3b3b296e-739a-43a9-928c-7d7945174c77", "comment": "Malware payload (TrickBot)", "value": "8940d5f7c4768dcce6927c90dec68b10", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535460, "uuid": "5a10fad1-22f7-42f5-81e9-fa061e840473", "comment": "Malware payload (TrickBot)", "value": "20895ef8afad999c8eedcaad1b426a1291dcc96616b971cde3fc669c8a5c4030", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535460, "uuid": "3f02c4cd-a392-4925-8aa1-4bb64bcb0b20", "comment": "Malware payload (TrickBot)", "value": "4ea7a8fae326b9e205f397d8703632d398924e60", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535460, "uuid": "410c92a8-7252-450b-8c9d-afdd657ad089", "comment": "Malware payload (TrickBot)", "value": "de03c682d4f87f39d463312ddaf63fd27462bc874087a5dcf1dae8879011e2cde043d6fceffbdad49a5fc63c0eb6798f", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535460, "uuid": "d5da8734-9a97-43ab-a483-ae1aeccfa507", "value": "T11D5366D82AD1E417338D2F17FE0A3AEAD1BA6C9796C47507D1587A5C28ED21BC5A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535460, "uuid": "e46a5379-858a-481c-9295-2f3bbf221f4e", "value": "1536:Y9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oC:Y9Ry98guHVBqqg2bcruzUHmLKeMMU7Gw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535460, "uuid": "d98125ae-e853-4f3c-b79c-ae240eeea0c9", "value": 65190, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535460, "uuid": "b25fa83e-04ca-47d7-8d13-84fd885809d3", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535460, "uuid": "d80da333-27d5-48a0-b669-c6cd2c99567c", "value": "2021APT-28_12042453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05925395-f03f-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627543903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543903, "uuid": "be9d2aaa-235b-4cc6-852b-59deea4257ba", "comment": "Malware payload (CobaltStrike)", "value": "f9ae6f0176d3f38a907d621919388bf7", "object_relation": "md5", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543903, "uuid": "332530e9-34f6-4f34-b995-a607c26f3bb7", "comment": "Malware payload (CobaltStrike)", "value": "216c8471db4ab3a785f395c8c059d767798a6ffd5fbbf6e72f745ea506bd1cd9", "object_relation": "sha256", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543903, "uuid": "00ecb3bc-c7cb-44b7-b4e4-bf7fd63767e3", "comment": "Malware payload (CobaltStrike)", "value": "0100c78b500f842281cb0636681d0617d0246265", "object_relation": "sha1", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543903, "uuid": "3ba7823a-ebf8-4f26-963a-a8127d9ff1f6", "comment": "Malware payload (CobaltStrike)", "value": "796f0bf5ac28fc0be9787c802a9c535da67c3276200f63c9ebeaa29edd850818d028bd091c7eca12fda551bac67355dc", "object_relation": "sha3-384", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543903, "uuid": "d10d2367-7fe6-411e-81a3-f38705121b7b", "value": "T16354CF6CEE4679DDC9CF0F7746386D3884DA52724F3D965DFBE88082450A83074B9E4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543903, "uuid": "7883eefb-54dc-41e4-b5f0-433489171ae8", "value": "dc25ee78e2ef4d36faa0badf1e7461c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543903, "uuid": "61bf6fcf-f623-4ea9-88ec-0a00ec92c88e", "value": "6144:wRzoaqryHIowleF0Lp7vq1ylc7nx9xN7pWP+t:wuTrwhwleFMp+gWplW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627543903, "uuid": "c19ac1f8-5cad-4d18-8d8f-28588b937b69", "value": 284672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627543903, "uuid": "fd8b6a0c-3e3b-416e-9eae-9d6047dd9293", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543903, "uuid": "6e443e36-17a1-4d9f-8639-b18c7c112a91", "value": "216c8471db4ab3a785f395c8c059d767798a6ffd5fbbf6e72f745ea506bd1cd9.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4874dba-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627570906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570906, "uuid": "f771325b-4eab-4a02-a457-352a114ef700", "comment": "Malware payload (Smoke Loader)", "value": "a76bc7f546c4423ef67f11625578abc6", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570906, "uuid": "63534bfe-7902-4e5b-a9c7-5b1dd20d485e", "comment": "Malware payload (Smoke Loader)", "value": "22d1c9fff60aa2736eb351ba23eeafe4a2abd0d7144693066b2b392862c9e209", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570906, "uuid": "7909f177-eb8d-451f-9f45-582eaffd731a", "comment": "Malware payload (Smoke Loader)", "value": "a1b4b37b727dffdccd8f62fe7b5b5d164e83ea31", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570906, "uuid": "9141ae0a-0b74-463d-ae6d-c99abbcef500", "comment": "Malware payload (Smoke Loader)", "value": "48df7795c493b00dc243807d474636a0042ddf3537e5821d330131a058c8818c41a7c043dbbc34fcc6d99be977f09c4b", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570906, "uuid": "081bb886-7468-440a-b713-ef1ae80da8b6", "value": "T170748E30B690C038E5B716F845B6D37CA82D7EA25B3450CBA2E536EE56356E4DC3039B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570906, "uuid": "4943d92b-19c5-4790-87d0-1d53c426ada0", "value": "f69d275c0dda431bea9e1980bd7b9759", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570906, "uuid": "2fbf45a9-2361-46ad-bd99-ca9627026502", "value": "6144:vPdL2D/MKVDgEynzog/dydqsEvu49ws8TIpXfYAss:9L2bMKVDgEy0g/dUBFTIpgX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570906, "uuid": "9e8c5e9f-3174-4000-a155-3aee4c5627ae", "value": 348672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570906, "uuid": "3b9adc34-5b6c-4173-8dcd-36efac201a85", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570906, "uuid": "14e22466-748d-42a3-9d4c-c1c6320e93ed", "value": "a76bc7f546c4423ef67f11625578abc6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6aef5319-f089-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627575856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575856, "uuid": "cc841731-816a-42c9-a938-e1d191017474", "comment": "Malware payload", "value": "f9403f5b6853a153df2c4ba4c6e36dbb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575856, "uuid": "88e863f5-fd81-436f-95e7-bf99418524ec", "comment": "Malware payload", "value": "22dd8611d03e9f4cfb6e55ad748bc0fd1fb7377f5f39b26c843069a3dcf5b947", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575856, "uuid": "25a66f2c-5c4e-44c8-a70d-d9f5685eb1fc", "comment": "Malware payload", "value": "6af498b309e0572b8e8cd762035e831d8949fa3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575856, "uuid": "4c21d60f-7854-4f5f-84d5-d38f8a1b1f51", "comment": "Malware payload", "value": "9385c865a0ef0fe1a73c0fdb4673d9cc652ce5726256177105c3e25e8e67858e76a6397194357b3da6612640030cced2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575856, "uuid": "5a6c9af1-168e-4720-9ed3-30a2d0454cab", "value": "T11E26339D7342B6CFC95BD4328D481C74AB40A43B1B0BDA4BD4D36AEE991E8C7CE541B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575856, "uuid": "2ebf2a8d-ce36-4a63-b993-81128932312e", "value": "49152:kA/PGAQXPjYkOnkCZ2NekFoOQp0MOil+gAC0iSOiZINsbLuJUCKIWdKLthOQ+SE8:5GrXkkQE5Up0Vi7rvsu7Vq9eRtclw3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575856, "uuid": "8d7635a7-1f8a-4e56-a511-7604f568a9c2", "value": 4514304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575856, "uuid": "8b4be723-37aa-4c19-9232-71be2a203757", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575856, "uuid": "22a1964e-cea2-4bff-ab19-e64f48e7344e", "value": "f9403f5b6853a153df2c4ba4c6e36dbb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b784b40-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (DCRat)", "timestamp": 1627558140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558140, "uuid": "6fbc073c-37e4-4ddc-844c-9a8d81c4526e", "comment": "Malware payload (DCRat)", "value": "cc982bb10719da0325bdd790df6b3a03", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558140, "uuid": "103bc2f2-313d-4681-95e2-f687b97ebf49", "comment": "Malware payload (DCRat)", "value": "23b110e0a381abb4d44bd7e2906548429ee426d9463a02af31dc3dd98c044341", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558140, "uuid": "63d73cad-2a0b-4a86-b42a-4bdd672ec682", "comment": "Malware payload (DCRat)", "value": "50e130f64cea1540aedc89b8f2a3b89098251899", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558140, "uuid": "b2c8540a-b5d2-4bf9-807c-3d025ecaf20f", "comment": "Malware payload (DCRat)", "value": "b05d544133d0f4da3132c530aa3491120dc2c67d3390529bccb11d77be7d2bf432403ae4a17b8b46e7229e715d542f47", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558140, "uuid": "3366df6e-9a31-4138-8490-1c31519b5cd9", "value": "T1A4F41A242EE95425F17FAF7D95F0799A9B7EB6637713990E00A103CA0A13B41DDC0A3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558140, "uuid": "4aa6ff92-5a6c-4518-86fe-8a788c12a5cc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558140, "uuid": "bc3e9684-6860-48c8-96de-bca8b9b59aa0", "value": "12288:7qnOM2ixO3YAGG/U3+RpcRUiZc/P/XmTQCXr7KijCLeF3T/H:7+OMAYAZ/uUpXP/XEyiqeZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558140, "uuid": "c72ce1f0-26ac-4eba-bdac-f5ab9e6fd8fe", "value": 727040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558140, "uuid": "344c2a7d-81fe-4a87-bbe1-d813009e50c4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558140, "uuid": "1529b64c-d4e0-4652-9850-f1bf5c3cd3c9", "value": "cc982bb10719da0325bdd790df6b3a03", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9408c9a2-f074-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627566905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566905, "uuid": "e03626e0-c898-4ec7-bbb3-e4fe68349b21", "comment": "Malware payload (AgentTesla)", "value": "5f7e927b6132de359e1a08a504b9f794", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566905, "uuid": "f159600c-4f1b-418d-8fdf-9214b015b2e4", "comment": "Malware payload (AgentTesla)", "value": "2431ba1a93b776ec29a565a30c88d60b17c5aab9a3beb59ddcb8b6942cdd22b4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566905, "uuid": "d28a2439-89c5-4489-ae78-7fb816257443", "comment": "Malware payload (AgentTesla)", "value": "c7025afd349900f9cbfd43e19565c54d7b18cf88", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566905, "uuid": "8d789062-ebc3-48fe-b216-cef2a5715e5e", "comment": "Malware payload (AgentTesla)", "value": "749b9183a7c419469140138888e0a5eba3f3582b9b5e3887f219fc9d4a0bed4f3a7a40e27dc82050b332b338b09b3187", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566905, "uuid": "a2858b35-fe41-4aa4-8060-888ce63d1f5a", "value": "T19E45E554668FD3BFDA5B12B0082C089C94B7EC2EC20AFA79BA0F4D35B566FE151390D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566905, "uuid": "3d8b852c-071a-44a4-bc87-7ee56a51804c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566905, "uuid": "b7a7771c-636e-4fc9-a1f3-8081eca214f1", "value": "24576:jJsUwE86bgETmfKvpqw/5hPmfht57t3S+7n4SYwqK4jqwPVPaauvtSf3RTsAHWAD:+DwVKfKYwvPmfhtv3v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627566905, "uuid": "bc9231d0-0f76-4ed5-aca0-7508187e08ec", "value": 1189376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627566905, "uuid": "e7b62aff-0fad-4e0a-ad87-64cf7b44e509", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566905, "uuid": "78add9ad-e2d2-4fd0-96a8-76f2556312ef", "value": "coming12.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7591d630-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535071, "uuid": "846d13fa-ea29-491e-9774-f95fb307e5e7", "comment": "Malware payload (TrickBot)", "value": "7af3776a3f8b3e3a071be27d7b424b1d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535071, "uuid": "6c374ed7-2458-4459-ad57-55e4aa88f129", "comment": "Malware payload (TrickBot)", "value": "2477184d7c7d8f5ab2003224afc36d10043b4f687975f9674a19c5ea61d4d4e5", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535071, "uuid": "e9d8b2dd-c921-4224-9b44-51e6f77a47d9", "comment": "Malware payload (TrickBot)", "value": "34bbfcc6217da486b5060cddf4c4a6d8a967614f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535071, "uuid": "1fa68382-faa1-4b0f-a945-d0514ba4d883", "comment": "Malware payload (TrickBot)", "value": "6906d964ba3e1717a74e5ab407c000d60d9a5241f25b9c8355e74ad830c7ae3a67bc2d994d2e35aad406e8de971c9141", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535071, "uuid": "45601e03-9076-4f7d-b53c-2b610960cc01", "value": "T18C63AAE82AD1E417338D2F17FE0A3AEAD1BA5C9796C47507D1587A5C24ED21BC6A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535071, "uuid": "ccba17ba-140b-47f1-940f-b65bbc4a01ea", "value": "1536:ufaqdvf3fa/x9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8GpY:udX3W9Ry98guHVBqqg2bcruzUHmLKeMD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535071, "uuid": "a44b485a-c44e-4e96-bab0-0e5cc3334618", "value": 72385, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535071, "uuid": "e020b6ed-2fa3-4c3d-a831-7830ffe82a57", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535071, "uuid": "c3ba0c08-1a63-488e-8bfa-c492bec7781f", "value": "2021APT-28_12408453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d11500a2-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627570873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570873, "uuid": "fd814cd0-7ff6-4507-a0c0-e48f34b5bc18", "comment": "Malware payload (CobaltStrike)", "value": "a19f81bfcaee64c687eef5185b2debca", "object_relation": "md5", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570873, "uuid": "1d3ff656-de5c-4d3b-9ded-4c965dcd659d", "comment": "Malware payload (CobaltStrike)", "value": "2505081308adf0cc2de22df8164213d735ac462d088c3c1f8e913fd629a2ff9c", "object_relation": "sha256", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570873, "uuid": "bfea3c52-c2c1-40f8-8662-29b6a6e31c07", "comment": "Malware payload (CobaltStrike)", "value": "921b8c9ce7b9ac8bd7f2fab8d4a40e15e120c69f", "object_relation": "sha1", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570873, "uuid": "f23d63da-a958-453f-a966-2a659600563c", "comment": "Malware payload (CobaltStrike)", "value": "e5564d9a3159a98672a9f48b88480f704ef6e3f2c4098b124bed36f76ecab7e009aa350456eed111e1e69817a6fd2dcb", "object_relation": "sha3-384", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570873, "uuid": "c4dbb10c-9606-4f9b-afb8-b287e678e887", "value": "T1A0B11E61035A5BAEFA9B4EC1D829204B25F4C9AB7E241504FFF769D7BC2BC749034721", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570873, "uuid": "7fa75d86-0ad2-4ce1-bba6-09f547042404", "value": "96:vgO4MLrvOJKbtsigjwvNBbKefPi+d23OmMdZFaPT0li60lPm:xPvOetJgAN2xMdZUPwCU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570873, "uuid": "371b6fb7-49db-45f6-b58e-e8ca001bd6cb", "value": 5103, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570873, "uuid": "76c1e03c-e18e-4a3a-b4c3-1a3f383a2683", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570873, "uuid": "00f74765-777f-4da5-b286-865648c0dfe5", "value": "1.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e33a2319-f050-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627551576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551576, "uuid": "cd591980-6075-4852-b0d3-ee76b9705202", "comment": "Malware payload", "value": "fd52cd9bfb7b40a3992c2ec5f42bdcb8", "object_relation": "md5", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "go", "colour": "#35396F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551576, "uuid": "3bbd5b4c-f47d-409c-88d9-2e04052db778", "comment": "Malware payload", "value": "26be0ba3533703f5eeea8489e6a8881461dab7f597f33e546182ba1910953d09", "object_relation": "sha256", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "go", "colour": "#35396F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551576, "uuid": "66514f72-c748-4109-9c8b-ea5008bbe876", "comment": "Malware payload", "value": "9f0a0af3faf66b2715f575fd56a7a2968a077b47", "object_relation": "sha1", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "go", "colour": "#35396F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551576, "uuid": "17495672-1255-46c6-9d82-9c7f56039ee4", "comment": "Malware payload", "value": "f3120bd7ed94356ae5f293ac87ece25dae976e10d02380d26aef9a41b718192d0f89b467ed894cabb51ecc019bedd5c7", "object_relation": "sha3-384", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "go", "colour": "#35396F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551576, "uuid": "69c3b1f5-ba9d-40e3-9582-b15011fba233", "value": "T164554B077CE508FECA7EE131445392D17A327C6487362BD72944656B2ABABD83B3D324", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551576, "uuid": "6dbe4663-6738-4ef5-b40c-3e40eadc3123", "value": "2869cb885758b15d003acb119f131468", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551576, "uuid": "95206e1e-f873-4140-b9ab-bd93218b0165", "value": "24576:ax12nIqqCgOgFO9fccuUMHKv+i7e1LXEdFoGzIyXjxeKF:aYIqJPV9fcHqmGSr9oF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627551576, "uuid": "49c3f4a5-6d7f-44be-b8f4-f1fe0705770f", "value": 1385610, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627551576, "uuid": "d6ea07e0-04c5-40de-b160-9765b12d4c86", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551576, "uuid": "f2166b94-f7e0-4a4c-9126-873a0a115e6e", "value": "26be0ba3533703f5eeea8489e6a8881461dab7f597f33e546182ba1910953d09.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5086204d-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535868, "uuid": "5ae54f75-1260-4609-8c71-b89f714379b1", "comment": "Malware payload (TrickBot)", "value": "e7ed0c47014f4bb3b45caa04660d215a", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535868, "uuid": "af0dd3cf-26a4-44f3-b2d3-7126a6650558", "comment": "Malware payload (TrickBot)", "value": "281287919dc45f77d2674003df411b0f2804d23bbd9efbb33ec85e3a2c0eaf74", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535868, "uuid": "36ba081c-1fd6-4239-a5af-410340499a82", "comment": "Malware payload (TrickBot)", "value": "8456e5ca42fa063d5763e1f7124e6ee7b3f21769", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535868, "uuid": "ba3fe37f-71ca-4c08-8c65-8ba7e9111015", "comment": "Malware payload (TrickBot)", "value": "39131a44737072a8310bc160ebb6d7b60e0ac689a12d6a6d4cdefca15f336b72fc915fb59801626b9fbde3b081af9815", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535868, "uuid": "f0f85f27-5938-4cf2-8e21-8d66fd0e28b1", "value": "T1AE13F238143F101474505A638A6FB60BD608C4765EE3FB9CE9B42BEAED5CBBC47801B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535868, "uuid": "4abb0fef-689d-4917-bee9-133749427f9a", "value": "768:s11mFQ9in8mYUbUnUU7lV0H3+4whyZh4xCwQnyuKKSsYQNt:s11mFKi8mYSUUAlVWu4worCK5t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535868, "uuid": "c06774de-a339-48b1-b5b0-df16b8ffa3ad", "value": 42982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535868, "uuid": "22ceddf9-f40e-4d2d-b622-d3e10dfa7a45", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535868, "uuid": "d0fb1e48-8471-4bde-8af3-de2055e65151", "value": "2021APT-28_34704453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "551a8276-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535446, "uuid": "869dd7b3-5001-4587-9688-fb7472522244", "comment": "Malware payload (TrickBot)", "value": "016c75b0acfd3f921f79cd0fe1d02060", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535446, "uuid": "53d03919-e245-4622-8f18-34c5bbe657ef", "comment": "Malware payload (TrickBot)", "value": "28270436a38476de8e590d3b5ed767289c271e64b799fc5d2ab6bcda16661fac", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535446, "uuid": "ca8cbc66-20b2-4b41-a42b-05cf52de29d5", "comment": "Malware payload (TrickBot)", "value": "7f550092ab057423abf3c888af4aeb35b5c9d290", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535446, "uuid": "304da093-188a-458b-8f0f-0169bc66c13d", "comment": "Malware payload (TrickBot)", "value": "501efa489c388344d686d4859c3e632ed2d4c56065e7a26f77cc10f3a557e729a4e62e0a8b1b97b577eeaf57a825654b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535446, "uuid": "005bc87d-42c5-4ff4-adea-ded0659a2040", "value": "T14C73BAD82AD0E417338D2F17FE0A3AEAD1BA6C5796C47507D1587A5C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535446, "uuid": "c8b028d8-c1ca-449a-b489-3ba85a210e88", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oj:59Ry98guHVBqqg2bcruzUHmLKeMMU7G5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535446, "uuid": "ba7e7f21-61ef-4733-8da2-bc0e54305f89", "value": 75125, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535446, "uuid": "e57d8e59-053d-44a3-b391-c7f9b1dd7f19", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535446, "uuid": "9af8e5cc-d686-4cc6-8a23-cabc33f97cf4", "value": "2021APT-28_55776453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8f246ff-f058-11eb-875b-42010a9c0053", "comment": "Malware payload (AsyncRAT)", "timestamp": 1627555048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555048, "uuid": "8ea91c4d-51ba-426a-838d-20b15a5181b8", "comment": "Malware payload (AsyncRAT)", "value": "b62d7f516f21c781dfbb47d5141dd749", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555048, "uuid": "28af2790-5ad5-4888-a06e-72312f6a5058", "comment": "Malware payload (AsyncRAT)", "value": "285643b564416a5b6f530cbbf6d5f1e9d35b4a20c73a0c141c436199b9bfef7b", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555048, "uuid": "c5750172-2a3e-4de0-8d87-7e3656e3e5c4", "comment": "Malware payload (AsyncRAT)", "value": "96478a4cf6323e2ee10603589d465aafa644e829", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555048, "uuid": "62119201-8094-4858-9b10-4f580b515c4e", "comment": "Malware payload (AsyncRAT)", "value": "6a99643ae8320441c4d5ffd036fc6fcf08cc0e5cea5dc99b9c72837402d6d58b1e2cd1a51ebce94de3fd051451742942", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555048, "uuid": "9661afd5-aa38-4f05-9752-dbc720228dd1", "value": "T1FD45CF248D8C9BD6CC5803780AD846785EF7ADAEF270D8AC3D8D31B1B7B1825DDB6245", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555048, "uuid": "7103e758-6176-4cd7-95b1-b46bfed0c33b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555048, "uuid": "08a300ad-b421-4556-b823-bb3d700a7aca", "value": "24576:qwS/d38KzksdksJiYOJPAH91QO+y8jhMN6ZN:/KVH91gCN6ZN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555048, "uuid": "655ab8ab-1eaa-4fa0-ab4e-22133614a2b7", "value": 1176576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555048, "uuid": "12740e44-42e0-47b8-aed8-32c2f2dfb457", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555048, "uuid": "6e630586-70db-4857-811e-1d330d5a529e", "value": "Tama\u00f1os y detalles de material de acero.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a8fe5d2-f070-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627565144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565144, "uuid": "845ca3cc-3234-4eb3-b145-7b14381457f1", "comment": "Malware payload (RedLineStealer)", "value": "91bf0ee9195a7b21e5d8de66072bad70", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565144, "uuid": "a5ab74bf-b495-4b15-88aa-e9d54d2b9e9f", "comment": "Malware payload (RedLineStealer)", "value": "290a9e12ff38ecfc70608d8f29a6a2de61128e4b1df43c85ad735da4032c32df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565144, "uuid": "45719dec-daa6-455b-8a95-c611f3c344fc", "comment": "Malware payload (RedLineStealer)", "value": "a29e413f89d283acc5a2751159426c83ad3b4764", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565144, "uuid": "18bbac9a-6316-4876-af9e-43649746417f", "comment": "Malware payload (RedLineStealer)", "value": "1f589d1f39582e9c24d82384bec0ddf1b7ea07d0310bb109bff86d1235405891b6684256946be096ca4f835259fe3510", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565144, "uuid": "ac7eece9-cf8b-49c4-94a9-461476af4afc", "value": "T1A4E4BEE1E5490696E80D213714690D0C3A525C7883CFB9B773993FAAAA0FB9D119C37F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565144, "uuid": "0b8663d8-1381-4139-a273-5145825f93d0", "value": "73b858d062a50af526081774b2460fa4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565144, "uuid": "f062cef2-7790-4078-8c7b-7a7409858294", "value": "12288:958b1vdSi7dpJ0LCoSNdNAyKmGnHcIb5R+HXPhB7GRPYgj1YHyNaRjMHfXbJr+1T:IbVdSi5pJ0LCoIdNAyKm2H5b5R+HXJZL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565144, "uuid": "2eef5dd0-1bd9-4f60-af5c-506dbd2d5e5e", "value": 716288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565144, "uuid": "fe5a868b-dca6-4cbc-bc8a-a4d5f76efcc9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565144, "uuid": "3450cd35-b8c1-42cb-9537-bfa0fc2ae774", "value": "91bf0ee9195a7b21e5d8de66072bad70.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f7d6556-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627570978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570978, "uuid": "d1d91d5b-0049-43ec-be32-99040261065c", "comment": "Malware payload", "value": "d9776a094efef7c5c318509253613366", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570978, "uuid": "98772b14-b18c-476e-b487-cdbca15bad30", "comment": "Malware payload", "value": "2920e29645f92784675ced5f2d4179fe3cd10f73ccc8495731ff7e80b9f693bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570978, "uuid": "9928e4f3-82b8-4787-a1d0-ac30d6f19a65", "comment": "Malware payload", "value": "9ca238c77b0b0e08bc739baf192966919db1ac3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570978, "uuid": "1249b389-a0e8-484e-8d69-f89c86b14f0d", "comment": "Malware payload", "value": "a68719d8c6524f8c48902cea9d468c6eed45888a34d56a0797af3fda206f6686239d76461b03e5d8c0eb8bb0f5ece241", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570978, "uuid": "0a523b76-05fa-4a53-a4c1-a76c885d0e4e", "value": "T1CAD3166B03BDC025E037D771E8725E0B7A6B9E240550B28DA0CBB1B68EFD64D9CB7215", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570978, "uuid": "d1745365-8050-4066-9eff-0349e09a4154", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570978, "uuid": "a5216d7b-ee7f-4b83-9347-8bb22e5e20a9", "value": "1536:m6IuJIe2vffDTAf5UNBw6Um73AwULTi/2FJUj:m6IMIeOfDT6uBPwwk2Zj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570978, "uuid": "296ae32b-689b-41af-a9ab-cb7020d92694", "value": 140800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570978, "uuid": "b790c5fa-52e9-4889-93ea-0c485e469536", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570978, "uuid": "043df2ff-6851-43b2-aae7-6f3253d5527a", "value": "d9776a094efef7c5c318509253613366.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "554aefbb-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535017, "uuid": "89733e0e-f2c7-4e35-b19e-776dcc12883b", "comment": "Malware payload (TrickBot)", "value": "74ab8400d7f8c40f4054e52d2bbefdc2", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535017, "uuid": "dbfe2439-d20a-4438-9642-ecb5c550aa81", "comment": "Malware payload (TrickBot)", "value": "293ce07412166b7410823697cc99d1ed7228282f6206c75d5a2b367b6d491296", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535017, "uuid": "4dbabba6-4691-4d49-aba9-813840cbec00", "comment": "Malware payload (TrickBot)", "value": "8d845503265acefc2bcf5f0bc16874247a78972d", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535017, "uuid": "7f06afca-1c4e-40b1-8990-a64c9c00bb71", "comment": "Malware payload (TrickBot)", "value": "88508d3c4f4675a6de250c89a48e184bd9778a1831e299af33a14bc614ce53fd47039558967e5456a732c27b3c8eed98", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535017, "uuid": "2cd5c882-697f-45c0-9216-f2c10d70a6f1", "value": "T179933FD86BC0E417338D2F17FE0A3AEAD1BA6C5796C47507D1587A5C28E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535017, "uuid": "4ba3c9ab-faae-4987-9e95-a456d6d794a9", "value": "1536:B9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oL:B9Ry98guHVBqqg2bcruzUHmLKeMMU7GF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535017, "uuid": "1dbeb73a-01a8-4c0e-904d-1c2e19043c3d", "value": 95489, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535017, "uuid": "287aa475-c397-4332-ae21-184edba7b145", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535017, "uuid": "92f23a86-bbeb-4dff-ae10-fe15a4ce5745", "value": "2021APT-28_12702453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3461e596-f059-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627555148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555148, "uuid": "3893e90d-e6cd-4407-866f-6d4259b6939b", "comment": "Malware payload (Formbook)", "value": "bf743b8e013bea9379fa79b76aeaaf99", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555148, "uuid": "3d691297-5fab-445a-80de-18ab33d3ba08", "comment": "Malware payload (Formbook)", "value": "2a3c5d424e042d82f295aba4197bc052355cbea30b0fa9c419a1cd7fb6c2bc31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555148, "uuid": "e3a30370-f769-4467-9798-eba3e3360d23", "comment": "Malware payload (Formbook)", "value": "a178460c272800ac7692564661ccdf9f3483e615", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555148, "uuid": "57e7beb5-d016-457b-8d65-4d45da48576b", "comment": "Malware payload (Formbook)", "value": "e964e7a8118d3cbb9c851c7682c8824a9913435e195c280ffb78118c1169d646771386a3bc2647c2a0ac599b1427c1f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555148, "uuid": "1fe0534e-a0ae-4566-8fe2-0bf922eb540c", "value": "T16945DF1D43888BABEC340675868D3F501AF0193E7AB2D778BC097193B690BD9E573639", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555148, "uuid": "aaf372c3-19d7-4a10-9f2b-51d70dae50b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555148, "uuid": "1f156897-6e76-47e6-937e-c645ad3f3fd0", "value": "24576:BgS/d3GKzksbksjVHjV/17sBrn8JUlP1fsy8jhMN6ZN7:AKVNZY78JIuCN6ZN7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555148, "uuid": "730377cc-82c5-47d3-a3a0-a04621429fde", "value": 1222144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555148, "uuid": "cc5bd6c5-faf5-4e88-abe6-5d53e3aa6891", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555148, "uuid": "001e2c68-315c-4e6f-b877-d7267161224d", "value": "Order Signed PEARLTECH contract and PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf243e9d-f002-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627518042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627518042, "uuid": "264b5709-12cf-4d97-9e9e-8d0253cd5455", "comment": "Malware payload", "value": "1a9a1fcc12261bedef2b1d0d1f8be052", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627518042, "uuid": "c33f2436-01ad-4abe-9a2a-8dbc0988e1c8", "comment": "Malware payload", "value": "2af6245059dd0d977c263e0d370a4f8e493af3253d46e3b037670791e49ec7c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627518042, "uuid": "1a6f340c-053e-4513-9865-e0ee9ba0ada0", "comment": "Malware payload", "value": "2d5e428e0a67c75724998fc3dc62055d550a7c93", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627518042, "uuid": "306200e9-5740-4528-b01d-813fae143651", "comment": "Malware payload", "value": "f99a70923e9329b80d69bdb5709e0d95466bfae6620b5db981564f7304143678315094eb72be8126b85174bca128c124", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627518042, "uuid": "57cb1cd3-0fad-4326-8406-014bfc9291f1", "value": "T16A16BD01BA8184A1D489357890FE977ACBF76DD04F3085CF8BD09C614D21AD89EFA6DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627518042, "uuid": "0ec1e6c5-70c0-421e-8968-a443d07026a8", "value": "4a7aa8630a9a5de605f9f804af61843c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627518042, "uuid": "dfe542d0-d134-4bda-b254-e6235f9ce15d", "value": "98304:yK0bpIvGz72uDTy/NDoqWnnMzWDhn8JTz:ylpse1sNDoquMm4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627518042, "uuid": "46f290a9-fb21-46f0-a8d5-242ccb1db5e4", "value": 4162560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627518042, "uuid": "8d06a966-d110-4c7f-a576-a51bb21599d5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627518042, "uuid": "6f6c8108-99e4-422b-ba50-c6d445718139", "value": "Solaris.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acc2c3f3-f07b-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627569953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569953, "uuid": "9c6e556b-fd1e-4445-b0ac-4683adf5f904", "comment": "Malware payload (RedLineStealer)", "value": "4c36e95c6c89bdb893a8f90868172b0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569953, "uuid": "15a16b6d-e4b7-464b-ab8f-fbbbbf44749e", "comment": "Malware payload (RedLineStealer)", "value": "2bfb577e9f16eb75fb71df9c1e22b9576dbcd95e1ffb3371ca1aabfacf6917fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569953, "uuid": "de45e84d-f813-48cd-816f-6974b671b8ba", "comment": "Malware payload (RedLineStealer)", "value": "be852692bda3da95af0b663b4d95d79b031b5b01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569953, "uuid": "b3bbb083-9273-4c74-9725-ff14c56555fb", "comment": "Malware payload (RedLineStealer)", "value": "e52f7bf259107ac684a2949b397fa42ffa63b407aaaba0a54fca8e38fbeb05549b4626cfe8d3dd41a6f95d6ce6714320", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569953, "uuid": "2d6a47f8-5bf4-47f6-a870-1a1e6ba8ce29", "value": "T10CA34C2163ECDA2EF7BE0A35A4700515C7F1E08FA011E75B4EC6A4DB2E76B8229545F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569953, "uuid": "2fdd0e02-254f-4ff8-8e0b-9cb140f18176", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569953, "uuid": "bfd33000-8fcc-40f4-aa6b-dcaba6d77006", "value": "1536:03LNmocOWc1fjHtwa0QQ+vSJFH8smbfejvhuvUyyedgn3fqCxXsEyG6ijoigZ:0xmocgtw3QoJ18huhucyzdPSn6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569953, "uuid": "7cdb1530-e23b-47e7-a336-4d0a03beceac", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569953, "uuid": "f8e8c2c8-b748-425e-ae3f-e38874db3f1a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569953, "uuid": "78554754-60aa-4b26-848f-e0263d59289e", "value": "4c36e95c6c89bdb893a8f90868172b0f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e51cd9f5-f071-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627565753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565753, "uuid": "84176652-5595-448f-a46c-74d9fa6708ef", "comment": "Malware payload (RedLineStealer)", "value": "9f06608336ad526da6e3a9d19c139959", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565753, "uuid": "cec2ba95-1fbb-4257-bc38-eb9d8bc54170", "comment": "Malware payload (RedLineStealer)", "value": "2c4fe0a41b33ce373657bb695cca70b581565273a83ce801c0c4c255b1c1b4b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565753, "uuid": "c500a83e-119a-4599-b791-5e45ef0383c3", "comment": "Malware payload (RedLineStealer)", "value": "6c5033cf5bb00d78ceef8edbb8ceec6fec0c6b81", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565753, "uuid": "39c6c6f6-de81-4924-9560-a5bfeef7569f", "comment": "Malware payload (RedLineStealer)", "value": "eaf32151a32b37e54aef77060d8c05e729f9b7423c9cad4d58923d1cdac1f621b5cf1c9e3f065b0d9c961318e781c018", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565753, "uuid": "72c3d5ff-9dce-4154-a9dd-6f0f5058ffd7", "value": "T15E84562868BFC01980E3EEA12DDCA8FBD99A55E7640D743701B4633B8B51B84DE4F479", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565753, "uuid": "6b8b0c9b-5fa6-4946-95ca-1b944305ade8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565753, "uuid": "d4115f41-6547-498e-9be5-72178d969f94", "value": "6144:ShIM4Ry8KowEa7CEzkrWM5Nn0H3Obm7CaokugAaDfH:SuM4EPowEa7CEzkrWM5Nn0H3Obm7Caog", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565753, "uuid": "8edf5892-3781-41b8-bda8-b6d233e495c6", "value": 379904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565753, "uuid": "ab1841a0-f157-4d34-a016-65781fdb1e43", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565753, "uuid": "9f07c703-fc16-4784-a375-a08cd65e8f22", "value": "9f06608336ad526da6e3a9d19c139959.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8782427b-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595231, "uuid": "c7c71738-248f-4447-a662-e8ff2e826272", "comment": "Malware payload", "value": "80897b9850b22e74135a9546bb581157", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595231, "uuid": "2e318ccd-e94d-4165-a084-fa67bb0c6b96", "comment": "Malware payload", "value": "2da508f1e159e47ae43c05fee2a61a88d65279d7304757d6c8b3fe058fc8d689", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595231, "uuid": "3d875720-2cc5-4ba7-866b-8807f90a4f43", "comment": "Malware payload", "value": "e41829bb164a56fe058fd9f7f6e3bbba89bf9801", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595231, "uuid": "72361cd5-66a8-4f7d-8cd9-78fc475d10be", "comment": "Malware payload", "value": "2ad27e0fc4ee18eabfc3d7e93ec5a5efb39ace836ed35f378abcfe6aff4e1924b9351f407a995dceca0a14f6532b31af", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595231, "uuid": "f9ce6b2f-d654-4ac6-9171-07d2d6b1d25e", "value": "T14182D06906168871D507527E8025228C5CFEACA4FF4F90A03E8DDD415AB70FCB79ACAF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595231, "uuid": "d13b74fd-7059-4c25-bfa2-25dad8e44cb4", "value": "384:MTpcE7tp9rB+AVAPi2kO1iOe+JiDKAiToiI8I9eILv1Rt:ocE7HXbOcfWAbrjt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595231, "uuid": "3027b0b9-7cad-488c-966c-316f4ec7184e", "value": 18152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595231, "uuid": "df76daef-f86d-47d0-b34d-74c2721274af", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595231, "uuid": "0da5759f-851b-4519-86cf-36aabf7dc55c", "value": "SecuriteInfo.com.ELF.Mirai-BHTTrj.10347.3862", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d95e0b5-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535514, "uuid": "e6096ebc-c694-4d8a-b170-3e089053b15c", "comment": "Malware payload (TrickBot)", "value": "0d34899039eec4fc21a4749e13c9f7f7", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535514, "uuid": "156bc7e5-6beb-41e4-970d-8c6537d82503", "comment": "Malware payload (TrickBot)", "value": "2ea1909d1044343a1027d299f3cb3969d3c2553571c4f2360e1ae3b125615882", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535514, "uuid": "a4ac1892-cad1-4d0b-afe3-11bfe45b460b", "comment": "Malware payload (TrickBot)", "value": "3ee9227487509b790bd79331c65d409ed9f09da8", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535514, "uuid": "a9dd9ecb-38a2-4224-922c-466f7416562e", "comment": "Malware payload (TrickBot)", "value": "da0eeed6fa2efe67b7be4129a45290def1042f083663249aea14feab47982814167c4f0776f6a75fbc9a910c7bd21624", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535514, "uuid": "8f9aa5f2-da37-4c8a-9122-1928b7dec7e3", "value": "T1C01302D35A8BB418C016D0B9103B7AFF8127263D7F094FB6EA21F5258817846B1EDAD7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535514, "uuid": "ceb4c0a4-412a-4481-8167-e208ee5a1948", "value": "768:6XfCvsdPgbMB2pQg8FJI2kpV2D0qQ7QRzl8JzAPWKhHsxnmP6FdTO:6avsdP6pmg8ALf2D30zAPPMsB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535514, "uuid": "2e54a6b1-3368-4004-97cc-ffb17d721759", "value": 45236, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535514, "uuid": "aaca0330-e88b-4b96-91a7-29d7c164e0fb", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535514, "uuid": "1800d3db-56ca-4e57-922e-14f02bda645c", "value": "2021APT-28_38796453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "509766a8-f093-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627580106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580106, "uuid": "ddf98e4a-3f31-4932-9715-90d31a04c6d1", "comment": "Malware payload", "value": "ac374efc62c6d14364c314e119e576ba", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580106, "uuid": "8bca0b6f-6a21-4ad3-b0be-9fabebc57aba", "comment": "Malware payload", "value": "2ebc6f6879d6b4b2bdacdc34d4472b5f5c2a46c0b4d4907bab6b56af56ea0cb3", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580106, "uuid": "b65df4b4-1f65-48cb-962b-a69847b19878", "comment": "Malware payload", "value": "578d0cfc3271dc0831a03a98776c5eb62c4dcb84", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580106, "uuid": "fbea53a5-4cbf-47de-8f75-020e0aa4ae99", "comment": "Malware payload", "value": "22b457091809b1b754740fb468c6de7e903a17d8b9991deb25c6980a59c42eb4b2d0fef215d98d7ef28ac6aed55a8850", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580106, "uuid": "9cbd4eb3-7501-4b7a-92f5-a9100d386d0a", "value": "T1FF31CA0919E52B16D3B2CE7700BAE2128630BD62ED52CF9E40D053DC2D68210EC7AD6F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580106, "uuid": "68458db6-d16d-45af-82f8-36561df1f99e", "value": "24:8MYgpFKvQUOou8XJB6+/eJ+9JxgtGs4o0WlHo5XQaR3+hab3CSsIlCGO+/e:8jg6vQNkJQaJGMToAXv3KaLCovO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580106, "uuid": "8153d4db-da8b-44be-b3db-b7b3a8ba090d", "value": 1470, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580106, "uuid": "027808e4-2be2-4875-abd6-f14940dd5120", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580106, "uuid": "28baf800-ed9e-41f4-a543-9f0aeb980664", "value": "Invoice#02.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f1d69c6-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535570, "uuid": "c9938968-ea9a-4428-bd36-2ff819b791a0", "comment": "Malware payload (TrickBot)", "value": "d8dc0618d1b5af1447f536683859cfca", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535570, "uuid": "f3c9fba4-bb99-4534-89e7-8065ea7b495b", "comment": "Malware payload (TrickBot)", "value": "2f3c1d51b5651aba662a5631f5560bbba8542749f25b0722f3c83cb74574ea36", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535570, "uuid": "4031d9ec-ea83-4d8d-a7d0-9cd8563d0089", "comment": "Malware payload (TrickBot)", "value": "ab71864b58ad3e6c3f410348b600da371631fe97", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535570, "uuid": "547a5a97-04ea-4c80-92ae-6f21b99c015d", "comment": "Malware payload (TrickBot)", "value": "097573464958ac5b83d72eeb78cf515b4980382dc74f1775ae10f10c25cd086c3ea8d9f721ac7f5c3470c8d530e6128c", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535570, "uuid": "4229a92f-45a7-4d61-a496-9361597a4be4", "value": "T115933DD83AD0E417338D2F1BFE0A3AEAD1BA5C5796C47607D1587A5C24E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535570, "uuid": "ffd691df-c946-4cf3-af73-bde74b6dad32", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oD:59Ry98guHVBqqg2bcruzUHmLKeMMU7G9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535570, "uuid": "916d700a-00bd-465d-850c-83e88646d4fd", "value": 93414, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535570, "uuid": "989550d2-7fbc-42ff-830f-9a0467fa7a12", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535570, "uuid": "3bbac758-5129-4ec0-8368-0cf6dc717d30", "value": "2021APT-28_65976453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21210d72-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627574873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574873, "uuid": "2d250d62-1a99-41d7-95b6-1baf567d09e5", "comment": "Malware payload (AgentTesla)", "value": "4ea6703819a01067807d5819bc61b743", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574873, "uuid": "b0435a16-53cd-4bcc-801d-ec0c2b0336c0", "comment": "Malware payload (AgentTesla)", "value": "30b3857893dec0cd9d7f9eb06e19ac57b7bfba4c6b809e745ce6ea47bdc1e89c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574873, "uuid": "782581c8-f1f1-4eb5-86a0-057835e2e78f", "comment": "Malware payload (AgentTesla)", "value": "cd506518e9810541103fecb72c146024cded3ea4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574873, "uuid": "7280ad2c-5cea-45f9-a506-4303e519de5c", "comment": "Malware payload (AgentTesla)", "value": "a8f492246a767317d70cc6d807d704d9477cea45b21483a2aad3f1a8b096fae32ce45c866d4c1b963a4a5de25e3ad2c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574873, "uuid": "d70ae03c-6821-441f-a023-67071a803e44", "value": "T1B945E024C98C9FA6CC5803740EA946385EF5ADE2F270D86C3D8D31B1B7F2925DAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574873, "uuid": "2339276a-e873-466a-b725-18ce08abbdfa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574873, "uuid": "6eb8098d-dda2-4c36-8ca4-f4e1b078258b", "value": "24576:uKS/d3wKzks7ks2y8j9xEPnUOJSC0eNayi34X3YMN6ZNOZ:1KmtxOUOJ1xdHN6ZNO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574873, "uuid": "c958a9eb-0be0-4ffc-be5e-5d6e552f4345", "value": 1270272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574873, "uuid": "d20919c5-7422-4738-929e-73cfd7b577f5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574873, "uuid": "038562f7-dcb2-4c55-ba24-fd04ed4ae0be", "value": "4ea6703819a01067807d5819bc61b743", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50ba6782-f07c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627570228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570228, "uuid": "8c96f3c4-f208-4abf-8f3e-f36b1696301a", "comment": "Malware payload (TrickBot)", "value": "021fa31df504e13b8af8e9bf1d940bb2", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570228, "uuid": "19f323f1-c397-466c-b3c4-bde93a5f4bfe", "comment": "Malware payload (TrickBot)", "value": "315d2734c9ba1f4faec4fa490ac8634aa69a1b1a860e1620699fd53efd61f4da", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570228, "uuid": "2bd0adca-06b9-492b-b9a2-972bc6d0229c", "comment": "Malware payload (TrickBot)", "value": "b88171b364794c4aa6a0555305f3e99d235be11a", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570228, "uuid": "a71008f3-fbf0-4c42-b769-93ac5c53c563", "comment": "Malware payload (TrickBot)", "value": "b33221d5124704b21bbe17421d5e9593f57e3ca489b751bdd99fef8b03877db3e61b0ea16448da4e5f71d36fa4878759", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570228, "uuid": "3ce1d26c-0f65-4264-aeef-f587e30d1f3c", "value": "T10A53BDE8ABD0C407634D5E27FF0975EED2BA589390C9BA0B9144BE4D65B821BD5F0CB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570228, "uuid": "8f305d9c-93ec-40a4-bb9a-f5e5567cc599", "value": "1536:joJYbx/HBz1Yi1JNnN/BfBz8rjtkQQi7e8TEcBC+BlYZhD:joJYbx/HBZ71JhN/dBz8rjtkQt7e8TEF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570228, "uuid": "dc9533fd-5ff2-4655-b7fa-6ce00c782d0e", "value": 61120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570228, "uuid": "125cc7d3-8a63-4f33-8d5f-5c127b9bd85f", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570228, "uuid": "ebb66cfb-89f2-4fcb-b0ef-5be84cbb18b1", "value": "COSEC-SERVICE_68610453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3d98178-f073-11eb-875b-42010a9c0053", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1627566556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566556, "uuid": "89f682ce-4741-4909-843e-1473dbb7670b", "comment": "Malware payload (AveMariaRAT)", "value": "c58cfd6d15f28f09f981a9d555f6286a", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566556, "uuid": "6bbe9202-d376-46eb-a5ec-c3ad6380ce39", "comment": "Malware payload (AveMariaRAT)", "value": "3177069234115aa28299e1afde950a6c33b82be8216631eb7536096d41d4de4c", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566556, "uuid": "d87eb2d3-5084-41ac-b297-15a84da38efa", "comment": "Malware payload (AveMariaRAT)", "value": "e5e7e8b13cbf75e2e9f5a08734708916275fcfd6", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566556, "uuid": "7ddeadea-4609-4c58-a24d-9f73db1bb6d0", "comment": "Malware payload (AveMariaRAT)", "value": "001a18e2a08adf4667e8ca2eda9e98cfb77422de8599782930c8d5eb885805b190b0686857bbc9ae61a13e9b836164b4", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566556, "uuid": "1bd925a7-3ae3-47ff-8544-0249387552de", "value": "T1EC4549244C788659FCDE0AB50A4802D71EE2CC43A260946BEB457F62E570B1DFDFA2F5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566556, "uuid": "98052d70-0fe0-4bde-a826-40545556f3ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566556, "uuid": "8d383e8b-8d43-45f2-9b07-81c221f077d8", "value": "24576:68S/d3jKzkshks+dqQeK9GGTCky8jh8N6ZNw:wK0dqb9GTCk+N6ZN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627566556, "uuid": "fc3baac0-78ca-4565-83fe-5a0ecdeb8ae4", "value": 1206784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627566556, "uuid": "59dd490d-941d-4919-aa05-8a4b4cd90323", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566556, "uuid": "e7afe1a8-830f-43c7-8632-356c60307d53", "value": "PO-20210520GL.xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2c9cb0f-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535174, "uuid": "e0265817-a496-4b7a-8a96-ee0137645067", "comment": "Malware payload (TrickBot)", "value": "28235a28b4847333732a087bb281765d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535174, "uuid": "64b2c53c-e786-41d7-8d52-b40c3df758a2", "comment": "Malware payload (TrickBot)", "value": "317e775669b1a53af82650d8961b53851d34bf472da168ddc116feb9f550f076", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535174, "uuid": "427d34bc-6bcb-46d5-8468-83a9597fef3c", "comment": "Malware payload (TrickBot)", "value": "080beed8afc8e5a3644bacfc230f477839235986", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535174, "uuid": "9babbc31-8180-4acb-abd2-56f69445b0e5", "comment": "Malware payload (TrickBot)", "value": "dce317a7d6d4a43b28214b54823eba59595e2fd0c616aa81874283285be97d31b17888b2297cbdeff4ca0ea309b3f59c", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535174, "uuid": "43e16a52-c864-4f40-83b6-db25f7f18924", "value": "T12CC3A3D87AD0E513338D2F1BFE0A36EAD17A985696C07507D19C7A5C28ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535174, "uuid": "71eaa6dd-f93b-4777-a894-d6ae3b597291", "value": "3072:PpscE+tUO+JxYuc+d9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV3:Oot0dcA9Ry9RuXqW4SzUHmLKeMMU7GwM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535174, "uuid": "df6fe4cf-bc79-4e00-be8d-32bf0caa8b88", "value": 121314, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535174, "uuid": "cb015521-9209-4ad0-9a0d-f26de84e5ed5", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535174, "uuid": "11f95a2e-3b07-4f42-943f-827912f2fc6f", "value": "2021APT-28_28998453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91bc3c2f-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627557882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557882, "uuid": "f3fbc7fc-3efb-45f7-8b1c-4e174fc09e64", "comment": "Malware payload (SnakeKeylogger)", "value": "5dc056f6b4669a0c2e793aef3184344c", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557882, "uuid": "0d586012-c1c8-4f35-889f-075437349ca8", "comment": "Malware payload (SnakeKeylogger)", "value": "320798f2949568e32a15319cfaac77ef26febbb0ae7364f15e2bc45c37053e29", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557882, "uuid": "0a7f522f-c42e-458e-aa26-3fe7c62341d0", "comment": "Malware payload (SnakeKeylogger)", "value": "b24b381bea3337c54ac98b68d7cfde99eeb93147", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557882, "uuid": "8599ebc9-2c06-4340-9f1c-7b4aca498f62", "comment": "Malware payload (SnakeKeylogger)", "value": "634bb67ac1147d64065a948bce7ae64df1cbd2e15147dd2259eb838563dc437873f09c34173d2eb7a05bf0a45ac9a625", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557882, "uuid": "a656bfc9-7b00-4d42-92ce-4562e05ccc39", "value": "T14663739DC4A74198CF84ABB96F1B2E49118C3B6DF3844932367C97B913D6D3EA41293C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557882, "uuid": "58c64ad5-96f7-4b88-bc09-142d6e310705", "value": "192:+K0VzIE4gUrKbD1FT/glxNt1XC1eJnwusECpVdROcZGl93ExH3UM:+K0kgUrKbZx8bC8nxsEY98ov", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557882, "uuid": "623fff04-9e9e-428a-a3b7-50ed5ea84dd2", "value": 69236, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557882, "uuid": "b2789895-7a2a-4dbb-af42-45ff280737dd", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557882, "uuid": "20169d93-25c2-450c-a006-1627bb53002c", "value": "HL0.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ef2fe64-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535328, "uuid": "cede0532-2bbf-4156-ae3e-75a269dc6cb0", "comment": "Malware payload (TrickBot)", "value": "cc5a0bda7202f363c9c22fd6dc0ffa6a", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535328, "uuid": "727ab3c7-8256-4ddb-b8fd-035a984b8f42", "comment": "Malware payload (TrickBot)", "value": "3275cbad6b27caf7650e454cec43e3aead3806df41ed706d96da7961dc5e5b69", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535328, "uuid": "3127cebf-6b3b-4f6e-af49-44f32c8a8461", "comment": "Malware payload (TrickBot)", "value": "82c040c0ee05b1205a31efc98e6bc465dbbb0dee", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535328, "uuid": "f180fafb-929f-484f-b317-a4c28db5c209", "comment": "Malware payload (TrickBot)", "value": "12eb413a50a6083985a9dc6608358612f9b88a7d6b43a7344eda0f70c53c89d7936cbd7c071693a399f66b61312a020c", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535328, "uuid": "4129b8be-1fcf-475d-8ee8-8c4ff4c3cd9a", "value": "T1EB03F2565BFD3C9C4A9E8DE215F3B5379E11837283523CF1785BFA2C2684A0EA1C9583", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535328, "uuid": "8825f9cb-0c46-46c6-a141-6a7a97cbf158", "value": "768:RMaYRfSy96NobPfNLzzR3sWw/oxk4zTSyf:RMLSygCR5C/FC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535328, "uuid": "03124648-5247-4215-b59b-500ebfaa8214", "value": 37775, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535328, "uuid": "08cd692c-a8f6-44da-8b4e-42265885735b", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535328, "uuid": "842ead03-a2fb-4ed5-ba74-9f6c65a4e833", "value": "2021APT-28_56052453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09bb10ca-f04a-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627548634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548634, "uuid": "138e2a63-d579-4ad2-9e3c-80ba5fc4d4f6", "comment": "Malware payload (Loki)", "value": "0dea076f7b121e0b0ed9cf2c05060e74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548634, "uuid": "94fbf6fe-9922-4b19-bc46-bc06b31978b8", "comment": "Malware payload (Loki)", "value": "328b4c94e2260a80f7656227a4f1c186876800647ad8205353acb6ab922ccc46", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548634, "uuid": "8f022042-5902-4fcd-a449-1089c5d1151c", "comment": "Malware payload (Loki)", "value": "5ffe503bfc5be88d250893b6c1c1947102c6e114", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548634, "uuid": "e5ef360c-f599-4720-9d8c-6e3ad6d16614", "comment": "Malware payload (Loki)", "value": "e460536d18c506e05c95b262ad44126a0a6ede3513bd81f630d672576fe37df5319d73a2a81ad9215d698cfc6153a357", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548634, "uuid": "a6dc46f9-268a-4ade-be7d-e09580046231", "value": "T17C25AD207AC4EE1AE96E973ACECF60204BFCF9017672A7687DE113B50905F55C8346DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548634, "uuid": "0ec2620a-23a4-4eee-b618-b84f9bf9b0be", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548634, "uuid": "733a88a1-6256-4f4f-97e2-d1d25c585faf", "value": "24576:j2cYijuGsZEC5/dP64UWFoogBNGsoTCG+a:j2cYijuPl64UWNgB0C4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548634, "uuid": "821de93e-fcb8-4b29-87dd-7e5ae655c1b0", "value": 1027072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548634, "uuid": "a200225e-b76c-4ca0-8e79-1a8d5af4ba3c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548634, "uuid": "943519a4-91f7-417f-851d-b9e5839df83c", "value": "AU#210729001 RFQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17728267-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535772, "uuid": "2dcde33e-0e62-4c85-8927-4e96599ca8c2", "comment": "Malware payload (TrickBot)", "value": "78266b76e5673f5afc52f8372fd8dcf1", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535772, "uuid": "c05d2e65-efd9-4035-bad9-e725a8726fac", "comment": "Malware payload (TrickBot)", "value": "32975f028827d1c093bd74a0b68a2fb4ca246c443c6014ce36b21cc2d1711f40", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535772, "uuid": "8bfad30a-0f61-49c4-9af3-809c74cc656c", "comment": "Malware payload (TrickBot)", "value": "49515aa249a37831d1b133a6b1d10b4801962438", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535772, "uuid": "762daaae-9bf8-42b0-89cf-d50af10f0194", "comment": "Malware payload (TrickBot)", "value": "d3141bef78185ef2b2d057db73cb2d48bfd21f4ed7e39ee52e68f4cb9efe555105201d547e975b9e5ff7565baef6edb4", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535772, "uuid": "bb924e7b-c687-4442-8fdd-781aaf0a0226", "value": "T1E1A35FE86BC0E417738D2F17FE0A36EAD1BA6C9796C07507D1587A4C24E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535772, "uuid": "bb5218a4-18b7-470c-8af1-92070e9be76c", "value": "3072:kPQX9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5M:2k9Ry9RuXqW4SzUHmLKeMMU7GwWBPwVI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535772, "uuid": "d9322a87-84f9-4bc5-a614-504b0406aa77", "value": 100382, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535772, "uuid": "0a7f1355-b2c0-4b28-9d8a-16c5fcc7497f", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535772, "uuid": "3e5bd080-afd9-49c7-b380-56753c44763f", "value": "2021APT-28_23856453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c637cced-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627569137, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569137, "uuid": "2b60597b-6457-43f2-9825-e3209685462f", "comment": "Malware payload (Gafgyt)", "value": "4a9da18d4eb27c7107c2a891b9ebbf53", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569137, "uuid": "5f167dfd-bd87-4d34-9e8e-c48318563ef5", "comment": "Malware payload (Gafgyt)", "value": "32d322e63786d5cecb500aecea467ad334e51245ad5431e2e642f33776bf8907", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569137, "uuid": "66f524e8-fc6c-416d-a288-164ceb39191d", "comment": "Malware payload (Gafgyt)", "value": "c6df3170a72fcbd3eb40144ce852bc4bef066bcd", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569137, "uuid": "fe0ce813-cb89-4064-9d80-dda97267af0d", "comment": "Malware payload (Gafgyt)", "value": "61717cc799779f03ae1412f1b994003635f4d7acd02d09a6b10031ac17f027e0a56322e06a3ae9b9a3257332b194ec8e", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569137, "uuid": "dd178308-64d6-44a2-bfec-713390ee7802", "value": "T16903E1EB1355FC74D1FB493324370668EB657C37F931053B48C974EB2966052B6296A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569137, "uuid": "d0c9a01f-6e6a-40ca-8047-f2d5f7ee2a81", "value": "768:TfqMUfu84FWJxSYQYRIjA5vLNSvVwj4sV7RjeUVNwdvIjMYmsv9sPuxUVi/1oy/t:Tyxfu5wSYQQIjAqWj48tmB9YfFuIUubl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569137, "uuid": "8353d0b9-9b62-45a7-abce-8255988e7166", "value": 39980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569137, "uuid": "de2be8be-8bf5-4f7e-8a5f-9f1606dfa04a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569137, "uuid": "3532e7b0-2fa1-45ee-a383-62ca96698403", "value": "4a9da18d4eb27c7107c2a891b9ebbf53", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0447883b-f094-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627580408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580408, "uuid": "8934a3d1-787c-4bd3-bb58-fe73f691a155", "comment": "Malware payload", "value": "d8d77662e78fbfade1e4ea4b0fe4b0d0", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580408, "uuid": "d5dcebff-c443-4413-aac8-095feed70fe5", "comment": "Malware payload", "value": "32dded96c1047cac9841f7104d59b19c7c9e590e91af33384b311a708888a979", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580408, "uuid": "b17191d9-8f19-4bb6-bed4-482c8c2f33f7", "comment": "Malware payload", "value": "cec32a15005e2bf4ccf4ae6136fceaf6d666210f", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580408, "uuid": "2ae364c4-7e05-4349-b740-290f6c390218", "comment": "Malware payload", "value": "1333c1909f737c90818febabb5d2cfa97545321aa07e0a7336bcea6ea8dfee487c804aa1a818c365760ce7a42a49f29a", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580408, "uuid": "dbd91277-6d21-451a-b625-b58203cfc7c2", "value": "T1A9F5F4F4AD31D998B44A6597FAC0AC4510C33CA871AADF8C4614BF7B34A3598DAC46CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580408, "uuid": "6734e17c-7587-4a44-b6c5-838df53ac1f9", "value": "1536:7R2Hg5iNqP3NUUSiANcrWcjdiH5dEFTzEC2fdVCV6fZMtlByRbw1LwezwgoHoVF+:7RQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580408, "uuid": "c853a660-6e5f-4659-b56f-dcb778c7677f", "value": 3556703, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580408, "uuid": "fedfe728-d580-4964-83b3-5b54d101c193", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580408, "uuid": "34a64741-5d74-4055-98f3-783091c2f664", "value": "Departamento de contadores Consejos de pago 0010093792.png.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fd166df-f095-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627580964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580964, "uuid": "31ca61af-2318-4f53-bcd6-1719de8a3aa6", "comment": "Malware payload", "value": "85b4c69ee96bf5efeb8dd13579c03d42", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580964, "uuid": "9f9f7918-8e95-43d9-af67-14c0a8d7298a", "comment": "Malware payload", "value": "3368d82a927186d857ce56ab31dc79abc952c0958cc855203a6c6e1509578d56", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580964, "uuid": "270c462e-d63e-4f0c-be7b-da5e9a9a2a73", "comment": "Malware payload", "value": "d2bb9e9ac05532193cfdf96d2df4f1265a8c7fd2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580964, "uuid": "2fb2b3c3-023c-4c57-b9d3-a0179afe3fd1", "comment": "Malware payload", "value": "a842d1dabffbfdede514b72e28926d3d2ab21a9a91fde9051e17a85869df962b04ac43cfe018df44d8694c9435d5965c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580964, "uuid": "36a0d62d-8037-4b27-b4e6-a0d4c366c260", "value": "T1B4057CE662B34873DDE319399D4B9A7C951E7E0016A0688629F5D84C4F7A39F3C3B087", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580964, "uuid": "91ae79cf-67aa-4e06-8509-642fc0e20488", "value": "641b05b4dc6d8389ff08a789834da953", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580964, "uuid": "f1fa5f92-32f1-4437-bc6d-a6407d6d0bb0", "value": "12288:M7SqgtacuhJPH33i8ii74/vUagbqgFRWvqoHUL66opspF0dh0Mgg:M70uJ/3/ihLSXRfwdha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580964, "uuid": "181f4c04-647e-4088-bbc4-5c7e249a2c10", "value": 865792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580964, "uuid": "57573338-b510-45b8-bdd0-b75a9c7d1ad5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580964, "uuid": "35e90ed4-32dc-48c8-b5f4-2e49d4781b94", "value": "Nuevo orden pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b6d114a-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627557898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557898, "uuid": "4cdf0d5d-d62c-4c09-a32a-2e1bd97b5983", "comment": "Malware payload (Loki)", "value": "9a8e2b20277c4eb838e777c5feeba629", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557898, "uuid": "386f9115-614b-4819-b4ad-cb00181c23c3", "comment": "Malware payload (Loki)", "value": "35c2a725e954eb909fab1a99eb53c044873465447804a32586cfd35efda9e3d2", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557898, "uuid": "9d53b6f1-3160-48b8-94a9-286e845805ad", "comment": "Malware payload (Loki)", "value": "287be346176093ff13984499ac2a5fa53ad0104c", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557898, "uuid": "dba95e5d-1e36-4838-b03d-cbec8bf1cb70", "comment": "Malware payload (Loki)", "value": "10e7ce2aacf218b78464f6e8ba2a8c74841a7bdb4c855f3e52bc7f0c7d5970df808cfd6d343fe3da6183069f66cb0091", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557898, "uuid": "3318334a-543b-4b19-84bb-cbdf2e412a39", "value": "T13C551298FF788991CC5F9A766B2FC316606FDF21D31142A7D23BB769243A270B460D24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557898, "uuid": "6864f570-d1d8-4d47-8d13-5ca0fdb88636", "value": "24576:mHE1v4QznoGTHtXRYD4o1F/fakLAAVfwzxd6jyEdctPfvXGnEw6f:EENHXbdRGFXakUAVo36jbdc9MTA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557898, "uuid": "4aa08b2e-0a41-4455-897c-827db0449334", "value": 1283584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557898, "uuid": "4d774eef-b8f5-43a7-a5d3-b2cfbd8a0250", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557898, "uuid": "2596566c-3dd5-4554-8b92-938a6f12bf24", "value": "invoice.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "031398d7-f068-11eb-875b-42010a9c0053", "comment": "Malware payload (NanoCore)", "timestamp": 1627561508, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627561508, "uuid": "c41d528b-99ac-4949-89db-e15e39d3f636", "comment": "Malware payload (NanoCore)", "value": "d0bca4d9b222750dbb1462d796991147", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627561508, "uuid": "019b85d5-4175-4292-8d29-cc00333f4d9b", "comment": "Malware payload (NanoCore)", "value": "361c09bb08b441d99d0db18a00d5c54ea66b5168e9af8b04fe8a17a2dc5d51e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627561508, "uuid": "ff70edb8-95e7-4949-8594-bdb2abf00b53", "comment": "Malware payload (NanoCore)", "value": "d3d8185521f5699c4449fb20751ae0d9a686fe9e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627561508, "uuid": "d3eef2f7-dd23-479f-bcca-a3d6eaca0620", "comment": "Malware payload (NanoCore)", "value": "fb44ddc37bf96872619c31fc30dc472e504921a60e23bea043dc9a2ef91c08e8b3f99e430f62b0a453038d0fa7282d16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627561508, "uuid": "0e33fd98-6acf-4076-9b5a-f81e2d6cfb0c", "value": "T1EE55E028C98C8FA6CC5C03750A9946345EF5ADE6F2B0C46C3D8E36B1B7F1829EA75345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627561508, "uuid": "928e12e5-e012-4574-b7e2-ce6e15b33867", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627561508, "uuid": "50827f98-7c09-48ec-a73f-1d13b6f1b114", "value": "24576:46S/d37Kzksqks2y8jfYiOdj5b0uTXMN6ZNHZ:IKzgIN6ZNH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627561508, "uuid": "e0930ded-41f0-49e0-ab9c-1223d17e27eb", "value": 1328640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627561508, "uuid": "d4cf0aba-5c1e-4a6c-81db-0844491b96d8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627561508, "uuid": "d7864120-4ae5-42cb-bab6-26f091232aeb", "value": "Spare Parts Requisition-003,004.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83b972b7-f076-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627567737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567737, "uuid": "19019ca9-7551-41dd-8669-8d5bb9e44555", "comment": "Malware payload (Formbook)", "value": "036e043b3ad1262fd4993fe9e6a7fe47", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567737, "uuid": "97b91195-8443-4c0c-ab89-8fff180a7e5a", "comment": "Malware payload (Formbook)", "value": "36398bf80b52214cb0214ec01e71e1fd2600697477d0834a0e7c48b97793ba70", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567737, "uuid": "01a39ee4-bdcf-4238-b026-43666703e17e", "comment": "Malware payload (Formbook)", "value": "d0dbb3d8641fd2615feb63270fc93bc4ceb518ba", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567737, "uuid": "50df7227-2820-4a90-9b03-5f4eec17c9de", "comment": "Malware payload (Formbook)", "value": "a15dd3113b784fe3113f9c98740d1f2cffc424457d103eacb113cf5a0ac6fe5d5192402e4b0e2df9cdcb2d27141009ea", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567737, "uuid": "928e2dca-2e0c-48e5-a665-cfac3a83baf0", "value": "T1FE45127854A01F16E6B867F11D57DB30BABA7E311DBB821FC78E379CA831621038A156", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567737, "uuid": "23f4e520-d68d-46d4-9a17-60cca45cbade", "value": "24576:ap3pm7XeFyo1fCYF0J7nG+hdGlfjkiwjuI5kx9lCJRFHu+6:ap3pm7kxCrY+nojkiwygkx9l6H6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567737, "uuid": "38efb7a5-cfec-4026-9529-705b92627694", "value": 1227776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567737, "uuid": "34ff1eaa-0e2c-42fe-8272-82613e62ecfa", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567737, "uuid": "4484faee-e01e-4898-9998-2a0953cdca98", "value": "0020072921_Swift_Payment_Details.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b667193-f08c-11eb-875b-42010a9c0053", "comment": "Malware payload (BazaLoader)", "timestamp": 1627577064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577064, "uuid": "b55bab7c-13b1-468b-858d-3c10c0ac957d", "comment": "Malware payload (BazaLoader)", "value": "9bca58b356486c17aeb8f157f614acac", "object_relation": "md5", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Stolen_Images_Evidence", "colour": "#9759D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577064, "uuid": "3612ada5-b6c8-4497-9485-5d1e841a9bf8", "comment": "Malware payload (BazaLoader)", "value": "37065b2a4cdaec2b1a260b39738746cb45895bd6d508e7aa5e4013e94abc6196", "object_relation": "sha256", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Stolen_Images_Evidence", "colour": "#9759D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577064, "uuid": "290af282-1e27-4e5c-b78c-e5daf5367e9e", "comment": "Malware payload (BazaLoader)", "value": "4421fbc98f0f0b87cc2912d668345fd5629d98ea", "object_relation": "sha1", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Stolen_Images_Evidence", "colour": "#9759D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577064, "uuid": "abfc5ce8-7024-4b07-9024-9f0407c8a43a", "comment": "Malware payload (BazaLoader)", "value": "f6ae1c2a0dea61e18da34c473f38364c458393f7dc7c379f4d7209536fff052d47af73ef8639eb33dda11c21e917aa3d", "object_relation": "sha3-384", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Stolen_Images_Evidence", "colour": "#9759D2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577064, "uuid": "ea06c4a9-0e91-4a0c-9683-9f67129b15b5", "value": "T149455B127CE184FED63AE0344892C3917632BC6563313BD73E5565BA2A75BD23A3E324", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577064, "uuid": "672172b0-7292-4098-b4b7-18a58503914b", "value": "2869cb885758b15d003acb119f131468", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577064, "uuid": "612cea6a-7557-45ff-b6d4-d063a1ab240c", "value": "12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72B7:HWeaZzqY7dhBjz/lfo/FIyXv72B7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627577064, "uuid": "5e8e5d48-cab1-4d11-9103-27d235b4b598", "value": 1250824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627577064, "uuid": "c0900d68-d192-4cd7-95ed-58318e0a8f9b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577064, "uuid": "ac66555a-ef5a-4c31-998d-4ef76a78b607", "value": "miFrRGoM.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f4dc05f-f03c-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627542631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542631, "uuid": "10c76398-83e3-4bfe-acc2-d2ce92a3c5f2", "comment": "Malware payload", "value": "ca06d1680a100c019bbc26313b46f788", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542631, "uuid": "d8c5c205-5357-49f5-a5e1-9c32b44de154", "comment": "Malware payload", "value": "37289a21d13084923e9772bd439183d04167db92f4359f50f8c39a8b8e5c3140", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542631, "uuid": "2cf1f22a-6716-4b9f-9dc7-75d1d176e76f", "comment": "Malware payload", "value": "92e6414b18c7f5ab4a36bb87e4d424f8495b65e8", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542631, "uuid": "fde77ff7-3016-4b07-89fc-74b6b5f94375", "comment": "Malware payload", "value": "28b4ccd106adf9a3a342d97b7203c78c35ae66d299a7bab78445fa6a091331ef7ae90fbe96361b7a21f8479c263263ae", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542631, "uuid": "ea557e47-bc45-43f7-83a0-30d77a0da38d", "value": "T1B8A02441DC140003CC31113010174710013545055154517403F370554001431F051144", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542631, "uuid": "2ece4442-ebfd-42cc-8d4c-a20a8736b4aa", "value": "3:ud3FGlEUmqhPt1T9LySL3IGIRxl:udVy/1hx3IGgxl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542631, "uuid": "09f0df3b-fae6-4493-af4d-6ff8a3c24c98", "value": 80, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542631, "uuid": "79fa2da2-1eed-44ac-bc0c-3eec2df1cdeb", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542631, "uuid": "f734777f-4df6-4c7a-a048-27bd5ce03946", "value": "payment slip(1).rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5545ea95-f0c1-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599871, "uuid": "eee5829b-c79e-4acc-ac16-a804045b0149", "comment": "Malware payload (Mirai)", "value": "b4fa013e751faa77bd31d907dd2c868f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599871, "uuid": "3edc525c-764f-4a87-9485-f3b0c3311eac", "comment": "Malware payload (Mirai)", "value": "376cecc010bbc8dd69ae220f3f3fbb507b97165daf3cbe709f92e8d2e4a24a96", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599871, "uuid": "4b459b71-fa9e-4334-a2d1-3f712b95ae82", "comment": "Malware payload (Mirai)", "value": "e84e1f8281973f8a41302b8859e265755af4d8cd", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599871, "uuid": "86b47b13-5185-4aad-917d-803d3f49e952", "comment": "Malware payload (Mirai)", "value": "64adf9f9ece9638c9bc115e2ccf80e0671bb2cd430f792ba88cf741636ee91f320d4313d4cb1a42f958cea675d06c3fa", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599871, "uuid": "b395abdc-60fe-4239-b024-1df718c553fc", "value": "T16964F1CAEF11BC3AEA85067135A70B5DB7B4D99AC2C3E090F2D4C55E38A92C5BB611C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599871, "uuid": "e8cc1ba3-844f-4519-8330-0ed970445346", "value": "3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioca5POdOQ33Q:p3lOYoaja8xzx/0wsxzSi8PqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599871, "uuid": "adff7b8d-624a-4bf3-a5cf-f13feb6039eb", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599871, "uuid": "b66f1d31-d434-4ac2-9d7f-d8e280a0021e", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599871, "uuid": "93fdb208-5440-49d0-a260-eb7985c404ae", "value": "Mozi.m", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "819a1256-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535521, "uuid": "6c6c3810-cfbd-4a2a-bcaa-3ff39b8fad57", "comment": "Malware payload (TrickBot)", "value": "23e7e4b650d7c83a0f6858b3570b028e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535521, "uuid": "5c226ceb-357c-4aef-b900-7fba2b79e813", "comment": "Malware payload (TrickBot)", "value": "37966e913885098cdadf23febc01375b7d521a312c315ee52a13a8ed4e508fb4", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535521, "uuid": "e6efec3f-53c9-4f61-84f1-aab4dfbe912e", "comment": "Malware payload (TrickBot)", "value": "f62599b040469cf5e9e4efbecfd8a43e1654153b", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535521, "uuid": "d2afa309-af6c-46ab-8b13-0a8e7123912a", "comment": "Malware payload (TrickBot)", "value": "8adacd4e59ae95fb3d2d7fa863d7cc3405dea6c353103f5d84c0ca4d551bd76981ec86f0c2cbfcdcee3f01c9ff03824d", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535521, "uuid": "61d58444-ceb3-40ed-a6bd-0120c95a937a", "value": "T10DB372D86BD0E417338D2F1BFE0A36EAD1BA985696C47607D15C3A4C24ED21BC6A0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535521, "uuid": "531c84bb-1496-4705-b5e5-232732445127", "value": "3072:a4ETBRLXDeEkvhfu9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8R:a4EXLz+hG9Ry9RuXqW4SzUHmLKeMMU79", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535521, "uuid": "ff94e4aa-3554-427b-b621-5970669da16b", "value": 108237, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535521, "uuid": "f01d5850-3386-48dc-bb8f-b82d98a81655", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535521, "uuid": "35d0a52e-3944-442c-858f-47faa25df73a", "value": "2021APT-28_38796453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66e05505-f09a-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627583150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627583150, "uuid": "64750759-2f89-417d-8655-9d6a17727ddb", "comment": "Malware payload (RedLineStealer)", "value": "8b1bb1851b579f81687e83fbd237d6ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627583150, "uuid": "c3dcdaf2-b47f-49f5-9f86-c7162d436f0c", "comment": "Malware payload (RedLineStealer)", "value": "389ea21a7f0d1e49e9132a075cc72de2a1c546e85590a84c31b55f29f8241251", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627583150, "uuid": "384a3601-d759-4d3d-8a72-7ee14a339624", "comment": "Malware payload (RedLineStealer)", "value": "171cfff5a167688e07da9d469d394326be79aedf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627583150, "uuid": "cd64ae84-f3c5-4cf0-b7b1-191e5e1de12c", "comment": "Malware payload (RedLineStealer)", "value": "039bff0e0b8e5879967feb4c9a05656eb22bf48244aa1d80a7f8a47291744f71dfa42a2045e30ed602af9e26626925fd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627583150, "uuid": "c5932b26-b9cd-4121-b857-ebbed8a9beaf", "value": "T1D8641ABBF06517B3CC385D3B43952E1425296EBFEB0279A7714239E1139F14A29932CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627583150, "uuid": "e93281b8-e5e7-4bf4-88b0-457d6863387f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627583150, "uuid": "6e135c45-dbd0-4d27-a946-b7dc404f9e52", "value": "6144:+UlutPpQorWOYrtiiKf2cbIb2zP2bTISR4NEMP93B5DQ8av53lL2x:DstPpQorWOYrtiiKf2cbIb2zKIiuP93D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627583150, "uuid": "68e63e0a-8350-4531-aac7-cf1d142c21d2", "value": 330360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627583150, "uuid": "29818f96-6fae-4fa3-9454-24aa6e025710", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627583150, "uuid": "6ade7a81-83b2-426b-bbfd-7c9367abe4f7", "value": "389EA21A7F0D1E49E9132A075CC72DE2A1C546E85590A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60e7477a-f066-11eb-875b-42010a9c0053", "comment": "Malware payload (Cerberus)", "timestamp": 1627560806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560806, "uuid": "c01fad49-68ba-44ac-9285-fd7266c0788a", "comment": "Malware payload (Cerberus)", "value": "ebcc01dc4c4f5b5a1d691c5684b4b197", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "cerberus", "colour": "#B9AF01", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560806, "uuid": "f43cc75a-e2a7-45c4-a9cc-501f362a2857", "comment": "Malware payload (Cerberus)", "value": "38e59c9876d09730d7e5d03204ebff9d9b6072108838354e62ab4b62e28bb839", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "cerberus", "colour": "#B9AF01", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560806, "uuid": "0493349a-d5ae-4583-a4f7-034e1f63b9c8", "comment": "Malware payload (Cerberus)", "value": "81b0a11fa3344e57d37fc97f268532d8339fbbe3", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "cerberus", "colour": "#B9AF01", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560806, "uuid": "521fe977-48c9-49e0-9e5b-47c9f3b7c1bc", "comment": "Malware payload (Cerberus)", "value": "d5dd7630c9c7074eb608b6a7f3ca6e188286f31156c95887e16bd8a733fcbf84f1155f6975b9025b3dfa30e3a9a1b368", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "cerberus", "colour": "#B9AF01", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560806, "uuid": "95cd93b9-0b12-4f15-a807-77c6e5ebb0e5", "value": "T1C8063349E6A1CC68D9B7623742C32E67BE1D38484795AA2F97F10DE81D53DA4DE02CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560806, "uuid": "69c17896-e2c7-4913-af8c-aedf4ad3559b", "value": "98304:5oC2wEsPVsbtNw5KbRQx8/msu+t+v5g6NQjaTZtC:5oC2TsP6bbbRQdsuRv5g6NQj2XC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627560806, "uuid": "15eab1c6-4be0-4b2b-a823-192f284d061d", "value": 3820155, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627560806, "uuid": "6e33a914-c939-4191-b02b-bd8fe51457e9", "value": "application/java-archive", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560806, "uuid": "25c44113-e940-4c46-b878-dfea2a0089db", "value": "Google_Play_Store.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6c6fd3b-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535664, "uuid": "f3e43834-fca1-4b05-b6cd-8c35477d23ee", "comment": "Malware payload (TrickBot)", "value": "305ef7621e4f8111d72695e48f64b092", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535664, "uuid": "4cbaba20-4652-4049-808a-d72959e525b2", "comment": "Malware payload (TrickBot)", "value": "38e77159a2f37015485371e8c00573b06c79d14c1b89a9c4cbbd5606b9d7f992", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535664, "uuid": "920fead8-4138-4a4a-8f07-f1ab3f3b484d", "comment": "Malware payload (TrickBot)", "value": "588ad2be4c65a33b58f6b13374c329156d80ee0d", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535664, "uuid": "daa3c89f-6899-434a-a05e-bf9888ef1eec", "comment": "Malware payload (TrickBot)", "value": "663e2a218e74cbf29ab1384a4524ef1279437f06133192ab9cc637532610e93771415736cc0895fcc860055d7d823686", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535664, "uuid": "9de5fc7d-206a-4f4d-a03f-cff05d524cf6", "value": "T1C903F1051B4CC48AA873D877049451818EAC9646A9FF24972A4CBA2587F73EF3C5FF1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535664, "uuid": "bb9e9e6b-8497-4ca0-8552-e2e6d6f3d3e6", "value": "768:ks8gpV5ThaI5z3WQyw2LJg+SYn17b+qlq8ju2Wlz6BbT2c9G95vlmUh7Z:x8KacYdNpvq8aQBeS+vlvZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535664, "uuid": "9b4028b3-7ab0-4863-b8cb-4df195cdb685", "value": 40080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535664, "uuid": "f424de5d-1ecb-4d99-a092-68c9b2ebf95c", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535664, "uuid": "7b52bc15-f9a0-4332-9508-6bb4894d699a", "value": "2021APT-28_23856453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c83498f-f070-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627565148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565148, "uuid": "a2418235-94ad-43bb-ba84-3967cf0dbfde", "comment": "Malware payload (RedLineStealer)", "value": "9e3a16edd9a6d9e24c253067ee217ccf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565148, "uuid": "f022032a-0763-4904-8066-26b1e007613d", "comment": "Malware payload (RedLineStealer)", "value": "390b39cdaafcbe4f315a8a157fc2a7be6bdc11e2598657fd3e26ac8ba8421baf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565148, "uuid": "0c28eec6-9bce-4c8f-a136-6a2a1eb53bf1", "comment": "Malware payload (RedLineStealer)", "value": "41e3f94834eab4a8f2e8027d8d345c7ecacb8c3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565148, "uuid": "dcb49dc3-bc4e-4276-92a0-c12cffdcd1ef", "comment": "Malware payload (RedLineStealer)", "value": "64f1aa557e281148e0646e4ef153cca4191e9a9c1570d5ec00d353fea48420a7c5bd39ada7befe5d24555609b31598df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565148, "uuid": "62661431-08cd-4109-85f4-8aa643f753c5", "value": "T173358DD2E384C4AAD4170276CC7AD971A517BEAA4570860F256E3D2B76F7383106BE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565148, "uuid": "0a327ae2-831d-4801-aaf3-b5c7c8e8ed1b", "value": "4cfda23baf1e2e983ddfeca47a5c755a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565148, "uuid": "8a64f101-fb6a-4b60-be55-d3336dfa4510", "value": "24576:720gPgFKNpkQxAVBbIcXn0hDEB0k5QNe68CL:yKMxAjIEn0NEBb5mFt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565148, "uuid": "31c6a3ea-2e87-4f39-91fe-0ecc23ab2905", "value": 1063185, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565148, "uuid": "afc11b2d-d020-41bb-b630-e1ae583f4bcb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565148, "uuid": "bcbe7812-b05d-4b9a-b39e-090c389db18f", "value": "9e3a16edd9a6d9e24c253067ee217ccf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb30be2c-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627548100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548100, "uuid": "eb6e8443-53a1-4725-8140-d5db3d78d965", "comment": "Malware payload (Loki)", "value": "d52ee6b3ae8127828700bc9b3abd6dff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548100, "uuid": "15991548-3d4c-4af0-82df-43ec0a8155cf", "comment": "Malware payload (Loki)", "value": "3a33001ae12c200a137fde861b00f08e3afb05ec56ea4331c3ae1606e31f4c79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548100, "uuid": "5ae275d2-fb80-424e-8c39-e1e5aff3583b", "comment": "Malware payload (Loki)", "value": "145bbe149069388e25c1f760269549baea73faf0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548100, "uuid": "443296ed-84ed-4443-8b0b-348c7cd961de", "comment": "Malware payload (Loki)", "value": "98cf4f6bd213b1249d88356f45bd73bdeb8e7e70e8630aea3de6fc0bccb52f3cfc27e7eb9d4db1992a4486e4fcf99a31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548100, "uuid": "9f4e8295-7633-4acc-b4d2-631361c491d2", "value": "T19B259E21B6C4CE29E56E833A8EDE10644BFCFE123572E7687EE113B12909F51D8741DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548100, "uuid": "348ce617-b021-4ca1-bac3-53edee8a02f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548100, "uuid": "aca4793c-14e1-41d4-a0cf-277c54fd43e2", "value": "12288:SWRVjWCtfexO8AT5/d3XitoBoRoDoyof+DcC+49Qtrf3xilXupTRA85DZ5dT:rdr5/d3+K64JbDx+49Sli5QRzDp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548100, "uuid": "d08e99ab-ee0d-41b8-8cbc-c5c2bf8a388f", "value": 1030144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548100, "uuid": "a6564f40-c9da-4ed8-9f57-599511699fec", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548100, "uuid": "28e4e20a-761e-4035-8591-9328b9226f9d", "value": "d52ee6b3ae8127828700bc9b3abd6dff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d458c183-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627570878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570878, "uuid": "d515bbb0-e88b-43b8-ad48-3f32dacf7e6a", "comment": "Malware payload (CobaltStrike)", "value": "2c81c39abe11c604c64d6511a932b644", "object_relation": "md5", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570878, "uuid": "b51c0e00-7c08-4481-8f9b-81b9b5135586", "comment": "Malware payload (CobaltStrike)", "value": "3a3cd913b1916e4a4e1efea0f11ef31a865931137db8c518e1e293efffbb8497", "object_relation": "sha256", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570878, "uuid": "42f820d8-3bf6-4181-833a-467440d8376f", "comment": "Malware payload (CobaltStrike)", "value": "a1f932f55858fc57f750c9fb3d7fda278dc8fe0a", "object_relation": "sha1", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570878, "uuid": "8a4df1bc-9dd0-474c-a34c-95f494afa04e", "comment": "Malware payload (CobaltStrike)", "value": "fa66849178ba618e59920a4f3de263d9e19cb7a93f484eb4e865f16264f5ea63175bcbc24a905daa077d9e578e0a0b08", "object_relation": "sha3-384", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570878, "uuid": "5d26b029-9c2a-41c1-b964-885315d067d7", "value": "T175B12F51039A5BAEFAAA4DC1DC1D200B25F8CDAA7E542900EFF36AD37C2BC649075721", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570878, "uuid": "e099f653-4000-4795-bc9a-79a04b4910e9", "value": "96:lg5SvvvOmVeLU/igjwvNBbKefPi+d23OmMdZFaJv0lgMk0lobXl:OIvOPLUKgAN2xMdZU2ZZ6l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570878, "uuid": "72a382db-e64d-47ab-9eb4-fb6e57360e0e", "value": 5229, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570878, "uuid": "37b048d3-5c5f-4a36-ad1c-5d0915cc0f70", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570878, "uuid": "585975a3-6cf4-47fb-b1c8-cfc046012796", "value": "payload.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fa511b3-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (DCRat)", "timestamp": 1627558174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558174, "uuid": "855f91b9-de27-4a85-906f-63fc8353c913", "comment": "Malware payload (DCRat)", "value": "f31199c1fccb1fe693824f89573e4194", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558174, "uuid": "1ef4f850-6f56-4438-bf10-6a7256d0a109", "comment": "Malware payload (DCRat)", "value": "3ab850d582976fd9c1bb14c1c50cffa66e9fd6e55fc27a704f01c45d1bc251dc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558174, "uuid": "ca57c406-ee13-4fa1-ae94-fdd67f9384b1", "comment": "Malware payload (DCRat)", "value": "6e73fec1f0db28a7cde303a1bddf3f0d1fc26e1b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558174, "uuid": "d564a7f4-0a4d-46fa-8128-206fe87f9ece", "comment": "Malware payload (DCRat)", "value": "f83939262535b39b8024dc020c32b506fb9f1243dde87ec2afd199b61cda7b201e9d12e6d480c0e2ded0b4f4034f9f4b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558174, "uuid": "c77f406e-7506-4f77-9fce-9be66e9e3cbb", "value": "T17D0633123DEEE05FC1E70B717DD19C8099A0DE46207D0B5A513EEA63213AB19CFAD879", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558174, "uuid": "8d3fbcc3-7621-47bc-84b0-cef63014ce59", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558174, "uuid": "c1312f11-dbc5-4193-928e-1b7c21083c60", "value": "98304:GUFI1/p+td2Uf1u1xBKlhVr+4k0fBtkAV8JqhBnO/EuYVKPFswc:D6Uf1u1HKnVrTNBtkbqC8FKKwc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558174, "uuid": "ff507f5d-8f75-478f-b120-bf98f4bb9a07", "value": 3774212, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558174, "uuid": "54bc771a-697a-4cb9-bfc3-5daaeb83e58b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558174, "uuid": "095f72cf-5b76-411c-b15b-8108f812c4c1", "value": "f31199c1fccb1fe693824f89573e4194", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92640349-f031-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627538126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538126, "uuid": "e6c2a5d0-40b2-458e-97b9-aae55b8ec84a", "comment": "Malware payload", "value": "6856ae442ed396ac95413e4b9539f7b7", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538126, "uuid": "48e41f8a-3722-44fd-b68a-491f94d96c72", "comment": "Malware payload", "value": "3bbae53fc00449166fd9255b3f3192deba0b81b41b6e173d454c398a857b5094", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538126, "uuid": "83d0b294-6a55-4bf4-b851-12b9f147001b", "comment": "Malware payload", "value": "f707f78fe02a3bc0a01b36f23cf1b96d7c2461f7", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538126, "uuid": "248138aa-ffc6-4921-9f51-b205c7d1fa29", "comment": "Malware payload", "value": "03ca3e1be3db3a9fb56fab23016b62111d76cc9c887b7dce2957ce99b30335c13dc961fe6631618cc7c38663fdad216a", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538126, "uuid": "7b37cbb1-7aa7-4c56-9bf8-8b27623793aa", "value": "T18E642394CCD2BE99C6857E3FE67166158A315327501956D1F7088EBAD32A0F603B328B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538126, "uuid": "40e9f641-c6f6-4ca8-a5fa-245c0c86caae", "value": "6144:4laKqOMSdtXfwOkDetj3+6jen8q2LhMnb+ggcNX:WaKqEPwyj3+vnWLhMnb+wNX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627538126, "uuid": "530fee84-2343-4861-a50d-8c2411a85234", "value": 332316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627538126, "uuid": "e57f6efe-83b6-4b5a-ab5c-4fa616d27f08", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538126, "uuid": "0bd13969-3f1c-4f05-9f25-5b75e8c55b40", "value": "List of Nomination of the Candidates1.xltm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a33611d-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1627557762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557762, "uuid": "7bb1899c-4be6-47ac-8b8c-e1a77c7ec55a", "comment": "Malware payload (AveMariaRAT)", "value": "2679f8a6eb593ddccb40572888b59a3c", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557762, "uuid": "c7b60929-8cd9-4ab7-a55a-4864722a9bee", "comment": "Malware payload (AveMariaRAT)", "value": "3bcaf191db8de9ae0926e3cc6c1e64b20187b1acdda8498c7856ac569e125204", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557762, "uuid": "14d7dd12-c12b-4f1a-868e-5b1689f9fa25", "comment": "Malware payload (AveMariaRAT)", "value": "4d6caff8489d88e76b3d08715cf107a5e3ebfa3d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557762, "uuid": "413e8372-130f-4985-9d53-e7339886543b", "comment": "Malware payload (AveMariaRAT)", "value": "0cc393b3bf4681fad3c1f203dfb3b1f282227366e577eed19ee8a4822f9f9a2165a7fe8ef9133b5f56f1d812a59b32fa", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557762, "uuid": "ba27a4c0-a354-4f86-9796-d63340479d67", "value": "T185359DE263735837ED1368388D2B4654691EBAC50B10228A3AF9CDDCAF3569F7C7414B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557762, "uuid": "36575c98-33fd-4f15-a0f2-2945630c935a", "value": "04e2fca09a354b909f05dafce23756a7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557762, "uuid": "9c2cb621-0977-4601-8b11-43b8aab34d03", "value": "12288:ZrSTAKfXQD39eT9ufhyGFQ1gBF8UhWdu0SAJ9mvziPkpVtSj6+1G6v:BSk+28ufhEE7r1aG1LtQt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557762, "uuid": "950a233c-dbfe-404d-8d76-6835ddd87b34", "value": 1128960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557762, "uuid": "fa7a5e8d-5739-477a-9e52-40e192041417", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557762, "uuid": "459bd35d-c7df-493d-a670-4bec0787e7e8", "value": "Attachment (1) - WEBER - RFQ N 21.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07ca6065-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535316, "uuid": "cc95edf4-2225-498d-b349-bef47e70c7b8", "comment": "Malware payload (TrickBot)", "value": "28e581f49bdcd263863e200ca4ee3b35", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535316, "uuid": "8adf40e0-0004-43dd-bcbe-cf4398a7db79", "comment": "Malware payload (TrickBot)", "value": "3cad1f12d089fb1aed54d49e93948d367673cf051b7b5f8b9429a6e7f0c2d6d9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535316, "uuid": "19d1c2e8-d1df-49d1-9bfd-62fe7faeaccd", "comment": "Malware payload (TrickBot)", "value": "f5cee0d031c6eeee5688d078c4b4afef871f6ecb", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535316, "uuid": "e5ceec1e-31d4-4aa6-9090-34df91421918", "comment": "Malware payload (TrickBot)", "value": "5decd20a5b77bae730080cf8264f1806a9e720bd7e1c74992909957b71860a869aecb460e7131dadbb1f438d86b5e3fa", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535316, "uuid": "05aadd3b-b26a-4bbe-8d90-9e7535cbf71f", "value": "T1A7C3A1D87BD0E417338D2F17FE0A3AEAD17AA85696C03507D15C7A4C29E921BC6A0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535316, "uuid": "c38f7dca-39fc-42d2-aec2-fd9950e50841", "value": "3072:vlYBv4U9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/X:tgn9Ry9RuXqW4SzUHmLKeMMU7GwWBPwH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535316, "uuid": "54109f5b-3c09-48e7-93f0-9c30b1475e30", "value": 122567, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535316, "uuid": "b0d5f57e-5dab-4068-b1d1-9e879124abd5", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535316, "uuid": "1277569f-8569-4b04-bc73-f46764e73324", "value": "2021APT-28_76992453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0fdf6d0-f046-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627547277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547277, "uuid": "67b6d17e-c854-4811-9795-9a3a3d894e4b", "comment": "Malware payload", "value": "ad6c97f1e70c014a4d986e0428fd1dac", "object_relation": "md5", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547277, "uuid": "561f3c28-d472-46dd-940f-9985a02ae5bc", "comment": "Malware payload", "value": "3d27104ec06c7132ca91494a80365bd55746d05136969de34402e29a163f9196", "object_relation": "sha256", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547277, "uuid": "04c9f9d6-a375-4d14-9526-953507bb8267", "comment": "Malware payload", "value": "9b847b6e655f4b3ca2176269b66a054ca8658fc2", "object_relation": "sha1", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547277, "uuid": "30fd9700-551d-4bc3-8a76-88cfb48c37f6", "comment": "Malware payload", "value": "731194f1107c0e1b2aaa078eb094745473b1c49b593aa090bffad51003c19c7b9abd8068dd7957b9467bdd79c074f979", "object_relation": "sha3-384", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547277, "uuid": "f02a9724-4b76-4262-b5d6-f7e39fdcd204", "value": "T1D5C42391B362DA2DB40BE82AAD477AEB40B37F47F462E6D595FE09C7E80630015B5B40", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547277, "uuid": "c15147c0-2991-401e-b919-f24235289721", "value": "12288:/xqaqYFHwlEGBEg7eqG9e46Bc3E8L47aWnwlLLFMqmtkp88:/xV9HwlfJ7vGgbBZ7ElLLFMqmtr8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547277, "uuid": "ec48a218-49c5-4b2a-a9ea-71ed7eb8e8c2", "value": 578048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547277, "uuid": "57ec865d-7fa3-40d1-aec6-9e8bf091ac39", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547277, "uuid": "d125652e-7429-4d02-9687-017f7ae22295", "value": "Sembrava", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "400595b5-f048-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627547866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547866, "uuid": "66f2c897-3858-456f-ab0a-e99be9b6af18", "comment": "Malware payload", "value": "e9b8ef9a1095c40b730b60e97c517586", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547866, "uuid": "1c72fe89-ef7c-41ff-a284-4741afc47a22", "comment": "Malware payload", "value": "3d59e14c731b60c6ceb49b4a682bd56f5f31769596379c46e53528fd5390e281", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547866, "uuid": "e3874257-ecb5-454c-a194-bc830d26d5c7", "comment": "Malware payload", "value": "fa0cdf6fdc1165b29b3042c067cf3a3e5823bab1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547866, "uuid": "9e428bc4-299d-4d5f-9fdf-fbaea99a6d8c", "comment": "Malware payload", "value": "d435d0173e6a8804bbb08b7b2502e83c53a5e351c34e441419f788a85690aafb0fb53ca41f8bb674a8fe3ce81ced5ca4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547866, "uuid": "bf8503ea-3ffc-4b8e-8e44-8d23c7825d2c", "value": "T13E7533A7A842D345F6BD917F8C4B36708833FB27F09712684429F2C63856B5A4B65BC2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547866, "uuid": "3829a572-45d6-4183-8b0a-9635e1f8cb19", "value": "24576:MSaNDCTzJjmbO8NIRr+kpa6PBin0lPv/i52yI6H6hLuNDldeAzMXMyd4:Za1QzkbBGRPpaif65XFH6hLufnS4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547866, "uuid": "cb1c932a-8039-439f-8ecd-4e93e31feb1a", "value": 1612176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547866, "uuid": "92e2b507-9c03-4df3-af23-81fbd009379a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547866, "uuid": "1cabf2e9-f3c1-4ce5-8828-e28b2c97cef2", "value": "e9b8ef9a1095c40b730b60e97c517586.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff3a11d7-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627570950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570950, "uuid": "02637d8f-cdd4-43e7-82f1-09ca71b1b252", "comment": "Malware payload (RaccoonStealer)", "value": "dedf5473aa8afc31b4e18e3d9bb4a954", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570950, "uuid": "e9b48bed-e4f4-4091-a00f-408a2d07f1e8", "comment": "Malware payload (RaccoonStealer)", "value": "3e5c0a3309b7e9818fa4e062fc66525fd550eebf6e23f1f11882b4e391160367", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570950, "uuid": "05c3028c-4c39-4c44-9696-98cd585dc646", "comment": "Malware payload (RaccoonStealer)", "value": "385955dbfe9f5ae9bc8ba634ddc22c229aef8cea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570950, "uuid": "b166e4ad-d7c8-4133-9797-c63a46f6b0e2", "comment": "Malware payload (RaccoonStealer)", "value": "44e674a0e4cb37a65824623d6bfe662cfab7b23468b660fa0ed76f7afd449658c2956bec6d61565621e6af19f58c15bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570950, "uuid": "8c6c4ab4-ecb5-40f3-93c6-f3b7af0e38bd", "value": "T12CD4E1306A90C435E4B722F849BA937C752D7EA06B3450CB22D53AEE17356E8ED30797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570950, "uuid": "8de0f060-107d-4743-a7a9-6421b1c1ecb1", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570950, "uuid": "5265027f-1047-462b-9f20-3b54ea9b1ee3", "value": "12288:m1c6ZvAKlcTdM6GK6vI9RYP8lqVpiFcDgAPuiiMEqjB:H6tAK8d/6AY0vpAPu1MH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570950, "uuid": "bea4b937-36b0-4296-bcc2-57d48d8ebc6c", "value": 604672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570950, "uuid": "25508958-2b03-4d23-b80d-0d297be686cd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570950, "uuid": "e8683cfc-fef2-4808-83ca-76e74891a573", "value": "dedf5473aa8afc31b4e18e3d9bb4a954.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbf77c54-f0c5-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627601788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601788, "uuid": "a4e5f623-8d3f-4f74-8f80-e6fa08d8f8ed", "comment": "Malware payload", "value": "ca75b1bfba3facdde469a3c46e79269b", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601788, "uuid": "752afd8c-ac71-4011-843b-f66cc66ec975", "comment": "Malware payload", "value": "3e93a8858c95d52627f9f921fa2c03a8c5240ef6d5504ec7baa6e129755c95c1", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601788, "uuid": "a1099da4-8af9-4558-b66a-ba45ec507503", "comment": "Malware payload", "value": "afffafdeac05d7141127a7fa473986409dcf366f", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601788, "uuid": "b8345810-b885-4898-9ef9-9edb2b88ee17", "comment": "Malware payload", "value": "b0a488dab02448e1bf2241d179c1d09aa5e440df71f48ee5c0b53d7e3b85a60f1279a8a01f07b79269ed21ea27225911", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601788, "uuid": "3be499b0-8fac-4bb8-a672-f508647a75ba", "value": "T1A2322A3DFA71B924E4440BBF9DFAE16B47227C83B9B340AE3152B52C5B750CD1E18A91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601788, "uuid": "58cb88af-7e1b-432a-8629-5924e7ee9a8b", "value": "192:IOFdFsRdB+mBYTQONc1z+nKQb6B+tn+xm7l1StmT18fCA:6+mBYTPQ668nzp1cvfR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627601788, "uuid": "41da47da-623b-4181-a9b1-5e27a70a82de", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627601788, "uuid": "0b06169f-0539-499c-a928-81efb7db50ae", "value": "application/CDFV2", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601788, "uuid": "8ad89c0e-70ae-490e-825f-7a6a41ff2533", "value": "SecuriteInfo.com.VB.Heur2.PwShell.2.C69CED9E.Gen.19325.7102", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34c8d79d-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627580060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580060, "uuid": "e317275d-f96e-4596-97af-c2e2a74815be", "comment": "Malware payload (AgentTesla)", "value": "9990df234e89d40a0e4779fe383ab714", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580060, "uuid": "3eb5b2d0-1e4b-41dc-84c1-3f2909bd8cea", "comment": "Malware payload (AgentTesla)", "value": "3eb96d835551fac79bfeb45e22e7ca9323b0c6ab62e0272f6cb83cd278509ed8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580060, "uuid": "6415fde9-6fde-4770-975b-9ebbcdea1900", "comment": "Malware payload (AgentTesla)", "value": "4aff6a1e0d10b61275c33718b87d221e9643be8c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580060, "uuid": "589ed4de-1b6f-4b7a-ac6b-47cc3c459acf", "comment": "Malware payload (AgentTesla)", "value": "a96b7c7da12ebb8f550f64dd921c1138a82d0aaadf97c58a38957c36796020856ff330fa126de3c494e3c689254e2ed1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580060, "uuid": "548e1878-a9f9-4f17-9370-7bad6dae020e", "value": "T10005BF2045CCDB9DD8BE03741B6C02A86FF0A942E1B0EF283F5585B5AC91B51F9BE356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580060, "uuid": "5877dee7-da5a-4998-94b9-1c4176fc4812", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580060, "uuid": "017ba94e-07ed-41cf-811f-11fbd8b0aa5a", "value": "12288:1oLDcz3s//7iS/d348w6JpBdCUw/8spfTuyMQpTMUuGk+HFNV9jIWB2ryWs:iDS4uS/d3nJp+EjWppkwNVVIWaA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580060, "uuid": "a8965db4-0077-4eee-8940-d89e95a8666e", "value": 872960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580060, "uuid": "e89cc682-0997-4104-98a3-d90edf04a454", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580060, "uuid": "1fe1ec8a-75a4-4031-8d5d-144dfa9a7d0b", "value": "Payment Slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf876186-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536511, "uuid": "0c5b1bf5-353c-48d8-90a1-333c6995fcc5", "comment": "Malware payload (AgentTesla)", "value": "682da0d0e30f7a6b63823a8f00d766d2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536511, "uuid": "9bfd7dd3-2203-4680-9347-3e5957753741", "comment": "Malware payload (AgentTesla)", "value": "3fa788a8c80571c743fcb90513108f4f72ecc1f822f02eca91a0fe5e7b6c380f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536511, "uuid": "0d8f2083-f348-4717-9247-bd001a80827d", "comment": "Malware payload (AgentTesla)", "value": "43b6ec7aef6a68d01dea3dd00c1e7327e695b09f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536511, "uuid": "23e4b326-da80-43a2-a9d2-2684259db846", "comment": "Malware payload (AgentTesla)", "value": "8b4d2aa710147097abf6ca66f18ed4bfd6a764a0a420b274824c9ef16055579928d81a3d134da7b2a11c8941fb9a035b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536511, "uuid": "6f3b0692-acaa-4a68-9f6f-48ff3c7d8c3d", "value": "T186E423F46EDD00520D8DB968B20BEEB485F3AC6E52D81C2EB8B885EC1F64D16C7D6D05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536511, "uuid": "f6001ea0-4bbc-4edb-b13f-966fde76e331", "value": "12288:2MHGVU2kkEGsPRchBR43/2s/tPRDCyEXLP9ufPbocMk//zfYvOEKZxU0:QgkEGvintP0yyiPbocMk3MGFPU0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536511, "uuid": "24e137d4-6e07-4a97-b3b8-97b8fdab1b31", "value": 685867, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536511, "uuid": "d2e1ae4c-190b-4201-a189-9d2a02f36e1e", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536511, "uuid": "5c0091c8-f730-4cde-9d17-6755153f508f", "value": "copy.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2a11a8c-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627569158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569158, "uuid": "a943dd83-72a1-4a10-ad13-056522519b8f", "comment": "Malware payload (Gafgyt)", "value": "7607809d9d11dde1488d8c9f2770e13b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569158, "uuid": "31b0c324-bc0e-48ee-95e3-2443b7c3393c", "comment": "Malware payload (Gafgyt)", "value": "3ff267153c97aceb20b6512eb5d7a8842f2619befd371a54fe871fc12374e040", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569158, "uuid": "a94eb637-d132-4a8a-9bba-0bf170cf12a4", "comment": "Malware payload (Gafgyt)", "value": "0f1ae84d014496b4cfc28264f4501206cde2ac40", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569158, "uuid": "797e4085-04f1-480e-9b52-2482a57c8dbf", "comment": "Malware payload (Gafgyt)", "value": "b119354615102bf49082208e1816bd0b24538f3e13ddabfe644731b4a38c16b94476172f0469c0de60b63970b5b1ff11", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569158, "uuid": "4b9378b4-e909-4a10-bc83-5bda5e6e3921", "value": "T14903F272925011E9C9E02B79F73B8144E13BB7A0C3A735FED7646355939640826BB70B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569158, "uuid": "39bb8288-2461-44b5-8620-dc21003c4e83", "value": "768:mxi4nm2sJL6eKaf99ArQnnkEB/VdFcRDWb25f1u3UJ186Jm5Y1ITEZRQVeT+x:mxiamLnl9ArCkEBfFcIa3f86QBOQVeTE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569158, "uuid": "9b3a59b8-e7b6-4854-93a4-349a26ed5eb5", "value": 40448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569158, "uuid": "d134a44c-f876-41fa-af2f-9775f8246ec6", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569158, "uuid": "915a7cc0-76b1-4746-8841-9cdfbb74e6c3", "value": "7607809d9d11dde1488d8c9f2770e13b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4549287a-f041-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627544869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544869, "uuid": "f1dfe3d4-374e-48d8-b330-00ad1e6cf04c", "comment": "Malware payload (CobaltStrike)", "value": "8cd1fa5b99da42265103d9da22f46666", "object_relation": "md5", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544869, "uuid": "69aebd2b-d1ac-4ae1-95b5-dd9b6a58b3d1", "comment": "Malware payload (CobaltStrike)", "value": "42104ac31fe7ae7328c209007ea71dc3effb183c736a9bddcf86f690fe96df9a", "object_relation": "sha256", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544869, "uuid": "dcbf3bee-a244-4583-add5-10f0b1ce6ed6", "comment": "Malware payload (CobaltStrike)", "value": "2aa0c824bddb85e60ec25724ebb5509e1f52785a", "object_relation": "sha1", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544869, "uuid": "50963140-5408-481b-ba0b-af7b6383729c", "comment": "Malware payload (CobaltStrike)", "value": "dfcdbe56aef17b58bb041ea10c21d0922e24809d0060c54586f4706f3a803b4e2fec67a97d1e60b12ebd12e32de80c2b", "object_relation": "sha3-384", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544869, "uuid": "26a54af2-dfe7-4292-8485-1b39c0f3227c", "value": "T17254AE28A3B941BAC3DECE71ABBE275346E46CAD7D75BD3D4904B96B3F400D58608C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544869, "uuid": "8545fd8e-7e7b-4680-aa74-401e4baa007b", "value": "17b461a082950fc6332228572138b80c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544869, "uuid": "ffaeed83-a41f-463f-8c03-1abbe18bb6bf", "value": "6144:YCEqt32bK29/inSYUTvKj51JVEhzTFuKy:Uqh6KYYUTkIHF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627544869, "uuid": "3a8da2df-819d-4ccf-9395-855a490069f1", "value": 288256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627544869, "uuid": "eb79e633-e31d-44ad-8a7f-6f9b906a7ca9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544869, "uuid": "fa0f6b86-67c8-4b20-93d3-7b87e1bade68", "value": "42104ac31fe7ae7328c209007ea71dc3effb183c736a9bddcf86f690fe96df9a.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6df58d3e-f0a1-11eb-875b-42010a9c0053", "comment": "Malware payload (Vjw0rm)", "timestamp": 1627586169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586169, "uuid": "e3c4ccbc-c1ad-4092-9e70-68c8e118ae9a", "comment": "Malware payload (Vjw0rm)", "value": "be1345c7e8039f7d3782a06a03361767", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586169, "uuid": "afcd4185-5f18-4e35-9c9f-d8852d112735", "comment": "Malware payload (Vjw0rm)", "value": "42cadce684f1b747fa31f2c109c2a729ca5d1baf4aed93f3c3f87fb8f7053deb", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586169, "uuid": "c4f322db-d525-461c-86c5-b4af4e873d32", "comment": "Malware payload (Vjw0rm)", "value": "21d422062fa6de71e94b529e67566477333df43f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586169, "uuid": "00853810-32cf-4dd6-bacc-e1e40b1ee9b0", "comment": "Malware payload (Vjw0rm)", "value": "f4ddf4b7b9e8a41fce5b4b401d8698df0bba35991325af87501881e7fc6c0b81171701e1ccea192a641d5b278169ca13", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586169, "uuid": "56c4759a-ed4d-4ee4-aaa4-96b59931d227", "value": "T17EE393FCF1051F22D392611C89DA0A1873B2D361F1E9DF05666C7A09C1EE92B57CAEC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586169, "uuid": "70aa6c01-c247-44db-9670-641405c73c5d", "value": "192:nlu4lgWAi75WbAZvw1hdh12cB5kw94tMa3dZYkVdPrv1kQuIVLk5/lWWW5RazC8F:chWA5KWy24jHuHqWWoKSqrE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627586169, "uuid": "136e4d1e-491f-4757-98cb-82f35097d8f2", "value": 151876, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627586169, "uuid": "5ff43503-6287-4a9c-bedf-f26fe064f92e", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586169, "uuid": "8681d3e1-9313-432c-b93d-deeb3bec30a4", "value": "ORDER-21729.doc.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "502e7296-f026-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627533290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627533290, "uuid": "a70cdb51-a6ab-46a8-be2a-69dbc6395305", "comment": "Malware payload (AgentTesla)", "value": "562b0feb31a82380cb9e945644460d5b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627533290, "uuid": "527090fb-5ba5-46e9-81ba-265207e3310d", "comment": "Malware payload (AgentTesla)", "value": "42d9a4cac38f75fd777be1c51842d13ad099e84da9da516e0e426c2d82611268", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627533290, "uuid": "5c6cc868-96ba-48f0-83ab-81048e451785", "comment": "Malware payload (AgentTesla)", "value": "1602264513b3de634d84e82de1e99cd232ab2c32", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627533290, "uuid": "f4e535f1-53b6-4e52-bbac-df2bf4e7b1bf", "comment": "Malware payload (AgentTesla)", "value": "137abed5a987613c2b00c35a2341567f4cf9e3771e23815feeda7490286e1b3c2c7365cbd97403c04cf32df542cc2669", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627533290, "uuid": "71ff903a-3f0c-4bbc-9ee3-bad14f70e949", "value": "T17664D090F286CCDAF97751B58C5ADA2111AB7A6EDC70950E70873B3DA5B33821076B0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627533290, "uuid": "e28ae1d9-5adc-4594-a74d-70afb2e75d6a", "value": "d51f4756e17d2e0cb52cc870ed396809", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627533290, "uuid": "62766a7a-3345-4ea7-bf1f-634a4c40e2d2", "value": "6144:mkgRHOVoILPfm9JYv9tOb+LNgPHfdRQpLFFgtRLgaA:mPRHOVdcMtOQNWf3KFgtR0P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627533290, "uuid": "ee946443-d11a-4efc-801f-005d94905bfa", "value": 319488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627533290, "uuid": "b3696f7d-80f2-45d9-9079-5d32f3b2a5f6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627533290, "uuid": "3a741205-71e1-4339-b71d-8126e6adbed3", "value": "SecuriteInfo.com.W32.AIDetect.malware1.13994.22348", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "330b68b9-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (BazaLoader)", "timestamp": 1627574903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574903, "uuid": "2f2f7fc0-541d-42b4-ba19-07590b06179c", "comment": "Malware payload (BazaLoader)", "value": "ade047b047a762846f7df54eed3dd90a", "object_relation": "md5", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574903, "uuid": "fbb3aabd-2fe0-4680-8d05-dea2eebb14ec", "comment": "Malware payload (BazaLoader)", "value": "42ee070ac0de1e32e2f436764560c31655f0e81aeb2f842a895cca3405fb2c7f", "object_relation": "sha256", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574903, "uuid": "946b497f-4c65-44b1-840b-ca83190abcfd", "comment": "Malware payload (BazaLoader)", "value": "d14e19640dbed65b96ce6a3881261f5fb9335874", "object_relation": "sha1", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574903, "uuid": "4b3208b2-5da1-4657-828e-3c320635756c", "comment": "Malware payload (BazaLoader)", "value": "f8eb9373637e423b30ae1b4518fabe397cc1aa1c8a828157dbf7233f10e39a0332d21f13452f5e8794899b2991f4d495", "object_relation": "sha3-384", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574903, "uuid": "99701dcc-217d-4e40-8468-731c0edc1164", "value": "T1B5F358179900A7C2D52C41F5AE071EDC6F0A6B0DE2C278EF81674E9B3AA53B35ACD15C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574903, "uuid": "a9c24294-15c9-4f8f-9e26-093069aa2e06", "value": "3072:TALCFzv4iOuXHPoDIniT5gg8JiaFpSA+gyLe:TLzFrHA8ez8rSA+ry", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574903, "uuid": "3d21d13a-aab9-47b3-bd38-b79e51938564", "value": 161019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574903, "uuid": "dfa53b00-b858-4039-8268-ee1c35ec9c4a", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574903, "uuid": "f8778f90-63c6-4f55-8372-a8b70b8e44cc", "value": "case_L0275390548.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2b0398a-f07a-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627569507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569507, "uuid": "a118dc02-5340-4052-becf-a9cb93b72556", "comment": "Malware payload (AgentTesla)", "value": "44f47559284f85239901f52b106bd180", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569507, "uuid": "ca72ae1c-43f3-4829-af1a-7ce1e24e7121", "comment": "Malware payload (AgentTesla)", "value": "4364bf63d2c44aeeaf97658b29f48d06b334a2da5c9140dd969c7561decdf79b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569507, "uuid": "cfc2d039-182c-4561-a624-6dfdc500b765", "comment": "Malware payload (AgentTesla)", "value": "81f5802d5d0df8d2d279500ef692ca3ae0a9d93d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569507, "uuid": "e8c50c6d-829f-402d-8d5c-cf42f98e8d76", "comment": "Malware payload (AgentTesla)", "value": "31dfb3a22c2c042491ff362264c89ee31a9987d497bc7570388c40183902cc700ce11542d3756e278ede8d2c1675e136", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569507, "uuid": "289b5c4d-1897-4832-a749-48f04e698cd2", "value": "T1102419166354D521CB5F417FC01AC21831F1E707A72AD2CF5AA6D8FA1F852CEF92A8E4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569507, "uuid": "1b5a93c6-09e7-4e54-829d-ec29561fe463", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569507, "uuid": "76e11bf0-f857-4abd-b5c5-85cd174cbcef", "value": "3072:v9WMISSYHTbvhWdIelUG6iUiG7jl6llrbgtnhe2fXKRzlVSzvHkcCkVG+EqC4vGP:vCSedCIUhIlRANXKgGkG3v4+TU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569507, "uuid": "9350a4d2-b1cd-4234-99a6-e0a16ed91fed", "value": 221696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569507, "uuid": "3e828260-4a07-4dec-8b33-e1179f88c3d7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569507, "uuid": "ea5412a4-aa1d-4248-ba7a-32538c505925", "value": "bxIUROsrpPdeCMQWJscUkHELP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0f12e85-f03b-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627542526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542526, "uuid": "85b1026f-be8c-4256-937b-3256b99f2a71", "comment": "Malware payload (Mirai)", "value": "e0b0447333fddd6317711a6d0346cd9a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542526, "uuid": "bca576d5-c076-4bab-8716-ce641052ee44", "comment": "Malware payload (Mirai)", "value": "43baffebe1afab41b926cb6e5ab80861c9106cdf53608aed13dfae5f37825bf5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542526, "uuid": "df98c6bd-0435-4ad2-b1ea-27bfab2973b6", "comment": "Malware payload (Mirai)", "value": "2825bd4ad4b70fbea9e0ef7e25a3be5d4427430d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542526, "uuid": "9e615115-ccc5-433e-8e53-567306b541de", "comment": "Malware payload (Mirai)", "value": "5430cfa1db5f1101ff7e0f76ce222f6947407bf7a9953961513861dd4d1edbcd2b446c275696b64f004eb9f339915387", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542526, "uuid": "7c798b56-a861-481a-a8ef-9b5a098377c0", "value": "T1C683C61A2E714FADF77C833447B78A22A79933D633E0D685D26CE9001F6024D645FBA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542526, "uuid": "acc4226d-328c-4803-9481-7667ebe22acf", "value": "1536:eXBLB3N383e3HzZoluhm03WYGhbsm/MnibJreJdZwuh:efZDhm0g/MnUSWuh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542526, "uuid": "fba930db-f919-49a5-993e-8039f5b65225", "value": 84932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542526, "uuid": "d31bc026-ed85-4ac9-887a-aada525e966f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542526, "uuid": "88fb60ca-32ea-4e36-8e07-92984870be0f", "value": "e0b0447333fddd6317711a6d0346cd9a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66a376a4-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627559098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559098, "uuid": "62eed78b-5f10-4f03-b7af-e3a6560ead8d", "comment": "Malware payload (Formbook)", "value": "9ff21df84e1fcbe3d9d9b21a4469baa9", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559098, "uuid": "b6b4eaaa-8452-427f-a7a3-1f9c4ac82f2c", "comment": "Malware payload (Formbook)", "value": "43d654ed6722bfa25d4f089256e4911bc46b1fe8d2b5bf8c809ad47a6c91d22a", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559098, "uuid": "cc7545e2-79ea-41d3-acc6-e19c8910f651", "comment": "Malware payload (Formbook)", "value": "9c2a7ce23fa637232b1b50c6eae7e772d20ddc57", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559098, "uuid": "7c9122a8-dbf4-497c-b176-825da467e97d", "comment": "Malware payload (Formbook)", "value": "08768897a65fd1f262272d415281bee9c6ac80015449bf5f8b46dc07285cf8aecd2804f3c3309746413dc5b943314695", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559098, "uuid": "3cab9d91-937f-461c-9d7d-aaefd7d15a45", "value": "T11DD423575BFB3B9660A841C096DD1E2D3DB0FC9943A8C62C98BD8885EF2F3231D1E495", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559098, "uuid": "b3d56c88-4d47-4d3e-8dfa-38dca6b3ed36", "value": "12288:uc2cTzvjlLlXTLvuHlLbvqt501S64Hp2Z1dhaGu0ony3nOQt0:unEzBkRbyY1D4AZHIGu9nYOQt0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559098, "uuid": "9ff81143-346f-4d8c-bdae-52593c08f945", "value": 619736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559098, "uuid": "1c836c7e-a550-4a81-8f1e-f15d95102a3c", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559098, "uuid": "9c4691b4-1166-4fd1-b370-dc73470c6b02", "value": "EoH35.PDF(1).rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1a9d653-f061-11eb-875b-42010a9c0053", "comment": "Malware payload (RemcosRAT)", "timestamp": 1627558875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558875, "uuid": "0c55f576-cd84-4e29-aa4d-6e681e4a006c", "comment": "Malware payload (RemcosRAT)", "value": "a04f506fcfd9e51fd53cff596eeb3ad8", "object_relation": "md5", "Tag": [ { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558875, "uuid": "95d6ea69-481c-4fcd-9fe3-6be4d0035cb9", "comment": "Malware payload (RemcosRAT)", "value": "444b83f4035e2d71473f057f4a1416cd33c13cd238a46255a3d12cca76a7582f", "object_relation": "sha256", "Tag": [ { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558875, "uuid": "308e6b8d-b172-418a-94e4-57cb2ddff5ae", "comment": "Malware payload (RemcosRAT)", "value": "c342c4a6dc293daab93561c27a84413f76dcb79e", "object_relation": "sha1", "Tag": [ { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558875, "uuid": "a1af3afc-8129-4896-9066-3ff3288c1606", "comment": "Malware payload (RemcosRAT)", "value": "9388f02c41aec88eb24e76c1a8347797401adb31834e4fcc354bb94d444413a51151db98e5f5348143ff5e7f344771c2", "object_relation": "sha3-384", "Tag": [ { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558875, "uuid": "cb32578e-e7fb-4225-b9b7-3adf65dc793f", "value": "T1274533FBFDC803BF9E9167C4F21CD594B011ED195A91DE708E9B8202AE7809215B772A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558875, "uuid": "ff175010-5955-423c-b681-7af9f39f4922", "value": "24576:gEXCRuuGgPRiilTQPrsTy7oMS2eDmo4IpBl/L9A3/gJ:gqCRuCxlmfMDN4IpBjAPgJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558875, "uuid": "2dae04f6-c7e7-447e-aa5e-2bc64633352f", "value": 1188321, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558875, "uuid": "7aa006bb-abe0-4f2a-8ffc-985779277eeb", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558875, "uuid": "1d0f6b52-057c-43ec-8f30-45b33ec37934", "value": "RA1_20210729.R01", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b49ed75-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535376, "uuid": "6cfd8435-307c-4134-a9ec-f9bd8495fe1e", "comment": "Malware payload (TrickBot)", "value": "3b8c1936be40869f8504d37ba6279814", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535376, "uuid": "adcf46d8-342c-4d02-b9b1-f02ee5595db4", "comment": "Malware payload (TrickBot)", "value": "449034f3b01b8ec7621d7923357cc4e36e7b9a71aa3142c8012e9117da020a0f", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535376, "uuid": "127881a2-adab-425e-a50e-f3401d857662", "comment": "Malware payload (TrickBot)", "value": "58b429a48b211a722ae55eb7af848e12f2f5f70e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535376, "uuid": "8e25fd87-1c46-4ae1-9d3d-a6585ef91fda", "comment": "Malware payload (TrickBot)", "value": "7b3af8d7127390b5afeae4008e10323d881d9c473a4e786d53c3ce9f90cf259cdc7a61dacb9f75de7f38a45b3aa15743", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535376, "uuid": "bb1821cc-71cf-4aa5-a980-b8b8f9097c27", "value": "T1DC933DD86BC1E417338D2F17FE0A3AEAD1BA6C5796C47507D1583A5C28E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535376, "uuid": "2f6c96bc-6f6c-45cc-8e1c-c4793dec034a", "value": "1536:MF88b9FMYbkBZn9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Z:Mf3MYbkD9Ry98guHVBqqg2bcruzUHmLw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535376, "uuid": "0904e0bc-97b9-4b0e-aeaa-1acb9799058e", "value": 95081, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535376, "uuid": "c744808c-1007-4321-9b7a-0f9e4beb99f5", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535376, "uuid": "6c152041-48e6-4709-8f10-d790409d1849", "value": "2021APT-28_47514453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9c0c57b-f043-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627546004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546004, "uuid": "5b3a7848-0f02-4f22-bfaa-f5a24a458a2b", "comment": "Malware payload", "value": "b608d16b9ac86961c1be8680bdacce04", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546004, "uuid": "0b262bcd-457c-453d-98a0-b9e020d0753a", "comment": "Malware payload", "value": "4558eae858ac3205cf856240479450b69436dff3dac84fbb01a5022b6070a1a7", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546004, "uuid": "9d895124-cc75-4a18-9ce3-8d9d67228d76", "comment": "Malware payload", "value": "0b406aa5ff65375af1d4e74ed594f1ecbe46fcc0", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546004, "uuid": "4bae56e3-fec4-45e9-834d-1bf3e4b6758f", "comment": "Malware payload", "value": "047237bd12bbddf73d82b1f3c2b015bb41d840fa0d20c81b65ac5aa3ebe22a6ed1691bbc50de86ed9d4673ddb35f2a89", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546004, "uuid": "728279d1-279e-442a-8116-0957c584fe60", "value": "T16D76D086B3886B2EC5B3507389AD163A62574C7E6B93CB431454731D38F38E44B9AFD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546004, "uuid": "32d73f6c-ace9-4464-8cb2-05f194bc88e1", "value": "196608:7BIbFEfVMbezLjCPu2eoBSQL4lkfA6lGELM2jJy8g:mbFENMbK5obL4lkfAD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627546004, "uuid": "3e81be29-eff8-4357-b351-07836207b157", "value": 7360802, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627546004, "uuid": "0c1580c9-add1-431e-baaa-807eed4b9c0c", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546004, "uuid": "f9c4577b-afb6-4eb9-8dfd-d33f87020e86", "value": "org.shadowice.flocke.andotp_base.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9493996a-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627548008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548008, "uuid": "99ae500e-6324-4e3a-aae2-c2bcdb15bc1f", "comment": "Malware payload (SnakeKeylogger)", "value": "b0cde20fb8c42f6667da6b80156c6daa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548008, "uuid": "31f733b2-2e35-43a5-8c37-aa54d79b089c", "comment": "Malware payload (SnakeKeylogger)", "value": "4578c32120731e26e084a3cfd4c2e1819e41de86e1b13cbb417cb70c3dbf6932", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548008, "uuid": "db926c54-1ebe-4340-a8f7-a3ba5c6eb15d", "comment": "Malware payload (SnakeKeylogger)", "value": "0323e5b82ac54e64e8a94bb8de4d7180af0012c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548008, "uuid": "eba39104-00e8-4413-92c9-6c6de489e991", "comment": "Malware payload (SnakeKeylogger)", "value": "80116b2ba6e00b602cc1225efe86ef942ae34b60a7330b77e0d219464af33962cd60e8bcbdc870df42136d70fbdad7d4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548008, "uuid": "faf6939e-074b-423f-9399-7bf18171a954", "value": "T119259D25B6C4DA1AE11E93368EDF50204BFCF9113572B7686EF123F94524FA1D8702EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548008, "uuid": "127026f8-f8b7-4b38-aa35-b4c7254db3fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548008, "uuid": "32ea8eed-5821-4639-bbd4-48148f6c8727", "value": "12288:+3fzR31Hrx7dXhRAf5/dyoRoDoyoNow5L9AYXJL/bjH0B9CavIBQ+4:uxxRa5/dy64Ja3aYXpDjH0B9bB+4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548008, "uuid": "1a6982f6-531d-470d-a446-47dc21eb45b7", "value": 1049088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548008, "uuid": "802bdf35-9021-4112-b1ce-55f56fe78ea9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548008, "uuid": "a3f96e50-b101-423f-9181-ea1b8d86aa25", "value": "b0cde20fb8c42f6667da6b80156c6daa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf410225-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535222, "uuid": "e270a68e-b0e4-448a-9acf-756f49110b46", "comment": "Malware payload (TrickBot)", "value": "adda3b6fcd8ba4aa48ec3ebde89b11f1", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535222, "uuid": "0aba8d73-3932-455a-90d6-a27ce5c0f006", "comment": "Malware payload (TrickBot)", "value": "45a1c85f4aa24b70e87b078a6571464d12b9b2d0d999b1c0fdc5bf7545e9d5ab", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535222, "uuid": "622e57d0-4f88-4728-810a-431170a4381d", "comment": "Malware payload (TrickBot)", "value": "7e53ad92347654ff736e49fd6e85b9752e2293db", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535222, "uuid": "9dbc52fe-123c-42a1-80ce-f6b7766a4b43", "comment": "Malware payload (TrickBot)", "value": "3661b0e2b263212bb82707faf01e18209c8d98f81cefd20220fac921fc7ab6628b8a92c1b55d19923565feb6da42de46", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535222, "uuid": "42742216-a1fe-485b-9e2f-dc13263679f8", "value": "T12AA35ED87BC0E413338D2F17FE0A3AEAD17A685796C47607D1587A5C28E921BC6A0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535222, "uuid": "49bed1c7-0637-41f0-9875-b8e3dd332980", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXp:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535222, "uuid": "14d3faf9-4146-4980-960b-a5f57ea03828", "value": 104319, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535222, "uuid": "afdfd7b3-1b93-4282-9200-ceaaf6792ab8", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535222, "uuid": "ed6adf6e-876f-4564-83d1-1dc9c7e575c3", "value": "2021APT-28_53538453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95a2f979-f051-11eb-875b-42010a9c0053", "comment": "Malware payload (Cryptbot)", "timestamp": 1627551875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551875, "uuid": "650b711b-a550-4957-845e-6df2308cfff3", "comment": "Malware payload (Cryptbot)", "value": "7e68febfb5892c836dc420c3dc235b2f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551875, "uuid": "bb696e66-fb32-4d6a-8c8d-c53a634c8dd8", "comment": "Malware payload (Cryptbot)", "value": "45a4308587c7d273c9b0aea890356e4693f8a6d79ca1257aef38670cd02210f6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551875, "uuid": "14f20293-b8d2-49dd-8615-8fb2590a9933", "comment": "Malware payload (Cryptbot)", "value": "054c50db77127f96c360d31bf742e0a775ab040c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551875, "uuid": "03843f6f-bdd3-47c1-a074-7b6b6b27fdb0", "comment": "Malware payload (Cryptbot)", "value": "cdc341afff573fd41129d6d175536d45db7a07ceaa40c03dff1dbd5a1505cac7b586817b40307ccab0d7ed9cdc5dd49e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551875, "uuid": "11112e71-32f0-4cab-a96d-8776e5816917", "value": "T1D14523417CD24925E9B904F04E71B73C9966BCA91D21E23C2304FAEF39B115A7937F2A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551875, "uuid": "5e380233-05bf-44c7-a613-83483f1d3be3", "value": "be41bf7b8cc010b614bd36bbca606973", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551875, "uuid": "5a81b74e-f830-4b64-a90f-b50d7b8cfc01", "value": "24576:HGfuW1Z9o8+IlZ3N8fqBua5wx7K2KhTPhFerC1rLuSUPmKuykFcMYF25idVuMq:m2W1ZH+IbeqBr5wBViFFe2rLuSUPm/pn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627551875, "uuid": "9c470e76-fd50-4fc4-be96-377a53b7cb39", "value": 1229380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627551875, "uuid": "0aa14765-cafa-4506-99ae-fc2be13b08fa", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551875, "uuid": "19bd21d6-5d77-446f-91ef-88e8378415af", "value": "7e68febfb5892c836dc420c3dc235b2f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "934aefe7-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627557884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557884, "uuid": "ca0acc13-5737-4a71-845f-210014fa6e84", "comment": "Malware payload (AgentTesla)", "value": "968d55d950eb3f94db59dcff3b02735e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557884, "uuid": "39be1586-af58-4f40-b84c-010f9e35eb00", "comment": "Malware payload (AgentTesla)", "value": "46497a6346d59fa194e560ab6b25ac7e002b3704ef7cc7c4d9ba0470bad08394", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557884, "uuid": "8c4e46fc-e9d2-4d49-80cf-ba7e2221ed40", "comment": "Malware payload (AgentTesla)", "value": "07d5b40d1863c6b77660f47c3f5802b6e6f3d9bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557884, "uuid": "d80277f3-245e-4e95-914b-be377b419c5c", "comment": "Malware payload (AgentTesla)", "value": "358f58bbbf37b3a006c105e687086507dfe143c4ea7f86c55c3a65d95f85530f8f7d19ad190a0bb76a1b0596109db272", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557884, "uuid": "b979bb06-f42a-428b-80e2-c3f1b74691c9", "value": "T1CA81B56411B81CE4DE4A0923CE76FF3A07DBB3A6CBC6AA44717DE880070E7657355A46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557884, "uuid": "3b4b2a24-7c9c-42b7-86c0-8144135bd4b1", "value": "48:usuM68yBbrmic4PbAJQmiYZ5jP/5K/4/CksblZadNavsNKl6f3dNEldOAaljclSE:ukRm0bY4/92CavWPyOAaOIuGU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557884, "uuid": "30f240b6-91c7-499a-aa48-5c546cd71eea", "value": 3912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557884, "uuid": "1ba02fd5-21d1-4e48-b4b5-de10af50fe5b", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557884, "uuid": "d0551509-9f19-470a-8674-b85a1281cf7e", "value": "REVISED PO 26663S.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aec9bb9-f0b8-11eb-875b-42010a9c0053", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1627595961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595961, "uuid": "748713b9-b3aa-419a-bb24-a44dfda0f98c", "comment": "Malware payload (AveMariaRAT)", "value": "ba3d2569f715cba001a95907847740c5", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595961, "uuid": "8a8d77c5-8e00-42a4-8d16-efcff54baec5", "comment": "Malware payload (AveMariaRAT)", "value": "469301f8da3a3ddf892007d92eb5df11810dc36dd9487014073ac49f4bdb70e5", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595961, "uuid": "eb10bf5e-3f73-410c-b1a8-4ab41f2ae84e", "comment": "Malware payload (AveMariaRAT)", "value": "6110a97db563b5044e38f45fc420ae5669b8ba9c", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595961, "uuid": "751afaed-d8c8-44dd-a4e6-04d9988310d1", "comment": "Malware payload (AveMariaRAT)", "value": "b6c3f4cabc3a021b5eac3a87901539798b1c72885479b22c70d36de20b2337ce98e0e913ae8d5f3a51a4e88b3611a60f", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595961, "uuid": "c4448652-a015-412e-9e83-c1e1b453455b", "value": "T1E4E37C327BE188B9E6F6013109F53F398B7DF53111208AAB63905A468D37ACDE955783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595961, "uuid": "f41b200c-d6f6-463f-998f-8e9105dfcc8f", "value": "b9494f92817e4dfbe294ad842e8f1988", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595961, "uuid": "6960e286-98f2-4433-8c43-ffbda96ae17a", "value": "3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5:4NLYdT97JSIFl0QENqF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595961, "uuid": "f33fa340-471c-4896-af0f-99b0e2165604", "value": 156160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595961, "uuid": "a2835d3a-c586-4f56-a156-2b9a3aed46ae", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595961, "uuid": "d716f360-d044-4653-b232-f54882f8ea69", "value": "02_extracted.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87c25156-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535531, "uuid": "34b6cd47-37c6-4124-b2ac-dcd29a609661", "comment": "Malware payload (TrickBot)", "value": "ced46f1ffe2fa7d75f603bcd1668e642", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535531, "uuid": "f2079eaa-5a5e-4fbe-91d9-83c2ee95ad9d", "comment": "Malware payload (TrickBot)", "value": "46f61998e537ab7d039447132b1233c9952282c8288d43da4067df1de2a42e4c", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535531, "uuid": "7685dfe9-7671-4588-b7b5-186b1f557bdf", "comment": "Malware payload (TrickBot)", "value": "e55996ca0bd4360c9396171ce790cfc65acb5162", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535531, "uuid": "2dc61041-81d8-4964-a397-ea8a0c09112f", "comment": "Malware payload (TrickBot)", "value": "5a814e2110e9575b2a614e814d2f2a250037318924517837dbc7f3593dd2904ef5eeef28b7c5c148d6ebbbb7e13ac797", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535531, "uuid": "f2266851-094a-4ffe-a3da-ab09155343e4", "value": "T10433F271F049D10E1C7626FD2F883BC2AAF65844E679D1ADD19D9882A410FA27076B3F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535531, "uuid": "3f64c90c-cec2-44be-9212-0765e80c8daa", "value": "1536:ulPdWaaN/M3sI+dw340uILpcEFk1FSapln/t0434x:QVW5wsI+dy7Pk1FxH/GH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535531, "uuid": "40b65956-7edc-4eb2-b4fc-4c9d6797004f", "value": 53782, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535531, "uuid": "fbac67d7-b2d2-43db-a204-424fb5ddd79a", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535531, "uuid": "46edfce4-dfcd-485c-af5f-09c1aa454780", "value": "2021APT-28_48630453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90f8e3d3-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627548002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548002, "uuid": "79322c67-ca8b-481b-80fc-ef3cb2e193eb", "comment": "Malware payload (Formbook)", "value": "f879151d14408867cb744693d593d927", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548002, "uuid": "f7cba8ee-4ec7-40f9-9541-405d7fd04a78", "comment": "Malware payload (Formbook)", "value": "4717b1585971b702c8e32e5054b5514dc4e6ed5a5f50434d66f43c79d15354c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548002, "uuid": "2652bc1f-2ae1-4ce5-b948-da94f2d17f16", "comment": "Malware payload (Formbook)", "value": "c79d22f6a4f703c69488518a3ca017d54e5fcb6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548002, "uuid": "5bf1e916-537e-4151-a639-2ea19f975a91", "comment": "Malware payload (Formbook)", "value": "18444c71aeced779e8b29b96d1096b0f33bddc2116a0d07816ac956d4528305a78331561709970ea72a99409891fb679", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548002, "uuid": "9c7caee9-bb63-449f-bbc2-58785cc0b29f", "value": "T15764E1C5C08C1A28C5F1DF76561AE63EAF78BC711C15A60EE2C0BC87F4B91A9EC64947", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548002, "uuid": "af9a11a6-aba7-4744-be64-a88076d481ed", "value": "d51f4756e17d2e0cb52cc870ed396809", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548002, "uuid": "fffda54d-e2e3-4e23-bb41-8f44c9e952ac", "value": "6144:T0qGuscp0XUc6hNj3N3/J2SeeapKrX6ZnBl2+:Txscp0XWLN3R2veBKTp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548002, "uuid": "be190728-71a6-4ad3-ae3e-1371ac0989f2", "value": 316631, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548002, "uuid": "18eee95b-e868-48ff-a8e3-6a880db42200", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548002, "uuid": "1f74fede-f1d7-4f6c-91f3-f4d50f266dd8", "value": "f879151d14408867cb744693d593d927.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98a14f35-f083-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627573355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573355, "uuid": "f33265b2-5ba7-41da-8522-b9ec6c4daef7", "comment": "Malware payload (Formbook)", "value": "b2f926935c00572e8ddc0df2bfc977ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573355, "uuid": "3456c2b5-5628-4904-b16d-5e0fbc968795", "comment": "Malware payload (Formbook)", "value": "47497b994ad65d13a2a3e030620907bc57295ef45a86a5248890256166e11dc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573355, "uuid": "243bdfc2-878a-4cdf-ae52-33030bf89916", "comment": "Malware payload (Formbook)", "value": "ad4a4c5ce3d6fd323a8e4923fc4c7bfac25eee8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573355, "uuid": "949e3200-beee-4f32-a0e0-f3fde4ae84ad", "comment": "Malware payload (Formbook)", "value": "db1802ff91f284af666d26ccb3445343eec3c73b5be50db94fe0969ea7ad5296dd50f889d6992d20821d9604502a8c70", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573355, "uuid": "0d2a9b28-b5e5-4330-8217-52c7c8e8207a", "value": "T1EF55E038C9889BA6CC6C03B40A9846341EF1ADE6F1B0D86C3D8D75F1A7F2D19E675346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573355, "uuid": "3a077344-4841-4c50-a979-4ed0a2a50926", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573355, "uuid": "2336c8b6-20cc-479b-a5df-98fcd1b87c80", "value": "24576:JQS/d3fKVksSksmxP2t0get5cO6qs5Zy8jP8N6Z/qZ:FKXxITet5cksLEN6Z/q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627573355, "uuid": "d040dc94-789f-44e6-a1de-e2405d9e8ebf", "value": 1316352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627573355, "uuid": "9d8d088f-b8f2-48d3-996b-0e9a36e3d9ba", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573355, "uuid": "66db57a8-6e57-489f-9966-403a82ee1f72", "value": "900020449_0724_T502071.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0d501ed-f076-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627567866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567866, "uuid": "95ec1b9e-976f-4b9d-a0dc-a7ea046baf77", "comment": "Malware payload (Loki)", "value": "b7b51e5d25f0e04847a6711a31dbcabf", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567866, "uuid": "2979639b-b2fa-4a4e-842b-e212d90ed071", "comment": "Malware payload (Loki)", "value": "476211169787b35e2c6ff2dbe1bdc885ff47cdb59b9fc550cdfa7e66bee671a2", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567866, "uuid": "8f169394-9449-4c3d-bd09-0f0bc83f02ae", "comment": "Malware payload (Loki)", "value": "f27fea2b59dc5b585b2d009ec86d46183363b4cf", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567866, "uuid": "98420ee4-0698-428e-8310-4f91f5a59d5b", "comment": "Malware payload (Loki)", "value": "0bf4614e6628aabd03a2c87884a03852a21a82048c1ed5a48c25780ad1a406617c42575f17f994b10843777dbb6145af", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567866, "uuid": "e5bac912-c356-46ee-8fb3-003d68a39333", "value": "T1EE55123757925B2AE31A60B07FDDE5B3CB0A0C90648B51929B0DBF5D3AB85D440E1BCE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567866, "uuid": "42a30144-21c5-4036-a4dc-1261ef5eff5f", "value": "24576:kExAQHweFnFgz9eDKzgFAIsIGfwAA04e/uMrCiLpvV7VaFaG:kEHLgeGEFAtUjMrN997M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567866, "uuid": "3a50c79a-10c1-470d-871c-86d158503ec0", "value": 1288704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567866, "uuid": "c62932ca-7caf-447b-b86f-70fd62aa023c", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567866, "uuid": "42bcb624-020e-4274-b8d9-160daaaf676f", "value": "ORDER.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cf24ee1-f03e-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627543486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543486, "uuid": "269f149d-adb7-4e67-a80f-f3d9890f8959", "comment": "Malware payload", "value": "44a17a2e5d45c16eb74fc24226b625f3", "object_relation": "md5", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543486, "uuid": "9bd3d1a4-7049-4def-b44c-e9edcba82550", "comment": "Malware payload", "value": "49c4d7eacd8d3cae5ac36eb50d1aef86dd396764b7c50963796b3e26d3a92300", "object_relation": "sha256", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543486, "uuid": "cfbdd7eb-d16b-46bf-8d05-8cd9d425d3aa", "comment": "Malware payload", "value": "6482ea24ed4fa1b796e3e9747b91bfbcf4853340", "object_relation": "sha1", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543486, "uuid": "78380b01-3925-45bb-b87f-0a62d2386851", "comment": "Malware payload", "value": "6963c7df1348285a71bde9c3e1bbc15810aa9ec70a6801a05d783397f82538b4829e9524f14a967714ccb7039766edf3", "object_relation": "sha3-384", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543486, "uuid": "edb25772-1b4d-4e9e-832c-5c5b0d3d2229", "value": "T112535B1815F2C460E16BD5F194668321D93079275EAC9FBF6360B1B12A32E80AFD687F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543486, "uuid": "0311222c-3743-43ec-84f4-d17842fd0737", "value": "1b81115aaa6c79ea86fb0df6cd5d274a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543486, "uuid": "9440c7b7-b0bf-4465-b9d0-d0263f2e134f", "value": "768:RJ4WW+3HxfQdj4Q4duY8mXTK691vNE5XnMJ0R2U+nKfosWMaVEr/:RLfQudf8mXL7FEcJ6+7FFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627543486, "uuid": "54a3c8b6-d39c-4801-97e2-975dc1efc57c", "value": 63488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627543486, "uuid": "a2bb29d0-e6cf-469d-b2ee-028e639f2193", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543486, "uuid": "6608dd6b-8de4-4f04-9c96-88209161f9af", "value": "49c4d7eacd8d3cae5ac36eb50d1aef86dd396764b7c50963796b3e26d3a92300.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14ff1968-f0c4-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627601052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601052, "uuid": "0d8236c5-3286-470d-bb4a-6e568e18c779", "comment": "Malware payload (RedLineStealer)", "value": "5ecd2d86bd166f369d3098b20ea03f71", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601052, "uuid": "f64ab70c-d75c-4e4d-a293-5157bbabdac0", "comment": "Malware payload (RedLineStealer)", "value": "4a01a5822312ccdb8f88379341c1d590f2c986fa239fd96088cc154c52013132", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601052, "uuid": "51ce9956-faa1-446c-99ff-e5bbc8f4ff6e", "comment": "Malware payload (RedLineStealer)", "value": "10237d311f32881af5983898e3daaa82c0c54afb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601052, "uuid": "fbb8c4ae-dc53-4071-9efc-58bf5723f014", "comment": "Malware payload (RedLineStealer)", "value": "8e78922b33466c91c5598740faa9160bcd2960ccc2d5620f1a943e1e5218a06886d44713985e3eef34725523fe7f8320", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601052, "uuid": "f6876459-dfe2-4b3a-8557-6257a9640fe6", "value": "T19454C04F6385195EDFB80D36E1E71BFA1B308CA4A52ED703E26476990D71BCA3E01687", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601052, "uuid": "8d3f8ffe-305f-4571-9658-a71b17bcfc77", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601052, "uuid": "1f87a53c-46d0-4697-bebb-4a9b0787d798", "value": "6144:7hzunPd/j9ImWtyI1SJrCGC2gFrHx46LjlGH3WysJWX1:7hzsVro9+rbC2yx9WF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627601052, "uuid": "c0750b5b-aacc-498e-b8c2-ab331a52d61a", "value": 280456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627601052, "uuid": "0db73449-d13b-414a-9260-7cce7311d634", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601052, "uuid": "4daf095f-782c-4f9c-bcc4-dd8251f974f3", "value": "Run.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd649964-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627548130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548130, "uuid": "6d3df197-e5e3-49aa-9276-6f3ab5cac8eb", "comment": "Malware payload (Loki)", "value": "c9b262c9478584ea2782728f874f7a7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548130, "uuid": "a99a1a65-1289-4b40-a40f-a00bc30d2803", "comment": "Malware payload (Loki)", "value": "4ace847e222f6d7a991dc958192345b807eaa7b717cd63833d6d70a866c21d9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548130, "uuid": "39ef5843-60c1-4939-8a32-7326e8706711", "comment": "Malware payload (Loki)", "value": "3d16aae97ca2b7d5c7a6b7488249362390c7d285", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548130, "uuid": "a04fdff8-9407-4ae7-87bf-e328f03bfc4d", "comment": "Malware payload (Loki)", "value": "c9a0065e408b1f55659002a7acc0935b48825aa7a0a82eb6ac73a2d13169c661dcb296086f9f96f0b8a12645a9deb03c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548130, "uuid": "8e05ada4-b341-496e-a6ba-b95db07bb59a", "value": "T1C534F2656FF05116E332497CA9FAF355497E367D3C6AC2AECA90A8FC9C3C580DD04A09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548130, "uuid": "e08d4181-9d85-44df-b692-723f08bdeef6", "value": "d51f4756e17d2e0cb52cc870ed396809", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548130, "uuid": "bdc4565c-e3da-42ec-b810-216cccb78968", "value": "6144:UvviBQbzHIAXgxjbsSBTqOs73+P/X/u//////////////////////////////b7y:+dgxHSXBTQyHO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548130, "uuid": "92d44397-5434-432a-be38-28a007c0f6b1", "value": 245737, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548130, "uuid": "fbd1ecf4-2cb0-45f8-b52d-a1f905284eb5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548130, "uuid": "fe863362-d88e-431b-8f00-b72d25dd821b", "value": "c9b262c9478584ea2782728f874f7a7d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02a5781d-f057-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627554206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554206, "uuid": "d0e5298a-572a-4ff2-bd77-20d8bd5f9770", "comment": "Malware payload (Loki)", "value": "90d7398bd4bb66384b309201ce5f20f0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554206, "uuid": "a937ce22-4adb-4ccd-9713-096ec946f58b", "comment": "Malware payload (Loki)", "value": "4ad1b97726ab2997e005315ac60899acf31c96458d3c5c4137f2999d9fbabc83", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554206, "uuid": "040dbb7e-7151-48d7-8d3a-f9c7e023838b", "comment": "Malware payload (Loki)", "value": "c5c341e91bc49129b64dc13c860f74abe7a90f4e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554206, "uuid": "948f69a8-3390-4ffd-860f-c164f51d4181", "comment": "Malware payload (Loki)", "value": "b47b3415698321ddd42fb1ef125e5728e4e4a6698e6b9514854a799ec4dfe2de952c12ce12a9d67e3566c1d5249ffb3b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554206, "uuid": "d9355e4b-0d91-406e-8b32-a5b2a99cb69a", "value": "T17B45E028C98C8B9ACC5C03780E6946345EF56DE6F2B0D8AC3D8D71B1B3F1929EA75345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554206, "uuid": "32cf7b51-cfdd-432c-a091-32082fe9c45e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554206, "uuid": "26315c9c-e9df-4101-9f55-21ae5d6f58ad", "value": "24576:43S/d37KzksDks2y8j9V9kqydGiOXPmtMN6ZNvZ:JKetsHoiOXOGN6ZNv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627554206, "uuid": "18cce3df-1c85-4775-9a35-b4c0208931a2", "value": 1207808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627554206, "uuid": "dfbabffb-235d-458b-b606-ea766bd8e53b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554206, "uuid": "608f7696-c1e3-43c5-a43f-18a0dbb57017", "value": "90d7398bd4bb66384b309201ce5f20f0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd36d736-f0c0-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599643, "uuid": "0ca8d3c6-000f-4f63-9b74-ff5dabbb4c2c", "comment": "Malware payload (Mirai)", "value": "4a67ea780c82f9bea1e908a471d6ab6e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599643, "uuid": "bbc6d828-c21b-4474-9f1a-5db51135123a", "comment": "Malware payload (Mirai)", "value": "4ad72d2bb5ad65359259125c85b06e4b00e2dc4d0a861c64e9dd506b3f38f7cb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599643, "uuid": "78905d00-85b5-420d-84e3-833af457623f", "comment": "Malware payload (Mirai)", "value": "0c4b003eed1a7c9c8751f24d7bedef1a3a1d753c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599643, "uuid": "edb6fbc7-c968-4437-994d-79cbbeb67349", "comment": "Malware payload (Mirai)", "value": "bf55dfe8e1ed34828d533e0b6a305de25bda38cc491fd857404d1329a360167f38de982c3755003eb4d43cb661b9d3a1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599643, "uuid": "f75a19ee-bb0e-4fcd-b1c4-ee9df29bb966", "value": "T141A2DF0926CDE972D170943EE13CC347AEDB47B612FE313A2E180B9CE48590AD7BE945", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599643, "uuid": "43514f14-e2d7-42e0-aa85-f7f06ae01794", "value": "384:YAmog4c6L5i4+stIW01vhQIE2TQKMpI8QwxZVFjfPnSb6EXhymdGUop5hXg:Ypoh/DxCvhdR4IjWVFbS+Ws3UozJg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599643, "uuid": "ba7873ec-7cb0-4266-bcd3-ade3084394f6", "value": 22132, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599643, "uuid": "8b2bc725-06a0-496a-ac38-78cef0bbe1c0", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599643, "uuid": "67aa71e4-6a12-438d-949f-8b5403290974", "value": "4a67ea780c82f9bea1e908a471d6ab6e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da4a1386-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627548555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548555, "uuid": "839345fb-cfad-4906-9d91-68ac291407fb", "comment": "Malware payload (RedLineStealer)", "value": "4891df260f4154bdc68c84d672c3b0d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548555, "uuid": "233491c9-447f-4daf-a09c-97cc799da1d4", "comment": "Malware payload (RedLineStealer)", "value": "4b255928648623b33ead203ba323598bd376bf58aa34fc00e8eb3e562413a193", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548555, "uuid": "44efa96f-cd32-4501-945b-f8776ba71e1b", "comment": "Malware payload (RedLineStealer)", "value": "fc0cb885f4abcd4477796ed8bd2d89a3cc90afbf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548555, "uuid": "73fe590d-72e0-49a4-8146-6f70a5d9bef1", "comment": "Malware payload (RedLineStealer)", "value": "01452d8951da62da65bdfbc7a06472542ce77782e456602217ecde225c8ff550a45b6e2d3928b3dd9d0132a6afcfdded", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548555, "uuid": "5b9abc36-a1f6-41b1-928d-3d7cd0ada186", "value": "T1E274BF30AA90C035F4B712F846FAD379A92D7E606B3490CF22D526ED52346E9EC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548555, "uuid": "05585ba0-42e1-4980-a81a-370b345e057c", "value": "255f8d5c29d68d23ef9b098d124cc19f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548555, "uuid": "40b9a591-2e86-485d-9c9e-4e9150d7532d", "value": "6144:no+eeTQur+FXKe8UZdeXAxcumCUlxiGsuihkRHyE9CaHwPrI6e:neeUur+FXKe/deXAPEJ/RHymCKGk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548555, "uuid": "47f40ed3-f328-4079-91ef-22f256d3376f", "value": 338432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548555, "uuid": "eaa4d5d2-bf1b-4028-ac82-92e867b83d19", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548555, "uuid": "c6b9899f-b21d-4ede-b044-d14144c19245", "value": "4891df260f4154bdc68c84d672c3b0d2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bb89518-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1627548020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548020, "uuid": "f49e2ba4-0e81-4430-ad93-f0ed99d8162d", "comment": "Malware payload (ArkeiStealer)", "value": "fe3acb1ca7cdc3be9e5c823560285d43", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548020, "uuid": "13758592-41ac-47c8-9872-566e5cbdedea", "comment": "Malware payload (ArkeiStealer)", "value": "4b4a923961f79b7d86fb67f94bc615be3ed2f204cb02d8da9b313e60fa7afc20", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548020, "uuid": "71a51edb-8cdc-4299-b387-d17d47b1adae", "comment": "Malware payload (ArkeiStealer)", "value": "d63f2a9ad0d1b87fcf08fc8afa02e6548593d7fe", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548020, "uuid": "fb8cae59-a0f6-4891-9ee2-fc2f5ad806d6", "comment": "Malware payload (ArkeiStealer)", "value": "548667d033127334720f775224ee77df2d2fe6436e9da2eb01d5523421eba2daf3249bbf21d1ce6362b2e0f5c070fcf5", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548020, "uuid": "8727430f-04a3-4bc1-9727-cc5e3e32ab6e", "value": "T1C5D4E130A691C039E1B712F849FAD3BDA42D3EA1AB3050CB53D156EE1235AE9EC31757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548020, "uuid": "6039fb8f-7f14-44c7-9234-25493c1195ea", "value": "613f2e4a97d34083c947d866c86b0b7d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548020, "uuid": "58091e03-ce5a-4f0d-a2ee-f33e25bb6444", "value": "12288:NGq1GEXJQ4PdDUzCmd4TSU4339e0StlbFclZ1Lr+7gYEnMHwyzW3J4W05kEphY3c:NNGEXJQ4PdDURd2XclZ1LrdYEnMPzk4n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548020, "uuid": "94d5c37e-1bee-4f28-b08b-b29e2b203653", "value": 610816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548020, "uuid": "b2b7849c-1223-47fb-91e6-6745faa98e94", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548020, "uuid": "4d13f3f2-6d27-4201-8e9c-f86f080cd95f", "value": "fe3acb1ca7cdc3be9e5c823560285d43.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73a67fef-f06a-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627562556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562556, "uuid": "17cd51ab-0320-4c5a-8ecd-d23974173412", "comment": "Malware payload (Loki)", "value": "5f0785bf8a399e59db229be1c0b33563", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562556, "uuid": "e8464014-132d-407c-a0ef-13039b9d931a", "comment": "Malware payload (Loki)", "value": "4b762c40abc2213270d4383f56e42745fbcd834cb3ee2a4469ceb6c501e2600a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562556, "uuid": "2af9e947-54a7-49ea-82ef-74fbe6414fbb", "comment": "Malware payload (Loki)", "value": "f9274edb52002a2cdf28a3ec8a428c560b0ef003", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562556, "uuid": "5217ade1-f21d-4539-adf7-e219a04a3df8", "comment": "Malware payload (Loki)", "value": "30b40246e8b77ba39ce2d84f5b16c67574c2b766d42e5602dd72239c7328194c0fdbe793dfae84743a432fe54f5255de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562556, "uuid": "e7058d12-7161-454b-a113-b21426438722", "value": "T1C805AD34175B0AA3E276D6B28154E5C0FEA0D993B3C1CF19BA8369CB0D22743549EE5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562556, "uuid": "94eefd54-0929-453d-849b-abd82e96d437", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562556, "uuid": "d70310f0-1ab5-4159-9d92-e311649ff953", "value": "12288:tNYMk+02iNv4skRJXqw8rrRBG6TniXZLvsctu1RqLkC6O1ZOjESx:fQ+01uskRRqwOnniXZTTtunknOYSx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562556, "uuid": "f7aaf598-9b6d-4e49-91d0-0f846a4228fb", "value": 874496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562556, "uuid": "6d69898f-e013-44fb-b585-6c45c60852cf", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562556, "uuid": "035f55f0-ccc7-4934-9edf-88dcf4f5a02a", "value": "Factura comercial.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9635fcc-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536554, "uuid": "af97966a-e15c-4ac2-a95f-432c0bc7621c", "comment": "Malware payload (AgentTesla)", "value": "f6f01cd3544444343468c65732d49b33", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536554, "uuid": "4482cb1e-7eb1-46d8-8804-a3edaadef249", "comment": "Malware payload (AgentTesla)", "value": "4b8bfe706b4f3df2d6e4519ad6c6da01d46124e9bec4f26dff3a3435e5490685", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536554, "uuid": "5aec08fc-b6c9-4a6b-bc05-45eb8959dac8", "comment": "Malware payload (AgentTesla)", "value": "bb0689da0235baa51315c60fc11ee99b3f3349d1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536554, "uuid": "31f36e12-871e-4a56-8540-ffb9bf357bd6", "comment": "Malware payload (AgentTesla)", "value": "3b6f080d5130f83549802476d928c826cc7cd74cd6783b0077875394f117abfe088fb71f998747f413c04a7a42f25577", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536554, "uuid": "6569dfe5-c261-4c7e-a25a-07352c01b8a6", "value": "T136B219D4768845F6C1ADFB7683B261086371A973A531DB0F69CD62630882B853FD835F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536554, "uuid": "c58d091c-20c1-4579-a679-ff86d756d9ae", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536554, "uuid": "6c5fcdba-7955-4dca-85cd-fe76294d0e55", "value": "384:i9KTFXaX7hJZfRxRkGNzYqGmgr6MPGYSCqjXvnaUv2g8q9eLUPLUJflOcL2Edxfm:HoTZfHC6MQhC083OGfl3KEdxfo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536554, "uuid": "3901c36d-36c8-4d47-98c6-efeabf38f652", "value": 23552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536554, "uuid": "8cedaf4c-18bf-435e-97f9-17c42f02b972", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536554, "uuid": "937f67b2-cd41-4796-ad8d-f2f9666d7929", "value": "DHL-PARCEL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89ac012a-f06f-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627564740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564740, "uuid": "8cb7b914-6f9e-42cd-ad57-7e5eeffdba92", "comment": "Malware payload (Loki)", "value": "e4d8a37f7792201820ae2861a6dd78a0", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564740, "uuid": "9ec04621-cab1-4578-a38a-fd5bbbe81a5c", "comment": "Malware payload (Loki)", "value": "4c79363168eb45ad9c85a057a2f4eb1e7612166971db05e4f3bd5a0f2174f8a5", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564740, "uuid": "7c05f311-7f66-4a3f-953b-e1d9168b714d", "comment": "Malware payload (Loki)", "value": "5fdf7a573cf36420ce28708b615e851b7b2e6d8b", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564740, "uuid": "e3dd36df-ed95-4377-b5a5-a1a7667879c5", "comment": "Malware payload (Loki)", "value": "5f4ef63e415c8e97c7f48fdd8b032e8f8a27c0b8124badafc38d3896e1dfb6bc083b7c40bdb8c5f2b1aed373f4d29e44", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564740, "uuid": "52e51fef-6736-462b-8507-1c6bed2ca89c", "value": "T18B551207CC598D43D0A8C3BCBF560CB9271D166CAD83B7FE14725EEA2B901525D8B1BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564740, "uuid": "4dbe0b51-2ce5-4395-b659-d0ada0dd333e", "value": "24576:ceeNbNEvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXnf6eaYewdAINAog0ZR8Eawr4RB:HIbNRf9+INdg0ZR8EawEzn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627564740, "uuid": "8135940b-5c6d-4925-8fa9-6c4b84bd0664", "value": 1297572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627564740, "uuid": "d854b295-edd0-4125-9591-5f1105b7158a", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564740, "uuid": "9d9c1b47-f175-4207-af2a-177eaa4b1e20", "value": "Document_Set_2021-07-29T113853.467.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f69bd785-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1627570936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570936, "uuid": "3d1e183c-a634-40a6-a6f6-5afc078a1e6b", "comment": "Malware payload (ArkeiStealer)", "value": "fd1139eee7f3ec6a3d0af8bc51f6b52b", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570936, "uuid": "3fac2b67-5efc-4ace-b162-f23875a26b9e", "comment": "Malware payload (ArkeiStealer)", "value": "4d6174cb31842453187b0452d1cb62760fd947d6679bc425834841f98b134b8c", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570936, "uuid": "e36a41f3-6d90-4165-84f8-b9faad15f218", "comment": "Malware payload (ArkeiStealer)", "value": "6794c1c228465a4f878ab709d3221972296df15b", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570936, "uuid": "b49a08b7-1322-4749-a494-389028b6b178", "comment": "Malware payload (ArkeiStealer)", "value": "50dde43c373e8000dc1c7fb1a5c4f22b03fb4aaacf764fdab695ce8cd23fc1fd25dfdd7e9f2589821d9e6c03ddfcbabe", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570936, "uuid": "691bba23-0536-4233-8a4a-957a50ea5553", "value": "T12CE4F130AA90C035F1B713F85ABAE379792D7AA16B3441CB23D126ED06356E9EC31747", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570936, "uuid": "ff9a3758-247b-43ca-b917-a9d642caea4f", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570936, "uuid": "2a15bdc5-815f-48a5-8728-8c469c56acb1", "value": "12288:pTsCJv+uNTpZO1BK6xRsIGOWiFElYMMSXkCxsl1qCGlcVH0n:+CJv+apiI6/BsiF3E0CD8VU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570936, "uuid": "a2425a77-d44f-4491-961f-d2be02e0742d", "value": 676864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570936, "uuid": "484b1217-db31-4f8d-b358-28e4588a9ef1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570936, "uuid": "692f3c2d-40ef-47e3-919e-6fa1427ffb57", "value": "fd1139eee7f3ec6a3d0af8bc51f6b52b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f34730ba-f081-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627572648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572648, "uuid": "088a4616-5052-400b-9579-b566bfeca3f5", "comment": "Malware payload (RedLineStealer)", "value": "8345491616bf59595b083d75fe034499", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572648, "uuid": "f8c6ed17-fd2a-4594-bc77-4be5f788f162", "comment": "Malware payload (RedLineStealer)", "value": "4d7164f19dd9253bd7183d0079e9214228fe5807f0767177d4dcb81a9613f630", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572648, "uuid": "1a80fd60-4e3b-4364-9de7-e1a4ffdcf176", "comment": "Malware payload (RedLineStealer)", "value": "39a2b6c23f170e363296c8f1e46cbc5b958f3363", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572648, "uuid": "be241094-b55b-4e1a-9b90-8885b51b2680", "comment": "Malware payload (RedLineStealer)", "value": "6678f77de114a03139e37400ed502ba5849dccb096eb459bfbf8ef2acbc455a8e340b8f93336c16f88aa4c0c899e949a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572648, "uuid": "8445effe-5ef0-4a66-b9fa-183667b8605a", "value": "T19E35E0386C8CCE96EE5E0737CB8D02689FF0895530F1EA267D593235A480A67F8796C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572648, "uuid": "cb78dff5-6379-4425-8ff2-98b94de9f4da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572648, "uuid": "6f7d82fe-859e-498d-8fa7-b490bbd2d652", "value": "24576:pPbK1CX4d/dVkKjksUALeA/yscfK3LWaIoTW8rzy8jXksEN6Z7:pzl9KJehaLrBTWqkN6Z7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627572648, "uuid": "fb612f54-3393-4531-87a0-46e955020155", "value": 1139200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627572648, "uuid": "7bb0d8d8-fde2-47a2-8ee5-0ef6e19dfca5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572648, "uuid": "ff1a82f5-dcaa-4ebf-b02d-0e5fb756183b", "value": "8345491616bf59595b083d75fe034499.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ba214a3-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535350, "uuid": "5d7143c1-11a1-4b38-9224-d4cf96cfde78", "comment": "Malware payload (TrickBot)", "value": "9e04f5690bbf08e45a408f0e8a0e3a5b", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535350, "uuid": "affec5f7-dffd-4f24-b1d9-23cf9bafc4ab", "comment": "Malware payload (TrickBot)", "value": "4d7dbb4a1df3591255992869aa4080684d55c578c5a537c9a94f03183eed034e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535350, "uuid": "44585f69-77cc-4098-b12e-b42618ba9492", "comment": "Malware payload (TrickBot)", "value": "e6cd82dd2fc932b23d7eb3922fca71eec1696ccd", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535350, "uuid": "f579a3c2-112d-43fb-824c-5d5ad677dd39", "comment": "Malware payload (TrickBot)", "value": "1f11e5ea61f26c2a178c1dc192f5a49220c3bf56290b289e0056fb085dc7525418ba372bca934cd371b5f5571c1d76f3", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535350, "uuid": "bb7a92a1-9704-4e61-9f0f-ae9abcc7ea40", "value": "T1A8931DD86AD1E413338D2F17FE0A3AEAD17A6C9796C47607D1587A4C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535350, "uuid": "6d2a18b4-1ebd-4d77-ab17-bb67f1ad3505", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oj:59Ry98guHVBqqg2bcruzUHmLKeMMU7G9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535350, "uuid": "9c1796aa-f04d-4cdf-91e9-d997b1505913", "value": 90850, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535350, "uuid": "7f343e9e-743b-46cf-bf87-7b28274e94bd", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535350, "uuid": "11786e10-9076-4a0b-8483-eb89f9456532", "value": "2021APT-28_43326453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8867cc0b-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595232, "uuid": "1a567438-dc53-4651-9d2a-7b8d91b5c096", "comment": "Malware payload", "value": "e739d4515ff8259d6cf11b296128b7b1", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595232, "uuid": "568ffc18-8563-4618-92eb-4fe1b61ead0d", "comment": "Malware payload", "value": "4e100efe0576c0c79dfe8bf7287b40ed24023acdcadc5daa786378b82edb321d", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595232, "uuid": "dc56b541-f481-407e-bf13-35bb53a9918b", "comment": "Malware payload", "value": "007c79fd240ebe296b9e2335b80d824ab1600b55", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595232, "uuid": "9b469c70-6138-4691-9332-af32d876e079", "comment": "Malware payload", "value": "f621de637468ea618a000c445c493c5fd0867ad96eea5dfb45a0ed20ae64779530412d4807e8b07f1e5c261c0229a4d5", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595232, "uuid": "d1d7f61b-7bbf-486d-b35d-e37b18a2331e", "value": "T1D682D16CD95CA006CA6C923B019B9CD451508FD00F4BE486BAEE8A43D96F8AD73F5D8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595232, "uuid": "8aa703a1-0d1c-43ac-ad76-3f71a2b0e98c", "value": "384:Mif80w8klDg6Om+00xWHIK4/ZyMEpcR43ANM4XYmZibMv1Ro:bf80w88mq0xWHIK2Zvb9XY2o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595232, "uuid": "e2596e6c-5909-45f0-912e-19c7a3701ef9", "value": 17936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595232, "uuid": "77f52a7d-503b-4733-b150-f6f503d31f3a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595232, "uuid": "6eacca81-918e-43e6-80ce-c9ec33c8ab52", "value": "SecuriteInfo.com.ELF.Mirai-BHTTrj.10886.22949", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c00f20ad-f0c2-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627600480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600480, "uuid": "5bb362be-a7a9-44b4-9096-ee1533a917ff", "comment": "Malware payload (Mirai)", "value": "d35fbb630f3a61f2c0057417ee7688c5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600480, "uuid": "8af6d717-fbde-47e5-a7f4-6521e54e8226", "comment": "Malware payload (Mirai)", "value": "4e88c6fed30809453ca04b4615a90714749508d3d00ec25079521f2c6bc4cf11", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600480, "uuid": "ad9fd939-5e79-4d3a-8778-69a926ee293c", "comment": "Malware payload (Mirai)", "value": "f847cc5d1c81ba3437e4a686b54f7f9e709baa24", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600480, "uuid": "78b56a6d-5e3e-466f-97f0-cb4b26f35643", "comment": "Malware payload (Mirai)", "value": "b0ca75bc388fe023004cf6c8689b77d3a93afabf85dcac882f839b0c19360fb0fe5ed676427ae7bb76fa76b3d0856228", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600480, "uuid": "497f00fc-acbb-4bc4-b29b-11b1143eb501", "value": "T146B2E1C9D6FB2BC3C351C332E07C594DD5771AC1074A851A2109B24EA39760E4BFB3A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600480, "uuid": "d7f955bc-37f0-492d-9dca-4fa884f24bab", "value": "768:R/QOC0Yhn6ROHWF09cwNPFCnNBxcfAicZ:R/nihneF1wKNBaoFZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627600480, "uuid": "82b24600-8202-4bb3-97d1-645097d5474b", "value": 24728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627600480, "uuid": "f681e5b9-7eea-482b-a202-484f86c006d2", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600480, "uuid": "97b0f255-9272-40f9-a469-818aaa0bbfad", "value": "d35fbb630f3a61f2c0057417ee7688c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23a92ba3-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627574877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "4a77392f-2eae-44cd-9ee8-3d366b53a0ca", "comment": "Malware payload (Formbook)", "value": "9d92fb1d9dc509364b324872a133a5ac", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "9b9827e0-926c-4751-be83-71080d065111", "comment": "Malware payload (Formbook)", "value": "501171b705ca243c63bcced156955e32016b5f4c5e62740af083eecbe25c7f8d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "f862b4fd-d26b-44ee-9be0-f36aa5a20e73", "comment": "Malware payload (Formbook)", "value": "5e3ca1a3e8f41bf78b869fdaa7caeca8ed96004e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574877, "uuid": "e99766a2-4012-43f3-a1ac-c1c120d60477", "comment": "Malware payload (Formbook)", "value": "7d653de460cdfbd58894fa7eb8b102b52f4d51ba9511b29a62904191bd192cca85cbb338843bb08a54e60e39b0ff2e51", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "1568edd9-d735-4021-b655-952df804cd3c", "value": "T1AE55E064898C8FE6CC5803350E5806741EF5AEE6F2B0D86C3D8D71B1B7F2919EAB5346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "eb6db3b4-96a8-4b0a-a116-a7ed68a3a9a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "666015a5-8fa7-4112-b600-929209d69c5a", "value": "24576:vdGS/d3dKzksRks2y8j4jhzagYJe8nZbQ+RVMN6ZN5Z:JK8UhzeJeqZbQUON6ZN5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574877, "uuid": "144dc7ac-88e4-4374-a886-e73d641ee04e", "value": 1316864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574877, "uuid": "5a57c267-12f3-43f7-9c8b-47d0bccf8fb7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574877, "uuid": "ee7fbfc0-a61b-41ac-bf3f-25c1dfabc4d0", "value": "9d92fb1d9dc509364b324872a133a5ac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e1e9f41-f085-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627574143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574143, "uuid": "da61278b-f572-4574-830d-c4f76f02fc2b", "comment": "Malware payload (RedLineStealer)", "value": "56f43b7aadd2ecb4dd9e5b29e155879c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574143, "uuid": "94924b88-5548-48c5-b2d9-166343a21d3b", "comment": "Malware payload (RedLineStealer)", "value": "503adcbbdd31b1398aa676a524163a5f4fc342b2722da40c20a422fcd926d345", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574143, "uuid": "c103df7c-0a47-4e69-9ddc-73268287b1a0", "comment": "Malware payload (RedLineStealer)", "value": "dbb31825f23738a271a8c15743aa6db8cca47665", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574143, "uuid": "29aa3a7b-9d3f-4d4a-b9d7-649886df50a8", "comment": "Malware payload (RedLineStealer)", "value": "668b654e18aa4012bfddd40b8a6b4249fb8586de35309396f1ecc148096d92562401ff9f7170bf9553cc7b0f3e098f11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574143, "uuid": "46afc89b-e708-46b9-9b6c-211a6a7fae21", "value": "T1CE65D0A6379ACE5DF2CA527A80CB4485C3A4AF2315E2E21BFE9431394372793E71D4C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574143, "uuid": "080c8cb4-2fe6-4514-a18a-7025d65ad91e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574143, "uuid": "1c7a6423-03a5-4b27-90e2-0b95ecd65a4d", "value": "24576:e00F8WjlFjzkp7D8056p+R2SDrT3RRimyrRWBGFGI0EqduKU0Y6xtxrukomfk6P0:exF8WjlFjzkp7D8051533r4GGgIFqduN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574143, "uuid": "f490fe80-9abd-46cb-84de-09d266be27bf", "value": 1489360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574143, "uuid": "989b26e5-a659-4445-ae4b-c0ffafc67709", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574143, "uuid": "9429e4fd-6a1b-4a2b-873f-d718e4a7b096", "value": "56F43B7AADD2ECB4DD9E5B29E155879C.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "747e5ef0-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535499, "uuid": "46425fbc-7e3b-473e-baa7-893e031239e6", "comment": "Malware payload (TrickBot)", "value": "3d64d044bfdddd6bc5566fcff9091f3a", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535499, "uuid": "41c408c6-0e8d-46bc-b02b-4b6b4cc8cfe3", "comment": "Malware payload (TrickBot)", "value": "5083007a8427ece75d8ccebc61129d9da144c797fdf03e80036ce162b3380615", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535499, "uuid": "a6340d56-bdde-4108-95b4-0d90b18fc914", "comment": "Malware payload (TrickBot)", "value": "c1ccb967ecbf461ddab5e8017e319904e1786425", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535499, "uuid": "42eac052-3eab-4659-899f-ab85f9999f10", "comment": "Malware payload (TrickBot)", "value": "bf5263eac2c9c5610db137a314698c44857b12f28de2372ded027ec432724c9fe563c77220533c80a0c022fa047eb1c8", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535499, "uuid": "b8b83cfc-5f35-44f3-b35b-a51c72c241b7", "value": "T1FB030226D79A0B41EFEF90653DBBD1632B5841B3A51ECCEAC5A2C0F40CD43D8265988E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535499, "uuid": "ac413342-3c19-4dfd-aacc-5db918f7c8fb", "value": "768:KdFfRrj/MFo0A0HhUrr9A5z8Kqd9CWeZbV4VH6DHefqn:MBR3J0A3rp0m7eZb2wOqn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535499, "uuid": "3c21d755-8a34-47a6-89e6-7086fae69f88", "value": 38786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535499, "uuid": "5bc4a480-e58d-47fa-b719-a618fc1353d4", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535499, "uuid": "ea959c91-b8f0-4104-ad3d-63add25cd369", "value": "2021APT-28_62940453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "459e4b27-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535420, "uuid": "a6d3062b-3437-4ce8-99d8-b9f710cf7cb0", "comment": "Malware payload (TrickBot)", "value": "71824aa899df5d2f908be4e773b5c5eb", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535420, "uuid": "28e24544-9227-4af4-a67c-08e5c897eadf", "comment": "Malware payload (TrickBot)", "value": "50b294330afb8a97173573d0005ab7a65bd19e50f9fb9509f3afa0c188e7a4a2", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535420, "uuid": "1cb7f8b3-b3d4-4dbe-827f-681d1caaaa0b", "comment": "Malware payload (TrickBot)", "value": "1fbe9729b0f11a040f41bac97d1ec7739b7eb9a7", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535420, "uuid": "89d22d8d-2abd-45ab-931e-63dd2ee1f496", "comment": "Malware payload (TrickBot)", "value": "045b99284b759d2937724fd72024309d0eeeae7ec8f0235db2b82d300be12c449032bd0f2e91277ff6219446833825df", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535420, "uuid": "be3602d1-3851-463b-8dd0-d5591048bd75", "value": "T1ED03F1D1F27781BCFA1083F118190A46FD44D3DB267D4B4BA9F4782CA3345B39BA2966", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535420, "uuid": "eb18331c-c7b9-4c09-9341-58a7d08e839a", "value": "768:SMr5eJ1X0LX26bMSXcZOqw6Kb+M9cZcp2nmst5RzbWKhKW/N0:Dr5U1K3YSMZOf6MGcQ7NbWL9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535420, "uuid": "3e0a349f-ff88-41ed-9821-c38ec6cf7318", "value": 38028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535420, "uuid": "d38a301f-d75e-49c5-ac99-8212efabd4e8", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535420, "uuid": "45336742-1f46-4b35-b438-fedfe4192a1d", "value": "2021APT-28_62700453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb718b82-f0c5-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627601787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601787, "uuid": "19e01604-01cb-45d9-a313-e4da39d9627a", "comment": "Malware payload", "value": "a67c49ca00bd6f930452bf8a4e7d7d07", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601787, "uuid": "f165767c-c950-44e7-961c-d6edcbe519b8", "comment": "Malware payload", "value": "512430bfade7ca44a15523c02462a169ca0f7db8915235e7858817eac516f007", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601787, "uuid": "aa5d6e38-89c2-469c-9299-59d4f70617cd", "comment": "Malware payload", "value": "268d8f1405d6928d7c9e5d80eee81c815e7e03b3", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601787, "uuid": "cb7dd9a8-a94c-4eb1-ae33-01ec808bd657", "comment": "Malware payload", "value": "f2d6a7b3e82a92c958bffb99f2cd30baa92b33ae71020d208f1b54fe34815334f5dc0adb3b783839c5ed53ca2b9badba", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601787, "uuid": "8e78fe15-2375-456d-81f5-d150a63d09e8", "value": "T12F13F16D8E40AE40C5FADA78B1082C31130E6DEE97389348B7D45285BD72BD52DD3B6D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601787, "uuid": "0738fee6-2ece-4923-9b70-be26615f33b6", "value": "768:/6Cbfxa94rZN0DGCfkyX3eks4pSGn0Qic3qwB+Ll0L/tnKAcJH:/6gfGzfPeUv02BQB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627601787, "uuid": "0a8fff66-51b6-431b-a07a-0a2f3c528e93", "value": 42515, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627601787, "uuid": "fc417459-6487-4243-b5be-8c170fec5e4e", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601787, "uuid": "4c5c1a54-ef35-4033-919b-f75904328a4f", "value": "SecuriteInfo.com.VB.Heur2.PwShell.2.C69CED9E.Gen.26067.10366", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bce91c28-f079-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627569121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569121, "uuid": "a53f4ab2-8d2c-42c5-9786-de4d5a20a9b7", "comment": "Malware payload", "value": "428a6e26e1e22df8e7bd621feff77449", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569121, "uuid": "42ceee14-c63d-47d2-b3b4-6c617e2521d0", "comment": "Malware payload", "value": "51bbcb798f2091547d768fd94eade771db432cfddfe59e5d0d505a1833eb1338", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569121, "uuid": "2d99f988-7569-4334-95b0-3e4d87ebd9c3", "comment": "Malware payload", "value": "e3bfcdab95b15a43420a0528a65f89c0c4610ca5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569121, "uuid": "b10e6c1d-f00c-4d13-b3da-a059d02938b7", "comment": "Malware payload", "value": "dac8aa8298e668bcdfb762faf5133f683a18b76c6d6e156db1b17d02d1ace14b0e343c59376b2ad65fcef56252ccce3a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569121, "uuid": "8676697f-8aaf-413e-91df-c420a885a57c", "value": "T15303F23C432A70E3DA2E49BB10D20F949E712B94DB27754A1726B69A0F9F035B8835F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569121, "uuid": "22c2caa7-683e-4fad-99fb-ee752f3dca59", "value": "768:piTpR45F3gJG9UlQcuPrDjdwO/WsN/v88b8vOSKOY2JgGlzDpxYsdou3AN0VB:ikN9+WR1N/klbK0VrYluw0B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569121, "uuid": "aae39c0b-93e5-4db9-ac7e-c507c1356c41", "value": 40428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569121, "uuid": "c71135ee-3c2c-438c-aeed-ad15f22a84e4", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569121, "uuid": "cc75c39b-a083-4c45-9a74-c007ab24f8a2", "value": "428a6e26e1e22df8e7bd621feff77449", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "260aeef2-f0c2-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627600221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600221, "uuid": "2f81b385-ca84-401c-b948-5f4eb6b4302f", "comment": "Malware payload (Mirai)", "value": "66fb2d0e4c35a68726cdf943d3064f94", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600221, "uuid": "226e177d-4a31-4126-aba3-1b4457b147b2", "comment": "Malware payload (Mirai)", "value": "51f16c41d00dd1d7ee022a19722f6beb36164d206494eae1a7664a5f0d7d8191", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600221, "uuid": "894e44b6-bcb7-4950-a834-8d2e29154101", "comment": "Malware payload (Mirai)", "value": "51ccb8e9e1ba5324b1268eac30cbf9715a12f760", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600221, "uuid": "b64254e7-4873-4153-bfae-4c3ed52351d0", "comment": "Malware payload (Mirai)", "value": "435e596a77208a8c67d443a18220f35e5ba2b7908018c4d9cd8b34bf652eb2ff8d37af2d0829c689e30978cb5e1b9024", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600221, "uuid": "c813ff84-4125-4033-9452-39e2ba51fa55", "value": "T1BA338CB5C579EDE8D1144A78BE248E749723E000C6932EFADA44C6A99083EFCF5583F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600221, "uuid": "07da0a1d-1657-4867-b1c2-1d1b1f2a3640", "value": "768:jaixFwtLSYAagMo0ebH4/ZvQX3hyWfs3INgCJUU/qMCqKomQRCvh:jaQFwtOGBvQXxfs3kgCJt/qMF/RCvh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627600221, "uuid": "d74199b5-c931-4896-a247-44fa77fdcccb", "value": 51584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627600221, "uuid": "632290e2-9225-4715-9f2f-6369ae2f5887", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600221, "uuid": "44ea9eec-79e5-47c0-9086-bfdb97d9d816", "value": "66fb2d0e4c35a68726cdf943d3064f94", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7510033b-f045-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627546667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546667, "uuid": "3d86a221-52f2-4c23-8379-f50d293f33dc", "comment": "Malware payload", "value": "dbc83b78f54d5904f4b91dd53de9fbf9", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546667, "uuid": "b79ab8e3-1c20-4c38-a912-95e09d37e2e8", "comment": "Malware payload", "value": "524e4be405a9dd94625fe2418e7e411cdb9cc7c75247a1d0d64fc53cec56ad6b", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546667, "uuid": "65af3d71-fcc4-4249-9374-7a63ada3b3a0", "comment": "Malware payload", "value": "4d5ac28f59fbc8fed24d5b3a5b685f837d506390", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546667, "uuid": "910456e8-e6f5-47fc-aef9-ae6cfa3c671f", "comment": "Malware payload", "value": "b2b0facd4d96df8d743a6cd298259e316d9e5c75d3a6c061ca31ae4608f2d42e92677dd28b62d3ae1a193abb5b2cd3f1", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546667, "uuid": "7d06ed9c-3259-4883-8bb3-b034c2ec56c3", "value": "T10B65125FEC126F15C335D56F1B8AC5203DA742BFAE93AB27756BA8434FC0885B02944B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546667, "uuid": "1121e76b-265b-45e1-b660-f1a8ff0ce05c", "value": "24576:X4XWRuwFkjp/kthz1tq5daEFHLIsSSs71P+CDWz8xGH73nvffNpBFYWHWCq:GWvFkj2t/8/RRZ6712gWz8mppV9q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627546667, "uuid": "ff1b266d-bafb-4eb6-b045-6d7e194eb204", "value": 1497424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627546667, "uuid": "ebe4edc8-f359-475b-be20-0a743e2c7090", "value": "application/x-7z-compressed", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546667, "uuid": "e60a3980-3913-4478-bd70-72f2596ec5b9", "value": "Setup-v1.9237.iso.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f135643c-f083-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627573504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573504, "uuid": "aaa51f07-89aa-40f9-8ec9-68cf76079290", "comment": "Malware payload (Formbook)", "value": "e6aaadae7c2be3a8f486e8f439c05796", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573504, "uuid": "00b88c52-cece-4676-9629-12b34151bf41", "comment": "Malware payload (Formbook)", "value": "530f994d0a6cd6632799de5eae17e4cc8b7a522766baec98a871d9611884abba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573504, "uuid": "0b1cfb09-ac53-4038-9277-39d77ec81ff9", "comment": "Malware payload (Formbook)", "value": "cd346dc938584c4019b83d80ac798a04727af942", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627573504, "uuid": "51f56bdd-f7aa-4054-9702-b05cfadbd3a5", "comment": "Malware payload (Formbook)", "value": "019f48764ea2602805cf9baf9461e8430c5113ea912a4e19b9acb818ce969b043222ceb90803877749ddd6966a2ed04e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573504, "uuid": "d3ca2a1c-4bf1-484e-853b-5c8edbd10610", "value": "T17855E028898C9F96CC6C03740E9846345EF5ADE2F270C96C3D8D35B1B7F2D29EA76245", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573504, "uuid": "4fd68307-1878-4eb0-9ee6-f78a0fa536b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573504, "uuid": "2b73c4bd-1dd4-4489-83ff-a985351a6f16", "value": "24576:qMS/d3kKzks4ks2y8jUxLrifZUShbucB+Vlcw8Fcr6XzK8N6ZN8Z:PKxq2fZp5uq+jLEcmDjN6ZN8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627573504, "uuid": "608eccd2-82a5-4092-8d50-2a9b620a7877", "value": 1338368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627573504, "uuid": "2b75aad8-a96f-48b6-8938-e2c796105cbf", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627573504, "uuid": "5f9d6acc-0ddd-4e44-98a9-8853cf0f5a8a", "value": "triage_dropped_file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f82c3406-f07f-11eb-875b-42010a9c0053", "comment": "Malware payload (ServHelper)", "timestamp": 1627571798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571798, "uuid": "6c6eafa6-5f33-47e1-a569-c56f5bc2d14f", "comment": "Malware payload (ServHelper)", "value": "0c81dd2088368b16444a770d8e76ecf8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ServHelper", "colour": "#A1B0E6", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571798, "uuid": "e867d4d5-39c8-4366-be36-c3f72a1aa20a", "comment": "Malware payload (ServHelper)", "value": "53265a502e4f4f70abcb422a8b2960c654be15f0b65e4b7b17269857a05953e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ServHelper", "colour": "#A1B0E6", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571798, "uuid": "a5e08cf2-e292-48a1-84ae-8ebc3555b5c0", "comment": "Malware payload (ServHelper)", "value": "9e5bbea2cb5b5c227dbd5f11652dc458da505f76", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ServHelper", "colour": "#A1B0E6", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571798, "uuid": "c33d996f-a88d-40c7-95d0-f4632da5c052", "comment": "Malware payload (ServHelper)", "value": "179f759fc02b93ff1f79de539fec9a736101e9519dd362bae12fde27d35af916fca83fe77edb71e1fd0f63bf7e455b03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ServHelper", "colour": "#A1B0E6", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571798, "uuid": "e9cb0739-37ea-4edc-9fb1-493261f0ef4b", "value": "T16F56E016BCE214BAC57AD230885697517B313CA483363BD72EA4B5A92F75BD02F3E314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571798, "uuid": "9c976a6f-2709-4e22-9aff-9dae1408cf74", "value": "4035d2883e01d64f3e7a9dccb1d63af5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571798, "uuid": "b4be749b-497e-40e5-906c-ecfa669b11f0", "value": "49152:F9eGepgtCWIxe/h55YTVEduGEJfoi6HmHBhuJl1jaYSsldKYjCVhg6er5HcocPK4:FgpgtN/f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571798, "uuid": "51e83333-695b-43b4-95fe-89e29a166452", "value": 6330368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571798, "uuid": "29ea2bb5-efdd-4dc4-ab27-de3887d70796", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571798, "uuid": "e3293cae-8aa7-4d7b-9a9c-67d83d38aa11", "value": "0c81dd2088368b16444a770d8e76ecf8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61691545-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535467, "uuid": "7e9ca3bf-1ac6-400a-ba18-4c109b4713d3", "comment": "Malware payload (TrickBot)", "value": "4e231ee349971cf3c638f474523d65d8", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535467, "uuid": "4a83ee8d-1a2b-40fb-a56a-939733d97c62", "comment": "Malware payload (TrickBot)", "value": "5350ee0827fb44e4db46b119210406e4a674a5d950485195db0d01d2a7b9cc80", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535467, "uuid": "d0cacc62-6ba2-45b0-b358-bffdefa29540", "comment": "Malware payload (TrickBot)", "value": "952b56785a5acdf3c485ddc1bd47cb1eb5fd1d8a", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535467, "uuid": "25fb1747-d93b-4086-90de-a17c9f8e393d", "comment": "Malware payload (TrickBot)", "value": "8d327e783164a396c7d8d553f71e60ce4d3b3dc2f5d7d7629eaf39f738c75f431a18544ba251291517084f9b6d5f009d", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535467, "uuid": "dfbadc64-8b2b-43ba-8d63-6695aa9df05c", "value": "T107A2F110C011E72FD4CE2EDDE229605F82513903F9BEA601AE92679DF4F59891AE36A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535467, "uuid": "8b2f356c-eb85-496e-829a-63c12b92bb78", "value": "384:VjV28Z0oQTWyuD9wdHvty6YUoMArPeU4AdFYXHCMW:OYT5y89yMGNATeU4rXlW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535467, "uuid": "6dd163aa-b99e-4838-b1cf-7f00d52fc49f", "value": 21882, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535467, "uuid": "62fb4ca4-950e-4131-8f39-91658e138755", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535467, "uuid": "682c5efd-1296-4682-ace4-cf81b4892047", "value": "2021APT-28_65052453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a35abb55-f03a-11eb-875b-42010a9c0053", "comment": "Malware payload (LimeRAT)", "timestamp": 1627542020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542020, "uuid": "2c0863a1-bc64-436e-980e-e100db15212a", "comment": "Malware payload (LimeRAT)", "value": "03db20807083e251ad855cbaafbd69c5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542020, "uuid": "a424ff49-5a73-4101-b213-c1486cfa7fc7", "comment": "Malware payload (LimeRAT)", "value": "53684bdcc56108ddbdcb9533411b44ec0eac752858a65129bbaef23fba530053", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542020, "uuid": "68115a4e-494d-4d35-a65d-ebda440faef6", "comment": "Malware payload (LimeRAT)", "value": "87de4558aac1ae503e708bd1e10e2f480f661709", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542020, "uuid": "23ec7bcd-f76a-4bd8-b4bd-e3a71bce28e3", "comment": "Malware payload (LimeRAT)", "value": "001739b18f93f27e58231c6ebb759a41839c6b6fdd8b69c921e1f68bab5c9690f1ca2b130df2373c91820bcba1ea1bc0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542020, "uuid": "ef0196b5-c6c4-4a06-a38d-19de0f27369e", "value": "T1D215AF3459C897AFFAEF07390BD92070EBF4E212317293A81ED141B959A2F54CDB4267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542020, "uuid": "8e47a908-be4d-4f81-9501-7d99dcc400ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542020, "uuid": "298eff4f-dcc6-4c69-9b90-f72ac34bad85", "value": "24576:9kNz8cS/d3YK64JWn4qJznsiMeZic6LvqC:WjK64JC4qJLsXezm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542020, "uuid": "392ae599-1bf2-4e57-9ada-af6e5556669c", "value": 938496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542020, "uuid": "c099d608-bbaf-4152-a061-f91dd54b4c69", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542020, "uuid": "ebbf6f4a-128e-4de1-b07b-57f76c25f6aa", "value": "03db20807083e251ad855cbaafbd69c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2695a71f-f034-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627539234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539234, "uuid": "3f94bf29-6883-4093-91a1-22cc92b6647a", "comment": "Malware payload (AgentTesla)", "value": "654007422d17a8875e3615bcc852c289", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539234, "uuid": "498e8247-5970-471c-9cd9-a0aea06297c8", "comment": "Malware payload (AgentTesla)", "value": "53f1ca954533144aed70fb7f95f39e2610016d96e8a4cb0373a32f19fa9db44d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539234, "uuid": "6240e460-2bc7-4cca-872d-adb205436884", "comment": "Malware payload (AgentTesla)", "value": "a16d0b393f9bb30b8ccfea2aa66668f5c8e850f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539234, "uuid": "47b9acc1-a941-4893-ba4f-8a20cc3f21df", "comment": "Malware payload (AgentTesla)", "value": "b11dbcd5752fed027e5eec9fff6f65945271d32c7a1609b9f62b50e21468b5706ab182642217fa84d606d61dd58800d0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539234, "uuid": "8ee74d87-2263-4868-a043-bcffce474ffa", "value": "T1D9E4BE744488DFAADC5C03B59B8C02F02EF09CA6E1B0E6633E857DB5B5B0A25D979347", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539234, "uuid": "1170a46c-8c10-4440-ad7c-cac8cf6964fb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539234, "uuid": "0503f846-10e5-43cf-ac2f-3fa1b5f808ae", "value": "12288:b+mXqW027iS/d348dcMi/mVkZ/Hi+hqhSrjyGM8gucCrXWzQ:bM3ZS/d3AKeFCKqhZ38gubXW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539234, "uuid": "f86398e9-703a-4634-a2df-b434153b26cd", "value": 670720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539234, "uuid": "26719cab-c58e-4ba2-8f29-916d9f8359d8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539234, "uuid": "f619513d-e353-4e7c-8094-0faf4a40f47b", "value": "07.01.2021-07.27.2021.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0611c91-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535599, "uuid": "d65e1e04-b4a0-4b9c-b0b5-850fcdede1ba", "comment": "Malware payload (TrickBot)", "value": "958cc28548b829034291abb5b06a2ce8", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535599, "uuid": "fe156417-71fe-44ad-b811-46ccd615a7a0", "comment": "Malware payload (TrickBot)", "value": "548c7d4cafde33fa6766da36371a4dd062421ea43e8337c1b61aa33e0f600dd7", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535599, "uuid": "7bdeb0e2-c3e7-4721-bffe-30d018c69f75", "comment": "Malware payload (TrickBot)", "value": "a3d934589e49a35c5d6acc6ae879f3c8c5354229", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535599, "uuid": "d5748908-582a-4044-84bc-82af5fd52c65", "comment": "Malware payload (TrickBot)", "value": "bf75e873068f490a2ed9a198109a70c0d4154241ad30b93d7d4fad8d5757f127001f358215b284916fc5cc1e87ac7f4e", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535599, "uuid": "c672ff57-7f2c-4655-a1f2-5ac542cd98bf", "value": "T1AF82D173B4BE41BFC8BDFC7916D39940F247200068A10A0672C5ABCF8BB09995B23C5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535599, "uuid": "fb9e3cee-1d64-4aaa-beec-fb7e4fad17f5", "value": "384:Fjg72hHVXNHph/dtFY3rwlHmJ0QiA879QPvzJY+r8bdI2e98:VIuHVXxph/dt+3QHmJ0QQ4Zr8bdjei", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535599, "uuid": "429b7524-6f3b-46aa-911e-85d24438d99d", "value": 18761, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535599, "uuid": "319eb507-0ba4-4401-8c36-3fd4c28b56e0", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535599, "uuid": "503ea0f5-a3b3-4631-ba4f-254608762e7a", "value": "2021APT-28_74484453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9e58a8b-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627575210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575210, "uuid": "483acd55-a772-4325-8e77-47caff05061a", "comment": "Malware payload (Formbook)", "value": "ff294b0f6c0613a6a77ef6a5a3960f6c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575210, "uuid": "ac1cc923-0b8c-4728-b91d-30124128358d", "comment": "Malware payload (Formbook)", "value": "565befadf7619a22f5877dd965a76b7c24dab58a0be973afa11cad66b978a501", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575210, "uuid": "f09a0844-7937-420b-a5b5-d910645c2121", "comment": "Malware payload (Formbook)", "value": "4b70762a9c431ea74d03422b5096f2466863d147", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575210, "uuid": "d5a4f1d2-cdc7-4579-b4cc-086fdb691fe1", "comment": "Malware payload (Formbook)", "value": "ccb4077fe3daac2d9a00dd0dbc88e4ce5a04de39330873a998c67d9708a60a4299f5e2fde82966655a7bceb7f14e2fc4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575210, "uuid": "d1084b5f-eda2-4370-8f62-da03cad2d2d8", "value": "T15715D5105648AF1AE2BE47B84018012497F8A906D7D6FF1DFEE591F12D237E2E98F41B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575210, "uuid": "e59396cc-a4a3-48ad-aa12-8435d4082c9b", "value": "3072:IJIzxK05Jvj+UoyFyzTcglNnofZO+17Fd2Q1bK:40Pvj2Fl8ZT7FcQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575210, "uuid": "b120168c-c617-415d-8ed3-bf091a2bc217", "value": 917504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575210, "uuid": "c6329842-b0d8-4526-9c86-393775fb2416", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575210, "uuid": "b21187f6-28d7-40b3-ad79-27b4460d6b23", "value": "ff294b0f6c0613a6a77ef6a5a3960f6c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61a7b062-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627548352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548352, "uuid": "0944fb95-58e8-49e0-803a-c7f8192ece8e", "comment": "Malware payload (RaccoonStealer)", "value": "69b1bb4f5794eacb09e3ce7a8ad1f15f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548352, "uuid": "5d542dec-68e0-433a-8a71-85da32ccef12", "comment": "Malware payload (RaccoonStealer)", "value": "56d389a215fd102eecb65009b5681642a66232e8b68aaa029b377554e1db7689", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548352, "uuid": "c7b0d6c5-ea44-4451-aa45-3757b46ddbc8", "comment": "Malware payload (RaccoonStealer)", "value": "bb9de37bf233917f1ae04522f61213ef3ca6a488", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548352, "uuid": "6022171e-65d2-4396-84b4-f7011d369fdd", "comment": "Malware payload (RaccoonStealer)", "value": "c2c14a1f9e134974b30c8a505899f53bec66a479cd38cea3078bf63b4659dd77768157823ee65b02af4cec66ec3a09ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548352, "uuid": "f42d1bef-474d-4904-a698-7314361c63b9", "value": "T161B4E130BA91C036F4BB11F846BAD379A52E7AB06B3490CF13D625EA06346E9DC31757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548352, "uuid": "25419ff2-ea23-4932-824e-1561b773fd24", "value": "ebe339f33228ec9cb9963341e6449ca2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548352, "uuid": "f4cb29ff-9946-4110-8110-3ea7e1a5ad5f", "value": "12288:qVe3i2leoAFIYbOAvdezPUg6Qmex/cPJNLxsmXjd:qV1keZIYvvdjlr/JN9sAd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548352, "uuid": "5bde9979-86c9-4c28-a09f-28ba5d0b1db9", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548352, "uuid": "09edca4b-0acd-401b-888d-1039882b9143", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548352, "uuid": "bfa8e802-3c56-412e-94b8-a11f048fde7f", "value": "69b1bb4f5794eacb09e3ce7a8ad1f15f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c85ef5d9-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627575153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575153, "uuid": "a875a8c0-db5a-4599-bf25-4d60357740da", "comment": "Malware payload (Formbook)", "value": "b6e6712ed64dc7d72f13f84ef50c04ad", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575153, "uuid": "e777f85e-3b29-47b5-b2c5-ce7de5096a4a", "comment": "Malware payload (Formbook)", "value": "57bcc23142e7398ee53fd5e374851444f18857c4d9f7e23daf4435692b6ba2dd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575153, "uuid": "6a70fb06-6fba-40fd-af8a-8449d3776eb1", "comment": "Malware payload (Formbook)", "value": "c5ecd32e93924d051d6dd55382fe4f78a74c5406", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575153, "uuid": "beff872d-cae9-4f73-8186-51d3d1e33e66", "comment": "Malware payload (Formbook)", "value": "560cd8c38d2e77c87e27c263f93ba1940a8d77c166cf1037106b432aac9b2df34c14be9deeed195cc0a03ffdfa0f3391", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575153, "uuid": "f88860ba-be8e-4220-9417-ce68ba9d8ad7", "value": "T12D45E038898C9F96CC5803740A5846346EF5ADE6F270D8AC3D8D71B0B7F2D26EAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575153, "uuid": "6b5b3ce2-5b84-4261-9a8c-9146a66111d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575153, "uuid": "431299da-28dc-4c95-9ad7-65ae5056b9d2", "value": "24576:/jS/d3sKzksDks2y8jECUKA6oRZ6jxms9oqUWRq7SMN6ZN/Z:nK+UC4VMjxms9nUWRsN6ZN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575153, "uuid": "bddd86bd-efbe-4afa-ad43-a3020ff56c09", "value": 1277440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575153, "uuid": "6b3b7646-b7e5-488e-8dc6-df14a073303b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575153, "uuid": "d6919179-34bf-48b6-a075-9d64c587b3a2", "value": "b6e6712ed64dc7d72f13f84ef50c04ad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f12280bb-f010-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627524112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627524112, "uuid": "2416c4fd-0480-4b1c-b218-d015364f0f60", "comment": "Malware payload (Mirai)", "value": "d0ad8e43aaafef7b10843584f9120611", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627524112, "uuid": "451b4896-707a-4857-a787-122088c8b5df", "comment": "Malware payload (Mirai)", "value": "5912016471bfdceba80ed3e77acb30b41b05d65261dad566b05b1b802234a69e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627524112, "uuid": "85130dda-25cd-4d3e-8f8b-a5745a208f8b", "comment": "Malware payload (Mirai)", "value": "29977ac759763bf5a6f86a3b8514f05c7a2b640d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627524112, "uuid": "39e6095c-1fad-4e60-8b91-30c10595173a", "comment": "Malware payload (Mirai)", "value": "70834771c3a53a0597102f1ccf6b7e6d768874846694120d70ee7138894f9e88171ce31903f4ddb821f174aa23890d3f", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627524112, "uuid": "34499f4b-94dd-4f17-a1a8-d33b75cf9b52", "value": "T1116412ABD8777DCBFE1A0FF421970E4E5EFDD2CAD2C568905255048026FD346A290BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627524112, "uuid": "555dde70-1c93-419a-8790-760f4647694b", "value": "3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6co:7O/QJHZweEL/NOjCHm7FZZnc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627524112, "uuid": "adf12531-967f-4d4b-9b30-29d245eebbed", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627524112, "uuid": "6466075f-a7dc-4cbc-b49f-bbfa7f278ed4", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627524112, "uuid": "e622df2a-4b19-4eee-ad04-169b7ed04039", "value": "Mozi.a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2898fa35-f069-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627562000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562000, "uuid": "13e3fecb-b707-40f6-b189-031c8befc894", "comment": "Malware payload (AZORult)", "value": "b3e0f8df0f341a58eeea1d9968751892", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562000, "uuid": "d947891a-cfe2-4b9d-ae25-58798cc99f54", "comment": "Malware payload (AZORult)", "value": "59138c967604e59f1d4e62c5ebd0beb2820f43ce0fd1b05705279859ce7393ec", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562000, "uuid": "ad276330-e8a2-494e-922a-0af26bce6a44", "comment": "Malware payload (AZORult)", "value": "fb65d84f35169d22e0852d7e7b58a20f4398005d", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562000, "uuid": "442ab133-c47b-498f-9b4a-4ea67b75f8a6", "comment": "Malware payload (AZORult)", "value": "785984cfdc084bfbb61c3964bb15d2405c507d5dbbf6b2c136b6f5eedc9b16a6e8a5e418d03933f2ed9dabbb92f98784", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562000, "uuid": "c691e573-3c70-4760-bfee-f50060b09dd2", "value": "T163A4042A239A4917F67981757653ECF5F650BED2AA109D0B82C63F8334272C1EEC5C2D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562000, "uuid": "8254b4e9-7e92-4bbd-bf29-f3e545d6e73e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562000, "uuid": "732fa4ee-a2ac-4011-a381-6b9483f0491e", "value": "12288:bswp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXGOPHsoDVU2:oEKHlPLZh88PH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562000, "uuid": "9a2228fb-e374-42e0-a405-8b85638d03ac", "value": 487424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562000, "uuid": "03619d93-1a49-43a5-9bbf-f53f515be1f0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562000, "uuid": "5d2b9798-a178-4778-80b6-02136c76d577", "value": "Order Confirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6d58cf8-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627548549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548549, "uuid": "761efb5c-1b59-4907-a8bb-c06629f83cee", "comment": "Malware payload (RedLineStealer)", "value": "886cc521138c339c9278199461a50491", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548549, "uuid": "a4819647-d6e0-49e0-a56c-bdf49e3efddd", "comment": "Malware payload (RedLineStealer)", "value": "5940ba33eed4285ac4adc24b4196e812c7f11e20e45290cbf89c856a80c7cac8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548549, "uuid": "7896fca2-d727-4e89-971d-80fd00ac03fb", "comment": "Malware payload (RedLineStealer)", "value": "c438a3a30526e5e2caec769cd4c11c537c0c57a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548549, "uuid": "7bd2e993-fad5-4e39-9449-73d506d0fe86", "comment": "Malware payload (RedLineStealer)", "value": "f68bc5f2af8b69f93c9875158a1863bd0cbe51b2489aacb20856c1170905415f2bfc2a90e23c2680abe89719f1420181", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548549, "uuid": "f1d8ea91-9462-409c-960e-e8578ca4812e", "value": "T145D4F130BA90C035F4B712F886F9D378A53E3AA1677050CB12D566ED06396E9EC3179B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548549, "uuid": "e6317972-e506-459a-a17c-f26326a8e81c", "value": "613f2e4a97d34083c947d866c86b0b7d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548549, "uuid": "d45b8001-efaa-4856-b0b0-b09d36ca1ca4", "value": "12288:AKdkm7dhwY3dj8TXLdpYmmvbvXK5Mq9xJ65Z56ELiX3ES2owh3QsH8nbmY:Arm7dhwY3dj8XdqzKyqZiewkEGwhZH8v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548549, "uuid": "8352b351-6ce6-4afe-bab2-7bfffd178a1a", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548549, "uuid": "ad720557-d69a-4e6c-9438-a06513a26beb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548549, "uuid": "caf02386-3778-4f48-ae0c-f7369d3f2fcd", "value": "886cc521138c339c9278199461a50491.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4e09112-f05a-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627555793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555793, "uuid": "ee83960d-c999-43b2-b896-d994f07b9803", "comment": "Malware payload", "value": "e173d533a004027de26222f76181daad", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555793, "uuid": "20712f95-72ba-49c8-9f56-69b575cc4deb", "comment": "Malware payload", "value": "5948c9539e1f843a350fda27bd97bb9dd1c6427a3f9b45ac95032319f844bb32", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555793, "uuid": "5a65bce0-0bd1-4640-bae0-ec236ce0a074", "comment": "Malware payload", "value": "0f1fa2316f2c685da3051b88121004bd75ebf5c8", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555793, "uuid": "098022c8-73eb-4f44-8203-ff31d3132fc3", "comment": "Malware payload", "value": "7805f750a4585c06cb8e1bb69dec11ed3c7df20a7fbc0ec0bec9938aed8905de522ce4fca9cb00fc56868b6bc4cf546b", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555793, "uuid": "b4b62dd9-7278-4aa2-9088-7092a121d8da", "value": "T10F75CF86F788A92FC877C0320AB64636618A8D5A8741E3475524B36C7DFBDD44F89FC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555793, "uuid": "92ed609b-7dae-4778-b200-79076489d52f", "value": "24576:SqmE26yJHYojlWSE6uJPMpgyCHj2d+SZhr+kBUxlmMKSZhr+GRMk5pC24+:lm/Jvlzp3pdG2XL+gUPtL+bk5pC2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555793, "uuid": "83f8abaa-b32a-4706-8938-96e53681ef07", "value": 1653460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555793, "uuid": "b288ada6-135c-495f-8830-38561288337b", "value": "application/java-archive", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555793, "uuid": "9fe71444-1b6d-4f60-ad09-865d090254af", "value": "Go_chat_notf.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c2800c9-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535485, "uuid": "5f4158a9-d484-4a4f-bd20-2d64aa3285ba", "comment": "Malware payload (TrickBot)", "value": "4a60c11dcd4c45ecd725801f5a23c8c2", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535485, "uuid": "cebcfcc7-20af-4c31-bfdd-02cb026e20af", "comment": "Malware payload (TrickBot)", "value": "5a471de75bb84abcd588704d1e70c6d4515eb893a9e2bbbd751eeac8c1670467", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535485, "uuid": "d0914010-2e66-4871-8914-3fe1b3bd5c0d", "comment": "Malware payload (TrickBot)", "value": "e99394b44fc72e857c3b1890571d697c53ec754e", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535485, "uuid": "bd1893f6-331c-49cf-92c4-5956d1af3c8b", "comment": "Malware payload (TrickBot)", "value": "029ea49cb0c4202e329689c7cebc21fa135c0abe72969a099130b3fae6f4be400021ffde08b5ccaf7b4458f05a69cf8b", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535485, "uuid": "6444697b-d3cf-4b5c-a651-d1ec330c0bfc", "value": "T103E2E1F8E659FE9047064939EE389DC8139D4B3ACEB87E47D1A52473848BD9C45C0BB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535485, "uuid": "44c284fe-131f-4a7d-a2ad-e41b857e057f", "value": "768:ug8JWWHyJBhSuBfB/GPDGGvr9bntwzHJqJI:dJLfwD11ntoYI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535485, "uuid": "3d143255-f585-451a-9758-edd5a2916dde", "value": 32113, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535485, "uuid": "7c822f2b-85cd-496e-adca-2e9d44990b84", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535485, "uuid": "cd1fd24d-52d1-4a4a-8ee7-8648b3c96c6d", "value": "2021APT-28_51438453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8aaa194d-f06d-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627563883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563883, "uuid": "8fc27cc2-5291-4188-8ce4-588291038fe3", "comment": "Malware payload (TrickBot)", "value": "32cb10dbfb2dad7b8bca878dbf1139c5", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zev4", "colour": "#9BE5E5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563883, "uuid": "c3dd54a8-d5cb-412b-8486-fe0c025e3442", "comment": "Malware payload (TrickBot)", "value": "5aa504b164ffb17c53f779abd856fc2c8e75d681c186c9df648568736fc3a589", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zev4", "colour": "#9BE5E5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563883, "uuid": "c6bd0e7d-7072-4030-9754-4c539c4c9dae", "comment": "Malware payload (TrickBot)", "value": "66b3859253f3cbc23f39eade95afbd2ca5c74939", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zev4", "colour": "#9BE5E5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563883, "uuid": "6fed141a-b2d6-4e44-9969-936352c19f66", "comment": "Malware payload (TrickBot)", "value": "708f9f8f50deb63a9b6073474de6c64ae85cf1d984c283e5322bd16406be06e51aed0d0d371c7022b5cfea7cc72b9b6e", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zev4", "colour": "#9BE5E5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563883, "uuid": "26a71e7d-e5c2-4373-bbb9-d18b2a4c4949", "value": "T1ED7319B6F0772CC585425942FB28E8143C67362FC0ABE13F7792B519B0A7D92CE4A586", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563883, "uuid": "c6e1dfbd-67a1-4eac-acef-e612090613c0", "value": "1536:EYgIuw3OY1Hr11AQYyqGJHQYCDEtU6dLTR97i:1uw+YbxQYNtU6Zvi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627563883, "uuid": "38a86309-01e9-4847-8ca0-b1ba0b0c8d7a", "value": 74044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627563883, "uuid": "57d70e03-8770-4ce8-845c-7047198aaaee", "value": "text/xml", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563883, "uuid": "6907d704-1ee9-4bbd-8ba0-7f848ef9d034", "value": "report,07.21.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f41012d2-f0b1-11eb-875b-42010a9c0053", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1627593265, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593265, "uuid": "74220a54-3387-4d65-a269-d7db9a616989", "comment": "Malware payload (ArkeiStealer)", "value": "fcb0ce5683a593ced6741c531875f823", "object_relation": "md5", "Tag": [ { "name": "818", "colour": "#67D435", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593265, "uuid": "49484b21-d26c-4e03-abdb-f4dd574cb7d3", "comment": "Malware payload (ArkeiStealer)", "value": "5be3e14363b05b17973b59ce33440c7ed514ae86c7b7c53f6cd2304edcd8c839", "object_relation": "sha256", "Tag": [ { "name": "818", "colour": "#67D435", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593265, "uuid": "32fd7148-7202-42ae-9847-412ae8400cc7", "comment": "Malware payload (ArkeiStealer)", "value": "fa87ad5d4b9abb0d15fc5cab3bad94f5f7965c24", "object_relation": "sha1", "Tag": [ { "name": "818", "colour": "#67D435", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593265, "uuid": "6f2cc7b2-6d68-4a5e-b1eb-e9a871f0cac7", "comment": "Malware payload (ArkeiStealer)", "value": "0ff3e1cdcdb69c5053c657956aed528f620b9a04749f69e38224f999513d7520948c30b140640ca3a21b915d3a661ddb", "object_relation": "sha3-384", "Tag": [ { "name": "818", "colour": "#67D435", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593265, "uuid": "28c8c27d-7085-40ae-a139-7af3cc92caef", "value": "T115E4F130B650C03AE4B726F844B5D3BCA92DBDA1673450CB62D42AEE96356F5EC30397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593265, "uuid": "d90e77c3-bf24-4fb4-8510-65fd99aea1ce", "value": "57bb9b4b2dab4ca0a9a9d0cdae0c89c2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593265, "uuid": "33948ff2-d02a-4ae9-a342-9f3a35b6569e", "value": "12288:vytUz+B1IJ2kkSGqq6X262n2dIN7w/RH3cQR2UtGL1D0sg:jzk1PtENmNk/BfRGxD0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627593265, "uuid": "9cb4ca28-4abf-4180-953b-765e9075402d", "value": 690688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627593265, "uuid": "048f1b1b-a2ff-4d1f-87c8-7b893147a76d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593265, "uuid": "b3314208-db21-44ef-a8ba-cf4351a2e6d8", "value": "usfive_20210729-230527", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "758feeaf-f05e-11eb-875b-42010a9c0053", "comment": "Malware payload (DCRat)", "timestamp": 1627557405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557405, "uuid": "2c120cf9-7773-4873-8c85-d44b14605f46", "comment": "Malware payload (DCRat)", "value": "999142f2751bd4d2d1da9a2d558029d3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557405, "uuid": "ef86d9e7-1098-4723-b3c9-4857c9cba191", "comment": "Malware payload (DCRat)", "value": "5c08819a0402013e935fb78e6349ea1a798c53db14e482267deaf183b06dc436", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557405, "uuid": "a75010b2-6e91-406b-bf15-337df089d718", "comment": "Malware payload (DCRat)", "value": "546fae4db8ee0b84ad164056efaed8e17cce6206", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557405, "uuid": "2d0ed553-1621-4505-96b2-f55ee5fb1b50", "comment": "Malware payload (DCRat)", "value": "4d3f7e26c2db1a81e3f503b2a0a78a47bd0554b0437f82a0325292f23950ff68d726eedbeaf64beb76bbf3dc6cf32dff", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557405, "uuid": "7d96bc57-e2d3-4d44-8a9b-9b32bc3e6370", "value": "T1A0B47B4A37F8AE15E0FF4775E4F15DAE87B1B812A6B2EF4F09C552A918237009C40B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557405, "uuid": "1150d374-914f-4bd5-ad0c-1b93a46ba0e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557405, "uuid": "d82f97e2-0cf9-485f-a0fa-da06429f628b", "value": "6144:vqqDLOAbTNroWmxxyznX08XbDYAQU5s6rObagKZ961DkDgdhUxTnwpdHQNqPzGQ3:yqnOq0UXPDYAR5sUM1DGb6HZNwP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557405, "uuid": "164213f7-a72f-40ae-91f7-24fd9f2458e7", "value": 497664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557405, "uuid": "df887d99-509d-4ce9-b97c-d72e5adb8be1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557405, "uuid": "bc6c1a8e-299f-480a-83e0-0507d43805ac", "value": "999142f2751bd4d2d1da9a2d558029d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0959e453-f043-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627545627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627545627, "uuid": "1aa7243e-b92c-4709-8941-8b0a9ac60d7d", "comment": "Malware payload (RedLineStealer)", "value": "2ad0ef2b76151ecd529c92e55f8b3c4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627545627, "uuid": "e604e1ba-8490-4912-9d5b-0ed99ed33b05", "comment": "Malware payload (RedLineStealer)", "value": "5c863bc2e11250429af72d59704060505c18d4c316d7ff0e7ef6e0ead2475a04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627545627, "uuid": "cf32890f-b802-40d0-ab55-093c4496bd42", "comment": "Malware payload (RedLineStealer)", "value": "1d16185b8f828b72dab7a467bada137463b75533", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627545627, "uuid": "5a4f8a7b-1614-45c6-a587-5ca27f446776", "comment": "Malware payload (RedLineStealer)", "value": "973e5ba971828c1d7b452eee538ce5d82df2caf13337a50d3ed622349422601262fdc0b5854c44be50031357461623fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627545627, "uuid": "21968650-a823-4c97-b05a-57332582d693", "value": "T11CD302D867C8E017E8748CF01AD7A0965BB3B8111621CCDE32D5464EFEB2B50666736F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627545627, "uuid": "d6d1b87d-45fc-408a-9968-b885d7b08e07", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627545627, "uuid": "707a7d48-2cc0-447d-a70e-82c860633bc7", "value": "3072:J65oTe+YPg+iUaYvh5CFdENY32D0hwUWj0BP87J8T9+PzDg:J++YPRiUeEy32D0hVWwBP876Gng", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627545627, "uuid": "b7dd4d4b-e17b-440e-9b5d-1deb15228860", "value": 136296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627545627, "uuid": "48bd7432-d68d-4809-a1ef-ad831f49a65b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627545627, "uuid": "288b9734-94ec-404f-bf4c-2d6e0a6ef749", "value": "5c863bc2e11250429af72d59704060505c18d4c316d7f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bde4b8a-f040-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627544423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544423, "uuid": "69e61613-16ce-48fa-81a0-d9a94db7b1f4", "comment": "Malware payload (RedLineStealer)", "value": "22490df3a9bf9d21cea92722a9c2e38a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544423, "uuid": "7be6d652-d34b-4ba0-8bb9-959eeb7d8a1c", "comment": "Malware payload (RedLineStealer)", "value": "5e386a2b2f591fb00ab8abd0d939e4a0f0c24589349efed82625decd8d64e33e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544423, "uuid": "fbdd558a-7dae-4067-86bd-8f64f85deebb", "comment": "Malware payload (RedLineStealer)", "value": "695e27fffda7657f858f72b5a693fa839d47bfe2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544423, "uuid": "7e075737-6b4d-463c-b765-53b3a8c88987", "comment": "Malware payload (RedLineStealer)", "value": "f68889b7f6849f5110bf7a4c8d794401f7240b8831198ee610c57b7df927bc297f7c43efc9c220990b2acb662af7b2e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544423, "uuid": "d8c43165-ff4e-4610-8724-ab2a8c74dbaa", "value": "T1AD14D04037D8C057CA6A4BF4965302E25B70ED63BF53975B29E0341D6FBA3CA380E696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544423, "uuid": "79630b2f-8936-4735-95f1-6c473323077a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544423, "uuid": "db732c86-fd15-4955-a97f-4488fb7e209d", "value": "3072:iTTf7Qb01M3QqxGQNieLjLjfSNTu4V7B9ZgylXV+i4UnNelE1yBgfVyJTQDw:ivf7q01IQqxWYjffquE9ZvtVTJfY8w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627544423, "uuid": "4074520f-38c0-4b84-a4a2-a62f1708cab7", "value": 199304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627544423, "uuid": "a29e0649-59df-46b4-bd2c-f5a5935407e4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544423, "uuid": "49db167d-0214-4e09-94c9-e2dd03f1b107", "value": "22490df3a9bf9d21cea92722a9c2e38a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbb50cd4-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535216, "uuid": "969da9d1-e6bc-470c-b650-19e026827da1", "comment": "Malware payload (TrickBot)", "value": "0131c23460e863053145a172823a7284", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535216, "uuid": "ba6b3bae-ca2b-4915-a7ab-21931aad174d", "comment": "Malware payload (TrickBot)", "value": "5e5215d626adef53796224f8c040ec3329aa4ac28ea7001108055ff94d63656a", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535216, "uuid": "4c8914a0-884b-493a-ae37-14100754b338", "comment": "Malware payload (TrickBot)", "value": "e075b67014369eea321973214c0bc11220f2b15a", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535216, "uuid": "27f15596-66ce-49da-a6d6-3b0553f65032", "comment": "Malware payload (TrickBot)", "value": "278c7c7689cf52e3ce69e579f37ea9eea7a3c17569a90e16a49f695777c09b300871748a88d28d8793af8df12729be68", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535216, "uuid": "4407bec0-a250-4eb3-a328-7a9b897ff5f5", "value": "T1D413028FDA50B2FCF5DC2163E00C6F658618EF2F5835AA03D9199CD2A427AD80777184", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535216, "uuid": "8e2fb709-48bd-461f-91a0-1c3a8f84bfcf", "value": "768:DnlXTFha9jroT5IxYfZMse/yNsfPCb8566SPq8rZQxjb0MnxZUqTF0Zh:LdTFhRKYfZMs8dm8566Uqllg0Fk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535216, "uuid": "04f8db76-b46e-48c9-9422-83e4d6fc880d", "value": 41507, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535216, "uuid": "b3ce798a-04b3-4a6b-8e55-ab3dc6edd895", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535216, "uuid": "e3ed1b5a-69a1-4583-908a-47a72a02f5f0", "value": "2021APT-28_53538453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77d85e5a-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535504, "uuid": "56e79d6f-3d58-4ecf-ae1d-ba489231a7b5", "comment": "Malware payload (TrickBot)", "value": "5a20e3cb530ef2c4452e0fc9f6847d1d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535504, "uuid": "0a96a006-795c-42d0-9b9f-9bb60ce06551", "comment": "Malware payload (TrickBot)", "value": "5e70d17663794f98f650a06b23fa69ef1b9b0919de5acc4f0c893cf25e5cc553", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535504, "uuid": "f74fc178-7774-4af0-bbde-3773c827d5c6", "comment": "Malware payload (TrickBot)", "value": "01c095f0dea09535cdf06e8561c44a0f14d6f2c8", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535504, "uuid": "347435f9-a9c9-4933-a0f9-380b7c3db6a2", "comment": "Malware payload (TrickBot)", "value": "1137080f302788af321e7370d4fab2cb4670fbf7b81a5df783bb1aa4a9e606890a12fb9a5cb9d2b0a96aaf0a26863a1b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535504, "uuid": "2dc07f7f-ec1b-4351-a110-8e5c6e34e52c", "value": "T118A33FD86BD1E413338D2F1BFE0A3AEAD1BA685796C47507D1583A4C24E921BD6B0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535504, "uuid": "85bd7506-69bb-4cfc-839e-f7cfd5dbb10c", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXb:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVG6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535504, "uuid": "d60cb43a-b0a7-415f-8a6e-d6024a6a172a", "value": 100076, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535504, "uuid": "a5d081f8-06a8-4e33-b801-ff4bff58d255", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535504, "uuid": "2afe284c-3b6a-4cf5-9853-04b44c1c45f5", "value": "2021APT-28_62940453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7330808f-f03c-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627542798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542798, "uuid": "c43977a0-799d-4941-92da-8559f75c73ec", "comment": "Malware payload (CobaltStrike)", "value": "cee0fe5e8a15c180ad75f60157a8489b", "object_relation": "md5", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542798, "uuid": "f0bb8f68-510c-4d5e-9c8d-1f8bf2deacd5", "comment": "Malware payload (CobaltStrike)", "value": "5ebd9eba9fe6c84809d5917da7be37a70e3c6579b5c14bbad37be8b35f2d67f4", "object_relation": "sha256", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542798, "uuid": "e176f0f9-4c26-4acb-b896-7e79502ad506", "comment": "Malware payload (CobaltStrike)", "value": "8d8f39dcf173bf5e263ef774c9dfaa3805134ca6", "object_relation": "sha1", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542798, "uuid": "f8f9cd40-7f56-492f-aac4-31e5148408d2", "comment": "Malware payload (CobaltStrike)", "value": "652e13fb4266303c544c11926ef3a22f01de12fea9937789e63f362712d7d623e43166402548b8207106738e0b42f909", "object_relation": "sha3-384", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542798, "uuid": "6131acf8-0182-4663-8180-9c01bf5335da", "value": "T129754996B49244FAC57AE2308696D36175327C358B322BDB2EC0B66E1E74FD02E3D714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542798, "uuid": "e036e55a-540d-448c-a79f-4c396260a0ac", "value": "74818b63731f2511d9835317a87a26b1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542798, "uuid": "3fcc3717-e30b-4ab2-a645-5ce105af4199", "value": "12288:cmr/L5EaRoWPE8st/9enNCMkkhTIb+sofJJeO79SYNtF8Of/LZe0bPrfoRNDr3D7:vQ8G8N7pT2+sI/K+z8OHDKNDrTxJR9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542798, "uuid": "bb97d4c6-5c96-493e-a9a8-22e2807bdfbe", "value": 1688064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542798, "uuid": "22660c19-e7af-457f-b268-b7fe1ca4cf6d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542798, "uuid": "33c372c1-66ae-480f-b827-a0e6ef9be1da", "value": "5ebd9eba9fe6c84809d5917da7be37a70e3c6579b5c14bbad37be8b35f2d67f4.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2848481-f033-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627539039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539039, "uuid": "30e3675b-5296-4eea-b0f2-bd507149adcb", "comment": "Malware payload (Loki)", "value": "6bb6170e798424cb7cf1fed054d2e4ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539039, "uuid": "f4b63ff5-4181-40c1-a92d-368bc2203d2b", "comment": "Malware payload (Loki)", "value": "5f9d22364554c8a0d96ce882e24da1f186f03a0b5769439fe9a3fd1f32d89356", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539039, "uuid": "e3c9e02b-a053-454b-9eb8-4de07fcb23b7", "comment": "Malware payload (Loki)", "value": "4481618b5919b43e4975239e7485033589054915", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539039, "uuid": "78597cad-f75b-4b36-bd28-cd51dc3e4da5", "comment": "Malware payload (Loki)", "value": "fc2b214a7910153ae87f823c005db69f897f391ab60f948888b2cdab4dcabc5214e4ca380db6f4d15c148f8889463703", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539039, "uuid": "bb9da597-c0d0-4768-ae72-eba76d9876e3", "value": "T1D074E01031C8D6B1D8B21935C078E6329A7CFD722A1ED9DB7354612A0E246D1DB39FBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539039, "uuid": "8dcff7f2-e338-40ea-925d-66e44e8d08d8", "value": "4eb4fa387aa9e72a2c5a5335b8957253", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539039, "uuid": "c60ca027-fd07-47d2-846e-1cd30f1a5bb9", "value": "6144:lG9Y66H/Bcgqh3SBrS6HoRwdoqz0Pv8QUGm/ZNMf+4lWDxTpknGn8o7y:lRPH/O026IWv0PEZt/ZNMjWDxT6ncVG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539039, "uuid": "cb19e3bb-de5d-46c4-afc4-9c6573c06cfc", "value": 341751, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539039, "uuid": "686eb6a0-2421-40f1-bbdd-6e2a615fe2ae", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539039, "uuid": "eada747b-2817-49ce-9137-dc7f9fa37e26", "value": "6bb6170e798424cb7cf1fed054d2e4ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "847bb5a4-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595226, "uuid": "e9eefc87-0790-4ed4-8ca1-892ccd7fabfd", "comment": "Malware payload", "value": "78e10e6d409ac722ece846b2d2d6c0ce", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595226, "uuid": "0ada438a-9755-4cc4-bd60-d52d16cf5aeb", "comment": "Malware payload", "value": "5fffade91defc1d2042848a4e2aba17c4fef676a837df7442a43c6c4bf3809e2", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595226, "uuid": "49314118-9652-41d6-8eba-4a0948bdbdd0", "comment": "Malware payload", "value": "5f7b8494aea2c1c823b70651fe8f6a84e431bd86", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595226, "uuid": "4d2f8175-2915-4f65-bdf3-2bb82a909cb3", "comment": "Malware payload", "value": "52055aa9765438406574e1b022efb6d458d4879138f16caa4f9072cf6c604cef143d0c7a3a9b4570eb064899535cc23a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595226, "uuid": "92a0372a-e6ee-4f72-bfe9-aba82566fcea", "value": "T15192C09DE2B92D47C67D2D7CA2CD13E41B98B1B0B1834F990314485CBED9E5BD88E4E8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595226, "uuid": "3b38fd4f-a141-4340-9dc9-3de513707f08", "value": "384:Ag+zoEJTA8JmGs7lokBeQ/j9HSmKYPDuL7XU7RWGVCz0NvqD:Eo6MnAQlSbMSPX0W1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595226, "uuid": "d5824528-1629-4050-91bd-dc7933256934", "value": 20892, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595226, "uuid": "14af4ee5-11da-4e17-8e82-49bb8b062389", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595226, "uuid": "75b45a7b-4518-4c17-9b21-ceabbdb21da4", "value": "SecuriteInfo.com.ELF.Mirai-BHTTrj.11601.21649", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d4855fa-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535836, "uuid": "528a6b05-c868-46d6-b0a2-9bf678adeb1e", "comment": "Malware payload (TrickBot)", "value": "0e8c6c64585721dc451efd99941dfd75", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535836, "uuid": "ebcbc1d6-83dc-4eaf-ab96-eeb6a12e7d45", "comment": "Malware payload (TrickBot)", "value": "60e1a4b121ab80fd61b5b3a6d839daa31ff731401c72ea675fccfb17a1686cd9", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535836, "uuid": "469e873b-cee7-4f3b-8d6b-898a1014c375", "comment": "Malware payload (TrickBot)", "value": "c669cda5bafff5abc8a8ad960204b1e8c9b4400a", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535836, "uuid": "08b64107-7843-42ea-8560-ac46844e9eb3", "comment": "Malware payload (TrickBot)", "value": "591f8f954786824cbb6ad9c4297b45517a5c70fea36ae5ddfc371210ea6e31b60e80688ab6503567ee610d4d94c82e3f", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535836, "uuid": "b79beea6-a041-4e1d-a8e4-ab97cfc2a70f", "value": "T15523F2D344DD9EA7C96EA8E5206AE01F110E6E0C1C55841F7B21FE2C156252B7FF6E50", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535836, "uuid": "e7178133-61b0-40d3-af52-07c4b256c6c9", "value": "768:bjiE5+VvAqciPS002dPD83wZdRRpwrHDKi+nuzdsQC1i/aOAc+8SbGR:yAqAqciy2Po+LpERbzdS1ga9b4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535836, "uuid": "62403b84-d5f8-4eac-af5f-79bc6186443f", "value": 46463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535836, "uuid": "ef7836ee-b2e8-42dc-9bd4-e5d659c4a69e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535836, "uuid": "8a88de0d-cd60-4836-a8a6-a6fdc6fe00d5", "value": "2021APT-28_60240453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65502f23-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535044, "uuid": "2733a402-4f9a-48df-aac3-b4ae35c7ee2f", "comment": "Malware payload (TrickBot)", "value": "e783a63cb7c6f51762675bb948c84daa", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535044, "uuid": "f3888f66-7daa-4ac3-bae4-f7b791c3e422", "comment": "Malware payload (TrickBot)", "value": "60fc32faa410562cb420a182abccbcb625f2e3b70754fba851ab5c9e28967f65", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535044, "uuid": "e954a1c7-5d50-4ea0-a184-9385756a3409", "comment": "Malware payload (TrickBot)", "value": "c3b59de186077371e5084edb63322e8d6ade7af0", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535044, "uuid": "c93ad637-7906-4410-8d26-6952d709f2ef", "comment": "Malware payload (TrickBot)", "value": "4c1446284ddfcd45fd05940fecec1781c6273cd1ae5fca139143bb40238ce461de64a084274a0fdf4deecf8a5e76f905", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535044, "uuid": "30ab7a05-ce34-4358-9336-0d841179a1b6", "value": "T1E2D2E13E6FC755A2A9B75976A3823488EA96F0544F2CD280E7DC40A98427F8527F8413", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535044, "uuid": "7d6eb041-0bf2-4fc4-a7e5-49923b5cd643", "value": "768:Z/OrYrSJbfnJxGBfB6MJ2ED0jr8JfTDvhei08x1EHKrah:ZWrYrUfnJxU6NrKPB/x1rah", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535044, "uuid": "ce8ea86a-90a2-484a-8c59-4c649f51064f", "value": 29288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535044, "uuid": "73c9f086-dace-4180-a4e6-fd2df5bf772e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535044, "uuid": "60b32299-8c0a-4f84-9e07-55cbc5d8ef47", "value": "2021APT-28_33816453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c607342-f04d-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627550034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550034, "uuid": "aed54471-4f02-4ee0-aabd-17d15cecd172", "comment": "Malware payload (Loki)", "value": "2009faa4eff7371b148594eb3687da37", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550034, "uuid": "17b8989e-6b8d-495b-9ff9-c8db598aa29d", "comment": "Malware payload (Loki)", "value": "618377f7b0c9c5f788d3ac58841c32ac321b5d759d67c68e6b661550cfa81760", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550034, "uuid": "15317e3e-7633-4028-a341-bce7d9121dd4", "comment": "Malware payload (Loki)", "value": "4a0d0e522ba9e7503298e3be55fa23b53c0e60bc", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550034, "uuid": "f3e82216-71f9-4339-adbc-9f15b0ad4107", "comment": "Malware payload (Loki)", "value": "b6b44f830ca27fdf0019d02a2062c6e7df75630f289ec85dd27cbe9f6d5b64da9e1aafc05c4c0f985e96a773421eb9be", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550034, "uuid": "749ed952-a115-437f-afdd-18e82d104a89", "value": "T1A75512C0EA8D0E96D9D1CAB0E546BC3254A8DD853A0EDA8136D337383B7433867D755E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550034, "uuid": "de5c440c-b422-4935-a64a-57ba6480d007", "value": "24576:8CHacfoiu735lqnonawMkbNfOEZq/veTWDC4qjX8Ci:b3oN735lwonawMeKU7XM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627550034, "uuid": "79710dec-0111-4ccb-a840-cdada4b062e2", "value": 1324544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627550034, "uuid": "eb0fb1d0-41a2-4874-b86d-cf6dba61d271", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550034, "uuid": "eb53de18-b6df-40ed-8fbf-46c3be0768f6", "value": "REMITTANCE_ADVISE123.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c06f82d5-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535626, "uuid": "97b3f3af-464d-4fe3-a888-03c41cb7892b", "comment": "Malware payload (TrickBot)", "value": "0b924018cf8b6eb1f1bb7b2b7e4ec330", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535626, "uuid": "304316bc-a30a-421b-b4f0-4947f789fa1e", "comment": "Malware payload (TrickBot)", "value": "61ab623bd589024bfe62a915679ce996afa523217bca7e814ceb61bc77250f3c", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535626, "uuid": "f3eab120-c11f-4552-97db-6d7c9642e714", "comment": "Malware payload (TrickBot)", "value": "10747c6a744f4a8e2bfe3860a92661d2baa7dfec", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535626, "uuid": "bd507872-6c42-4e44-994e-b49ad0303dc2", "comment": "Malware payload (TrickBot)", "value": "ca17f15e126948bbac815a534f2ad27f7582de754d64da5f2902a20f945b197b6fbff12aacf98ab44ce46572249d612b", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535626, "uuid": "c2c17828-9599-4987-9ad8-31de144e27c7", "value": "T18A0302B86627A643FBF126C72B145A0E486F837583ECD7557701AE816C0E2DA17B83D1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535626, "uuid": "7f7b501f-ca58-4e1b-afb5-0da83bca69ba", "value": "768:d+aFEkbCkq2fkZ3eqFqr768kctsaneCO4YuvU:d+aFze+fkZ3q7KCsIe8YCU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535626, "uuid": "b425c6c5-1f2f-4a93-b61a-5fc0953cad20", "value": 39878, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535626, "uuid": "04b44786-ce75-408f-a365-0a8ba0417edc", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535626, "uuid": "371b0f0c-7f5a-4446-b301-7a961321247d", "value": "2021APT-28_75912453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50d6e78f-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627559061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559061, "uuid": "42f343ce-cedb-4c57-bfec-fe5b319ad1ac", "comment": "Malware payload (RedLineStealer)", "value": "4692f2846bec49834f1f7883b3c34f69", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559061, "uuid": "2a4a3350-8057-4e9e-97bf-7937258a4580", "comment": "Malware payload (RedLineStealer)", "value": "61cc47e693b47ffb398d588d9a8253aac9fd9c3e231df6a80478b49d5fc61bad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559061, "uuid": "84c7fc8e-bb91-46ca-ad9a-6a06f63ac4cb", "comment": "Malware payload (RedLineStealer)", "value": "82dd9581d723545a09e38aa651c55e4853c50539", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559061, "uuid": "2ed019ff-afe8-42d4-87f6-cb3fd1220a98", "comment": "Malware payload (RedLineStealer)", "value": "b5e89410b6fbde313cb1b6d829ac0584f6490eddae88538755977a6d4a740fea5223973f66214fd9bc7d42ce3a3b59f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559061, "uuid": "23aadd02-2e67-4a50-bef4-6ba8086063a7", "value": "T1D3045B8929A0D41ED07C0877D4CF4BF97E30E92A5143DD92C3E5FB2F8D6E6847A466A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559061, "uuid": "a9739777-87a4-44a4-8257-37fffbfdd938", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559061, "uuid": "0ba4198f-ff53-44e9-851c-815448d48954", "value": "3072:hqZ2UAWRpsO446o6//CAa8RivuNR/zM2RkKz1:hq4Unrqc6/WDvuZ11", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559061, "uuid": "e22912c5-e05f-44c9-bce1-29a703e49c95", "value": 177544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559061, "uuid": "fcefab86-8bb4-4a36-8e01-dc0b94f5a1fa", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559061, "uuid": "ef15b174-5cba-4eb8-9d3d-cd8d742419e7", "value": "Run.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83ec4d73-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595225, "uuid": "8f7a6127-db4f-467f-8a31-1cee40cdddfe", "comment": "Malware payload", "value": "866057c28902fe0c08354a7d6be7f818", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595225, "uuid": "c53bbd79-ceb7-4a98-8492-36a4a4f0be0f", "comment": "Malware payload", "value": "61d483cf858117dd321ab324e37d981bf45990fd8dfb1ef3ee44dc3fbb396fbd", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595225, "uuid": "45f6a6d8-07b3-480c-bc15-81720f9d7d5f", "comment": "Malware payload", "value": "103ff89eaa1b2fe460ee8520f6fca4c0f8669ec5", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595225, "uuid": "a0c8516f-9b73-4e57-af46-0994b08d95ae", "comment": "Malware payload", "value": "8f02ff4298c7f57d69c0268488eed0720f9be73b02e70b74d38152cb46e9f1591942454547ebbced5923d1dac175e649", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595225, "uuid": "aa810687-f91b-4f65-a802-48fd248df05e", "value": "T1A592BFB96212016EE40BCA7D07F447481EF6072B9847AC587495BA879F85970FCD3ED4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595225, "uuid": "49650a1b-44e1-4125-af72-efc5af1bcf38", "value": "384:OSqzUja3yhyZOAoVFeuGur32m2yt1pLbJj+RuZ4NvUEJgGlzDpH7uNj1JbF:OSaU+3yh5LVFeFC2OVHJj+MVEJgGlzD6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595225, "uuid": "47b184bb-9496-48e6-b8b3-ed8f2e073cc7", "value": 20744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595225, "uuid": "ce3c3b22-b3c9-4edb-98d7-19081d45469b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595225, "uuid": "010f2fb4-ac29-45eb-beb0-f64856347ae3", "value": "SecuriteInfo.com.ELF.Mirai-BHTTrj.12818.18493", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3b67fed-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535229, "uuid": "1ea0b996-da5e-4e22-a8e3-503db1231b65", "comment": "Malware payload (TrickBot)", "value": "3f88397854c6f3316808cbbda9bb50b2", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535229, "uuid": "a3254dab-0fa3-48d8-95eb-96bb22844438", "comment": "Malware payload (TrickBot)", "value": "61fe215873621f4b7a465a48f1189a9b51ec59a553dd3426a2dfad37e53952e1", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535229, "uuid": "8e3ef5b1-c154-4f82-950b-976f7e1d2afc", "comment": "Malware payload (TrickBot)", "value": "0caff4616e4a49f51d01a37cc821613c5298012e", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535229, "uuid": "b0a11480-38f4-4c9c-b9a6-109235fb6cdd", "comment": "Malware payload (TrickBot)", "value": "10df0ea063ad556e64df0272f76e1ca3b548c58eccd5194ceec97604b56a43b22c95e563f2f8410259415aadeaec1aeb", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535229, "uuid": "4c5603f8-48ba-48ec-9881-273f7dd9c764", "value": "T103D2F1CDB7921A4CE636A9221803F41DE1E409D2D9D8D093DF162929BBDC0FA7E07F65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535229, "uuid": "0404fccf-e109-442f-8389-df0b757e1351", "value": "768:jAlppnIaYeXuZuFnuUtFQjxTUwcPYtfznl4flp6:8PGywuFnusFQjxUbIfTas", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535229, "uuid": "f27120b3-5c75-4761-84e9-bdec1b878431", "value": 30079, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535229, "uuid": "b3591aca-c652-45dd-a039-eeea29a969e7", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535229, "uuid": "1f24e8b3-6b8b-42dd-af3d-96c28dfefe3f", "value": "2021APT-28_59874453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e882b8c3-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627570912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570912, "uuid": "9443ddeb-453f-4b7a-a2a5-b47f7b3377ca", "comment": "Malware payload (Smoke Loader)", "value": "fdfda689793cad76324889a93e24f852", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570912, "uuid": "862e0b63-02c4-4e86-8f2e-45ad3508ae58", "comment": "Malware payload (Smoke Loader)", "value": "624eea3866bb7d522a565475c043b150197d360e9f3716913c1ac9a6b0f1e91a", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570912, "uuid": "929019a3-61ce-4649-9752-dca075f188a5", "comment": "Malware payload (Smoke Loader)", "value": "136167f0b2a00de0a6bce3218d476fd23e510592", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570912, "uuid": "6dcfd5d4-301d-4200-a15e-837cf030e0ab", "comment": "Malware payload (Smoke Loader)", "value": "2d7864871e56aaec6c82b0c49f0427d5eb04a4f4236ba8e3f3af11eb2571419bd0714e77f43fa5164283bf2208cd4518", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570912, "uuid": "de5c4074-1ddb-4e14-a55b-4a464b2ad762", "value": "T1EA748D307A90C035F4B712F846BA93B9642D7EA06B3450CB62D53AEE46356E9ED30787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570912, "uuid": "6a1c9c37-480e-4faf-b87d-0d4745b72ff7", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570912, "uuid": "025f141d-3b5f-498b-b8fa-687d6c43137b", "value": "6144:5NK0DS6tKAOuSTp46z6bK6BhZohEsZYvyDSUsmMjz:G026tKA5ST3z6bK6CvZYaDSuc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570912, "uuid": "b998d3d7-29b8-4db3-9ee4-db4d6b46e0ce", "value": 344064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570912, "uuid": "a88b73ad-befb-4396-9869-3426d03fd250", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570912, "uuid": "8d2f77d6-c784-4288-9bc2-b4969551c7b8", "value": "fdfda689793cad76324889a93e24f852.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87975c2b-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627536390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536390, "uuid": "1ecd05fb-ff77-49ea-a33f-c011afc64d9d", "comment": "Malware payload (Formbook)", "value": "02ced7a2ac43974d22cac7d5abb9ccb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536390, "uuid": "606946f8-06f6-45c8-adc0-ec986c7ca516", "comment": "Malware payload (Formbook)", "value": "62df68b2db0b080a2e963f0c082b5df7b15819032e11fbe5e9dfcfb8d143f61e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536390, "uuid": "4152b516-2aa0-41ff-8db7-9f39ff211c57", "comment": "Malware payload (Formbook)", "value": "e4e7f22e65cb4b17dde3998049d3d0a7245b2bb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536390, "uuid": "6c632f37-dfd5-475a-b292-b0a2a3a3108a", "comment": "Malware payload (Formbook)", "value": "ef82e83980dd2e2e39bba35bc1010aad6b057f967da126fa5c7e1c3b01214460070927d156a83fe46cda40290db0beee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536390, "uuid": "29a0f323-1917-44ec-963d-a39502acb35a", "value": "T120E4AE648488DF9ADC5C03B8DB8C02F42EF15CA6E1B1E5633D857E71B5B0A15DAB8387", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536390, "uuid": "eb001f0a-dd38-4c75-8211-bed5530d9929", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536390, "uuid": "b010576a-2a5d-47c1-8d4b-422cc071a6ed", "value": "12288:U/aNxB7iS/d348fzplYfjv030ZWR8mLZyY8Xnptkju6YJyqxZzrhhDZI0H:UWxgS/d3xzplajvQ0ZWuCyY8XvmqxZz/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536390, "uuid": "7bcecb6d-ded4-48ea-95b5-cc495c58ef54", "value": 659968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536390, "uuid": "ebaa2d8a-ccbd-4825-b7e1-daf17d5a55c5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536390, "uuid": "8f2ff5b5-f75f-457f-b815-36a6db953a35", "value": "AWB & Shipping Tracking Details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cebb3df-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535406, "uuid": "41fe7539-3368-4075-a041-888392e5c1e8", "comment": "Malware payload (TrickBot)", "value": "a6e26137cf593b18c553569d9e4ca7f4", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535406, "uuid": "80bfe17d-453e-47db-961b-4495137ac2e4", "comment": "Malware payload (TrickBot)", "value": "62e03138c52c9f1b2d79d371fb0c630a0528b347d3dc2ee1c6b16a701d28747c", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535406, "uuid": "9de8dee3-14a9-403c-b01e-47c637ad509d", "comment": "Malware payload (TrickBot)", "value": "26cb8fe36f4ff1794bd6c5642b5307c91a62992d", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535406, "uuid": "f7ef9a11-ec34-4d61-ba74-26c101ad6396", "comment": "Malware payload (TrickBot)", "value": "574a74f91f98d8651c521e8544ac899d362643092993294180ea61fbc79760f2acf77c64afbfb855de93a2d3a17f0e1e", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535406, "uuid": "19767268-66e4-4100-aa17-c5610ddc103a", "value": "T14D82D087C3A7648DB86B121295145FF10B06F66AC5A0C92EF9F10B74F2221559CE379D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535406, "uuid": "d01f19cc-c72a-4fbd-819b-46668c1659eb", "value": "384:NCrmQughCScacU/dCeAIUIX3bD9JE1VkSkbuDOdM4:Sdug97cgiIXrD9a1Vk42M4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535406, "uuid": "22b12214-16bf-4a2c-ab07-771abbba3e71", "value": 19034, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535406, "uuid": "9d40df3d-d8a7-4035-8739-948a24226cd4", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535406, "uuid": "adb9743a-2335-470a-8072-7d8f39d92170", "value": "2021APT-28_2346453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44de5518-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (DCRat)", "timestamp": 1627558182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558182, "uuid": "87604d25-997c-400a-8e03-4130b9fa384a", "comment": "Malware payload (DCRat)", "value": "840eb0664fe0d3fa68c8f16e0b1d970e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558182, "uuid": "19519d3b-5d53-4b37-b19b-f32c3125e45f", "comment": "Malware payload (DCRat)", "value": "64372c3ad1a4fff52786f20761db9c67605a533f0b5c48311b9cb005c24e0314", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558182, "uuid": "6155f43c-7f09-42eb-a9b0-23d9079746ac", "comment": "Malware payload (DCRat)", "value": "7a2b49a9dd56a804fa881943c21b821874a35a2c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558182, "uuid": "af165c2b-452c-449a-9d05-1d09b08865e5", "comment": "Malware payload (DCRat)", "value": "9e05e554a20bc4eeea57f6d33d6b3292061b91ed172c1aff3a383c5ec6b0bb232b910588ae81baa3b6c13e0f9ac98615", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558182, "uuid": "f4280463-183d-4c02-97a7-c32f617101ed", "value": "T1A73507023684DD02D06D1637CAEF841807A8ED0B7B62DB1B7E9E3B9D64563A74D1E1CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558182, "uuid": "47202cc0-8487-41e1-83c4-a2ad29ed3513", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558182, "uuid": "38802dce-a582-4c00-84e2-56a4efca2a27", "value": "24576:J/TSQLWxRjh4VWf+zdlOGIFkx32zAP3kppIDD+4:JteRoWGzW/kdbtm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558182, "uuid": "7a4795ff-27ba-4746-80f3-0dc1446514fb", "value": 1105920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558182, "uuid": "70cc2b12-9c3b-4368-91c8-8c262555fc8c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558182, "uuid": "71b87ae1-4ac8-4419-adb2-9487edb31b93", "value": "840eb0664fe0d3fa68c8f16e0b1d970e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e345f6c-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535784, "uuid": "8a40505d-038c-41f0-a848-f610c7a023a0", "comment": "Malware payload (TrickBot)", "value": "72fa5e15de02c4fe391a6d633106c22b", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535784, "uuid": "c029e9b4-5f1b-4317-95a2-161ea4e8a221", "comment": "Malware payload (TrickBot)", "value": "655c274f1e8bb9ca730c6ea3b4f84552f2d82a0c0bcb7e4acd499eb3b6f6d2bb", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535784, "uuid": "7a7a2fec-380e-4ed4-8014-f296cc2fc062", "comment": "Malware payload (TrickBot)", "value": "5ea64231ddcbc4aeea19fd07cfd280ce057488aa", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535784, "uuid": "80cdc6b1-be82-4b23-9848-345563e58cf5", "comment": "Malware payload (TrickBot)", "value": "d14eb0dafe6e3783890d205d4ec93b27d3983ed1b8acf7b1676b47bcc26f09109ee7d913b9d3bd74a725038fa5ebf733", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535784, "uuid": "9cecc120-8f56-4fb6-9f88-696569a59d38", "value": "T10B3301FDF794CA01C0F46D989BA37DAC7356402672807D0EE8F524C2C4A89993B2D35A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535784, "uuid": "dd05ed0c-16e4-41b1-8744-0440aa4a1da7", "value": "768:FATU1Dd9FWUr3RlAve/bOd2kjl62gUZ12ISRRUOU90iZi/jHx7Zt6A1OJ+viNBw5:6coUr3RefMoQIaR8UR7D6A1OJzB4e2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535784, "uuid": "2d9d157a-706c-4014-be14-0807f728bdcd", "value": 51870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535784, "uuid": "99cf92e7-c5eb-4be4-ab2f-0c7d762f5400", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535784, "uuid": "ce3d8cb3-81b2-4869-95f1-98880579dbf9", "value": "2021APT-28_58968453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb2d30bb-f04e-11eb-875b-42010a9c0053", "comment": "Malware payload (Thanos)", "timestamp": 1627550677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550677, "uuid": "f985466a-ad16-47ea-8aff-78447a240b32", "comment": "Malware payload (Thanos)", "value": "731797d30d8ff6eaf901e788bd4e6048", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "thanos", "colour": "#777DA7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550677, "uuid": "41cd812c-12c9-4ba8-abb9-86c82c36579b", "comment": "Malware payload (Thanos)", "value": "66ed5384220ff3091903e14a54849f824fdd13ac70dc4e0127eb59c1de801fc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "thanos", "colour": "#777DA7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550677, "uuid": "52474e15-d803-4bd2-bc1e-e83ce81f530d", "comment": "Malware payload (Thanos)", "value": "9d38ce8e4c3ca5fbdfdfbed3ec452151041189c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "thanos", "colour": "#777DA7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550677, "uuid": "ed210e41-fcb9-440d-a33a-3c3fbc888f81", "comment": "Malware payload (Thanos)", "value": "bd0f76138a0b18e58dbe8eee3f2aa359e87a9a344d3ee518198b7005edd5123862ee7cef3910c769a3c5e5fb7955581e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "thanos", "colour": "#777DA7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550677, "uuid": "ffcfb201-0407-454b-bb95-c30df0bfd174", "value": "T1D9B3E544138A461BCFCE42FAB4E3527583B0B7D7AA35E34AACCD58F51A06AC056453EF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550677, "uuid": "eac578ec-132c-4b9a-840d-8d8f7fbea42c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550677, "uuid": "a5ca8824-6608-46d4-966c-92ba57ddd18e", "value": "1536:wjKfwB0Z6geEfm5YHrXXx/R6lsV3zH9/9FUWIQHL2ukcxw14CmV:bfK0ZFfm5Y7BR6lc9FUFQHL2Fcx1t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627550677, "uuid": "1deadd61-05ff-4c1a-b237-fc2db0969327", "value": 110592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627550677, "uuid": "fb75537b-357c-4009-9ed5-79d47ef8d3d9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550677, "uuid": "1829272e-f037-45b9-bd82-f0ef12f38f03", "value": "chaddad.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f2bd9fa-f072-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627565877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565877, "uuid": "812a54e6-1741-488a-aa7c-83e3aaa13e08", "comment": "Malware payload", "value": "ecab3820932ddcceba67a7bb7c417d38", "object_relation": "md5", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565877, "uuid": "3895f972-71b8-4e6f-a925-20d1259a863c", "comment": "Malware payload", "value": "6717cdf24ae605851e262f0bb04f177ffd8956108cb9060e71c12e6861aa7e5e", "object_relation": "sha256", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565877, "uuid": "490d0d59-d714-4619-b1fd-210d13d74d29", "comment": "Malware payload", "value": "fc9bab40358a4695e05b8df52867f39669e57baf", "object_relation": "sha1", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565877, "uuid": "dd38285d-81b3-4c2d-aa58-8c52201c5b16", "comment": "Malware payload", "value": "faa0f2be9e5651a272d4e7efb89d97963dc6185d88d0315b10fb55b053c096141190a29eb164f3603c1d06d2a13a72e9", "object_relation": "sha3-384", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565877, "uuid": "008049a1-6a6b-4192-b30b-ce964fcfcd21", "value": "T1ADA4F6C5A2D7A8E3C8A6A07885828601F5613FD50725B9DBE355778AEF3F1D06D3E320", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565877, "uuid": "d40fdc18-a029-4fbd-8865-6ec424df38e1", "value": "649c73417efa16940e341e291b80897c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565877, "uuid": "907274c7-77ee-4953-9852-fd0e42615c12", "value": "6144:vFjXOW8FF9zLkC1q+BkdJ7JEEF/oVRVZ4johGOk:vRaFjkCjBKJd6Ojo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565877, "uuid": "b8da62bf-5166-4e58-a3fe-13314574a81f", "value": 468992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565877, "uuid": "1473afaa-0365-4618-9fe3-da02be23ac20", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565877, "uuid": "b7871095-e39c-4ad3-8a7b-fb89f49b5997", "value": "6717cdf24ae605851e262f0bb04f177ffd8956108cb9060e71c12e6861aa7e5e.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eabaa5ba-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535268, "uuid": "4ebca62e-9ed4-4394-888b-076094634f39", "comment": "Malware payload (TrickBot)", "value": "d7261d0ae1f04f3117702bc85e7d3afc", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535268, "uuid": "ed258932-4c62-4f1d-b446-cf041c87329f", "comment": "Malware payload (TrickBot)", "value": "6771fb1fac731e98451db055d7acfcda68a079e0c0c1e0bd999a70dd01e9868d", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535268, "uuid": "3906c11c-5500-4350-adaa-33aa32a3a3f9", "comment": "Malware payload (TrickBot)", "value": "ecbdd8715d89d7da9070df2e783e907ebb4b1999", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535268, "uuid": "2f9ed228-c1b4-4a56-a04d-f0c6665a69a1", "comment": "Malware payload (TrickBot)", "value": "d5b9d92accf9b38318b734388abdcc26b077e8d3a652f6a7520f726d32bc92312413dc881e0e40841bf03c3fc032d075", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535268, "uuid": "50bcfcdb-88be-4c8f-9c92-b21fc5aa5edd", "value": "T1B8D2E053CEB685B09C7A3235FD798C7486645012679B83E3F3915B82E6CAE0D3746C8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535268, "uuid": "d74e7c18-929f-407e-98a6-61c8d2b72458", "value": "768:AqUa+xvt4gbijzp+IkvdOi6CVtbZr5GTOrYVq5zdcRj/l0Qw:AqUa+/bip+LvX6KdGOeq5zmRjd3w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535268, "uuid": "4ec9e8bc-ce39-42c0-9745-dc6b451e6224", "value": 29862, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535268, "uuid": "af30f1c0-67bd-4db9-ac27-cff742369321", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535268, "uuid": "c90e72d3-a953-42f5-8987-d711ba04f0f4", "value": "2021APT-28_12834453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "555b4a36-f0c4-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627601160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601160, "uuid": "e7791223-ff23-4241-9afc-d512ae449246", "comment": "Malware payload (RedLineStealer)", "value": "b0c89991c6dfcc2c57e084c1a4caef5d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601160, "uuid": "4ac4fe79-299c-4498-803d-12c083908748", "comment": "Malware payload (RedLineStealer)", "value": "67b3668b1525bd151a3446bf7a44b7e10a9ea279ea67a251f462716eb7a9316b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601160, "uuid": "7df374aa-6320-4cc2-b2e5-6638e8c3df18", "comment": "Malware payload (RedLineStealer)", "value": "fe7b5bab9f1b5dc4e57e2aef258976b088b04698", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601160, "uuid": "b265cbd1-f77b-4ded-9975-47726b816c26", "comment": "Malware payload (RedLineStealer)", "value": "93a3b9c73b9edfe1ec0f9e9b7a92c1f80aa8b8daa04bc7234b3102cb7d63577ecca03b2652ee951f944a75e2d9d3bcd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601160, "uuid": "25ea6bcd-4393-4dbe-a58a-905c3214f02e", "value": "T172545A391AC97D71CBCF24319AE5DF3E0621BE449B5AD3032248B59F19F1F430A6D62A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601160, "uuid": "32887f8d-e927-4da5-8e3d-eda400b6cc89", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601160, "uuid": "a4cff633-5039-4740-a533-28b3521a15d6", "value": "6144:n1/3EGZZkF7rik8BMSCDDfLImB8G1AhEOdxmQBlIbJOXa:nFVkskeMSy8m8hjlcOXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627601160, "uuid": "5637a137-767d-4f59-aef7-ab140c1d7c0a", "value": 302720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627601160, "uuid": "d6cb9808-19a7-4510-b4df-5908cb91d013", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601160, "uuid": "1688f572-a8ce-4646-b03b-03b964cc8b81", "value": "Minecraft_v3.3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40cf4797-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535842, "uuid": "555c1dab-49c5-4351-84cb-3f2e38e24b5c", "comment": "Malware payload (TrickBot)", "value": "684daebc07df43047d890aef0cb76a98", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535842, "uuid": "659cffbf-6ef8-4fe4-be9c-d2760480ef06", "comment": "Malware payload (TrickBot)", "value": "6977451be05a857ac75d61a516806a3fc1b9c91d9bfdda30ba8a53579049711d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535842, "uuid": "996f9127-e697-4d67-8c82-eb819a3a017a", "comment": "Malware payload (TrickBot)", "value": "f60d91b3546c28a2dfd5bb93ac78feee4422439d", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535842, "uuid": "49380ea3-3770-41f4-a1b4-35155ec47111", "comment": "Malware payload (TrickBot)", "value": "943f8a0d67e4a99b7d0f2898309b70827d24d4e7af4fe588758007321f2c46b4b42cc9b91031089ad7c29a5d33a8e68d", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535842, "uuid": "319ef8e6-297d-4dab-93c3-fb3c6e1d860d", "value": "T1F4B361D86BC0E417338D1F1BFE0A3AEAD1BA6C5696C47607D1587A5C25ED21BC2A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535842, "uuid": "7fbff44a-9a93-4653-b078-45be274e85ed", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXy:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535842, "uuid": "af569681-6f36-46c8-9e7a-eab4799bdbe7", "value": 112380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535842, "uuid": "8e7ac009-adc7-463d-b308-cf441eb59f06", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535842, "uuid": "662d031a-6a05-4ac7-9921-2495ebdf252b", "value": "2021APT-28_60240453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ee37af7-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1627548401, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548401, "uuid": "63c36289-816e-4b35-86cf-24b97b7104b4", "comment": "Malware payload (ArkeiStealer)", "value": "06989d13c262d43220b4a919987c4030", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548401, "uuid": "046fe7e7-e1f5-4174-b59b-49a2b991ba6d", "comment": "Malware payload (ArkeiStealer)", "value": "69785692896f70d980922289f9ec8b1920c499cea06fc5993e38612e9290bb47", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548401, "uuid": "ed63259c-3420-4eef-b509-26f14b22b0b5", "comment": "Malware payload (ArkeiStealer)", "value": "9c784b075266027d1808db4e755a744ff99b57ac", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548401, "uuid": "e6e6f751-2a24-4637-b449-7fd887ae85f9", "comment": "Malware payload (ArkeiStealer)", "value": "6fd28f4623618cd45e6e836423db14d16269dd87c5395ec1187b5ab95caf54e20d47ddf96ccf29a5f1bb540e842e23f0", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548401, "uuid": "acca354f-56b8-44c7-a867-f72e226cb7c3", "value": "T1FBD4F130AAA0C035E4F712F845B6D3B9A42D3AA16B3490CF12D62AED57357E9EC31357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548401, "uuid": "bda19d4d-e2ab-446a-9358-c9d32068c7f3", "value": "ebe339f33228ec9cb9963341e6449ca2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548401, "uuid": "8e8229ce-df4c-4f1f-ad3d-6d91f2baff97", "value": "12288:8qgA1OSM6TK0rhrdZrBU/lKldwrxtdC6C+p0cWFv/59BbnjwCv0pXqRwN+W9:88OeK0NdAsUrxLZp2cWplbvv0pXAwN1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548401, "uuid": "aa4d045a-6a18-4585-854e-848491f67179", "value": 610816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548401, "uuid": "0e369770-02f6-4bc7-8a66-79e1c42cefed", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548401, "uuid": "3b686e5c-5836-42a5-8ba7-7321e3120572", "value": "06989d13c262d43220b4a919987c4030.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ac35ecf-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535536, "uuid": "4f2b4f3c-75ab-4871-9dba-c1cad5dccc67", "comment": "Malware payload (TrickBot)", "value": "52c6cf58ab70a99a94386db946ae841a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535536, "uuid": "dcec27b9-c528-43f8-91a6-d8f743ed1516", "comment": "Malware payload (TrickBot)", "value": "69f3c29ea8c59e44a85c750b670b4b3a02c2c9b85765362527a8289d14e369a9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535536, "uuid": "c07c9bf9-a287-40f4-8216-d364ea7d8c06", "comment": "Malware payload (TrickBot)", "value": "235e051762effba7b62d0cb976665c551a3ab292", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535536, "uuid": "ba4b074e-e70c-47d2-a92f-90be626ad39e", "comment": "Malware payload (TrickBot)", "value": "b91f9c04a71110727ab2e2eec4537526c4e990d9247a6dde8a991e3c85b0d4e6f650f445cfd73a6e56aa7bd75bd6e921", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535536, "uuid": "1232a3f7-aa05-4aad-b97b-c33d9a42a6f7", "value": "T102C391E86AD0E417338D2F17FE0A3AEAD1BA985796C07507D15C7A4C29E911BC2B0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535536, "uuid": "075c3446-2df5-4df2-bd8e-43e38cbcdf18", "value": "3072:ggxL70mXxQCw9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bk:ggxHQCw9Ry9RuXqW4SzUHmLKeMMU7Gw9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535536, "uuid": "a0c86383-6731-46a3-b28a-631e38aa46ea", "value": 119811, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535536, "uuid": "defdb823-7132-431c-91d4-c42fbac33613", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535536, "uuid": "bd6a782b-6962-435e-88f3-fe46c44240d1", "value": "2021APT-28_48630453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5cd25d1-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536548, "uuid": "c1719804-6f68-4ceb-9d0c-2ac536095b8e", "comment": "Malware payload (AgentTesla)", "value": "32c2a0d57a0e455a7cf758681ffc389c", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536548, "uuid": "c3cfa88f-5384-4106-bcca-a007991eb722", "comment": "Malware payload (AgentTesla)", "value": "6a085e9c88499b7474d976c5803e30b2fd5535f832a0fe876ad09452ae78387f", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536548, "uuid": "f6339350-26ff-4cf1-8465-f96610261e4e", "comment": "Malware payload (AgentTesla)", "value": "88efb19834252eff968e86a57c79f0ea534cfe56", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536548, "uuid": "3fa4e90a-b285-4029-a7c8-f2f61111b65b", "comment": "Malware payload (AgentTesla)", "value": "83f2dcbfb1d288acae0aa3e2572ccebfa41492d23011196cdc3b5f4cace93a2037a33d6e352445fbe8dc2e5960151c9b", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536548, "uuid": "c1be4acf-7469-4733-8448-549ea3c776cf", "value": "T1A242C11465F534E902405546420B97BBBFDB59C80892F8FB71E5242E32B479F3366BC6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536548, "uuid": "75e13554-af87-4638-b20f-df960617d63f", "value": "192:meohVGbSKWUdauI8r8gJQOmuBsNWLz82i7wKZ25tARBbL/bnu5CdSRkOqs:AVSWUYumXurz82i/eUVzYCoRhqs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536548, "uuid": "df6bb14f-283e-434b-aceb-8a68f605c444", "value": 12016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536548, "uuid": "1bfd6a01-72e8-462e-abfd-f3570365e4f6", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536548, "uuid": "420680db-f5c5-49ce-95b0-2bc6fa09c743", "value": "DHL-PARCEL_PDF.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32b2cc36-f06d-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627563735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563735, "uuid": "3a045831-1580-4995-a658-6c9158f02555", "comment": "Malware payload (Loki)", "value": "0e9e11c5d9524803f6e3317852d54dab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563735, "uuid": "f9bc01ba-bc9c-4a45-9f9d-bee0c6cbcafa", "comment": "Malware payload (Loki)", "value": "6b0584266d4bf7de9ef046f0e81fb6dd59308058eab4a906a06f622580563f78", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563735, "uuid": "0fa1c909-54a8-44de-901a-21639ec4b994", "comment": "Malware payload (Loki)", "value": "8744b2c308a654745540eb85805593f8afab8c3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627563735, "uuid": "4aac092d-3509-4116-bd5d-02d801ec57b5", "comment": "Malware payload (Loki)", "value": "897ac864e518c3e0de04c00da2a49f9b99ff235b8f963c600c38a856b7f1bb29f9684c6fd8edbcd497bc59db14db6fc3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563735, "uuid": "19a1f642-a290-4d05-bc12-4feed881e247", "value": "T176A4F36A278A4513F67991757653ECF1F620BE92AE019D0B86C63F8334236C1EEC1C5E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563735, "uuid": "dc69d310-a8f9-4e58-9d69-aa9e30f66cb1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563735, "uuid": "7b0038fa-b817-4bc4-8076-789755082729", "value": "12288:nd7p+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXjTG+g/RCuE:dQT9gRC5r3MzQt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627563735, "uuid": "521d20b8-df92-423a-8c80-70bf774d7268", "value": 469504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627563735, "uuid": "a30b5659-429d-436c-8763-79eefb6f964f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627563735, "uuid": "100e1d48-9291-4b50-a704-27531ecb6e58", "value": "H2ioMzUCd3ct9rb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "544db96d-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535874, "uuid": "389e6283-5fe6-46c7-8175-88ca7e582e7d", "comment": "Malware payload (TrickBot)", "value": "f144dbf61954220bcbd4e4738c58c819", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535874, "uuid": "f9a3e973-8d50-4898-b0e4-25f251d1ce9e", "comment": "Malware payload (TrickBot)", "value": "6b0684d54864135fc8f3de9703b9353dcc7dc90f3c941c26cd7fa599ca2ade24", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535874, "uuid": "c47c14a5-694a-48b4-85a9-2d78d6b477d1", "comment": "Malware payload (TrickBot)", "value": "77b8d9e526c4eb4496fdc924dd1cafb16a96ffa8", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535874, "uuid": "6bb82f0b-c133-4447-b323-008bd3e62b24", "comment": "Malware payload (TrickBot)", "value": "93c17d47902fa3446c1d778c3b5fbff27103e0fe0f7217dee0b4cc1fb5e803fc821ac9023c88b9c9d340676d8de64eea", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535874, "uuid": "7beeb576-b4e6-4251-b0ee-247070acf132", "value": "T111A371D86BD0E417338D2F17FE0A3AEAD17A6C5696C47607D15C7A4C28E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535874, "uuid": "59bc0b74-5af6-4b5d-9cbb-294443fd97b6", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXa:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535874, "uuid": "bf60bd68-d5b6-4fed-a9ea-5ba9579b34ff", "value": 106727, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535874, "uuid": "3f0c087c-71b7-430a-ae12-5def57cc3572", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535874, "uuid": "a3b21aae-fb8e-4234-9fe7-7b01d3d37c35", "value": "2021APT-28_34704453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92631ba4-f044-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627546286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546286, "uuid": "df15fd23-32d4-4b5f-9426-0ac232506a2f", "comment": "Malware payload (Formbook)", "value": "4baf2a9692c5335f707b7357584cc5b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546286, "uuid": "046674e9-def7-4d20-b9ff-56ae28f90706", "comment": "Malware payload (Formbook)", "value": "6b0f6ed4f13b5d6c7b973bd22941de1535ae580960940656b671f3b991c972a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546286, "uuid": "df62f3dd-83b2-43ac-b3e5-da841d67f987", "comment": "Malware payload (Formbook)", "value": "0a9c075bf3c76a93537ff911d215a9d88ca45be5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546286, "uuid": "10f5a559-7a2d-49bb-bc1c-fba0e7c626ac", "comment": "Malware payload (Formbook)", "value": "d05ba766f99a01eb9cc95ddefe03616fe8f5db67b9fd77eb90556c9e90de027950a508ab696bb1c5cc36eda92e3f9760", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546286, "uuid": "cea6f662-1c6b-4ca9-9d05-fae654cc453d", "value": "T1C555E024C98C9FD6CC5803740E9846781EF5ADE2F270D86C3D8D35B5B7F2829EAB5246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546286, "uuid": "4eac4f0f-9d65-447f-804d-48f2cc07ec27", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546286, "uuid": "6bd76e7b-dc03-464f-90d5-0572af914bb9", "value": "24576:obS/d3NKzksjksLNI4c0DAB25bbpkDqILIlYbGfkD+y8jh8N6ZNjZ:7Khu0V5bbODRLQYqkD+ON6ZNj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627546286, "uuid": "52d62829-6770-4d1a-b7e0-f3ad6bee12b0", "value": 1320448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627546286, "uuid": "da4f4811-8a35-4459-a811-ec036adba2fb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546286, "uuid": "033efe5b-ce18-421e-aef4-a5b2958994eb", "value": "ORDER SIPARIS.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7289c904-f03c-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627542797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "0a0129bc-6876-4a4b-9543-078ccba3102d", "comment": "Malware payload (CobaltStrike)", "value": "b67d52bf30515f2537b0a3a076ee60dd", "object_relation": "md5", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "da351ec1-c248-4b31-a70b-84a6f71823fc", "comment": "Malware payload (CobaltStrike)", "value": "6bbabed7b0f11e304b0cb97013c9095d51fa330aee3a966b5626088e92a0dfeb", "object_relation": "sha256", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "a853f3b3-ab9f-4a17-958b-951e89ae61c4", "comment": "Malware payload (CobaltStrike)", "value": "b1c9f57fc7f1ff921a54e0924a1d7bd9c1edb68b", "object_relation": "sha1", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "53bafa80-d66a-45b0-aa62-dc47fff0b628", "comment": "Malware payload (CobaltStrike)", "value": "048f7b0cbf909cca4c5625479f001cf66a33448ea18d6864ab9ca7f92fd21b3b5a57f77f8f0fa86a1b649204561ca0fb", "object_relation": "sha3-384", "Tag": [ { "name": "47.100.48.157", "colour": "#221C10", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "d57f96eb-5a98-41d0-b4aa-30848120577b", "value": "T13FA53A12B8A244BAC57EF2348996D3A176327C6593317BE72F90A62D1F74BD02E3D314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "d23e67bd-f1c5-4235-8f66-d4fdddabe9bd", "value": "74818b63731f2511d9835317a87a26b1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "c4dcf605-6a4e-4581-8902-5fc623d4f00e", "value": "24576:8vD/8Oxqy4G3a1/0RtrlrAmTOflhrXOqOUrD2xxD1vJPX:8jyyZ3a1/0RtrlrAbtVKhxD1hPX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542797, "uuid": "17b942db-a8d0-4122-b4fa-421109d9dc5c", "value": 2121216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542797, "uuid": "0612a4c9-8719-482d-9375-31fe745120fc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "bae3a2f6-a8e0-4e4e-950c-ab2a48e79914", "value": "6bbabed7b0f11e304b0cb97013c9095d51fa330aee3a966b5626088e92a0dfeb.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f4ea62-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535426, "uuid": "0e1c341a-83c2-46e1-aec9-4bee2cf52763", "comment": "Malware payload (TrickBot)", "value": "1aa05ab3a7577297aceb18be8bbe78af", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535426, "uuid": "e36b4736-ce59-4c9a-bbfc-c8eb143f14b1", "comment": "Malware payload (TrickBot)", "value": "6c5da9a63a72679af1b95d620b83389ed25858f3506514a8833f7539e9cf9e82", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535426, "uuid": "d49f79d9-170d-433c-9be8-97f4286b758d", "comment": "Malware payload (TrickBot)", "value": "2cd43130ca2160b11e380de70af06247d278e419", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535426, "uuid": "15cd95f6-8926-4435-9726-2505cc157127", "comment": "Malware payload (TrickBot)", "value": "34cac8d8d389af8e7bc242e3cc93c770e9bb2a10c0ff1e6c380ee235ed6b86216ee442d621381959168f71fd7c909652", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535426, "uuid": "cc4f653a-056a-45ac-9fd3-0871793000ff", "value": "T176A35FD86BD0E417338D2F1BFE0A3AEAD1BA685796C07507D1587A4C24ED21BC6A0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535426, "uuid": "7558350c-480c-4fa3-9cd3-e1ca77888880", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaX+:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVG5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535426, "uuid": "621dacaf-8bfd-4fa1-b721-b22f7a781d0e", "value": 98577, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535426, "uuid": "0a9dd550-68db-4dd1-886a-528ec21b1d0e", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535426, "uuid": "888b1ed6-a1b1-4f67-ba9d-51445c9031c3", "value": "2021APT-28_62700453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ad9eb77-f031-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627538140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538140, "uuid": "a0a42524-ae35-4306-a929-ff5a6d797a34", "comment": "Malware payload (RedLineStealer)", "value": "d216304b3c8bdea6ac5a64a5bb77d208", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538140, "uuid": "29dec471-d804-4e3e-ab8f-8371123cab7b", "comment": "Malware payload (RedLineStealer)", "value": "6cfb3fcccf87e4089ac05814e0f92e2432aab0fa4c9b90059a689e94061a91d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538140, "uuid": "e8ed951d-1655-4c18-a659-adf2bb3c459f", "comment": "Malware payload (RedLineStealer)", "value": "6569a11be963c4c2b61541aa62e7756f44fdeba1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538140, "uuid": "32a1704c-d0ad-4ff3-9a1d-0e81115aee6a", "comment": "Malware payload (RedLineStealer)", "value": "f1a63bc7f3cfaf8aa1e4e1076a2c075bfa7e480db7287a9ad2ad640423cfdba18291ba8f838445ee5e5a5c79850cbb27", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538140, "uuid": "bf6ff43e-e1de-4d8a-90ba-d0737b846a13", "value": "T134E3AF0AAE19E4A5FD699F70F93645F7C3706E1DE043B20B20CC7C222D7E69156A13DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538140, "uuid": "a5143a5b-576e-4a82-8689-a0eebcf5aacc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538140, "uuid": "1943bdfa-0ae2-4485-bf43-4ef4751ed8cf", "value": "3072:ko04M/DFdk81DBaM/32fjwwX4lzFdi6p+hYU6yBsJN7evfW990j+xaOEne93TkJb:ko0f/DDJ1DQ6mfjwpifhYU6yBsJN7evt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627538140, "uuid": "ded4ba2e-ccd5-49b7-8c04-796ebf89cce2", "value": 156928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627538140, "uuid": "b49f44d4-a23f-43b8-a72e-5da0375f49d5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538140, "uuid": "90360005-0f3c-4def-b8e4-2dfebfc8ce47", "value": "d216304b3c8bdea6ac5a64a5bb77d208.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ab3ef69-f095-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627580982, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580982, "uuid": "65f38b44-0e91-4998-944f-b8cc9f132f45", "comment": "Malware payload (Formbook)", "value": "c30080b7ad906899fade216c014222b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580982, "uuid": "1bd7a1d2-bd00-49a6-a95b-92cda067c1fc", "comment": "Malware payload (Formbook)", "value": "6d1b20a3efb84a54e22da5d00f24f03b213ecf73cf429409c46b1f20bf5e8ec5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580982, "uuid": "953f9063-4ddc-4fed-a536-273fd62ed5e1", "comment": "Malware payload (Formbook)", "value": "0ad3ad5517bd94fe5fd6144e30b5801a28d56dc0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580982, "uuid": "9dcb1ea7-f4a8-4701-8306-c3f393492c86", "comment": "Malware payload (Formbook)", "value": "9e919dd2715e859ad27858f38c57ac0b13a53ceac867a01f8bb5353e655dcd4e6298264c4dcc800e1d90ea1fd1fb2723", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580982, "uuid": "9c398b62-ddee-4900-a952-97621532fa6a", "value": "T1B915BF2045C8EB9DD8BE07341B6C0378AFF0A946D1F0EB283E5580B5AC92B51F5BE356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580982, "uuid": "6d5f712b-1ff5-4ccb-8123-0b0560077a54", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580982, "uuid": "b28b26e5-0b2e-47c0-9634-a4b6588935ac", "value": "12288:hSEFlOgTbQuA7iS/d348wMGdGJJdzf6SjNLHZ68AwrkdW0aHsEGFvk0278ciFdak:DFs4D7S/d3tGQjNT4pZr27Tmz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580982, "uuid": "d03f1aac-0fb2-4931-96f5-92ab21e14a9e", "value": 923648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580982, "uuid": "49f01499-8263-4851-8139-d5e660d652a7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580982, "uuid": "dc89c21e-558e-4d7e-9f88-826cdbe7f361", "value": "SAFRBRSPXXX-ENV Pagamento.Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad544dda-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627557928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557928, "uuid": "090b1c54-de01-4c67-a3be-9b656b1ca053", "comment": "Malware payload (RedLineStealer)", "value": "109c885cfa000ea4d0c72f9e30e7191c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557928, "uuid": "ed191b2e-1961-4d4a-b477-202b72f46e25", "comment": "Malware payload (RedLineStealer)", "value": "6e4f20b04fee92074f9d640a80ebf28c27510e89c20cbd3c66f00a3ec2fd3989", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557928, "uuid": "ec2748ec-99c7-42b4-9c80-97627b8272b2", "comment": "Malware payload (RedLineStealer)", "value": "47e503f21eab1f2142a1cc28839fd3c5b8b61261", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557928, "uuid": "11cfc445-d847-4b92-bf73-8a380cd5f157", "comment": "Malware payload (RedLineStealer)", "value": "28d7c1ca2ff108f4254ec75034d98d1e52b90d5afc81ccbac5c2dfbe17dcdb1ce37691ecf642bbe94572c59701e8bdcb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557928, "uuid": "57565cdf-215a-4853-a1cf-9ecd13f94434", "value": "T1E1A33B2163ECDA2DF6BE0A35A4700115C7F1E48FA011EB5B4EC7A4DB2E76B8225546F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557928, "uuid": "90b22edc-dca3-4e17-8102-f91cb52c198b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557928, "uuid": "6163adcb-0d60-40cb-bc1a-17beb3e9982c", "value": "1536:l3LNmocOaoFy8Rc6ehFbsIxJFSafjsmbfejvNuvUyyedgH3pqCxXsEGG6ijoigR:lxmoc1MebJI6jhWNucyzd1Snm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557928, "uuid": "a6f837c5-bda2-4359-976f-d4b56adac27f", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557928, "uuid": "1981066d-b72e-429d-9162-a107975b7221", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557928, "uuid": "f9acb216-dd0d-4d5b-be8e-c533097e327a", "value": "109c885cfa000ea4d0c72f9e30e7191c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "349ab2d4-f05c-11eb-875b-42010a9c0053", "comment": "Malware payload (Vjw0rm)", "timestamp": 1627556437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556437, "uuid": "e8c4fcee-a3d8-4de8-bc3d-f135f8a5ded4", "comment": "Malware payload (Vjw0rm)", "value": "8a64707b027a9b569641b6151c54ba24", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556437, "uuid": "12c65abe-ad5f-4cd2-a7cd-b41a487e9075", "comment": "Malware payload (Vjw0rm)", "value": "6e64dbcbe7e1c0e0eb8f4f967b936221c7a6c0185718fe991612e478e22f9cc8", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556437, "uuid": "23cc4bfb-2b54-4397-9a02-25f0bed958ad", "comment": "Malware payload (Vjw0rm)", "value": "b34f4dbb2f5b9a34645ea444db51841d9325a8cf", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556437, "uuid": "349ea899-a089-41db-96bc-8ac78ad9c8c6", "comment": "Malware payload (Vjw0rm)", "value": "126cd587f71764bc8311346bb1ae15fa9b756c94c16db17b46dee1a5d896243b8adf7fd9d1d5a205c171c2843a451203", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556437, "uuid": "37476842-f42f-4f9a-9f3e-109c1027866f", "value": "T1B6729D95CD327F48FF683385C9ECFC182FF9468BA11584EE31A386050A6171AB80F55E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556437, "uuid": "fe83ee64-ef1e-4240-b02f-4050416f00d2", "value": "384:MweGYgHCLCQr8POER/JmuCOfhYFAFYQhIZGaN+Ce2buvm/vNDe7:umDQr8Wt5O+FBQhyZe2bZo7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627556437, "uuid": "9e7f4790-4ab0-4dd9-b1c0-6209d2ac0b23", "value": 16923, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627556437, "uuid": "1071a793-072a-45b1-9543-9a08b2dbeaa2", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556437, "uuid": "a5cb40d5-d16c-4400-a4d3-76ce72fb6b29", "value": "COTIZACION July 1079.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4776997-f072-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627566074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566074, "uuid": "c92434ee-eb7a-425a-b3b1-c6b9db158ef0", "comment": "Malware payload (Formbook)", "value": "1cb1d17b71c0b0bbf29ae44ac7846c41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566074, "uuid": "330a663b-5976-46d6-914c-ee2c51ae985f", "comment": "Malware payload (Formbook)", "value": "6f42be9adbf8a5232ff93cbbd74b5616319ed32863c9b5cc9f6fb9383d618151", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566074, "uuid": "ed7448de-f3a1-4bdd-bfec-70abbe56cfd1", "comment": "Malware payload (Formbook)", "value": "13c1e5eee17ae3d7b5e859ec3240726fc8bd2100", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566074, "uuid": "6a358c88-cee1-4ced-8071-ef3ed05de7c4", "comment": "Malware payload (Formbook)", "value": "6dd138a53449de503f95b098ea62051d9e459c6321a6aa2a601e81cafbe65ebd8601fca0061659f3dd797a0498f314b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566074, "uuid": "5c2d0657-d609-48d2-9d72-50c45b83a7cb", "value": "T1AF55E028C98C8F9ACC5C03740E5946345EF5ADE6F270D8AC3D8D31B1B7F1926EAB6245", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566074, "uuid": "be39bee5-f61e-400c-84c5-cb43a4f9c10f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566074, "uuid": "69eb55fc-644f-4acc-840e-e048f27180c0", "value": "24576:gisS/d3oKzksRks2y8jVMCBGFI7wCBSGZ8N6ZNYZ:+KkuoUCRWN6ZNY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627566074, "uuid": "5429da0a-14b4-4794-917c-fc7fc43d11cc", "value": 1282048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627566074, "uuid": "d2fdda62-3078-417b-b20e-03bd4e900c90", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566074, "uuid": "30751db6-f200-49c1-a45c-3176274c3eb1", "value": "Invoice Amount 14980.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77d95d82-f06a-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627562563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562563, "uuid": "cb26543d-c901-4c3a-9bf4-942768ce18a8", "comment": "Malware payload (AgentTesla)", "value": "9156f9daff38baa72e46e83485cd15e0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562563, "uuid": "eab59b40-d9b2-4118-b8fd-43792d9ea3c5", "comment": "Malware payload (AgentTesla)", "value": "6f74f38f6719d5508cfc7e685aa61941c5e08e38fc4c5ba710ad402688fb5dea", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562563, "uuid": "8cec64c9-4555-458e-a554-cec823ac281e", "comment": "Malware payload (AgentTesla)", "value": "fb2963fdb31356485cc1a8e3a9feb0a3f8a0655c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562563, "uuid": "b408a1c6-b690-4d4a-ba1d-55315f254318", "comment": "Malware payload (AgentTesla)", "value": "1b355c93a6815591408421b043e4c5949dde009342fd4bc955b776979a19d796ceaab20cccf7cd56af53990f90bcfdba", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562563, "uuid": "210aa7d8-b5ac-4ab5-9efb-8113f2d25674", "value": "T156059B26239A0527F27981717653ECF5FA10BEC2AA019D0B96C67F8334276D1EEC1C6D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562563, "uuid": "9cd06f63-0c53-4fa2-8837-50562b867a57", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562563, "uuid": "8fdb61a5-4516-4127-a149-953123be0d0a", "value": "12288:c54Fp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX0wF1elbZs:g4R5bZhvOuqEkM24MnJmX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562563, "uuid": "4dd8bbba-ed59-4c16-9bfd-a0cdd344b312", "value": 851456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562563, "uuid": "095c4beb-67b2-4760-a0a7-e3483ccaab12", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562563, "uuid": "244609a9-1736-47ae-a913-eb6ca5cc1ce3", "value": "Payment_slip_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a4573fe-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627534999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534999, "uuid": "f3c89ddc-8a46-4a31-8c2e-71f9e83d8a32", "comment": "Malware payload (TrickBot)", "value": "1dd6deb7802512dc4dcccdd2fd4983fb", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534999, "uuid": "3af8483d-d77e-494b-90e6-0bc2ed80be42", "comment": "Malware payload (TrickBot)", "value": "70138d15e673f5d5564ab689a50a3f6f73b43ffa410deef929b065fe1d81232c", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534999, "uuid": "c73a4da6-1e3a-4ded-a388-f58ce39da5c3", "comment": "Malware payload (TrickBot)", "value": "e5b3b483d00e07a232cd4cd9085f153b09aeb079", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534999, "uuid": "04302e45-a200-439e-a9ab-82394eaad99a", "comment": "Malware payload (TrickBot)", "value": "b2b8e617059e9febb09a6bd40efb73dec11e39da662900c0c0c1046d58b5afd1fe94871b9298493b48725d79f1071135", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534999, "uuid": "ff71b906-3b75-49e6-b0fd-1bf5dd945f2a", "value": "T10A9330D86BD0E417338D1F1BFE0A3AEAD1BA6C5696C47507D1587A4C28ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534999, "uuid": "f20e0f43-d6ef-4a9f-b5aa-dc0ae1ffd7da", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/ob:59Ry98guHVBqqg2bcruzUHmLKeMMU7GN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534999, "uuid": "548f27ca-c092-410d-a7f1-7104d54fb559", "value": 95178, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534999, "uuid": "51fba19f-7370-411a-a67c-f345fa44e824", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534999, "uuid": "f385a983-4035-4c94-b489-dc3d07f3671a", "value": "2021APT-28_3438453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ae204b3-f03e-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627543482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543482, "uuid": "0bcaee27-95fd-4992-a834-8a57d64ed2f8", "comment": "Malware payload (CobaltStrike)", "value": "d9adef40274457f2ad621d46675046f6", "object_relation": "md5", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543482, "uuid": "6a8834e7-b051-4ee3-b2a6-30c8c318a682", "comment": "Malware payload (CobaltStrike)", "value": "70e7dbc4e80d5d817f89c06d5ca7bafdb3226ae3c559d86cc5857421eca27af7", "object_relation": "sha256", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543482, "uuid": "1ced945b-b9f2-4fbf-b547-5a2d210bfd41", "comment": "Malware payload (CobaltStrike)", "value": "7f069b60a5f8a813ff2a9e0cba9c9995749558f4", "object_relation": "sha1", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543482, "uuid": "cbdd03e2-aaa7-48b0-b62b-3eb80b1c4959", "comment": "Malware payload (CobaltStrike)", "value": "ab07dec27f1a97b3595f54be60f75323a7dd6d976bec6ba48946894b3ab68f11bea865ec05321156cc50a2de28bfd01c", "object_relation": "sha3-384", "Tag": [ { "name": "1.116.163.166", "colour": "#5F6749", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543482, "uuid": "5c66119f-1208-48c8-a77a-358c401e6dfb", "value": "T1DE536D0909F2C0A0E567C4F0946A8361D57135275EBD8FBF97A0B5A11A31E80EFDB93D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543482, "uuid": "50c6b3e4-b03e-4b24-9531-5d7497cb38e0", "value": "1b81115aaa6c79ea86fb0df6cd5d274a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543482, "uuid": "773a9517-49be-4dd3-8b50-69fcbbe25d5a", "value": "1536:6omnMf9PKGmBhcXr8cPTJ0RK/YIwLS+AWBbQy:6bnMfRMhcv0s/YIwL6WV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627543482, "uuid": "a8fa1fbd-3f45-4ec2-b284-6932662c8125", "value": 64512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627543482, "uuid": "1ead4970-ad5c-4eeb-bce3-c3f95f6f364a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543482, "uuid": "4df3008a-b6df-4bd2-bf1e-ca55235d677c", "value": "70e7dbc4e80d5d817f89c06d5ca7bafdb3226ae3c559d86cc5857421eca27af7.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3b7003e-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535605, "uuid": "dd6aa685-222e-4fc0-ae6f-6c429fe9d06b", "comment": "Malware payload (TrickBot)", "value": "16b90591eae642738815db7b0793e39e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535605, "uuid": "1014e085-7d39-45d8-9b88-94b37415deff", "comment": "Malware payload (TrickBot)", "value": "71b2c64ccc0591ae6d21179d32e486b7a175b0f62bebeea866fcbb0ac5001fd7", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535605, "uuid": "608b8698-6cc2-442a-92d4-956bf6a19dd0", "comment": "Malware payload (TrickBot)", "value": "17c512496c4fb54d46eb19ded51d2a7495d41751", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535605, "uuid": "2efc4674-ce91-403e-8dae-370ab7ce487c", "comment": "Malware payload (TrickBot)", "value": "2e9b4564bb663f3adfd7822f1a5531c961e89dc4b5b160667509fb2f8e4b1aec5c49f9575e3bf410b13092c3d848efe0", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535605, "uuid": "0fb5ce1d-bac3-4204-b232-b4da1737eed9", "value": "T1306378D82AD1E417338D2F17FE0A3AEAD1BA6C5796C47507D1587A5C24ED21BC6A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535605, "uuid": "aba07437-cf8f-47a9-926e-9577e613e68e", "value": "1536:aTnL/zQ9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIx:afzQ9Ry98guHVBqqg2bcruzUHmLKeMMe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535605, "uuid": "a82ff44b-da74-46e4-a33e-3dfa55a4fab5", "value": 67175, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535605, "uuid": "8b15e039-04cd-49f5-a31d-7cf551ec6bcf", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535605, "uuid": "af3d7ab2-afcf-47a4-b57e-781fc9638ade", "value": "2021APT-28_74484453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9be2bb8d-f070-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627565200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565200, "uuid": "697dd0af-80ca-412e-928b-4973b8d75448", "comment": "Malware payload (Loki)", "value": "b158c924678cd5bac37bfd7bfc9d8781", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565200, "uuid": "2e2ce1da-8553-4dc2-acda-34127ea05081", "comment": "Malware payload (Loki)", "value": "7213e683d974ed27c90dea93b40caa5c497ca4ab9834e159adb69f7be5d2081e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565200, "uuid": "d092950e-9641-4391-b56b-d08a0d88df75", "comment": "Malware payload (Loki)", "value": "cee45ad78360c3665af73184471b05e12a73dd5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565200, "uuid": "2565329d-dddc-43fd-84a7-b4b562551103", "comment": "Malware payload (Loki)", "value": "736f3e9516b7e3156f7b07445933782efd7eeec11b43c05300413f24c008097fec5feb8dbff5a2ebdb70c5e33fbdef74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565200, "uuid": "78798319-6cad-4730-b563-d6d054fa93f1", "value": "T1CA45E038898C9F96CC5803740A5846345EF4ADE2F2B0C8AC3D9D75B1B7F1D29EAB6345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565200, "uuid": "5ee799cb-da5c-4f1b-8459-da4b321157f9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565200, "uuid": "810a62c7-9a59-44a6-859c-be7a3a1b27eb", "value": "24576:KvS/d3MKzksWks+5h9D1Rf0jNr27X7Jy8jh8N6ZN5Z:IKtxhmBK7NuN6ZN5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565200, "uuid": "529b2078-8ca0-4b0c-9c2f-ad944af9735f", "value": 1238016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565200, "uuid": "6d0096b6-ba40-4ecf-8255-d100d05027e5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565200, "uuid": "fcf8ab6d-4d67-41da-8531-46c7f05793b6", "value": "csrss.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "221cbbc1-f07f-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627571438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571438, "uuid": "cf7454d5-3697-4233-b314-1053b63d22c3", "comment": "Malware payload", "value": "023a22e62f7a03f1c776002e55cfa63b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571438, "uuid": "041be19a-4e80-487a-8838-4357ebf3dd14", "comment": "Malware payload", "value": "723aaf569199112b66cf4d3d09c7a44eb01850c95874a6898f2f847b30956f4b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571438, "uuid": "d1b6d915-1963-4953-8a00-2fe1d43a62e4", "comment": "Malware payload", "value": "bbdf9e793020454f3fdc3a75e03608a8c3ea0471", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571438, "uuid": "43701ca8-e6e4-4ec9-83af-1ceca691d256", "comment": "Malware payload", "value": "387ffe96ba490a29c57ab34a55897d8f416b1c49b3b75c2926815ade7ef0ff1406b09118f6c4ca154fc7acaf28c7faac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571438, "uuid": "713659fa-7dc8-437c-ac06-38ae2f5a2072", "value": "T1F8A5230B9543C617D31987FA8967B9300A7EFE46FCC711B8710AF5CEE89E65E8690B40", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571438, "uuid": "856c6f7d-0cbf-437d-ad23-501899604653", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571438, "uuid": "078faa5c-9be6-4bcd-95e1-5be3b0d6f614", "value": "49152:Za1QzkbBGRPpaif65XFH6hLufnSAq58PUYY0Kq51:ZYFbBGRP0SYFHILq5q0Ky1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571438, "uuid": "36b3711f-e539-43d0-908b-485d3a8a55e5", "value": 2120532, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571438, "uuid": "ceece2a1-f6f5-4d1b-a165-ab5ad3612adb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571438, "uuid": "be966ee1-13e7-460f-ae2f-397869209b66", "value": "023a22e62f7a03f1c776002e55cfa63b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a634d662-f076-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627567795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567795, "uuid": "4a7c40fe-1d41-4cdb-ac0b-e089d82e14fd", "comment": "Malware payload (Formbook)", "value": "c0cf90e7977e14b8bc018d7710d2092a", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567795, "uuid": "d5f84c4a-3dba-456a-8086-7528634a9bee", "comment": "Malware payload (Formbook)", "value": "726a4f2b23c87e3dcafa0c38c2d5a31c15be0859b5fd82d2ecd6a2bc878bbc2b", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567795, "uuid": "7b098c57-389f-4912-9054-0ed5190ab29b", "comment": "Malware payload (Formbook)", "value": "cfbfbcc1758d4a52f3b97e79bcbe229a5a9fc9f3", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567795, "uuid": "960b87fc-0571-446e-bd6b-8c0f463f0ee4", "comment": "Malware payload (Formbook)", "value": "7fb43510c004f12ed73b5135f7e4e48acfdb645572cd868b9a4d4573e2cd6ca9234625994924f62f853f066e16e8dedf", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567795, "uuid": "3f080ad8-40d9-4890-9d9f-8c74a2a80dcd", "value": "T1EC451295F856EB83C4FB2278A06E863797564F3C87B6C20A29487D309D3407A35EF45E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567795, "uuid": "b0226f78-dcb1-4f21-ad2b-c32f09d2bb37", "value": "24576:6M598WZw1XFleCWkBF3StPGOldHM6kM3IkToyTMj+W4p4pKtiBDrC:TMAsleCWuuPHndPYafTMjGp4/By", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567795, "uuid": "f059d718-ef91-4aed-b72f-d1fd050c0f2a", "value": 1203200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567795, "uuid": "0dba8bce-86ad-465f-b244-46a7fc7f1e2e", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567795, "uuid": "b83f7f11-bfdc-413f-8a88-efb393d12d52", "value": "RYP-210629.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a5ce541-f0a3-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627586914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586914, "uuid": "e5e3dea6-52e3-4176-a9c2-90699d24401c", "comment": "Malware payload", "value": "5b2e8b0887e41ff72ac66799beeccb90", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586914, "uuid": "3f1055df-33a9-4aab-be08-24b9ba7eac3d", "comment": "Malware payload", "value": "739d52cf78560ab2c1dcd0f272006549d15312f0dcccc420bf669717422da441", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586914, "uuid": "1d029fff-3848-480f-b9ba-53500819039a", "comment": "Malware payload", "value": "82bbe01b7a2cb252892a5bed5d5af58fb641cd38", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586914, "uuid": "d459a571-887b-4520-bd61-1f97a6c11684", "comment": "Malware payload", "value": "c3261b258561615086ab64390954d89695523cd70ba91cd77dffeba4c8a715d84177420e9f186bb36d06b0fe9a270c6e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586914, "uuid": "50297626-ea02-4f8b-8cfa-193dbaa014d6", "value": "T14A82841A7017E8AFC18AC2F4A49A97B1E0B1F800D7AF1719325CCE152D9D9E9375A7C4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586914, "uuid": "946359af-c454-4d06-a4f3-927a1e9ba8a9", "value": "4a5d211a964da84c1acd1341cde35ce5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586914, "uuid": "c9724a6b-1e6b-48ee-871c-9dbc1ce8002a", "value": "192:sPmG0ox5716fmlqbygaB0zPhzWZldHWpWUCbNBW8:pfI5ZGmk/w+PUZeL8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627586914, "uuid": "08493eb1-1fd4-4bdb-8162-a84f471b4b4d", "value": 17920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627586914, "uuid": "52d36714-7660-4add-be77-089ada570ee1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586914, "uuid": "1b885393-ec24-43d3-b5c6-998630fed495", "value": "userpref.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d696562-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (DanaBot)", "timestamp": 1627547969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547969, "uuid": "36b96a7c-8fa1-4f8b-8caa-1555f6a0d866", "comment": "Malware payload (DanaBot)", "value": "592b072b05d4144f9e5242c8e9a1c88c", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547969, "uuid": "96d84640-f2cf-452c-bf27-f9df8cca2357", "comment": "Malware payload (DanaBot)", "value": "745ae9caf8a38023905ad52a4e81d085cef62fc4a14aacf2536c9e54cd1845f8", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547969, "uuid": "0bbb1fe0-1036-44a1-bd43-55cd74ed29d0", "comment": "Malware payload (DanaBot)", "value": "8294c8a81684a35a9a8e155788c2ccabad8b657c", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547969, "uuid": "13133f42-948a-469f-8a82-44d1357685e5", "comment": "Malware payload (DanaBot)", "value": "9cd65b9b92b23ecf9ad98f36d9ac7161cd0c96cd9a3df386e95bebfd071696593ca95e0926935282f582d0e11502cf18", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547969, "uuid": "89689785-99f8-42d6-bacc-83a9c19bcb04", "value": "T16A351230BA60D03AE47362F846BA936CA42C7EA16B3451CF53D626DD17346E9DC3178B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547969, "uuid": "d12dc425-61e7-4fc8-a5f2-7d128e5832d3", "value": "ebe339f33228ec9cb9963341e6449ca2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547969, "uuid": "4926af3d-e6b8-4516-a6ca-cb7d28f285fc", "value": "24576:vv2NFRfdDf+CRwEHhjLsWLcOeb9oQvU7/9EJojbfH0vZEr:mRf+Cy65My/KeHYu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547969, "uuid": "ffe19095-11fa-486f-987a-a1cb11d04c93", "value": 1162752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547969, "uuid": "eebbc027-e6d2-4ced-b345-9e7081d38902", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547969, "uuid": "b3f92ce3-299c-4249-98b2-8c00cff52966", "value": "592b072b05d4144f9e5242c8e9a1c88c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6905650-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627548521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548521, "uuid": "d5e7aa86-f78e-4984-9eed-cf6991d907c3", "comment": "Malware payload (RedLineStealer)", "value": "4e3adcf7672f93322bab19f5f28bd4b9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548521, "uuid": "0d2a46a8-dc3a-465c-a982-43db7c336848", "comment": "Malware payload (RedLineStealer)", "value": "7686a2c761af88738e28a3f0a3fd97af695a571306912a674aa16a443c493b3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548521, "uuid": "de47c684-6a5f-4322-b421-33b9edb1e2ff", "comment": "Malware payload (RedLineStealer)", "value": "ba4d90f34f104e7fb161d45169f0d19cebe465de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548521, "uuid": "61ffd819-ec08-4137-96a7-67bf70bfd826", "comment": "Malware payload (RedLineStealer)", "value": "dd8a2549a55565e5855595fcf35d5c3ef9bb81d6d29dd693ccba8bc42a6d199161dbd32dba35695c651f531bbad5ad3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548521, "uuid": "0284b714-5410-4f5d-bcdd-e2be222c445b", "value": "T119D4F130E990C035F5B712F81ABAD378A42D7EA11B3440CF62D526EE56346E9EC32797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548521, "uuid": "de1a230a-5865-4d26-b448-355c289314df", "value": "255f8d5c29d68d23ef9b098d124cc19f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548521, "uuid": "20468c2c-82fb-406d-84ea-46dc7336bb10", "value": "12288:a6vimxWVVqXdBP2Xi2JsCKvVSpNfhP7Kh4e0muaVyYwud03hs:a3mxWVadGJJKvVmNfhPg4e0XJwKRs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548521, "uuid": "57cf962b-c32f-4627-b0fd-c820f0395545", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548521, "uuid": "5b90bbc8-b310-4833-93ed-800ad4a98904", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548521, "uuid": "9cb189dd-cf12-4b2f-970a-4f981e460f5a", "value": "4e3adcf7672f93322bab19f5f28bd4b9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35f79f48-f04d-11eb-875b-42010a9c0053", "comment": "Malware payload (GuLoader)", "timestamp": 1627549997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549997, "uuid": "84e5be00-abd3-4e1f-86ad-de62e79ba368", "comment": "Malware payload (GuLoader)", "value": "0b42b526c58b278d373f1dfea17a040d", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549997, "uuid": "58c0fe5f-95d5-43ad-9565-81c4963c88c5", "comment": "Malware payload (GuLoader)", "value": "76aea1ea7b432970cea2af0cb18823d122e15fcaa4acbe418431f9721e7b7269", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549997, "uuid": "f9774aba-0ed7-41de-8336-bee5f60ef6d6", "comment": "Malware payload (GuLoader)", "value": "fab2dde5c00f2791c1b40924334f31b11b7dd6c6", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549997, "uuid": "5d8a42d9-5e4b-4d07-be1d-f500b87da6fa", "comment": "Malware payload (GuLoader)", "value": "9011e66397a8f0ec2bfc18003103663b5541173aab19e9bb995ecee981aec9bdcef92794ff4706752ff86cd82333b4c4", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549997, "uuid": "10d5cead-f60a-44d7-b2aa-211fa8edf5e6", "value": "T1E25522729DE0A26BCC8D2C74AA81E134156A7C2CD6F5475F11DB39037A39BF1134BA2E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549997, "uuid": "fe80366a-6ab5-4fca-b954-20c3a4aa686a", "value": "24576:ROpYZqOZgt5ov00NRZWS3sUkY3TbIiJeFPT19r8HTaQ/xYCXVu0H5IehD:spYZpZgIv00vd3stC0ikFPO/x3VrFt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627549997, "uuid": "0a2ffae9-6e06-4676-ae21-0197d106be33", "value": 1357824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627549997, "uuid": "a7e736cc-6066-4b29-b6a2-62516c843841", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549997, "uuid": "2a4781a1-4bc4-426e-8812-2e769d31092e", "value": "Order 001.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "352dc85b-f076-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627567605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567605, "uuid": "712a02f8-513c-45bc-b718-7136c89927f0", "comment": "Malware payload (Mirai)", "value": "886241c3489e4264fda6f8f0daa9679c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567605, "uuid": "7a01bb1c-d334-49a8-8b28-a0f123ff5cf4", "comment": "Malware payload (Mirai)", "value": "76e41dc8229089f1388fb66cb2f206af54a9122b446fca594778328e7bcbf5ed", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567605, "uuid": "4eaf40ae-5966-48f1-adb9-8f0ad59a403b", "comment": "Malware payload (Mirai)", "value": "e8df41908547022facff602b9ab09724dd910c21", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567605, "uuid": "7ed433fa-c787-40bf-b993-42009187410d", "comment": "Malware payload (Mirai)", "value": "89a8685bc5744fa023fe58d6f38b0f03cde203d1efefaeb728cdd3e32ffed91959866844bb04fe67e95e567d0ab1ab29", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567605, "uuid": "f9f4cdfe-f325-4776-86c6-12941cb34164", "value": "T14B64D08AED41AF25E8C526BAFE1F034973734BACE3EA7111D624972037CA65B4F36144", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567605, "uuid": "dce04afd-83dc-4bd2-a41a-37a555ac8421", "value": "6144:7O/QJHZweEL/NOjCHm7FZZnccabE5wKSDP99zBa77oNsKqqfPqOJ:78QpZsKCaicabEDSDP99zBa/HKqoPqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567605, "uuid": "b5a0320c-b552-4a8c-b142-0bd6ac35b59b", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567605, "uuid": "bb250271-fd20-43bc-b1f8-4988fb74a728", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567605, "uuid": "58a7ded4-4d9a-475c-86f1-83d844383981", "value": "Mozi.a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2796d2ce-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535799, "uuid": "1a2582df-28fb-4b07-b1ca-21eb8e2f03b1", "comment": "Malware payload (TrickBot)", "value": "b71755801d39224ff3dd69d7a5e8935d", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535799, "uuid": "92e199b6-6eed-468c-9abc-bb4018956244", "comment": "Malware payload (TrickBot)", "value": "7768c4734702cdda636b1acf862f1b80a00886c8c6df954711e124b430512dc7", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535799, "uuid": "661aa345-1785-4b00-97da-c62af89fb6cf", "comment": "Malware payload (TrickBot)", "value": "221362025fdd12ef35303c94c9948aeec42601bc", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535799, "uuid": "2bcc7ad0-6b5f-4dd3-bada-f7e686f59b93", "comment": "Malware payload (TrickBot)", "value": "439ae510aa76251b212be976ae25eb24ffe1f8f46775d7e8f211ce013684f06bf45b190a64d41ba983ffa6553b3d0363", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535799, "uuid": "83f2c724-5192-4ecd-a3a0-ba2cf398afc1", "value": "T159E2E0A1B0F1729279F6D432DF4A0F21994CCB17B220C902F7CF139AB68D959F6D500A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535799, "uuid": "2d72b6da-50b2-4dd6-87f0-4d1d9ac26812", "value": "768:MOjP50NSSaE8UebIt4tnEwexiSWNqmlMGG7EiebmCs:7x0IOKstenEZhWNbIRD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535799, "uuid": "77b46566-8616-48bf-8617-9844b6d5a3ea", "value": 33390, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535799, "uuid": "bef0842a-700a-4e67-990f-01862bc4bde1", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535799, "uuid": "0f819bef-9d92-46fc-b7bf-7ed99e4c3b96", "value": "2021APT-28_47334453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29b96a2b-f0c2-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627600227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600227, "uuid": "937f91fc-215e-4de2-87b4-92cbce55fb57", "comment": "Malware payload (Mirai)", "value": "7960beeca0c6b05c1b25ec1dcf3518cc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600227, "uuid": "e6382712-ae2d-4fab-870e-014ceb1085e3", "comment": "Malware payload (Mirai)", "value": "778dc9f95653b629bc08049cde53470ffb36d347318303fa804a8c89a953ba25", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600227, "uuid": "edeb3d32-0115-406d-ad52-1c101287b090", "comment": "Malware payload (Mirai)", "value": "fdf66689142abcf78aba6188ee511c7c1d7f9669", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600227, "uuid": "0c7efa0d-c701-4bf4-854f-bd712e07775f", "comment": "Malware payload (Mirai)", "value": "0e4282f855a8535609d25e0db25325c3d479371722ef032fd0585690f1046f7edb99fb29868df0569853b0f0cc35c342", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600227, "uuid": "803a98b9-75ac-4628-a287-bd3b5f78b676", "value": "T1C9B2D01EC0AE2E74FDDB7D355941E2817B619BDF3A72CDC017C16A110622D281F9CAD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600227, "uuid": "1bfbbd99-66de-413e-bc48-cc21ee91af27", "value": "384:EA0AeimAzNCdvw1PwIWWtKfz9VuBFoeIoA8FXw2t7tTmojIoK4fVM4uVcqgw05VY:KApCdvwJr69VJoA8FZtxCo8F4uVcqgwr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627600227, "uuid": "2de47bdb-1c91-413e-83f7-84efc02b5b63", "value": 23936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627600227, "uuid": "f00f8b1b-f0ce-497e-8e06-8f36732957bf", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600227, "uuid": "83a49bce-5301-4736-8ea9-618040e2ffe8", "value": "7960beeca0c6b05c1b25ec1dcf3518cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "731d587c-f063-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627559548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559548, "uuid": "6e3349b3-86c4-4edb-8fe3-e42fabe16667", "comment": "Malware payload", "value": "36e3c78f598a32c6609e20961dfcedd3", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559548, "uuid": "d5e41078-21db-48ef-8c21-d946ace0eac8", "comment": "Malware payload", "value": "77babe6a7f1b0433a30a510a851211d8eb974ef243715e98fbd3e883e2c12557", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559548, "uuid": "459378ba-34d7-4a48-84eb-a93f032a0677", "comment": "Malware payload", "value": "cbd5c414c8c40e4852fb07ae7ee6134a5a9ce7c4", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559548, "uuid": "290374d3-70e9-48e8-8e16-9393b375cae5", "comment": "Malware payload", "value": "6e896aec9d9a5bc7bdb02a014000f6c1c54bdc6f7431e9ac0f04046078b78d57685d738255514645e8b7b502f3f5a679", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559548, "uuid": "ffc95f9a-85cb-447d-a351-f26ff9485670", "value": "T17C55DF81F3C8BC2FCDB7C1324B760A6B95868D9A8646D3574561B12C89FBDC09E85FC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559548, "uuid": "ee935713-64fc-465e-8c1e-01f9d16d1db1", "value": "24576:/nJ/44wS5eNRRUrbJv6w3ZfKGsILaRfvc9hJnXePOG6i2JvxSgk3pyHB:/nJ/rqDRUXpJyGF2RXc9iHt2JggkMh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559548, "uuid": "77fcc095-c87b-4eeb-8885-84d4b68afa6c", "value": 1348933, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559548, "uuid": "c0dccda8-e28e-4d8f-ae41-43d7009ff12e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559548, "uuid": "39381d09-7607-484c-94be-5a3f5e526fd6", "value": "Hd talk.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53726f93-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627557777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557777, "uuid": "c18c7272-b252-4323-a1eb-69d1fbf14179", "comment": "Malware payload (AgentTesla)", "value": "6d4955b5eb33401af937ca5ac6293eaf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557777, "uuid": "05d80109-6f0f-4dc5-911a-224577701f0d", "comment": "Malware payload (AgentTesla)", "value": "781e783c639985e532ccb361dddd1fb381fe318db014e20fd4976020bcf29321", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557777, "uuid": "f82719c9-b52f-470b-9cb6-96e0629237aa", "comment": "Malware payload (AgentTesla)", "value": "a870622d57b0a813eb40d3b32f712ba182429506", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557777, "uuid": "85748833-d918-447f-bacb-1fd04a1c9b8d", "comment": "Malware payload (AgentTesla)", "value": "484b2c2b9365e6c2d3a23038cf15e34e9dd386838e680b12ca526174469ed9adc27148bb396de5a2cc0b319491030349", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557777, "uuid": "7eeccfc8-f60c-4314-9263-2b31d956fdee", "value": "T15C7149B12ABC3CD6CF1D14278CBAFEBAA4F7B95593D54640B09C9A920716333D827D01", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557777, "uuid": "85340a33-4d20-493d-a948-dbb28ffccffb", "value": "96:r5Qy68gG9QUCod6F5cmfsP+Gv3zcRgl1dO6PQx1U:r61G9QLEP+Gv+gI+Qxi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557777, "uuid": "d3ce722a-d594-4359-8d4e-c55f515f3b9f", "value": 3776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557777, "uuid": "232e2e73-221c-4f2c-aef1-9c5cc2a5b151", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557777, "uuid": "6aab02bc-f970-44e8-8c0d-1106258a70b0", "value": "Blackcatjsc inquiry.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36fe2409-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627548281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548281, "uuid": "af28af44-cfb3-4089-bb7a-dd899f7bcea3", "comment": "Malware payload (SnakeKeylogger)", "value": "9952a134740ae9c31c062ccbf1626b65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548281, "uuid": "b85c7f24-63cd-4102-b43e-56c818fb6903", "comment": "Malware payload (SnakeKeylogger)", "value": "788d470ce27a2f12ebe54247835927928da9d95a3cf409672afb5c87fb5f7c9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548281, "uuid": "fe529f71-e66a-48ef-b3cf-366cfd2fedd1", "comment": "Malware payload (SnakeKeylogger)", "value": "bd51a4a2b35a987e21b047e1961b17e883b2c06e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548281, "uuid": "5f53b029-5e09-4b69-8b59-eb914d697bb1", "comment": "Malware payload (SnakeKeylogger)", "value": "be1c72bfaf2517e9bca0d345ba64626fc3fbadf87dab19495ac81dadb32e101b0dc6ccb9bfd1b085e03633432908c72c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548281, "uuid": "2854c5fd-f7ac-47c6-adf1-e40cc8cc3700", "value": "T1BB259E20B6C4DE19E56EA3368EDF601047FEFE123532D7686DE123B5290AF15D8742CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548281, "uuid": "c009cfde-b7a5-4126-be22-fd9c434bcc44", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548281, "uuid": "eb988a2e-c8a1-44f1-a671-f20255121b29", "value": "12288:CxTC/vsAfI9GmH+tpIxL6A65/d/XhjoBoRoDoyob8I9ReuFT1jIznRZ80zMMzAc:AGu+t4G5/d/hK64JHIBFJjIznr8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548281, "uuid": "4aaec665-b90a-4690-843e-bf891eb6810b", "value": 1022976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548281, "uuid": "c6fdb715-a4ff-40b1-bf65-aa90d354245b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548281, "uuid": "3cd0d500-a45b-4660-ae12-0378c3899cd1", "value": "9952a134740ae9c31c062ccbf1626b65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07c7365f-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627558080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558080, "uuid": "e7f0581c-17b2-4d80-807b-647e91d20d76", "comment": "Malware payload (Formbook)", "value": "03cf2bfad277e1c36436c1791aca0043", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558080, "uuid": "86e3972e-1dcc-45b8-ad10-c3113d22eac7", "comment": "Malware payload (Formbook)", "value": "7961678070fe09abf8a2f4bc03982e545a7bbac72e49d4cb9664967088dde399", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558080, "uuid": "4d694ee4-2b61-4919-8c2e-b7365c04d50e", "comment": "Malware payload (Formbook)", "value": "6ad6d56b6b6ae8ff6c52b50bccf5f5a33123af2a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558080, "uuid": "487a3faa-acb7-46e3-9a97-64f1e45ad2e8", "comment": "Malware payload (Formbook)", "value": "d06a67cfd537bbcf8da7d833b1d36bd7a7ec6ce57e21045e67805f1f3f2a15dbba34613cdbffd2c2870e7f475fe52aff", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558080, "uuid": "db09ae6a-bcd5-4ab7-b05a-5e63b694d3ae", "value": "T1395512A3BCA44330C5AF8A7A15185C0504EF7F8AE8A9722779EB3B4E2374D71116D277", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558080, "uuid": "ca75a493-682e-4648-82e2-02768806c97b", "value": "24576:fu4CW6qgbeykvvigJJI3jZHD7JYQ7yQ88ma0ZG13ehBOJ2o186S:GZc4wC0JeZH/JYmP88mTZGVefld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558080, "uuid": "4193ef51-77e6-4142-b1aa-dfe9d353bbf5", "value": 1303040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558080, "uuid": "f98b6dab-f484-4786-b73f-b49820d5192e", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558080, "uuid": "47248edf-904d-40fc-8af5-5b520dd4076f", "value": "ASM Loan Agreement .xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3698c70b-f034-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627539260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539260, "uuid": "a1121e2a-ff0a-4d1b-994c-3068499fc0da", "comment": "Malware payload (Loki)", "value": "b7da251d3f98a75ae233d09b17f3d362", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539260, "uuid": "18060c3c-31fe-4b1f-b91f-6573d0183434", "comment": "Malware payload (Loki)", "value": "799472ff2ede6b91288e967a805661d7ce186ca8ef7756c4bad3ed548e7c28b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539260, "uuid": "c5fcdc16-63b8-4eed-91ed-5637e9247850", "comment": "Malware payload (Loki)", "value": "88a7ef6ba44c82821a2fe302be5ea343c8d58fbc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539260, "uuid": "c868aa05-8109-4f76-9f7d-63d28064ea0d", "comment": "Malware payload (Loki)", "value": "c0f43357fbbc68eeea92ffccc40f27192a313f09869752db9072ad7fec19dc44f2190a46b08fa00b364c6b3f7b17070f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539260, "uuid": "6e8c434d-c83a-4332-9988-c7a24cf581c8", "value": "T192D4ADE1153C7B0BF0AF0B7D907180629BF0509BCA69DBE5FF7304EAAF152A76051686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539260, "uuid": "3c56a607-9908-4d31-aba0-c6b853869f57", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539260, "uuid": "514c5474-9c1d-4a79-8cdf-250b7c1bf477", "value": "12288:/84PU9vPU9Cv2pzVL2OsBgo0q4wMHuSmB7k9ainBwMJE9DBVqROv0XBbPaiWv:/8SL2OsBgo0q4wMH59LBwMoVVwXBbPaH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539260, "uuid": "d07a6ad2-f392-4d5c-9cb9-c7b0eea78add", "value": 654848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539260, "uuid": "c28af5cb-2730-4f30-8f5d-e98fc958c471", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539260, "uuid": "6700ba17-3309-4522-a252-ebe7117bc987", "value": "remittance for USD 8,752.16.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee226b8c-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535273, "uuid": "0808583c-290c-4b31-b0f4-644fb08362ac", "comment": "Malware payload (TrickBot)", "value": "567d98d87b37e4e48a1c61db4634ab73", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535273, "uuid": "a6b7c12c-d472-4f15-b356-d9ae8327647f", "comment": "Malware payload (TrickBot)", "value": "7afc4392d40025f72a82c6db927ce5d66e7752c1ce55bdf914e67d9f00a995a9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535273, "uuid": "b7f09323-0b29-4294-acf5-7f62b663de46", "comment": "Malware payload (TrickBot)", "value": "ad66c0a2b6bf2e922be4c2ffeebb2b4ff219a0be", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535273, "uuid": "17498f63-72ee-4dc1-96d5-2a1755baaa50", "comment": "Malware payload (TrickBot)", "value": "2bec9f98739f1c4dfe2101da23cff0f0e819930648a50f9fdf911d3fa2ab895a9e1bdb834015f2a2a5e13b1d0fce245b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535273, "uuid": "171c7e85-ae91-4bb5-84f2-5cf91f3f4b8a", "value": "T15D83FCE82AD0E417338D2F17FE0A7AEAD1BA6C5796C47507D1587A4C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535273, "uuid": "65a94c36-4ecb-4d54-9161-ed97cbc45697", "value": "1536:o/QV84ejAgdEPY9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8R:TGTjAoh9Ry98guHVBqqg2bcruzUHmLKH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535273, "uuid": "345f7a6b-f4c1-4e7a-b6f6-ffff4f323c9d", "value": 83651, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535273, "uuid": "06aec9f2-283c-4d34-a132-62149bcad143", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535273, "uuid": "c8f834f8-bb3e-441f-b774-cde774be4e8e", "value": "2021APT-28_12834453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72ed202c-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535926, "uuid": "4597790b-5380-4555-9385-bcb3f313ad17", "comment": "Malware payload (TrickBot)", "value": "6f377c34b6d040e62d006d74b5afe3eb", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535926, "uuid": "19449057-fbce-4b5a-a870-d8de8182c901", "comment": "Malware payload (TrickBot)", "value": "7b166fc8650debf8a17862c652b68248edd33185d185880b2cf00ea446bfc57d", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535926, "uuid": "2cc68980-d859-4697-a6be-c25c8859ca1a", "comment": "Malware payload (TrickBot)", "value": "9a00861ab8ff9f6629dc095cd560d229c40404f4", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535926, "uuid": "c168b184-6b43-4343-94f2-a15806f599d3", "comment": "Malware payload (TrickBot)", "value": "47554d2e46310fcdda3076f79d6273767fab8d402c16b4c196d8521773a7f3a2008d612d4fff592c7a98b0f40c2e6f6d", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535926, "uuid": "d5475e35-c45d-448e-849f-efc0dc963f0d", "value": "T11733015910A065F2C49BF83DAA9B11FF21E781166EF8781BD19C59AC35C3DCDC849EB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535926, "uuid": "e8b1b526-ce2c-4f68-8fc4-70da9ca08097", "value": "768:WZAwyGKs5csOjFRQPDB0tok4VncVap/wB2Hdec+mVNYZo4VgLi:QAwJZ50F2PDGAcuIBwVL7YSPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535926, "uuid": "a808991c-0b0a-4f3f-a265-144ecca0c244", "value": 52959, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535926, "uuid": "596fcb08-d6f8-44cc-aa03-3a74317ed392", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535926, "uuid": "491c4239-6f48-43c0-9704-ea4ae819a9d4", "value": "2021APT-28_90354453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7611af44-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535931, "uuid": "6ac31b38-0195-43cf-9154-0afc49ea3a9a", "comment": "Malware payload (TrickBot)", "value": "abf53bb05dbf67b4703b8f4a2755ba13", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535931, "uuid": "4bc2c970-5167-4015-b920-4a86f0b2757a", "comment": "Malware payload (TrickBot)", "value": "7b757d1a348750b9cee20bbad9acbc3aa7d48a6dc14d1ec53edd3d6a3a01f01a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535931, "uuid": "6c707792-9447-457b-a9d3-e2062e151f13", "comment": "Malware payload (TrickBot)", "value": "cb792465da2c0affbc1837246a5467a1f0c58edd", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535931, "uuid": "c5143116-36f5-4e25-a420-a5bd247c84ef", "comment": "Malware payload (TrickBot)", "value": "6be9b73be86093f341e05f448a513c11d64521d741ff12fbe2300196d7e3afe95c1c86c4fa3722407c4726a1868fa8b0", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535931, "uuid": "b2f4f7db-77d2-4254-bbba-f5e199437c13", "value": "T1A7C392D86AC0E413338D2F1BFE0A36EAD17AA85696C47607D15C3A5C28ED11BC6B4DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535931, "uuid": "239c94b5-b8ff-4cb1-be7e-afc1844b15fd", "value": "3072:qZfNzvFGGbRd0iojdxRrR9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9Sx:qVRdKVrR9Ry9RuXqW4SzUHmLKeMMU7GP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535931, "uuid": "d010d6cd-27f4-4282-861e-dc884de21f22", "value": 119059, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535931, "uuid": "a3a1ef3a-e498-4347-a94e-0c1fbd005344", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535931, "uuid": "eb82b960-c731-4302-8f15-47a35152bccb", "value": "2021APT-28_90354453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd52a2f2-f07d-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627570947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570947, "uuid": "b1d70a72-b5a2-4e3d-a649-6a293440e1fb", "comment": "Malware payload (RedLineStealer)", "value": "005d63a86e84a4f6ab67e31112ac3eb9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570947, "uuid": "eea36409-0cbe-42b3-9f90-fa9080d45eec", "comment": "Malware payload (RedLineStealer)", "value": "7c0bada1ef977f7b158ffa9ba3f761ca3c0b2cd169730b7c7ba0344fa4e32ae9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570947, "uuid": "29ed05da-d57d-4941-a86b-831a5f0bb910", "comment": "Malware payload (RedLineStealer)", "value": "501be85c05f08c2c42e63cbdce9da818f9c3bf4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570947, "uuid": "2f95199a-5960-450e-a729-de816adbfbe3", "comment": "Malware payload (RedLineStealer)", "value": "c425470dc4aa09bc1e14f80810301d69be96a5d2e3714c57f93861e41d09bf982bd28d30378aeaba4196d7a71bcaf6c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570947, "uuid": "416075bb-cc2b-4a3a-8b92-6d1be8761182", "value": "T1F1E4F131BA90C036E0B752F84ABAD379651D3AA1A73490CF22D516EE07347E9EC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570947, "uuid": "55af5a19-ef32-4d3e-94b3-a0a1caa104ed", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570947, "uuid": "c0187be6-ec15-4412-9a4a-e213176e90dc", "value": "12288:5O4KvdzIrTSQOCK6aIGs6MsQTnDiqMoyJB/f7tG2ebqimxT+fuL:7KvdziST61GvQzDiqMoyfJG1qPTJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570947, "uuid": "a4e4d9d2-ef3a-4899-933f-c1bc09da5dd4", "value": 704512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570947, "uuid": "f0f2f465-9e59-4f20-9d08-16edf9c66977", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570947, "uuid": "d7d2eb9e-8947-4630-bd57-527076ec95d1", "value": "005d63a86e84a4f6ab67e31112ac3eb9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26da4183-f08d-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627577459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577459, "uuid": "0944a06c-8e61-423b-8b6c-4249578fa8a2", "comment": "Malware payload (TrickBot)", "value": "0eaddf56d350d8a52b899aef989b1522", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "macros", "colour": "#F0E650", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577459, "uuid": "c2fcaf9b-55b1-4efd-a461-9b52c960d88b", "comment": "Malware payload (TrickBot)", "value": "7c643b173e20c0c8386edb5e63e6d36db9acfd11795a57bedd78de77d43f2149", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "macros", "colour": "#F0E650", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577459, "uuid": "c1605ff9-145c-454b-9190-594b72b1cbd7", "comment": "Malware payload (TrickBot)", "value": "c7c53a028f0d8fb5572c583a638639a8f5f3da6c", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "macros", "colour": "#F0E650", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577459, "uuid": "0e90ef38-0ff5-4430-8040-07f94fe70a88", "comment": "Malware payload (TrickBot)", "value": "06e27d0e9da8ae204cf82fe8e12f91513f061836b4f6d64b83e65a1cf00b2e0781b6ea51c58e4e00ca107e0af9a0c4f9", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "macros", "colour": "#F0E650", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577459, "uuid": "a61e9e59-546a-4abb-86dd-a0a4108c0815", "value": "T1DD7318BAF0425CDB468289F13E1CA4916C67B1DFD1DCD36EF4CAE12531D38A68A3B095", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577459, "uuid": "8e6423a9-d415-4239-9834-e1ad6e0de2f4", "value": "1536:EYwXAHr11AQYyqGJHQYCDEtU6dLTR97/tU:EXixQYNtU6Zv/O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627577459, "uuid": "100a3ab0-9c50-4d99-bc79-de3bf8df512f", "value": 73434, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627577459, "uuid": "f9cba5a3-d978-4593-9cb5-a01afe00a4ad", "value": "text/xml", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577459, "uuid": "7fad95af-321f-400e-8697-332217df7efd", "value": "require,07.29.21.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21153408-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535788, "uuid": "023b4818-7e9d-4229-a271-57d21b6cb3ea", "comment": "Malware payload (TrickBot)", "value": "e8c857ee0769e7b3574e556ba1aee14c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535788, "uuid": "148acd00-3aa7-459a-8708-1159479a0a8c", "comment": "Malware payload (TrickBot)", "value": "7d22005bcc6da7dfe124e6c84d4f096965e9c8e5b440a62639e82d587257445d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535788, "uuid": "54d6a7f7-62bf-4e3a-be8b-73a54487d00c", "comment": "Malware payload (TrickBot)", "value": "a4accba06e72a70af8b5913dd5d38b1af3b2a7f7", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535788, "uuid": "5fc92ad5-a452-4b1f-8d4c-5bf66d2acf90", "comment": "Malware payload (TrickBot)", "value": "d315addf643c7381aa9b9d32861e1fef1b2c5879da7268ba5a9142245fe94c9c187ad81982d1a60abff723d084602f97", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535788, "uuid": "97d40b24-40c3-400d-adf3-aeebe063e26a", "value": "T1F0B391E86BC0E413338D2F17FE0A36EAD17A985796C07607D1587A4C29ED21BC6A4DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535788, "uuid": "5fe529f8-104f-4ff3-9f25-84e98a921fc3", "value": "3072:Vvn3+WJavjNF9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5b6:F7I5F9Ry9RuXqW4SzUHmLKeMMU7GwWBC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535788, "uuid": "91063f4d-e802-4f9d-a80c-744e54551578", "value": 117200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535788, "uuid": "574d4949-ace8-44a7-8481-5c1cf71d99e5", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535788, "uuid": "c83dddad-81ed-4024-9489-6000adc50657", "value": "2021APT-28_58968453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e9131ab-f070-11eb-875b-42010a9c0053", "comment": "Malware payload (LimeRAT)", "timestamp": 1627565151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565151, "uuid": "b0f5ce66-c529-4c6e-b68a-e3f6fc6dfae3", "comment": "Malware payload (LimeRAT)", "value": "90091c8c9c69b12fe47cee45e5090bf9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565151, "uuid": "d5ca2d4c-24b0-4033-9403-89be069def57", "comment": "Malware payload (LimeRAT)", "value": "7d900c842228164a450c070b49db71709f73aab97f548167e79742f505e2edc7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565151, "uuid": "7f22ad43-a95f-493a-b830-8a310dddc7a6", "comment": "Malware payload (LimeRAT)", "value": "e7faaf6695ac2c30dbda38e576e6f50eaa04127a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565151, "uuid": "f167cc31-f45e-4dfa-81dd-514cce20ae41", "comment": "Malware payload (LimeRAT)", "value": "0b3040e2abfb5d84f5b43e0a1506f61e3c3b4f02397d4f6e456b62f97d6f3898c1aa9af70b1dae2516aa8d844726a4b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565151, "uuid": "54adaf20-4aa7-4126-9d25-12c3dcf730b6", "value": "T1F245D024C98C9FA6CC1C03740AA446385EF5ADE2F270D8AC3D8D75B177F191AEAB6345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565151, "uuid": "e7e2653b-1bf1-41d5-a424-f766898ce594", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565151, "uuid": "15eb5982-1652-4e81-a120-94a45835cd80", "value": "24576:e4S/d3uKzksuksSmmRBhZfyrBvEiomcy8jh8N6ZNXZ:dKLmCZMBvEirc+N6ZNX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565151, "uuid": "84192f2a-22ba-4032-8928-0e2ad0b30016", "value": 1180160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565151, "uuid": "fd0b87a2-e1cc-46ab-9958-5623f72385b4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565151, "uuid": "b7a13247-9597-4d49-b783-5e250882e757", "value": "90091c8c9c69b12fe47cee45e5090bf9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9d3edf6-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536474, "uuid": "8c89aede-d760-4d21-a68a-9d7781ec8a40", "comment": "Malware payload (AgentTesla)", "value": "c01780ae2a1bf9d2f55b81e243fbc266", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536474, "uuid": "b43fc299-bfc0-40ce-b17c-66098877de57", "comment": "Malware payload (AgentTesla)", "value": "7dad1f099279bbb3c3c62fded12c958293698dc9d2f593a97f3d61c112729373", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536474, "uuid": "9026f826-8e14-42c5-a208-d82c7d1fe3ff", "comment": "Malware payload (AgentTesla)", "value": "18118ec75fc01ceba121dc84c5c5049a0c9487f1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536474, "uuid": "c95644a8-699e-457e-b50f-2c04b307bf4d", "comment": "Malware payload (AgentTesla)", "value": "314def82f4e40eba7999ad5657f9f37a99552a6d1aa2509b84c56d307355d1cf12971d79d09a5773aca00f86fcc8c9f9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536474, "uuid": "59e7d3c1-c579-46a9-9e91-d33b3fbf7162", "value": "T17A82D04AD28F82A2E4CCE412790AA0E5B036DF5ED4C659B9FF9794007F6FC71042F41A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536474, "uuid": "1f13ecf0-a898-4b7f-880a-c18469299e50", "value": "384:WlwXwMjx1eynLcHbAIYgJSlow6rTRrxrWeEuHIpuBXpHaAJA:Wuxpy/dSlp6rTRrVWxp4XFaeA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536474, "uuid": "21b38e44-bc04-4262-808a-ead2f1adb1d5", "value": 18409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536474, "uuid": "9a36e0f9-4e85-4acd-b8de-80fa839a4508", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536474, "uuid": "7290ca82-54a2-4de7-a564-e284220c0ee7", "value": "Drawing 427351_pdf.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "003c5845-f034-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627539169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539169, "uuid": "248629a7-9654-4a21-9fbb-32ddd9d4dbf5", "comment": "Malware payload (TrickBot)", "value": "59ec367995c6cf649ab2a6d280836e31", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539169, "uuid": "af384da2-81bf-4fae-bc25-e15d0a651374", "comment": "Malware payload (TrickBot)", "value": "7e56e276f8847c9ff3973e49e005a7a76a2ce251bda01cd5ef252f9a4ae9c04e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539169, "uuid": "bc9b763f-ebee-47a2-91bd-2e6136ec09ad", "comment": "Malware payload (TrickBot)", "value": "51f2d352e1f67924c5351c59941e86ecd7972c16", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539169, "uuid": "7d523639-ad5a-4b41-9e5a-3088e275c294", "comment": "Malware payload (TrickBot)", "value": "309844f278497aa97bddf4f607558ccb0c0ca487a03688d4ffd791bc98333d94028b6b66de253fc1d309983c379fcf1a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539169, "uuid": "f76a43cb-7568-4e01-b26d-a478fd26f192", "value": "T13E84F10272E48472D1AE067D1E7AE726A7BBFD60CEF1CB831B501B5E5C325515E2A323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539169, "uuid": "2962c56f-3623-4e14-b355-339950170a7c", "value": "93c8be65f795f8d5eaeffa41b2fede54", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539169, "uuid": "81f62f67-00b2-4adf-9826-8feebc431ff9", "value": "6144:qMAkbRLPcME7axCCXBqHhVEEX/Pw/Q4EbOZwBaqaQaf4+OlHB7VOolFu0JRLdInR:qpkbRLPcMEBZz3aq8Q7HVfl/byndPn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539169, "uuid": "2d27c766-8517-48c4-9a32-4374a200e3ee", "value": 380928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539169, "uuid": "684d681d-b472-49ab-9d8a-fd85680d15af", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539169, "uuid": "d2c0422c-39fc-49d1-ba91-734fcfd7ff8c", "value": "113_ColourPickDemo.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1004cceb-f061-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558523, "uuid": "bb07d2d5-2cac-4d79-9bbb-3c1a2bb830f0", "comment": "Malware payload", "value": "6371948f4fb6c8b2cfddb8ad6e83fcca", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558523, "uuid": "9277cbfe-a169-4923-a5d6-3f6fd9eafb03", "comment": "Malware payload", "value": "7e9cf3919f64caf3710cec82b49f84cc64df09f38973c228379793855fad75d3", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558523, "uuid": "9b391153-2928-4183-b853-f44e64197151", "comment": "Malware payload", "value": "977eaa35c24523e8006e49d85932f65b09b41293", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558523, "uuid": "6500f2bc-7837-40be-8f29-996fd71fe62e", "comment": "Malware payload", "value": "149d151f4c53e5a53d005000732b618e80c3576a77b441c2cfe76496ee18045f4212d7d2cbcb16af3e760e83ae9147b8", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558523, "uuid": "e70cb302-4757-402f-a732-04bb67845e89", "value": "T1D4E423A16F0A4E2916BD473468ABDB165FF40E01698363D256E03109D9FF3644A2F73F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558523, "uuid": "903b556a-7c97-4242-8223-d1287d0e089e", "value": "12288:VI1ZKHU7hGeAjI5Z2KwwcFLKKLP2qhICP5puILuCNUgUlt8bPvtlujYu570hE47:n07QeAU5QwcV7DWILuVgPbP1Tu54f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558523, "uuid": "fc89c356-b275-4cc2-8713-18318916176a", "value": 674764, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558523, "uuid": "73cc41eb-6eeb-43fd-9337-5222c56ec3e8", "value": "text/html", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558523, "uuid": "bb00ac90-3fa4-4cbd-9aa3-5cffc7590bdc", "value": "paym_reminder_488876.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "455b48e5-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535849, "uuid": "cf7b6877-1cb0-40e2-93d7-fed930f048dc", "comment": "Malware payload (TrickBot)", "value": "acaf5a08659624bc8c68441c9769809d", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535849, "uuid": "7ffc0bb3-7370-48c8-b9eb-acab344982c0", "comment": "Malware payload (TrickBot)", "value": "7f1e5d9a68e7cbc45804186bcbc5353cfc7adb4cb8a1c550f7b6903d2d1eeadd", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535849, "uuid": "628c7c95-c4ce-43ae-a812-9e4ba4115c0b", "comment": "Malware payload (TrickBot)", "value": "32c1a4e96a5d8a454ff3933ef19b4decef488d47", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535849, "uuid": "3ce54d09-476c-4fb4-bb42-2096b30b8984", "comment": "Malware payload (TrickBot)", "value": "671271e6a8a62abd252d56fb71607e80dc1256692aafcf6506948b4d3350e0d6e77613cdd8a71ebc175a0f421e6483bd", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535849, "uuid": "dde312c1-7677-4dd0-b8ab-8f5421fcf123", "value": "T124230211BC88467989D36ECE2AD50DA2E1C356728C4C98410FFAF6245E6B0FB694FDE0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535849, "uuid": "428a68ca-3f8e-4056-a79a-f62cc489f5e7", "value": "768:V+apl2nEVz82ZGy1qMVBP9vOMnLOKcxwJhwgLhFRyhSQ6EFyvwUwjY+eFiyauQB4:VOOGMVBVNn9cxwJhPdvyhS1ns0Wyau9z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535849, "uuid": "852828cd-2ae4-4952-8dc6-266091a26f5c", "value": 47537, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535849, "uuid": "d2af5fd3-7b48-4c3e-b928-6191d7987312", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535849, "uuid": "9e6fce21-f248-4555-8a00-58430e0617f0", "value": "2021APT-28_4770453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5bf95ec-f033-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627539071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539071, "uuid": "74c3004e-cb1b-40a3-b541-8093dab6a9a3", "comment": "Malware payload (Formbook)", "value": "d947d670aefcb65eed9e9191bb6659b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539071, "uuid": "5cc4f824-2dcb-4a53-bf04-3311a575bf86", "comment": "Malware payload (Formbook)", "value": "7f3e97e42369a76be6688dc29fe71b83b0754acc7df08a6253460e23da7d1ce7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539071, "uuid": "2ab2b0e6-e90c-45df-9506-b90de588f072", "comment": "Malware payload (Formbook)", "value": "50562d1ed8484b631397db5f37077e67ddfa60e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539071, "uuid": "89bf6b18-30a8-4d4f-b3d4-16272de2e6b5", "comment": "Malware payload (Formbook)", "value": "54783a502ac9c2c86d6e1643c58b78c2cb00b2ffe3aa7d49346b42ff82cf8834c9cdbc275ad926cd874fb4b1a36f0a76", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539071, "uuid": "ab42c081-7882-4268-a7c9-d70bbee40138", "value": "T1AC359D21B6C4CA2AE1AF83368EDE60144BFCFB523672E768BDE133B54909B51D4741C9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539071, "uuid": "5d5d0f37-b435-467c-a1db-f76d5e98fd0a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539071, "uuid": "2a7c17e8-1bdd-4735-b0b5-de18ad4e63f1", "value": "24576:mtplhqy45/dp7aK64MEmM4KEadMBRkDGzwP6x:mWaK64hmM4K6iL6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539071, "uuid": "d88a2bbc-082a-48fb-8eae-c0e2bc27b749", "value": 1110016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539071, "uuid": "3534c558-a86d-4f2d-a985-30dcfbdf7804", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539071, "uuid": "39b39a01-dea0-4858-8b22-449ce65dbce0", "value": "MR# RFx 21-2034021.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db639770-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627548127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548127, "uuid": "f6ebe751-3f33-4b77-b97c-70e428aa8330", "comment": "Malware payload (RaccoonStealer)", "value": "dfa8a3cee477e6dd764c28a8a3a78e4d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548127, "uuid": "fb5dc3c1-76d7-44e5-a1de-30132f9e31f9", "comment": "Malware payload (RaccoonStealer)", "value": "7fa8300652f1b8c48e6ac25203994e388acb14ffc29393da5175de05ec1614d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548127, "uuid": "be899b00-ef33-4da9-84a1-48aa1dd1bef9", "comment": "Malware payload (RaccoonStealer)", "value": "005e2358456d388a25e8e79d2585623f7ae5fda7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548127, "uuid": "70dc4f8a-52c7-438d-9d49-85759d55314b", "comment": "Malware payload (RaccoonStealer)", "value": "7ab7af3b603b113a5412c8915e4fc20cef924d4cb46cbeade72ccb2b54f817f7a745b6650f9d72e9b7311a065f17794d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548127, "uuid": "a16750d2-d2e9-4d72-98d5-61ff6c853e86", "value": "T13FB4E030BA90C039E4F712F846FAD369652D7E609B3444CB52D52AEE47346E8EC3179B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548127, "uuid": "399d4c9f-4e61-4d0d-a270-3fffc3f4ce64", "value": "ebe339f33228ec9cb9963341e6449ca2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548127, "uuid": "1c7c0714-8dad-4067-a9f7-2fb20da1f4b1", "value": "12288:NKdKp+OO13LX9vdmEYUePlT9HL2qvdHMe8OXCxAveJBysPjsLk:NH+h3LFdZYlT4qvZXCS2JBpLs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548127, "uuid": "ded2d223-8ec9-4669-b931-da3d1119ad41", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548127, "uuid": "c2e6fe0d-a5bb-4c67-9314-9bdce5a153e2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548127, "uuid": "25f00ec4-79cd-427d-a1e1-9600c249816e", "value": "dfa8a3cee477e6dd764c28a8a3a78e4d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3328bfa-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627558018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558018, "uuid": "a80f300c-1bd4-4089-a882-e6e41731c341", "comment": "Malware payload (Loki)", "value": "9ad89fbc9364ec0f07010e478dc791b9", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558018, "uuid": "58c82fdd-bfe7-41b8-8cd8-fc6cd3ff6854", "comment": "Malware payload (Loki)", "value": "80d8f92d167e7cd52b409823d9ef672f80a5ba183c8b406d2360d8e77c4d7646", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558018, "uuid": "0ae74010-a675-4eeb-8850-067873a2ef18", "comment": "Malware payload (Loki)", "value": "50457caeaba8414e4616135b98b9bf175b721979", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558018, "uuid": "21b18ed6-bc84-4de3-97c2-bc3fbffc4a7a", "comment": "Malware payload (Loki)", "value": "e8f2fbab5d5e7019628d2263b51b3544b8aceab6c78822d8edb9d6619f5d4465c203c5385fa06928b15242f68c53a3d8", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558018, "uuid": "3ca67b0d-7e64-4d50-a78a-354d8f71d38e", "value": "T15B4512BC68F21F9DF02D20772506D529B06F8CD00F5ECDE7AA3B7E4158B1A580A67A1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558018, "uuid": "cb13277c-c7f4-4290-9c49-9f0252d1100d", "value": "24576:ffEfiyEiaT4PhTnoOVLcPu7U4gPJnLSJan/UjZlf+tAD3ZwL:3EfuiCchToMLcP14gRn9KlGYa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558018, "uuid": "22973831-6549-4b50-8349-94c89c1f19db", "value": 1211904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558018, "uuid": "676326a4-082a-48e2-91e0-4277e1e0b34d", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558018, "uuid": "1e24469e-9d91-47a7-8f73-e0a86f7d48c0", "value": "wxNew.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7326397a-f0c1-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599921, "uuid": "047e7127-ce8c-4bcd-b90a-6a2b73a46c03", "comment": "Malware payload (Mirai)", "value": "3aad1cbc2f1accdd2d3b295c0eef550f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599921, "uuid": "1fd9218a-5588-4557-be71-6ddf821480fd", "comment": "Malware payload (Mirai)", "value": "80dd2cca22a31a1972c8b0f6d133ae0df3d5ad7d67dbb7567261dcca2eabcfef", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599921, "uuid": "c283698c-bf68-4d37-9e4e-8f41a6ac7097", "comment": "Malware payload (Mirai)", "value": "04616314cecd453b2e38502ff856b2a2163e608f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599921, "uuid": "cc9e07b8-d624-4f3a-8690-a5a236e2daf3", "comment": "Malware payload (Mirai)", "value": "363a04f9a93680e50ba664ad918cb818fbefddedd4bf318081c66dbef8bb3c56cb349b04b73697c82428f9ed6eef0f83", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599921, "uuid": "a961bc04-72e7-4735-84d3-aadb5b2dea9a", "value": "T15BC2E1DFF49A79C5CD1C5CBC258D5AD116A9A2C3234B9F0837202DCDA5B644EB4AC8B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599921, "uuid": "98531c99-8623-46b6-8143-02415e6dba67", "value": "768:MLCUFskb2JgIs/E2+OocrfJiHNjfmQ2q7IoqdB/Wj:oCrJgHiOJrfwmQrctq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599921, "uuid": "902fc00d-29cb-4a1a-b937-bf233df235ba", "value": 27244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599921, "uuid": "f253c651-0183-4d0c-a2fe-144326c9c0e1", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599921, "uuid": "9da26032-272b-4cf6-bb97-00152e96d269", "value": "3aad1cbc2f1accdd2d3b295c0eef550f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0192886d-f0c1-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599731, "uuid": "14850b63-4a32-4b44-ad58-8b40c623f080", "comment": "Malware payload (Mirai)", "value": "81f58de8019d33550f53e54000205813", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599731, "uuid": "7db98651-4ba3-46f8-9ff3-c7898037d3cf", "comment": "Malware payload (Mirai)", "value": "8183ff1347a0f51ed3507a4768f1f9cbe7b48989dd3b7cfa483ce226bda341cb", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599731, "uuid": "79e36a01-f3d9-47e9-b009-f3ea434a4c7d", "comment": "Malware payload (Mirai)", "value": "b3d2d8cddac30e14347b8d9bce1a20b9c30a2efb", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599731, "uuid": "7d067bb8-69d4-4b94-b32e-ea2ec20ea23c", "comment": "Malware payload (Mirai)", "value": "0f3bf5e34d3f07df2ee4194de1c06f172c5c7c5aa12713ba63e98705cfcddea0b45a110bb88ff20512ce55524b3fef23", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599731, "uuid": "1d58c692-a772-4627-8e3e-1730efb3dd4e", "value": "T1C2D2E1016641FEE1D5B00235E8678A9B72263DB9D1D130FAC73D0DF8A6EAA1D47F4A43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599731, "uuid": "caac9d53-5b5b-40bb-906c-bd81815972b5", "value": "768:tusHfRavjynNKnjFcZIhQzhKMXgE9q3UEL7s:9RwynNIOQQ1KMwtL4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599731, "uuid": "aa19d4bc-47d1-4fc1-a95a-02e82086ebc8", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599731, "uuid": "61c7053d-32cd-496c-a3e5-0392d850f635", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599731, "uuid": "b8073258-5823-463a-bda9-a6799f961002", "value": "sora.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5af0f6f1-f019-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627527725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527725, "uuid": "96005254-d635-4539-b224-2c7e0cf35055", "comment": "Malware payload (Mirai)", "value": "177c048ecc8955c6de50130ae8d93b51", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527725, "uuid": "a4b6e996-c3f3-49db-a7de-482cac575e3f", "comment": "Malware payload (Mirai)", "value": "81fafef7a91f1a58f8f6effb775d41d3314f55676a6ec154835a393b14c5d7dd", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527725, "uuid": "a0351c4b-ba34-4a0a-a778-f5ac9fed1658", "comment": "Malware payload (Mirai)", "value": "7c1bf21442ad81d94ff8c8b7ff6023d843cfaa91", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527725, "uuid": "b68bd9c6-e6e8-4fde-8fac-be27e4fae83a", "comment": "Malware payload (Mirai)", "value": "57d10c13f5fde496c105361df7ba2fc9bceda0908c6375e93bfb317176f61280aa7976a347de091dbd93db108fe16810", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527725, "uuid": "2eaea929-ba84-4e97-9c5c-d233fadde462", "value": "T18464F1CBEE11AC7AFD9A4B7539670B09B3F0D6C5D3C3A180B268C5443CBD685A7646C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527725, "uuid": "ec23ba02-80f2-4994-bf61-bb86c067a243", "value": "3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6cozPa5POdOQ33Q:7O/QJHZweEL/NOjCHm7FZZnc7PqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627527725, "uuid": "26b21e13-3a69-4b53-9330-f2170c2f4732", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627527725, "uuid": "3e7c5082-4ec6-412d-845b-dde689f575e1", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527725, "uuid": "607105f9-c30d-4c12-b5bb-4bb557191590", "value": "Mozi.a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "244d7131-f053-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627552544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552544, "uuid": "71020bfa-bd2b-46c4-8be0-ef62f291df9f", "comment": "Malware payload (AZORult)", "value": "4f33a17371214d1e288835a4e1942b21", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552544, "uuid": "d2b2b853-e056-43e5-aec7-1cfce2e56a56", "comment": "Malware payload (AZORult)", "value": "83fb67804fa25e791c7871712005a006909d679d6846dffade6f02470c8a849d", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552544, "uuid": "2981b4da-00d2-4a77-a378-d241fc0e0324", "comment": "Malware payload (AZORult)", "value": "0dc7fbad7e9c5922cbaaf055d0f3013aef95502e", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552544, "uuid": "c4c424cd-6e61-4b3e-9190-30d70b23deac", "comment": "Malware payload (AZORult)", "value": "f9a986b92de4dbeb43bd3dc5eb0052ca8dc8bd233986f8067738953709d17ee5c4e61eebc334af962a874affaedb8d3d", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552544, "uuid": "f3142c0c-96bd-442c-b9fb-4616a665919a", "value": "T1A094AD7DEDF8DC2DE8550DFE09D301B48BDE6F65C938A1EA6D673A4A397802C8903241", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552544, "uuid": "1b79433f-3102-43ad-884b-8e6e81ed0d2f", "value": "913f6d6ea2411a4c15c51f2a8b2b970a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552544, "uuid": "9bad482b-3537-44d8-90e4-982cb612b9a6", "value": "6144:FEFv2R0czXtLJmFNRRfhDHOiFmk5D5gjp+DyemTsFTY:WFOWc71kF15THhmjp+jFk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627552544, "uuid": "324397a0-8be9-44dc-8bd9-2e46569c833f", "value": 419766, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627552544, "uuid": "e68c993b-f72b-4ad8-82aa-3071fd5ca743", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552544, "uuid": "0af7e48c-47c8-4234-a3dc-de1c8dc3bd53", "value": "price CFR Hai phong port.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09de4a68-f07f-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627571398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571398, "uuid": "e98b5ff9-837d-47dc-ba5a-ae1a93310c9d", "comment": "Malware payload (Formbook)", "value": "2750459cc862ae9f2adfa7b25e261cf4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571398, "uuid": "38a5bff5-c45f-4e03-a006-a88d70f77a3e", "comment": "Malware payload (Formbook)", "value": "84679ca59603f405a5096114188af75d5dcc3680ef795e446bd358f48cf12046", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571398, "uuid": "3f475e7b-1570-4626-b416-a7d9b4d83ce4", "comment": "Malware payload (Formbook)", "value": "0feb772c49f6cd166d4edc743138555d175ee11b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571398, "uuid": "fddd7d3d-d4ce-4b54-b7e9-8703ac48348e", "comment": "Malware payload (Formbook)", "value": "6c0c80682298a256312dd70e62d5c4333b3f8219b70a689dbedd892e16a4a3ff147d0dc3e9e390071fcfe3d71e9d8bfc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571398, "uuid": "23f2f857-731e-463a-9c9d-601e9101e056", "value": "T13834122137DC4E1AD7FA6A3638BA13A68B7F351EAC3DF60DD6583C65AC244438C5041B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571398, "uuid": "3f8fad1c-fe77-4b8c-8f7c-7f1be11e67d7", "value": "913f6d6ea2411a4c15c51f2a8b2b970a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571398, "uuid": "1413f34a-12b2-4784-890e-9174139a3977", "value": "6144:2svCRL+7pqtiBzssiOgUlCNoj8FgD7wlgmrbEX:9vCBMpqtYzss35eg/cbC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571398, "uuid": "8c49be87-87f4-4b22-ae8c-31e0bb264c56", "value": 246829, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571398, "uuid": "f6fe616a-0f1e-4a7c-82b5-b039efb40f17", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571398, "uuid": "4ac63375-cbe5-4877-bd80-223e707b1056", "value": "2750459cc862ae9f2adfa7b25e261cf4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2764491-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627580351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580351, "uuid": "1304e8a3-3d41-42e1-b1c7-0f2913e89b8e", "comment": "Malware payload (AgentTesla)", "value": "0fc90a67918411a041d39c0f30c99956", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580351, "uuid": "83f5f861-51ae-4d8a-945b-f6b9b19bbae5", "comment": "Malware payload (AgentTesla)", "value": "84979debf46b4d789598666be8445b63187e62d77df08a48bf613fd948fef83a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580351, "uuid": "c0152d10-b053-4998-a3f3-5637aa8bb109", "comment": "Malware payload (AgentTesla)", "value": "b84b9f8ee9d5c642f059014e99b3cc94f4182966", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580351, "uuid": "7508ea5c-4566-4706-a3d7-4a8fa3dc8485", "comment": "Malware payload (AgentTesla)", "value": "ec33a706fffc8704ddaf8d7729f29733cae54dd5acf0a60b5c5b55ca87056850986209d559995ce93936b181b6da8cb5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580351, "uuid": "c93c93fa-ca7a-4cd7-bf5b-98cb30e714be", "value": "T1AD42BF10EF652915CAE28836D81812A53EC2A93C6D4085DEFA5CB79CCB863AF1B15177", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580351, "uuid": "ee9b2489-7eed-4c10-bf17-8b55bfcb70f1", "value": "192:E7XqxXtLHj4vugA7i0QlCj8eldr8U2BVLHNtCwdV/7mFfsT9k40QfWUrfiu2J:E2BMAweldr8U+ZHNt5dV/CpsZPtWMfjk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580351, "uuid": "128d3f4d-dbb8-4848-af60-e99043650e99", "value": 12616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580351, "uuid": "bad474dc-d703-456b-b9b6-89fee6bbbd4b", "value": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580351, "uuid": "e7bdb3f3-8f17-4fe7-bb4b-b2acee2c1c34", "value": "ReservationId ,pdf.ppam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "875f91f0-f029-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627534672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534672, "uuid": "48a9a579-8b87-4629-be9e-fb1498674b66", "comment": "Malware payload (AgentTesla)", "value": "d52f0a712c20e318261cc0f8721d4195", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534672, "uuid": "d50502ac-99be-451a-84b2-341133f3cf3a", "comment": "Malware payload (AgentTesla)", "value": "858e998c45ccea10426ec99047ccf24f9689057574a102f81cabf15ad663f7ac", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534672, "uuid": "475acc8d-3a4c-43b0-a0c0-7cdd0d1be7d2", "comment": "Malware payload (AgentTesla)", "value": "6b4da780e3038c2c4c2b72b8a9af3d3f0bc8b868", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534672, "uuid": "4416b3c1-bd24-4ca1-9958-6bafff587cfc", "comment": "Malware payload (AgentTesla)", "value": "cfde20d61f6f2120dfec7cc1aabeb8b88837a0d64afd464b44f754d035eb2c388107999c7c6a655b5ec3b5ea0a6b637b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534672, "uuid": "107cb9e5-71c4-4415-a4f4-ae2e19926cf4", "value": "T180B4232845BF6BA7D54E280CB7209E75E2F74C6FC06C26011567E85DCA99A3B068FF84", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534672, "uuid": "aec4d795-e835-475b-bfd7-439011d485b6", "value": "12288:i9VtVSHvewPeTOW0OcWkdlTveKV4LtO3fhCRfC5:+VtVGmhOWMWkzeDoPk6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534672, "uuid": "abe10471-682a-46a0-9e7c-5546fcaf15d7", "value": 541766, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534672, "uuid": "b9c970ab-b553-4d88-80b5-29e300326539", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534672, "uuid": "35b5a061-c68a-4a12-93f3-10f37f8cb16b", "value": "TNT Einvoice No TNTMX9853 Consignment Notification Delivery_pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2d1a0c5-f04e-11eb-875b-42010a9c0053", "comment": "Malware payload (NanoCore)", "timestamp": 1627550743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550743, "uuid": "e2177aae-e95d-4935-ac1f-5243238ad01d", "comment": "Malware payload (NanoCore)", "value": "3ae84d9955e63a0abd562a613de684e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550743, "uuid": "ce4a25c7-193f-4dbd-875f-aab492f2fa3f", "comment": "Malware payload (NanoCore)", "value": "86c58706bb8e8602ea034ca99b3835a7d82f10714e270c2c3c0972ce567e0293", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550743, "uuid": "015d125f-f893-4f7e-88bb-ffc03464e1f3", "comment": "Malware payload (NanoCore)", "value": "ef017e8d78ad2a56f26cce2cf7899512709915cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627550743, "uuid": "b05e736e-160b-4724-9d42-169d7e4ddb70", "comment": "Malware payload (NanoCore)", "value": "d5b3e3b4767a0fd1b0d747ef12eae9a6a2c7fda2cffc80960557fb28fb5f96b6d519f5381a39290963835f43cdfaa9f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550743, "uuid": "f3565119-0506-4d40-a243-bc26ac07b56d", "value": "T14F15AC2A234A4567F67981757613ECF1FA10BE82AE109E0B82C67F8334276C1EEC5C5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550743, "uuid": "ee650df3-1d31-4b98-b6a8-ff860cc7e494", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550743, "uuid": "f597c585-5b0c-42c9-bb95-8b8be4d2c392", "value": "24576:KA8Fac6hoLoLiLRyin9FhleF0q9u+jjFND:p8AHhqoWLRyQFzeFJ97jjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627550743, "uuid": "f3562daa-3f82-43da-a801-e6694b053bdd", "value": 946688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627550743, "uuid": "d09defdb-a99d-4583-99c1-0a9b8a207186", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627550743, "uuid": "c6331d0b-9551-43c2-89cc-4c771c9ad8f4", "value": "New RFQ 0322100259.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f085393-f03a-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627542013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542013, "uuid": "f8edb231-5b89-426a-abdd-25c5eab2a126", "comment": "Malware payload (AgentTesla)", "value": "aa86ca00a2b4f285e61136d91e838fcc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542013, "uuid": "3d351452-e989-486c-a131-b6c865363fe8", "comment": "Malware payload (AgentTesla)", "value": "86e14041a986e22b9f2e53677ef97260dfde0cf6ed879d84bd8d4ab87acf539b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542013, "uuid": "bfc3e468-f3dd-4cdd-9777-0626d12878eb", "comment": "Malware payload (AgentTesla)", "value": "52f0f9c5c130e870f360d664f015207e11c30a5d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542013, "uuid": "6be9b0a7-124b-490d-b12d-42d7213535db", "comment": "Malware payload (AgentTesla)", "value": "f739bc0841f4620b40bc2ceadcddab4315857e9d550e57c56a4ea188ee101d8cc258994a61fb72e23b9ed49f37406dff", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542013, "uuid": "179df334-6c73-4107-9616-d56c6c0a329b", "value": "T11235C0251AC4962FF8EF43394BC420E0ABF9F91231B2E3985EC111B91985F49D6B53B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542013, "uuid": "d1338704-fc8d-4e81-932b-78afe1f51810", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542013, "uuid": "6101a7c0-960e-4557-92e3-265a31dda6a9", "value": "24576:alVi85S/d3YK64JhiYrMPEC/rhBmEtwS6Duj:azbK64JUYr0hBmHSWuj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542013, "uuid": "9ce9a1e0-b542-4f4b-8fa8-e47f01c3ef79", "value": 1065472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542013, "uuid": "c3fed7ad-6252-41e7-987f-53691d572f7a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542013, "uuid": "3467ee40-732a-4949-bc60-91e9278b0c07", "value": "aa86ca00a2b4f285e61136d91e838fcc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d35f1376-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (DanaBot)", "timestamp": 1627548543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548543, "uuid": "20a26497-be4c-4161-8a2d-7acdb061f80b", "comment": "Malware payload (DanaBot)", "value": "68a6707917bb90040755111aa42b5054", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548543, "uuid": "2d33d86d-1e72-43d7-9537-995ec05734e9", "comment": "Malware payload (DanaBot)", "value": "87d81ffeb04f8d1d4107c7c870fb3f52b4540f9e61addbedc920cabd81dd82b7", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548543, "uuid": "f658fe6f-7005-47eb-867a-d584605433bc", "comment": "Malware payload (DanaBot)", "value": "106c9280bf1a309de30e203e28d4e8d51f478d84", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548543, "uuid": "d93ceff5-5f65-40e7-af4c-b032059ce040", "comment": "Malware payload (DanaBot)", "value": "9ef6822942f4762d62cbb99418482ee580ba243bbf30a587b34d0eceb42b4f5305357a30ddd4485e99b2c5adca25262b", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548543, "uuid": "d551d59c-1a35-4b1f-bfd1-8837ebd6e80d", "value": "T166451230BA90C435E4F712F456B993BDB52D7E61673450CB23D26AED0628BE8AC3135B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548543, "uuid": "e818c957-ef09-4315-ab4f-2a4e9bc4c109", "value": "255f8d5c29d68d23ef9b098d124cc19f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548543, "uuid": "f5dc2312-e320-40c3-b10b-040a899e470f", "value": "24576:GyOjo7TdoacVRj2ZpVzT1h7WFPsxipZzabkns9ezUgD6Chr:JeVtEnTcvzaHGH7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548543, "uuid": "e8ae65e3-cd52-4898-a268-1ad1356f8006", "value": 1164288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548543, "uuid": "d9b91662-acfe-4a09-8f3a-8d4870f517bc", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548543, "uuid": "faec27bd-ee95-45df-9060-2729113d50a0", "value": "68a6707917bb90040755111aa42b5054.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40803f30-f069-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627562040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562040, "uuid": "aa343774-349f-4f08-bee5-7d4e1bbda377", "comment": "Malware payload (Formbook)", "value": "b504c00e693fc83d50cfc05a5228e3a5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562040, "uuid": "58a5c824-a7a5-46e1-902c-7d35b25b6474", "comment": "Malware payload (Formbook)", "value": "8898f85efa9e25992b6e00da2b7d3338649ebf89d26a92b9bf156618960f5466", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562040, "uuid": "e6b03ecb-afd8-41e2-bdb5-39ca5c14063d", "comment": "Malware payload (Formbook)", "value": "e25ace4508b7c7c95594bc3bf186333ca04d8730", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562040, "uuid": "11944a62-b3a5-47c9-ba3b-a8983728411e", "comment": "Malware payload (Formbook)", "value": "d3a49542a7798225e8b3c64b36fbe8ce7b3d303208e6b6369045a276e84b033acfd756e498397d4f315f8f1594af3bbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562040, "uuid": "f54b8c79-2536-4513-b12e-af1f21dddfb2", "value": "T1B0340265C7DD8316E3B18E3A2DBA7EAB8F7C78134D28911F4D9497F89230891CE19247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562040, "uuid": "77ce79ee-46ca-4eca-8e4e-044e219ed1bb", "value": "913f6d6ea2411a4c15c51f2a8b2b970a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562040, "uuid": "9745115a-1b77-4253-8d5b-21a6b72501d7", "value": "6144:xOBAkoCch1rdJjoPH72/24sU7qxVxsX8MPBAto:EcCcbzoPaO4sUexbsX8M+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562040, "uuid": "6e5163fb-da40-4259-8bb5-61d978796bbb", "value": 248486, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562040, "uuid": "3ec6768d-b81d-4bbd-98d6-52f99dd09d39", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562040, "uuid": "0bfc17bf-7421-4a4d-80e2-6fd761e9e727", "value": "both45431.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30445c92-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535814, "uuid": "115c75c8-8f9e-457e-8d88-228d40d7d6d9", "comment": "Malware payload (TrickBot)", "value": "452349e3d8d59371d687f4ed4a25b8be", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535814, "uuid": "6b8f5dc3-01c1-4b13-b432-00e1412804eb", "comment": "Malware payload (TrickBot)", "value": "88ae767c9a7db23a6ef6edcc979534252edfe50daa9ce63f56cf929a0817176d", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535814, "uuid": "825cf9fc-a125-457a-9f10-8d5e63eeeb5a", "comment": "Malware payload (TrickBot)", "value": "dab15a7efcc8af3357c14dba7b3447c1fcb92419", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535814, "uuid": "c1753eb1-e728-4286-a4cd-609efcb21838", "comment": "Malware payload (TrickBot)", "value": "9e38d1fce63c5f703772036b2fcc27168e3d541c4b2c40beb286c5ad65a6a4c4c4cfff6ef0e5e7ff07e7533b490d5c04", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535814, "uuid": "fd5faa87-ddd4-4a34-bfb0-05626bc0dee2", "value": "T1135302539686AAE2D2B6D9B380A17C1E4D75BC6DFCEDC70D05210136D9EC1A94C2C736", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535814, "uuid": "8de5bafe-07ec-4f08-86cc-acc5315ab6b1", "value": "1536:azLMgCzrHIjfH+CqKYroV6VikLFWa1R24:QCvqH+CqKOoV6Q+B1F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535814, "uuid": "9d735f81-a265-4783-aba5-5731de9ac1fb", "value": 62211, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535814, "uuid": "681b774b-7810-48e3-8024-630b13b0b9e2", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535814, "uuid": "8c538ad8-9111-43f0-b761-6ca70f89f1e7", "value": "2021APT-28_60060453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb31d9f6-f093-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627580393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580393, "uuid": "5c9830d5-c0f8-4ce8-accc-7b9c3cf41f41", "comment": "Malware payload", "value": "359b12112992fb525b91de4c27d24bff", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580393, "uuid": "66eab738-d4e0-48fa-ac1a-d5490d8b0cc3", "comment": "Malware payload", "value": "88d4d3f48bd23543980b70b5a78606d80c2917bfcd960991eb9a8ddf6ac58ed2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580393, "uuid": "869ad434-da0b-43d9-b961-b4ef4b2b74af", "comment": "Malware payload", "value": "5de67e028c5d9e43d4219a51815d7e73298ce26c", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580393, "uuid": "e0d7530c-8383-4027-9314-0007c7382649", "comment": "Malware payload", "value": "9254b2f240c8a51efb120677b35cfc3a4706872404ef45956d61a93b32255b6ab7fd05b508f2a5a916a804fc6d2d5d63", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580393, "uuid": "2ae93350-7a28-4aa9-86a8-2cfff07c311f", "value": "T1B3B20580BD8094D7282E7E63DF52E8B5D764364422898B6CC48432B4758DDFDEECE638", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580393, "uuid": "0937de69-5fd6-49fb-9071-116ea4ea1872", "value": "384:+YjCpsGBoQjAyo1a5mc4+Ph9wMnRBdGybNTsFO02St:+1pqQjAz1a54+pyOTsFO02St", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580393, "uuid": "1ed21754-161a-42ae-8fbf-6e8464d42da8", "value": 23595, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580393, "uuid": "dd900aa9-0201-427f-99cf-49776ffa76a2", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580393, "uuid": "70bf5b76-213c-48ba-9a70-eb84affc2962", "value": "Stolen Images Evidence.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f87d24b1-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627548605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548605, "uuid": "73d3e633-f1d1-4565-99ce-0d6887c2944b", "comment": "Malware payload (RaccoonStealer)", "value": "593a2cbdda331f0d7d4489b04a9128e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548605, "uuid": "1be2630b-df2d-4d90-a2e7-564d37258044", "comment": "Malware payload (RaccoonStealer)", "value": "89200f68a4e1f756e7d3ce7616fe95a34586179e4029d541751a9645a6ac9582", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548605, "uuid": "a4cad5e4-8f27-4d38-8f6e-d683773d1b35", "comment": "Malware payload (RaccoonStealer)", "value": "a4aead1f506af604706137d6b399efa4bb0f3d34", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548605, "uuid": "88b2dbc1-0a9e-4827-901b-53b0136c5875", "comment": "Malware payload (RaccoonStealer)", "value": "4d245918997a6ea57b152677d588319d910bf2170133d0ce412a9c68e20222be354838654e173fdb70a081b77874325e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548605, "uuid": "02298c6c-b295-4181-bb4d-7bd5149d1877", "value": "T184B4E130AA90C039F5BB22F855BA8378742D3A619B3450CF63D626ED07346E9ED31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548605, "uuid": "95e636e2-ea61-4334-9ae0-b7f478da3723", "value": "255f8d5c29d68d23ef9b098d124cc19f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548605, "uuid": "eb1dc986-2e7d-46e5-9450-7a1e8d399e5b", "value": "12288:sCi/+bpmZ7ZdgHiVJxwrn2laFr95WXMYZzQVD:sT+bpmXdBurNFr9kMYZMVD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548605, "uuid": "b51f23fd-03d2-4649-bcc7-728766e4a8c3", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548605, "uuid": "d165ff4c-4771-43b9-bbbc-bef7e4548287", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548605, "uuid": "e60a63b7-77ed-4be0-bc22-4ab1ff79b5b7", "value": "593a2cbdda331f0d7d4489b04a9128e7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "568be72d-f056-11eb-875b-42010a9c0053", "comment": "Malware payload (DarkRadiation)", "timestamp": 1627553917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627553917, "uuid": "bd6763f8-a2d1-4f53-af42-5430ea233934", "comment": "Malware payload (DarkRadiation)", "value": "0d3b031dcf7d97644fbb0be22a3219e4", "object_relation": "md5", "Tag": [ { "name": "DarkRadiation", "colour": "#03A9DD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627553917, "uuid": "333e558a-7305-43a6-9a26-a650d0c09db9", "comment": "Malware payload (DarkRadiation)", "value": "89a694bea1970c2d66aec04c3e530508625d4b28cc6f3fc996e7ba99f1c37841", "object_relation": "sha256", "Tag": [ { "name": "DarkRadiation", "colour": "#03A9DD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627553917, "uuid": "885441f6-fdf0-491b-855b-2ec6bbbb2284", "comment": "Malware payload (DarkRadiation)", "value": "674885731544b32053949981cafbd4f0f6a83ef9", "object_relation": "sha1", "Tag": [ { "name": "DarkRadiation", "colour": "#03A9DD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627553917, "uuid": "42159f3a-4293-4b4a-8d7a-3b76c195adb5", "comment": "Malware payload (DarkRadiation)", "value": "c76c5557a63ffaedcf41d2038a708996d89704ad6d9075fff7f5cc558b1c997789fee3529f8588c2afb47a52fd3013c3", "object_relation": "sha3-384", "Tag": [ { "name": "DarkRadiation", "colour": "#03A9DD", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627553917, "uuid": "e5583e0b-0052-46f4-b104-5201dc951a37", "value": "T19D922E71C8E06B36358A481F7CB1FD58930572D6AEF24618F4EE69944FBA830E7158F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627553917, "uuid": "ae002dfa-1de0-41d0-b70e-e71be63a5ad7", "value": "384:ZnQp7wcw96cc666c06U6Ut04vo0Os6UP4vo0OB4vo0Oq6Th6t:ZQpcbMcRDcpJUt0vhUPvBvzTIt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627553917, "uuid": "3b8364f9-c869-441a-ba56-496e6d928e26", "value": 19802, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627553917, "uuid": "cb3daea3-3309-4f08-9d0e-d00a7b4fd995", "value": "text/x-shellscript", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627553917, "uuid": "263a4b3e-967c-45c9-8533-3fb59eb4398b", "value": "malware.txt", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ddbd9bb-f031-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627538118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538118, "uuid": "28aa4f2c-56dc-48e6-be93-4a834f0e2807", "comment": "Malware payload", "value": "dd2899a1fba9527920f69640406c4186", "object_relation": "md5", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538118, "uuid": "8ea86950-b92d-4229-b520-752752dbbcb6", "comment": "Malware payload", "value": "89b5e53e6774feebd62a5d6a6c6c039778f9fc02c6b69795b5f5c2edb919897d", "object_relation": "sha256", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538118, "uuid": "c769d100-8dc8-40f8-ada6-82485ab1b198", "comment": "Malware payload", "value": "015fdef4ba54d81dfb11bff9cb5054478994875d", "object_relation": "sha1", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538118, "uuid": "47bb88fd-a1cf-4c10-8bf1-000b3b562f5e", "comment": "Malware payload", "value": "f6e90a36d5f17ff9a1a02d927c7bede627e4e0fceb35a7642741c758582e9e223c20d4c38ae4bf78c9ef7b04951468c4", "object_relation": "sha3-384", "Tag": [ { "name": "AbereBot", "colour": "#7C6141", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538118, "uuid": "08c77a2b-b150-4c6d-9e51-145c55c421be", "value": "T140A51216BECDD417E183F839912296578805014CB60DFA7B6B25908C8EFBE80D76BFD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538118, "uuid": "1a16314a-b9a8-4f6c-b147-4b2a4d7b679f", "value": "49152:AYuVvVwQyQqKYq66xGYmt30KZG6kuTDkB94S0wE3EydyaRO:Ru5uGq1UxbsHZG6H/w9OEDaRO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627538118, "uuid": "6f5801b2-cd85-4f1f-a145-315781dd688f", "value": 2176334, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627538118, "uuid": "ae3286a7-123c-49ab-a40b-eb8518c7bf8e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538118, "uuid": "e4762e6a-f231-4115-ab46-c01345e457e5", "value": "89b5e53e6774feebd62a5d6a6c6c039778f9fc02c6b69795b5f5c2edb919897d.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "595c4645-f0b2-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627593435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593435, "uuid": "bc801142-f9c6-4152-ae35-630cff9cc2fb", "comment": "Malware payload (Loki)", "value": "36d28e58c7a223fea6c36deb40cd4c64", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593435, "uuid": "68455b19-8b04-4dfa-8d70-61c217a0a182", "comment": "Malware payload (Loki)", "value": "89de46fc35e62873b22014eae31607256a70c0f0f37c0c6a5bd8f23a4c01b047", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593435, "uuid": "2f450b9c-1361-4e4d-b9bd-529809cfbe67", "comment": "Malware payload (Loki)", "value": "48209bf6850b9de9aa7d936fe6f5ef734efedc57", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627593435, "uuid": "896c1dfc-8457-418e-919a-9a4d824dada7", "comment": "Malware payload (Loki)", "value": "cb5a5d3556df4f012b73cacd1e424bdf8281f252765dce48d2420ce0416e7a65facedc03d6f53ecc8907552931132ae5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593435, "uuid": "cf8d6b2d-996b-42da-8407-6a2d850e46a8", "value": "T1CFA4036A238A4517F67981757653ECF5FA50BEC2AA118D0B82C63F8334276C1EEC1C6D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593435, "uuid": "c01c9570-bd96-4520-932f-627190a7a122", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593435, "uuid": "1d86f5ee-af3d-48f4-88e6-ee797a8d75b6", "value": "12288:fXBp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXDc+P9DncS7:vyB9DxF/EMgmFqC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627593435, "uuid": "3b792bed-e94c-4295-8649-aa4ce7ec965f", "value": 471040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627593435, "uuid": "5660c91e-570b-4567-9bc6-a79231647dee", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627593435, "uuid": "39c3534d-9f3e-496a-b360-d20f39edc2fd", "value": "D0CUMENT DE ENV\u00cdO.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "891a1c36-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627548418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548418, "uuid": "913f2735-35be-420f-8250-e4a89a988f99", "comment": "Malware payload (RedLineStealer)", "value": "5ce42e14893624a543f4fd407c054866", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548418, "uuid": "2dab5df2-d87b-4bb3-ab99-b118cc4531d9", "comment": "Malware payload (RedLineStealer)", "value": "8b2b689999ceb3c815eebb3b53961aa2a13bf9e4647f8b074c726a535781aa94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548418, "uuid": "b8113439-fa7c-4397-a08e-bf9e288b705f", "comment": "Malware payload (RedLineStealer)", "value": "e7a8b0a4f15ba45394df9e97c5ed115a3fea289f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548418, "uuid": "d7b7cd79-f917-4a77-8802-a5d9d04b6a5a", "comment": "Malware payload (RedLineStealer)", "value": "f3c123f0394a9d9fd5c240256a3503380547359528ceefca75136459e9f36c3048f8d828e6692f4c72d5bcbbaa46ef53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548418, "uuid": "98b78ec4-2358-4fa7-90bc-dd2ef94aa7cc", "value": "T1E874BE30AA90C035E5F722F846BAD3B8B92D3E61673450CF52D516EE06356E9EC3178B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548418, "uuid": "5484a82e-f7df-4f55-8405-1d7e56c601f4", "value": "613f2e4a97d34083c947d866c86b0b7d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548418, "uuid": "d0a8b5ad-4fbe-4b3b-b52a-150cd6b4d38f", "value": "6144:/IzapToeBnT0s91rG3rQUZdfi0Vgt3/DzQFQt+B2T8mQO9kSgr07HLQy:2apMeBnT0s91rG3r7dfi0odtkGhQO9kO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548418, "uuid": "1ac87438-b0a5-4adc-96dd-15780858ff92", "value": 337920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548418, "uuid": "8815d85d-3f29-4df1-8c2e-dfed6eae331c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548418, "uuid": "69130e4f-32e9-4638-8eb8-aa77268b0161", "value": "5ce42e14893624a543f4fd407c054866.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bbee657-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627558972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558972, "uuid": "e5d617ea-822d-43ad-9cbd-e2b0a6822f16", "comment": "Malware payload (AgentTesla)", "value": "a7911c19a678ed0edea11effb5df62e7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558972, "uuid": "3f37611a-09c0-4edd-a8fc-5cbc7a9b2d37", "comment": "Malware payload (AgentTesla)", "value": "8b3227148a76cebba26528fcca582241c63a8523e2655426f6a276ad625fb41f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558972, "uuid": "d04afb30-7f3d-4eb2-b953-940f0b9ad4d5", "comment": "Malware payload (AgentTesla)", "value": "4f87db131680dd29e43ae49db876f39f07225de4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558972, "uuid": "0c3b6336-95cc-4cf9-9f52-36c12f4c9589", "comment": "Malware payload (AgentTesla)", "value": "38037e82c611403b8e3cfb45fc389203a8fb67dfc9df161e0d6c444bf170d95026461f49f633e161d4067e60a834e2fd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558972, "uuid": "42014d15-38b5-48f5-81cd-d4df797c6160", "value": "T1C12523E1319F4B6BB91A5FBEA48D591866ECD43187306CC015F41ACDE5C8EC18E7CBA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558972, "uuid": "87e0e7cc-ea72-49a0-bb4c-cd906939bbe4", "value": "24576:gZw/nQpszAlK7FYIftGHwkd9pcAgBjQoRDSBsbeadTzJ:gZw46YfIVGQkd0BjQosod", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558972, "uuid": "86106422-d972-4baf-9eb5-f782785ffaf0", "value": 1034610, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558972, "uuid": "1aeefac9-b386-43aa-9a36-8030f330960f", "value": "application/x-bzip2", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558972, "uuid": "89919bb2-d440-4a70-99b3-4240ba696b3f", "value": "PO NOAB1088 ALEMO INDUSTRIAL ENGINEERS.exe.bz2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5530150-f0c0-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599629, "uuid": "5d860fd9-0545-48a7-8f42-acafdbdf3988", "comment": "Malware payload (Mirai)", "value": "37ad8c581156d62dc4493a1ee593804f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599629, "uuid": "676f50b3-cb31-47cb-b597-90dea9843af8", "comment": "Malware payload (Mirai)", "value": "8bc5051f32833dca07faaca5ad62427f1409361993e4060d08766199cfa4d9a0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599629, "uuid": "69ea74f6-68f0-4bc7-80c1-73e561121484", "comment": "Malware payload (Mirai)", "value": "6ecc2db8585b0239b9db902aa63157edb6901d39", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599629, "uuid": "3778f157-9b14-4ec3-b868-d3c0f81fdf73", "comment": "Malware payload (Mirai)", "value": "92e45ce1350d7247a50c9fdb12bb08810b57f0e4c715ebf8d6abafd3d58dc93f4b9ce22666eb1a8e5781a0e97469b92a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599629, "uuid": "1f513ef0-9ce3-4e95-86e7-8d7c3949c576", "value": "T1B12302432093BA03E03498FB85628CCDB61DA6BDB1BE7BA725450E154C75993ECB1CED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599629, "uuid": "30d9adac-39d7-48b3-9a0b-53da1bdf52e6", "value": "768:lK7y1XGO1LCNgukEkvwtqPnH7u83nc0iFc9q3UELWt/iw+kvBGg6+fYtrBHi:N12O1LCNguovDPH7TcrfLWhiw+kvBGgL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599629, "uuid": "2632d4c7-d261-4efc-90d7-ef8e462f7f1e", "value": 48696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599629, "uuid": "a5681ad6-513e-4f5a-8ddc-a5b7b16ca63d", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599629, "uuid": "26174451-ad6a-41bb-8908-47f882b5f5d5", "value": "37ad8c581156d62dc4493a1ee593804f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9991b0b4-f031-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627538138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538138, "uuid": "3c90fbff-d000-43d4-bc07-8e9b83ce5914", "comment": "Malware payload", "value": "a5cb519b803c1ed6fdd148b6e330f651", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538138, "uuid": "7c19414e-f12c-4150-abdf-3e30a17afabd", "comment": "Malware payload", "value": "8cb4ed2d3f3f466f2417b95856ac0eb268a578e6bfd26c615b2a4adc0094ecd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538138, "uuid": "503b2ac0-1c95-4cee-8fb9-74552789f667", "comment": "Malware payload", "value": "27e3e40c5c2c3f68e99032da97d842fbda77fad8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627538138, "uuid": "0a9ebcce-05bf-419d-965c-d96045ac6730", "comment": "Malware payload", "value": "1a16f36a23851ecdb2dd1f2d1d3c4391575e195be3474886c6019ed9f8511a8e37d10d5063dcc6fbff8a4397e788f3fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538138, "uuid": "25b0916d-87a0-4f7e-9526-a2977a2e5abb", "value": "T123D4A50AE6E611E4F5BAC33895E2312AFD717CA5473497D75640AA8B0B30BE4ED3E740", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538138, "uuid": "1efee420-035b-486d-871a-1f74696c84a0", "value": "092495fd67f0de7e448911c7c60dcdfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538138, "uuid": "557ec2ba-1168-47b4-b7fa-9851dc746940", "value": "6144:1/D+C5xBerngY3Q3mrupIVrkm8+zauqpWsnm8eiXhNujybQ6j8piHlohA0S67L:1/95QgT3mrCm8eiXhNgc8piHloDRL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627538138, "uuid": "3af1d6df-ccf7-4ce3-acdf-4cb151ad535d", "value": 644608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627538138, "uuid": "06fced7b-c035-44f8-a74c-598ae43ae08b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627538138, "uuid": "d5fcaf10-3d82-4d9f-afc4-f780d30ed411", "value": "WindowsSecurity.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6a3d66d-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (Cryptbot)", "timestamp": 1627571339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571339, "uuid": "a852e382-5223-4c5a-9303-c87479d8242b", "comment": "Malware payload (Cryptbot)", "value": "72dcee5b3be1400e8b1573bd6d1e0add", "object_relation": "md5", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571339, "uuid": "b08c915f-50f5-4c2f-afc7-bb45e4bfce7c", "comment": "Malware payload (Cryptbot)", "value": "8cdd2c3b7d96469112a4b739bb191ef6889c8f48d38c3a9f474026cb3ee0354a", "object_relation": "sha256", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571339, "uuid": "47d32923-bbdc-4074-91ea-f66644073f2a", "comment": "Malware payload (Cryptbot)", "value": "f5661b761a681d242480d2ebf8d54bfa95650253", "object_relation": "sha1", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571339, "uuid": "261a0a25-f0cc-4f56-b80f-10fa0cd095f9", "comment": "Malware payload (Cryptbot)", "value": "f90592d423c520f49ddc19d8fe9693d2da5c726cedb2f15ad31c199f19f795324203847bfb4c73cb43cc4fbcabd74d44", "object_relation": "sha3-384", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571339, "uuid": "831a83de-9229-4dd4-a1c4-51ab3b6f5548", "value": "T186452340B8D28511F56905F18E70B57D9A65BCBA1822D23D2319F6FF38B205A7837F2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571339, "uuid": "87762874-2565-4607-917a-0a806d6ac64b", "value": "be41bf7b8cc010b614bd36bbca606973", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571339, "uuid": "6e10a1f9-6c1a-469c-b244-d1d0e171fd38", "value": "24576:HGh1Z8iyOGbjo8+IlZ3N8fqBua5wx7K2KhTPhFerC1rLuSUPmKKv:mh1Zi+IbeqBr5wBViFFe2rLuSUPmHv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571339, "uuid": "8c0b1e70-7d29-45db-baf7-f9b2c3bb2f42", "value": 1228817, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571339, "uuid": "3e09844e-f948-488a-92c0-73fbbe42d4ff", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571339, "uuid": "2c21c068-ce40-45ce-8c9f-342f19cdbccd", "value": "72dcee5b3be1400e8b1573bd6d1e0add.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7abca415-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627559132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559132, "uuid": "20808894-c707-49d0-8091-d158e4d2fc75", "comment": "Malware payload (Formbook)", "value": "ccf572ceaed6199fa88211abd5bc03b6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559132, "uuid": "8aa65a49-010e-4fb0-b28f-66f09b37a87f", "comment": "Malware payload (Formbook)", "value": "8d56e8c41d8094151017ec3cecc40b5aa78edb0d955d39f3c68c3d211fbcb65a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559132, "uuid": "df5b8897-9a3e-4f71-9530-bf96c2a28fe4", "comment": "Malware payload (Formbook)", "value": "00b3db2230ef17b93a87cbbd432d3daaa0c02ed1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559132, "uuid": "2991a33f-24f1-45f8-97bc-38e040257196", "comment": "Malware payload (Formbook)", "value": "8fb36fe7e9029e77caa2a9c998fbecb2f3512a3262ea9fd3ee16f2b32c527cf1fde7e606328044c02505ec722aa31484", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559132, "uuid": "60c5dcaa-dbf4-47cd-9bdd-02d64c10492d", "value": "T1AA359E21B6C4DA1AE11E5736CEFF50204BFCF50135B2A7646DE522FA4905F62C87C2EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559132, "uuid": "dc8e72f6-af46-402f-8673-090f27b216c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559132, "uuid": "ca32ed8a-dc83-4eca-a9c4-4f9533e72e5d", "value": "12288:kUumbKjZ7p5pO30/gAbCgjHXNQM2TXzAk/d4oBoRoDoyo/r7AMdTg6+cjkfe4fJA:SCG8TF/d4K64JU7NTyMCGQvWMFJR3T4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559132, "uuid": "550c94e7-5012-476a-b575-3b78967207c2", "value": 1084416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559132, "uuid": "8813c064-8140-4e26-b089-cff82b3fae5d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559132, "uuid": "670e4c2d-5018-4bc0-b590-28c4ad6a1480", "value": "W7f.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e90a742-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535086, "uuid": "fb7c92ec-15f3-4264-af72-81231887cc6d", "comment": "Malware payload (TrickBot)", "value": "64e4f991856c8caf85a07dcc470abf2a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535086, "uuid": "b761575b-d261-4e05-8413-069729a18275", "comment": "Malware payload (TrickBot)", "value": "8e95384a1401fc017d82fc28b86738ada9b8179739be8e6ab557275ce698e3c2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535086, "uuid": "253667c2-346c-4765-9ba8-fb54ed841840", "comment": "Malware payload (TrickBot)", "value": "5fd7550f4086b1e316e7e2dc613c653644b26ed0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535086, "uuid": "66e60a91-4ce2-430a-8f51-8017cfa2e9eb", "comment": "Malware payload (TrickBot)", "value": "5a8c95d0c631e98895b79981f9be1a4610e7273e0b8589b2eaf442c883e418662eb7eb16b00836cc03a5c329dc7444e7", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535086, "uuid": "6ad05cc6-52dd-4374-8c0e-774cf044bc4f", "value": "T1FD6378D82AD1E417338D2F17FE0A3AEAD1BA6C9796C47507D1587A5C24ED21BC6A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535086, "uuid": "3c96846e-0955-437a-af50-b90308966040", "value": "1536:cZf9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4tU:cJ9Ry98guHVBqqg2bcruzUHmLKeMMU7C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535086, "uuid": "66caebfa-3396-4fec-9451-37d124b59621", "value": 67496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535086, "uuid": "225c9cbf-d265-486a-9521-d5bae0536b71", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535086, "uuid": "96125325-04dc-40ca-a3a3-f571e0ff6663", "value": "2021APT-28_65346453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff38cead-f039-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627541745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541745, "uuid": "3f10c262-499c-490d-a806-1867e8ee6964", "comment": "Malware payload (AgentTesla)", "value": "b09c5b25b77ee693824abb1a447e60e0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541745, "uuid": "ef7ea880-7bc8-40b3-ba5c-932a60b2812f", "comment": "Malware payload (AgentTesla)", "value": "8eb17c555857eacb061e0710c53c05ba67f920d93b6fd0b45216d9707f013d8a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541745, "uuid": "036df3b1-818d-497f-9756-b06bd55189ed", "comment": "Malware payload (AgentTesla)", "value": "8cf70a578a966bd1d63600cade139113c7bfe312", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541745, "uuid": "142b6ad5-f2bc-4250-acf7-8e0bdf74b991", "comment": "Malware payload (AgentTesla)", "value": "c5d267cd20cc4e4d9639935d0c542d98746e62d96b5c39b0c28986fc2d8143d732cc661533741bdf99cea9651a29ec0e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541745, "uuid": "b3114bd4-d43d-47eb-a84f-e4a150672f80", "value": "T18525BE248AD8966FF9EF03390BD920B0EBF1E212317197A95EC101F95DA6F54CCB4267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541745, "uuid": "3f18d07b-9764-488b-b8b3-b76d8cd00337", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541745, "uuid": "0fc12269-d7b4-4be9-8503-467384f4bd8a", "value": "12288:wLpM2Jvpy135P86Sf07iS/d348yoBoRoDoyoof8+W0e7uBDifTWnHj2uDkHkcybk:KiP8lS/d3YK64J6qe7uEbWanEcoHi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627541745, "uuid": "d8c232e7-e4dc-4de6-88e3-81a106652646", "value": 1004032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627541745, "uuid": "3865bdb5-84a3-4ed1-9f7f-f16cbac06aca", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541745, "uuid": "1611cf0c-55bc-4dcb-a561-206787ac56e4", "value": "b09c5b25b77ee693824abb1a447e60e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fac65675-f05b-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627556340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556340, "uuid": "8b710821-83cf-4b3f-8fad-c9922e2edb88", "comment": "Malware payload (AgentTesla)", "value": "f4cf5704c943f94f33921bbaa5ac50b1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556340, "uuid": "72e171dc-0f0a-48b1-ae45-ea32c7ea20f2", "comment": "Malware payload (AgentTesla)", "value": "8f6b4fb55d85a992dbcd03955041bad5d18ae8632369e9c540d742bb7b773b8e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556340, "uuid": "a19161c4-dfa1-4e6d-b76a-5efaa619586a", "comment": "Malware payload (AgentTesla)", "value": "1f1c8983d55c1b3c87adc6ba335fc1ccf680ce01", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627556340, "uuid": "41dbba9f-a4a2-4492-a920-7e04f3f7422a", "comment": "Malware payload (AgentTesla)", "value": "285b78c3cc0c15d54107ad30065f5627c300dc557d54b1591838301cf5999b4937e0c0e738ee54f7e193913e567b125a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556340, "uuid": "ee2b018c-84a3-4001-a29f-05bb35103103", "value": "T1FA55E068C98CDFA6CC5803740A9846746EF5ADE2F2B0D46C3D8D71B1B3F1826EAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556340, "uuid": "3378faec-3bce-4b36-ae93-0233bd7b5011", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556340, "uuid": "a598aa98-a734-4d46-82b9-044ce80aa56e", "value": "24576:CQBS/d3LKzksbks2y8jR4OEAsh9hb8ZR1B0pKMN6ZNKZ:IKuh4ODsh9Wf1CN6ZNK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627556340, "uuid": "2f78689d-533c-4f1a-8312-bc941fae7d17", "value": 1338880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627556340, "uuid": "655276ca-f61f-41dc-8acb-a22ed2538cf1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627556340, "uuid": "3c3e9a58-a764-44f7-abfa-71077d569ded", "value": "184285013-044310-sanlccjavap0003-7069_pdf (2).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86eb20bd-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595230, "uuid": "2500482a-0bad-48fe-9240-e32488c4d9ce", "comment": "Malware payload", "value": "27f154feaef80119eef417544f5f0979", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595230, "uuid": "a9a0d7af-29b3-43ad-9cd4-347499cf9191", "comment": "Malware payload", "value": "8fab17101f4836b27bcaa88e270b79c33929ec541ba73b52f0cd72f050a0bb44", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595230, "uuid": "dee22275-2fed-471e-924f-4b678abb9cb6", "comment": "Malware payload", "value": "3d50482238499c4a3f2c33ddc7ae56d44fad57cb", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595230, "uuid": "232bf290-28bc-41d8-918b-ae2f1cca6ba3", "comment": "Malware payload", "value": "e0459714f79ee04d8d1681513818eb4f8a7802cab6d475c9882cbf3f0310b7c4900c57608aa2fafec3ad94f178ff4047", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595230, "uuid": "75188f1a-24d6-44fe-8d5e-e97f05b11c5c", "value": "T17CD2E111A420D893EE948FB5B16FD487B54A27B0D3F1A8A21BF45E78B5580C71C74BCE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595230, "uuid": "038b46c6-6987-47f4-8af3-4da2ec7fb4fc", "value": "768:3IGAWugwSmDJg6Mgh4cAs3Az3kjNhxNRorcPNDO9q3UELn:3IGAWVw7DJgJaNG3uNR0gDzLn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595230, "uuid": "89e80ae3-65ab-4edd-96f7-dbbeab447338", "value": 30112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595230, "uuid": "e70f628b-69c3-42db-bca7-a1b9f26c4f50", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595230, "uuid": "72c9e374-b652-4889-b46a-1eac17d70702", "value": "SecuriteInfo.com.Malware.ELF-Script.Save.5cd1e3ca.16753.6610", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbcf8fd2-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627571294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571294, "uuid": "93f7d744-92ae-47ad-9401-2ed26c4898c8", "comment": "Malware payload (AgentTesla)", "value": "219ce30aa7650cb6043e2d38bae18c19", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571294, "uuid": "9ed55b12-ef4b-46a5-b19f-2ac03e446daa", "comment": "Malware payload (AgentTesla)", "value": "9009c1e0e3b821add01720c1b4a3de5fbf17b44a9d66ea8f7fa0fd6328a2d8d9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571294, "uuid": "e82e40b1-b202-4c9d-9d85-f62eaa9c098d", "comment": "Malware payload (AgentTesla)", "value": "65111e29071b08cc51ee39421f229e31d85d2e1b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571294, "uuid": "cabbdf23-a80f-4973-a0e3-ffc7b89aff04", "comment": "Malware payload (AgentTesla)", "value": "152fd21a5618b65de4b0fac1445144540e45f608e21fea8627f77912e951651d8c211d76c72e660018563795173d1f2d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571294, "uuid": "953df379-75cc-43b0-affc-7aa30c39d241", "value": "T1A9358B66A3564827F67990B07413ECF2F7207E96AA019D1B91C63F83B06B1C1DEC9D1E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571294, "uuid": "ae00c4f9-1fed-4e98-80ea-59a11837e8ed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571294, "uuid": "ee86309e-2e45-4588-84d2-1151ce61d86a", "value": "24576:9wAzcY0BgfvSBQwVSbThiNz+UX8Eslxmt3jB4ITnTInY:OAzctBQvSR4bThiNzdXylkj37", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571294, "uuid": "62528c18-4f23-41c6-a248-1eeb37894ce4", "value": 1092608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571294, "uuid": "fd2b7675-de96-4a5f-ba4b-c741c7b9ffa1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571294, "uuid": "fcc4cac1-075e-44d3-b5ad-9b54e56f428b", "value": "FINAL SHIPPING DOC..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f592588-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535007, "uuid": "6946db61-9399-4414-88e8-70a52e808e0c", "comment": "Malware payload (TrickBot)", "value": "4b344c93d63236a4995c8e7046ea566b", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535007, "uuid": "9f7b43ca-b592-4486-a535-1d34a51d6db8", "comment": "Malware payload (TrickBot)", "value": "90733a8befdaa677a0fe2aa9a31e335ad3888ebc912864b1cc5afcad780e64f7", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535007, "uuid": "3d9b6980-6cc6-406e-b6fe-e46a2ab75f80", "comment": "Malware payload (TrickBot)", "value": "13f21cb5d66cb91ea487f3e89fffeddb2ca86d1b", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535007, "uuid": "9bc57af8-5762-4185-b544-e08252543102", "comment": "Malware payload (TrickBot)", "value": "78a7ad21a11f0f3c6e60b9e5c625d08024f046bf5a7f599763c02030b2474d45746c576882f46bbbf504215df1ddbd05", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535007, "uuid": "c955030f-eb9f-4a60-b40c-85c5fc462d10", "value": "T1A0F2F1BEEE13CD5065386B1AB690C09E041F4049D1ABD9ADDD20DDEE3681CFD3CEA525", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535007, "uuid": "dd3b0532-6c53-416f-a1a7-a1d1ff7fc246", "value": "768:wBFySwXZFt8G1o79ECuplGcer/ibmaYU9d3USmS9VxbJ8:IFaJFq8a9ENGceTiOgL9P+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535007, "uuid": "8b2c19b5-6c90-4dab-a7ca-d88948587c2c", "value": 36699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535007, "uuid": "8530101a-3094-4036-9aab-4c833d419251", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535007, "uuid": "0a906da8-4f52-49c5-9913-662365dc8577", "value": "2021APT-28_12702453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7fa852c-f072-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627566106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566106, "uuid": "004e25ed-c173-46a1-b81e-ca65609cacfc", "comment": "Malware payload (SnakeKeylogger)", "value": "f8234f03f173f5991465b1e733e7d808", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566106, "uuid": "f4e2982c-c7ee-4bb4-9541-58546ce53095", "comment": "Malware payload (SnakeKeylogger)", "value": "907bed63f29c88a9e192e313c4b51ea6cca3d580a586baae4b6c5791221489cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566106, "uuid": "b31e9664-3b0e-48f2-a2d9-1e96ce17cfb7", "comment": "Malware payload (SnakeKeylogger)", "value": "dd644200b86175592796cd7fc5eb5332883e7f69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566106, "uuid": "a0bf421e-c1e9-4507-bea7-ef0d9dfc5cae", "comment": "Malware payload (SnakeKeylogger)", "value": "841994879ea9562f3636f03545fa0991f17bb03034fa44546a71f179706f1d8aeabe4e5bae5192033910124491c0f6ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566106, "uuid": "1dcb950d-f9f9-4990-99f9-8f84587d7b5a", "value": "T117257B207AC4DA1AE12F4736CACF10204FFCB72236729755ADE112B96645F91EE352CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566106, "uuid": "1748b5ab-6bb5-431c-8bcc-4a2bc99b91a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566106, "uuid": "652dcee6-4bd2-49d8-a939-9f358089370c", "value": "24576:t4jrG+lf4W795/d3k64JawO/4u2rzXTS:ten+64Jav8zjS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627566106, "uuid": "45ef56e6-6b64-4a17-b31e-4e5ab93b95de", "value": 987648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627566106, "uuid": "10ff2b11-a6a1-47b6-b958-b8c45a9557e5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566106, "uuid": "df601908-4d7c-4931-b559-a8442827b1fa", "value": "PF.NA.127.00.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c68a1276-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535637, "uuid": "102ed04d-21d7-48eb-8ff1-56dac35b1888", "comment": "Malware payload (TrickBot)", "value": "f15286be6311602198ac7f075b134447", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535637, "uuid": "2af882d2-762d-40a3-b692-5de850365d33", "comment": "Malware payload (TrickBot)", "value": "90ad0419ae1b26319928f9ecccf5bfa159529c6d20f498ba79d4e6c3423797f7", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535637, "uuid": "396061b0-0e96-4a17-8f35-fdeee45a5de9", "comment": "Malware payload (TrickBot)", "value": "2cd8cab8507dfe047f747c99b21c8cc1296d4865", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535637, "uuid": "37a63cbd-4582-4186-9b0b-3cf13e553b8d", "comment": "Malware payload (TrickBot)", "value": "2102aa7ad946bb8929bc88c6ed1712ffd6b035d7ea39a2f3896c83ff54980d0edf2d299edfb15973a93207c021538984", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535637, "uuid": "8a5e68af-1056-45c1-bb2f-46a6ffe2630b", "value": "T1D3A360D86BD0E417338D2F1BFE0A3AEAD17A685796C47507D1583A5C28ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535637, "uuid": "69689130-6f44-4f0d-bbe5-5a3c64bc123e", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaX1:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535637, "uuid": "22fe5f44-a32b-4d9b-8ab4-44344be56cf2", "value": 101979, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535637, "uuid": "9c693f28-aa5f-46f3-b9e4-535f297999b3", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535637, "uuid": "e8eacf99-7cd9-4c17-843a-580e696c20a4", "value": "2021APT-28_75912453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1c0b33c-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627569129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569129, "uuid": "79dbf177-929a-4ea7-ae56-768c51ba7aff", "comment": "Malware payload (Gafgyt)", "value": "39a7829f273b5fa268d7a506248ad052", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569129, "uuid": "5fd979f0-27f4-4cdd-a401-68bfe031fbf5", "comment": "Malware payload (Gafgyt)", "value": "9109323a1616c8749c618000911d75584a6861a2151990ce575fe373b52db770", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569129, "uuid": "e99c91a4-1ee5-4bea-87a3-82c98d642dcd", "comment": "Malware payload (Gafgyt)", "value": "779ac6ffa8bfe9306d0e80a31baed6ff47e2e444", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569129, "uuid": "625c9d1a-4892-428d-b018-a8ba2f25bacb", "comment": "Malware payload (Gafgyt)", "value": "32fd01dfc2df805a10bb1d19c5330fff7f710f7369acea340ef812771c141e6cd88cc3045ea51269ccaf9a3381affab9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569129, "uuid": "03ff66ca-46c2-4a00-938e-c17cd5b6862e", "value": "T14023F1F3D55B1A45FD321C7ED8B916837A2F27B49B13E512A352A0E0FAD701246BFA01", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569129, "uuid": "61fef3ad-2431-4617-aa59-4a85c0937609", "value": "768:Bj/6xCq2+0G5t0q2ev+eUJaatA6lN9xa/Bptfc8wCXdXWsMG967612hXCjq3U7vz:skCJX0q2eWeUJrtA6bPa/BA0WpYX2VEr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569129, "uuid": "229798a9-90b4-4380-870f-98eb379f6936", "value": 46408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569129, "uuid": "2384dbee-7f1f-446e-a4c0-7b19858cc675", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569129, "uuid": "e982bdb6-bb62-4c46-8e1a-e1301376cb1e", "value": "39a7829f273b5fa268d7a506248ad052", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a1580a6-f0a1-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627586055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586055, "uuid": "94268cbc-7de8-407e-b144-091918b4e2e7", "comment": "Malware payload", "value": "42e9e8bca35f196255046a9640873a31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586055, "uuid": "6c53e720-fdf4-4e48-9553-683245588827", "comment": "Malware payload", "value": "915e92b462c184dbe68f5c21fb0843e802969b7a3f20d30095e485e892c7a818", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586055, "uuid": "fcb8d768-fa5c-4514-afe9-facabc1f9fe9", "comment": "Malware payload", "value": "ac5449f53111107fc6d73e2fcf7125dfd1ea94fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586055, "uuid": "b003ec82-2633-416f-9fff-b6d1c8b4a87b", "comment": "Malware payload", "value": "7d4df329df39359f7ab3aed2bfb0fe3af738348c61a3b48549adafe0698bd80dc2dea032a7a28f1511295883157dfd6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586055, "uuid": "2a1ae0bc-8de8-45e6-a8cd-b33c570591e9", "value": "T1A205AE2085CCEB99D8BD03341B5C0274AFF0A952E2B0EF283F9595B4AC81A55F5BE357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586055, "uuid": "2fe19e1f-56f2-4256-8159-4ee42febeb5b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586055, "uuid": "ff6ea9e2-b3a0-4050-ae84-d17c2911dc6d", "value": "12288:Y6fftwLUW/hy7iS/d348nf9dgtOn16eqfg4OAlE+qmUu3AdqZBXRqvt0/BCh2Tne:3tup9S/d3r+8n1IjUu3A00vt0u2zK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627586055, "uuid": "da91763e-1b8b-4709-9b18-dade63e0706c", "value": 864768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627586055, "uuid": "6299a682-1f17-419d-a83c-def06b35ed97", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586055, "uuid": "4f129db3-c43b-4c9d-b7db-a60818bca014", "value": "RFQ-110146.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c21ddfa-f094-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627580663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580663, "uuid": "671490da-748f-4f60-96f5-d1bbee65995e", "comment": "Malware payload (Smoke Loader)", "value": "6ffab37cb5acbe554336ddc05b9e7d38", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580663, "uuid": "df587746-12ca-4819-b610-17c4a2b0fc98", "comment": "Malware payload (Smoke Loader)", "value": "91634042570417ff1a70824cfb5559869a1e542d7e41d8d65aea2d51eb241411", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580663, "uuid": "168cb5e2-104b-4dd8-b644-487b8da3f2ba", "comment": "Malware payload (Smoke Loader)", "value": "cd6a63dfdf65faa809d327bde99bfbcf93843f0d", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580663, "uuid": "50d62019-94ac-429b-ab8f-52861e757775", "comment": "Malware payload (Smoke Loader)", "value": "84a359007ebeb58b919350ae54e374e2ebfffe24d7dce895734e1573d76d9d85434d1e17c62f9211ac7334619d444688", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580663, "uuid": "f094ebbc-05c0-4368-87da-4698f757d7e0", "value": "T106749D30B690C039E4B715F844BAD3BCB8297EA1AB3450CF62E52BEA56356E4DC30757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580663, "uuid": "a0823e9f-b96f-4d3b-bd1a-3a750beb03b4", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580663, "uuid": "6989629f-0500-42c3-a023-898a921b8dda", "value": "6144:MyoZDwYPIs3bGaWl4sk0WmaFAarFLqYFF:oZMYPIs3qaWG0W/vrFDn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580663, "uuid": "97a00833-a269-4c25-8534-77334e16d5ef", "value": 347648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580663, "uuid": "848d2a5d-0016-4ed9-8a49-6fcd65d28b1a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580663, "uuid": "9cf6069d-e85f-4a85-a632-aff4cf8c3bc6", "value": "6ffab37cb5acbe554336ddc05b9e7d38.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "122ea8d4-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627547789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547789, "uuid": "11168251-6621-4120-904d-f97c5072ff3a", "comment": "Malware payload (RaccoonStealer)", "value": "ad310ec6a6d2417e26107aad44da6a99", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547789, "uuid": "dd41cba2-50ea-457e-9740-74817785a02f", "comment": "Malware payload (RaccoonStealer)", "value": "925ec2c86ef50496d7400fa29a960b9547ad21ae2bb57907549368e4bd27cc43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547789, "uuid": "2d9ecc07-4fb3-4126-87e3-d684a712ae19", "comment": "Malware payload (RaccoonStealer)", "value": "35bc6fc70796ba0f16e002241ea407202af479bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547789, "uuid": "ca0d7e74-df30-49ec-8c65-f29709ee6548", "comment": "Malware payload (RaccoonStealer)", "value": "94eb6c4af0a6f5fcb591307f95412f66f35dc8ead536df7e26a4e8a87d579abfb7d0e04920d022dd310dc8192cdfc8e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547789, "uuid": "16cfae73-253b-468c-bd31-e95c6183ee8f", "value": "T162B4E130BA90D035F4BB62F446FA97BCA83D3A605B3450CB52D526EE02356E9EC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547789, "uuid": "79af00e3-4a30-4476-a272-2f52e63401af", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547789, "uuid": "490fa815-22ff-44b7-a50b-f1fe99b5cc8d", "value": "6144:HvSyD3uN6bbXficSEPg3BMkyx67hzKuai/UP81Xp2EaEVEMBwRu0BSTDr0e00lDh:qyzuYbbXKcjg3BwUdMPADX97TnJRD0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547789, "uuid": "ed3a29f5-6139-4e25-b916-4469b2878e57", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547789, "uuid": "4ccc29f8-6542-4eea-93f9-81716d5e6fab", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547789, "uuid": "d4e6e7f5-f1bd-4d89-9f03-3b3aff1fe3cd", "value": "ad310ec6a6d2417e26107aad44da6a99.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b66cc06-f076-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627567562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567562, "uuid": "a7a2efa9-8254-4d66-8feb-3c207462fc38", "comment": "Malware payload (Mirai)", "value": "c012fec69843cddc1b6dcf5747132d08", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567562, "uuid": "5139b0b8-4b90-47ed-ab85-7f049f475a24", "comment": "Malware payload (Mirai)", "value": "92b5b91b06389f8cb3262f3cf1d0d1a40c03341f30be03df0b4db083beee0ba2", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567562, "uuid": "29d1c628-63de-4a41-a842-ba88c1ad0e50", "comment": "Malware payload (Mirai)", "value": "e87e5eb1157a165b9815d9ab8e9aaa75ccee2460", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567562, "uuid": "860a41cd-9304-4ccc-a25b-414bf2a00c92", "comment": "Malware payload (Mirai)", "value": "02b14872daa71045f358be2354edbfa358467e0731e4ca9e69c73b9fbfd38af4c618322a8d80bf127c0a58509177c785", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567562, "uuid": "9a829d5f-ad02-499e-8e86-7b6697557b64", "value": "T18564E08AEE01AE25E9C016BAFA5F034D73774BACD3DBB111E620C72936DA54B4F76044", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567562, "uuid": "34e668d7-9c43-4f3c-9de9-2d2fcc5a84a3", "value": "6144:p3lOYoaja8xzx/0wsxzSiPBa77oNsKqqfPqOJ:p1CG/jsxzXPBa/HKqoPqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567562, "uuid": "c3d7af50-5b40-4744-94c5-7b6b19398cf6", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567562, "uuid": "e3b4be0c-0b8e-45fc-9243-ee26e99272f5", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567562, "uuid": "6f6e251b-015a-4310-838e-b1c951d4ee92", "value": "Mozi.m", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76ad1ee6-f0c1-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599927, "uuid": "962cd7cb-abe3-497f-864e-7beaa4ce1e68", "comment": "Malware payload (Mirai)", "value": "9190454a3d4af63cfae5b07579176638", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599927, "uuid": "c3779bfe-0897-42a0-9440-afcc384e1a67", "comment": "Malware payload (Mirai)", "value": "92fc849f832e1cdd050c593999ac5a13a58d7956ec842287dc071279efbbc1c7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599927, "uuid": "9f767751-5ba6-4ac5-a8b5-efc5739de821", "comment": "Malware payload (Mirai)", "value": "23cc403587ca382e7ceee11ee6baeb4e608e04f8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599927, "uuid": "6f93cfad-54dc-4194-8e8b-33215a5bf1ba", "comment": "Malware payload (Mirai)", "value": "8112cb5e6e802520e63596cfa9ea735f4b2455daeeeee38b66755e87cde4a0580e4658b78f944e9e2307e51c3eda3613", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599927, "uuid": "366545fc-e1a6-49ab-acd7-488003544ad7", "value": "T1D7C2E18817891AE9D1F9C17843B81B6C1DA40B6AF809EC8678FCF7619D8E4753027EDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599927, "uuid": "24ca614f-1e7d-4118-81f2-2562d342ca84", "value": "768:I2G214DFyosXqgvV9o1ndB08YnJgGlzDpbuR1Jd:I2GdDgosaaO1ndylVJuj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599927, "uuid": "d5ec5a08-7e28-4306-9fa3-4aa4c79548a3", "value": 26184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599927, "uuid": "b2328f36-0859-447f-b2d1-61c67a99c13b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599927, "uuid": "03431fde-2927-4826-8755-d81c6baf8549", "value": "9190454a3d4af63cfae5b07579176638", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6127bc73-f072-11eb-875b-42010a9c0053", "comment": "Malware payload (Socelars)", "timestamp": 1627565961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565961, "uuid": "c60c9520-f6e8-447a-a70e-eaaaaf5264d2", "comment": "Malware payload (Socelars)", "value": "ffdc29b48cf5cd228193a668583fe8b3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565961, "uuid": "6ea2a638-14d0-4c6a-a7a4-2d49cd09df41", "comment": "Malware payload (Socelars)", "value": "9389d1894d58d015aa930217beecefffc4fb10f7e277598701c09cc870f0a074", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565961, "uuid": "ef664294-56f9-469f-ad1f-b03c36132a3d", "comment": "Malware payload (Socelars)", "value": "3e3ef5e4a4cecb91ebab9c975464b4cab7ce06fe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565961, "uuid": "28915033-1a34-4dff-be83-ce678771852f", "comment": "Malware payload (Socelars)", "value": "e5799e3286d711b1ad11b44200148540958e7cdb9f928c0a22b4e9281dd5059e3acc9e0db4086ba3843e3128f829b40b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565961, "uuid": "79c51eba-4522-4f0e-9847-47ed945b2ab4", "value": "T116658F21F6429036F8E310B686FE477E8D6CBA21031494D7E3C42D5A9E719E27A37727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565961, "uuid": "7e7246e6-fbff-4d97-af35-bde79065faa2", "value": "4f0608b5638c60342069764638589dcf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565961, "uuid": "038da742-48a6-44eb-bac9-906f1a0cb7f0", "value": "24576:mTj7ope1XnPzDuPxy3nyjmaRNKMZ8HhrFCKezRD+iFJSiPIm9DqzZea:+7opuPXuM3nomCNCBhCnhbFJSiL9Dq9N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565961, "uuid": "366889ff-04e2-45e5-a029-3e5151adf014", "value": 1448448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565961, "uuid": "01ec2cdf-cae7-463d-9609-717dac4d09c1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565961, "uuid": "c2001e05-0dfd-4272-9beb-94fe29d4e924", "value": "ffdc29b48cf5cd228193a668583fe8b3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "719227af-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627547949, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547949, "uuid": "282d7667-f541-4a4f-8b44-2fb47890d176", "comment": "Malware payload (Formbook)", "value": "121a6914b86cfc9ca8d12864cba4da75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547949, "uuid": "31601763-b6c0-4db6-86af-8395cc2d3a9f", "comment": "Malware payload (Formbook)", "value": "93986eac8652157b41ac4464bed7584c6b0c04a3fcdd8bcda47592df69fee3ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547949, "uuid": "4d66528d-6b63-4e4b-967d-2596dfc94fca", "comment": "Malware payload (Formbook)", "value": "7ba4deaac4c28cf4d60ceaf3e66dff2dfce75ae9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547949, "uuid": "b52e78af-a898-4507-b126-bb167aa23977", "comment": "Malware payload (Formbook)", "value": "abdd73326fe484078f1dacfd6357b213af9b62be44dcccf4bc8fdb3221eff83017b0a987c30829ce843a01523b14ba07", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547949, "uuid": "94483df7-8826-44dd-b1a6-0df8ebf13a66", "value": "T1D455E028C98C9F96CC6803740E9946381EF56DE6F270D8AC3D8D71B1B3F192ADAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547949, "uuid": "adb16838-01a4-48d9-a795-959a4f19c01c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547949, "uuid": "21c4baf5-8b3d-4163-a1b6-bfa072bd1b3b", "value": "24576:xDS/d3BKzksPks2y8jeLELZ7UuyvA1MN6ZNZZ:AKquLEF7UzvbN6ZNZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547949, "uuid": "f1bbf8d3-39d6-4167-ba79-34e26ec877e9", "value": 1304064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547949, "uuid": "d8843dc3-2da5-40f7-abe3-8d20eb4111dd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547949, "uuid": "53488f0e-232d-40f4-b34e-394bdf9dd5fa", "value": "121a6914b86cfc9ca8d12864cba4da75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4138c25-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536438, "uuid": "90e265c5-9315-454f-a96f-a499a46a9745", "comment": "Malware payload (AgentTesla)", "value": "49bc562e26dfc9dddfaa85255849fd5f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536438, "uuid": "a153851f-c035-418e-a3e5-ea1db5513300", "comment": "Malware payload (AgentTesla)", "value": "93ecb5160fffdd4027631e7edc0034fefda7e541e646f26efa063ed973a66715", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536438, "uuid": "505de2b0-fab5-4e42-b4c8-b0c710bcb397", "comment": "Malware payload (AgentTesla)", "value": "e9aa13c41167b23bb66c571d97eb1291f0edff42", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536438, "uuid": "4226dac5-34d7-45cf-b0d0-5414baee8fdd", "comment": "Malware payload (AgentTesla)", "value": "b9854858c475515da512b9f1ff6bd5596a008728ce5c4bc34166dbe07e53e51ab2b293446b36d47e30a36daafdc8da8a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536438, "uuid": "292d64fa-4789-46d7-bb94-3ec1dab23bab", "value": "T10591E7F817B85983DF16C5B1C939FE6216E6F2899ACB26C0325CF4B24B6B3154E52805", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536438, "uuid": "339e7f04-a5dd-4e64-a852-ab6e60bfdf96", "value": "96:ckzE2SZtzciBCWF5gGtzaL7apWQ7WwZjjrRCr0A5nE2:bzE2SZ5c+XJrWwZ7RCIA5v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536438, "uuid": "69ebd4fd-805d-4ef1-a312-115fb108d7ad", "value": 4320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536438, "uuid": "00a14964-e396-4ff0-8bfe-840e94388222", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536438, "uuid": "f7ff6146-c09e-4a04-a972-58d469bccc2b", "value": "PO24315.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cf49dbd-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627548210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548210, "uuid": "9d51edaf-f2f0-43e7-bc2f-df94ecc0c522", "comment": "Malware payload (Formbook)", "value": "989ff52398498807cd579c9292d2ca47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548210, "uuid": "5e80f841-e3e5-4a3d-8c4e-fbfa7ef7ee32", "comment": "Malware payload (Formbook)", "value": "9445483350a3ed0479eed69073869e73b7837327bade374605b841a560a6ee70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548210, "uuid": "adf2607b-a619-4ad9-a83f-7e6c7e7a301e", "comment": "Malware payload (Formbook)", "value": "26b1d6def0486063ecf91c95c1cd6966711d7655", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548210, "uuid": "1d15c750-ff9f-4b80-b89e-73ead2910882", "comment": "Malware payload (Formbook)", "value": "5193adcc8d03edc7aee0eaa87279876304b05264bca243bef82583b520c58270ba1b090c24c2eb398c095fca12b0d9e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548210, "uuid": "1a184f4e-2353-4852-8b39-13aa2a399e22", "value": "T117359E217AC4DB1AE16F473A8EEF10100BFCF95135B2A7687DE122FB4905B61D4782DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548210, "uuid": "d4b9398a-e9a3-4bb8-9963-df221db91ba2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548210, "uuid": "6abfe1ab-0561-42c2-aa17-ddcb9105288e", "value": "24576:EqaPJbYNjPvZjQ5/doK64Jtfhk0zKXkA:EHPJbY1RK64JpGkA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548210, "uuid": "3586d816-73c7-4104-beb4-33da1641256f", "value": 1073152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548210, "uuid": "c7a54678-e916-40cc-9eef-4d87051dd484", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548210, "uuid": "953ad623-2246-4187-904a-f46d47da4d1c", "value": "989ff52398498807cd579c9292d2ca47.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95e47cfa-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535555, "uuid": "983be231-c097-433a-bdac-11764b1d1038", "comment": "Malware payload (TrickBot)", "value": "ac679b0f8f1cdd49a40d0a94e6d6dfbc", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535555, "uuid": "945195fd-def5-4814-919a-79321d2706d1", "comment": "Malware payload (TrickBot)", "value": "9455ddfe6d277f0575bbfde978d2b376ae475639e3e00a6bb7ffec9015f42504", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535555, "uuid": "f164ffc2-a840-4b76-94b1-68ef7fe39ad8", "comment": "Malware payload (TrickBot)", "value": "5b5b7efa2dd89b30f78be441452bbdc8caacb474", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535555, "uuid": "dab88759-3ef2-4729-b440-ce45ccc1fcdc", "comment": "Malware payload (TrickBot)", "value": "ae057c8cdb13dada7ce537fe458b6e0170e87a1b08d44d15ebb62251688ff058899f62f71de8efdf6575273503394afe", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535555, "uuid": "0cd34508-32f5-49e0-b7bb-6f3f5a5e9f13", "value": "T183831DD86BD0E417338D2F17FE0A3AEAD1BA6C5696C47507D1587A4C28ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535555, "uuid": "1d905a11-857d-4b31-98e3-7782ea32d5d9", "value": "1536:4abWObL9AyU/9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8GpY:4a5vM/9Ry98guHVBqqg2bcruzUHmLKee", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535555, "uuid": "7ba4fe1c-66f2-475f-9b46-ca737ba98163", "value": 88619, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535555, "uuid": "4d7e5f65-b5d1-45a3-80fe-0e3a4acedf4e", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535555, "uuid": "f15271d5-0b1d-4411-8b16-498b3e26d51b", "value": "2021APT-28_44382453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f36f898f-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535282, "uuid": "7f0d6de4-a8da-4952-b33d-5786ad058233", "comment": "Malware payload (TrickBot)", "value": "218db3570d91948e0d8bff2434a26535", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535282, "uuid": "a519df7e-4d12-4b5a-8ee0-1bd49c9bea25", "comment": "Malware payload (TrickBot)", "value": "94634447e43ebfd981683c39395307f7485db318a7047a9fc155d0e02b7e4378", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535282, "uuid": "caf03e8d-8f09-4283-851d-18314e750b8a", "comment": "Malware payload (TrickBot)", "value": "6f8bd56efe27dd3be5e2c7d70d95b520e5b89a00", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535282, "uuid": "5742a34e-ac49-4b09-93cd-9b8f0ce9b0a8", "comment": "Malware payload (TrickBot)", "value": "88e14391d31e570c2e59fbd3dd78ce193fef09fe1327ee5ac8dd04f0112e708ddc6ff4e4f84166a532ad68c2e8dc2d15", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535282, "uuid": "85e356c6-e164-4ac8-91cd-f8569d672af5", "value": "T19F62D0701EBA1362EB9FB170738B2206490CD0452C006E4AFFFBE65A17316ADED4F041", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535282, "uuid": "14309164-e7d1-4f57-a32a-91b7472eccd2", "value": "384:5OA4aOewiR0QY2TvQTSnaDVIY39sJFhlST6E/q:AAnfDRNpaDSYSZ8Lq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535282, "uuid": "b9722a55-e2c5-424d-b609-38d3ac3c0fb0", "value": 14563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535282, "uuid": "cc858ef8-85ac-44d4-946c-f5e74ced302a", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535282, "uuid": "9b122be5-905c-4381-8fb6-c818eed97df4", "value": "2021APT-28_16272453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9380334a-f094-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627580648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580648, "uuid": "a445b784-4797-4372-82d0-83d955b31943", "comment": "Malware payload (RedLineStealer)", "value": "209f155a20f765148d956b20c41973ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580648, "uuid": "33e1765c-4850-4451-94d0-238eaf910a5c", "comment": "Malware payload (RedLineStealer)", "value": "94a1e49bc60423c53851e106d851164e1163b5abb60c53276e3fb9f4f912ef63", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580648, "uuid": "1c4cb08f-fa11-459e-ad75-eed50604f5ea", "comment": "Malware payload (RedLineStealer)", "value": "7c2883178f6eca08135128e37dbd16f1835408fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580648, "uuid": "5dbbc6a8-ee14-4a32-9673-00bb8f642b5c", "comment": "Malware payload (RedLineStealer)", "value": "5d8be374a66dedb39f93caf90fdc3399dedbcc25f655208c0aa2c4352d80b5cf478f365b464fb9de5104fe5496979adb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580648, "uuid": "d46e9885-e916-4c02-a543-8231e41fc31d", "value": "T15594BF30A690C034F4B716F845B697BCA43D7EA19B3451CB62E53AEE56322E5EC30B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580648, "uuid": "3e8e68c8-94c4-431c-a34b-a07c1786ff5d", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580648, "uuid": "1bfc4c56-d34f-414c-b410-33a3740383f6", "value": "12288:6PAs38Ojika0IUcIagkgJsjVz5KSKiPy:+3FjSuagXJsjVlK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580648, "uuid": "ce4bd7e9-2120-415e-a2f3-316960a20464", "value": 417280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580648, "uuid": "ee6e8686-68d4-475a-b5ff-6cb7277d2a3f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580648, "uuid": "cdc4f9a3-0a8d-426b-9f78-5d0ec0d3218c", "value": "209f155a20f765148d956b20c41973ad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "314afedf-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535386, "uuid": "1a2cf9d7-0960-41a9-8c8e-440fb24ef4f1", "comment": "Malware payload (TrickBot)", "value": "76bf2494ac3927e8d023d8c2d3a841b7", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535386, "uuid": "bd69d9c1-b99d-4185-86c6-ef499db34e2b", "comment": "Malware payload (TrickBot)", "value": "94c8357b7a776ea24317043ba275f48f3d43760d3ac7cfe0c676d68e6172ac12", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535386, "uuid": "435e2505-dddb-4cf8-8355-1bf5e9da8083", "comment": "Malware payload (TrickBot)", "value": "e7bbffc7976ee4f47de1c844c46470d8d864f22f", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535386, "uuid": "a14e449c-5d87-4be1-adbf-02e8953095e2", "comment": "Malware payload (TrickBot)", "value": "a42a69dfe6ad69869912f0e921e2f01001b00336f0f4787badb8e9a4430f19dd5b5af803266548d7149ee5a321205e5f", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535386, "uuid": "848bcc1d-4547-4e5d-b393-d52cb9ec30a8", "value": "T19A130273F2AB34EAA73A6D3907D5C6F4AEB716AF9D5AE5F5008610D19307C78508B202", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535386, "uuid": "aac64ee1-d0d8-47b5-839e-33862d40c596", "value": "768:pSuJC5UqfuV/PV6mQmAU3qnmHD1u3EigFf6hcDSmShjs5Tzflp8+FLgnDm3+e:kuJCxgvQdOqnmHD1+EigFCuShjsZphLN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535386, "uuid": "adabe593-4247-4099-94d6-c38d4270c4a6", "value": 43895, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535386, "uuid": "be9c4c62-b75a-4be5-8235-69149d0b7077", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535386, "uuid": "76389615-befc-4845-8b86-87f4bfdd62c9", "value": "2021APT-28_79422453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "478219f6-f041-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627544872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544872, "uuid": "748e5124-160a-4251-b614-41a1d785fe0b", "comment": "Malware payload (CobaltStrike)", "value": "94c64b0d319d702c886a261c9ce533f4", "object_relation": "md5", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544872, "uuid": "c2aca7f8-52a4-438d-9e5a-f7e1188844e2", "comment": "Malware payload (CobaltStrike)", "value": "954944ef6cdd1474ed35f27b790a7914156672cc7a1afbcc3214ccc1855ff12e", "object_relation": "sha256", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544872, "uuid": "8317fab4-9e72-4191-8a66-6df9ec5a0bd6", "comment": "Malware payload (CobaltStrike)", "value": "87766ad5ad114c3be467fe23875431f0c98f322a", "object_relation": "sha1", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627544872, "uuid": "89d504a3-ee34-4adf-8d71-4d16b46f05cc", "comment": "Malware payload (CobaltStrike)", "value": "9f9d3ca20f80103992e06b91ab879a6655f36df8b51ce0e17449845c39f0bd89ab0e0278edf5def27ab9204410c707a1", "object_relation": "sha3-384", "Tag": [ { "name": "assets.switzer.com.au.global.prod.fastly.net", "colour": "#5FC6ED", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544872, "uuid": "300c6ef9-cf1f-4b6a-89af-ced61663145e", "value": "T1B374AE3093A87DEBC8038BF44C0A3E455674A423BDEA5A5FB99434B1DD537D18EFAA10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544872, "uuid": "a119951a-caf3-4d07-9e35-0f2c5e3866c9", "value": "0b0c4e162fa8fc0cb6af9aaef19826fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544872, "uuid": "8757fc14-d943-4579-bcb1-c351e7c2e7cc", "value": "6144:ki/iwt+ibsr7uwx8K9kPYL4II3/4D7HUiaPpbgbB7PJi/1zgM6P6:kmt+bSRQ57X7JJ28e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627544872, "uuid": "fed305b1-ed38-463c-96ba-5f02f49d4de1", "value": 363520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627544872, "uuid": "66eb2ef3-3478-4c31-91ae-99ada2318780", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627544872, "uuid": "6694507d-fdcf-4356-8fa5-ec982b13136d", "value": "954944ef6cdd1474ed35f27b790a7914156672cc7a1afbcc3214ccc1855ff12e.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a936eb8-f0a3-11eb-875b-42010a9c0053", "comment": "Malware payload (RemcosRAT)", "timestamp": 1627587049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627587049, "uuid": "bb2c10eb-4ddc-4c34-b5db-ca7bb0245903", "comment": "Malware payload (RemcosRAT)", "value": "dae53a9811b6bb639191c85646dfb6ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627587049, "uuid": "2de6c20e-2742-491a-aa38-76618e13ac99", "comment": "Malware payload (RemcosRAT)", "value": "9619dd90b103cea6ed31462e70f2419900b0f943295a7b773a0a77504ade15ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627587049, "uuid": "38f9201a-2233-4c5d-bfc0-f5d112053da6", "comment": "Malware payload (RemcosRAT)", "value": "22824eb1d9f33bc6ee7d61267705eff8a635f377", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627587049, "uuid": "e6361a32-0fe7-4c0e-9111-2bf8ba459843", "comment": "Malware payload (RemcosRAT)", "value": "ab148c8bbdb1ef0331f71af003f876312f60831399982875c4068d18556d0df15722cffa806a2432c37d2e9a0d1fe826", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627587049, "uuid": "5ffed107-4ded-45dd-872f-622d9ea2b412", "value": "T1F5057DF676B39937ECB305B84C0BAA7C891AAE101B10794136FAD9484FB614F3D7A057", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627587049, "uuid": "53cf6c82-3cdf-4a49-b1a9-b41fe509c34a", "value": "641b05b4dc6d8389ff08a789834da953", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627587049, "uuid": "8107b455-78c9-46f5-b074-1a6d8751b126", "value": "12288:M7SqgtacuhJPH33i8ii74/vUagbqgFRWvqoHUL66opspF0dh0MgJ:M70uJ/3/ihLSXRfwdha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627587049, "uuid": "9d9f5944-4877-46ba-94db-1230a2271661", "value": 865792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627587049, "uuid": "18fb7411-e3f8-4d6f-995b-a5a98f8e6d14", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627587049, "uuid": "bd6e5ed7-e383-4480-8637-f543f500ffca", "value": "micro.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ff5ae5a-f089-11eb-875b-42010a9c0053", "comment": "Malware payload (DanaBot)", "timestamp": 1627575864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575864, "uuid": "0c3f0068-e1fb-47d7-874c-1c707f694b15", "comment": "Malware payload (DanaBot)", "value": "efd88b54cb2cb7330c632e3602c2ae58", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575864, "uuid": "837ac2f7-a836-4e9e-9147-9b112bfca3f8", "comment": "Malware payload (DanaBot)", "value": "9649af1104cfd972e86b047703fe04b3ae21ff4620754d91cba542fa33a59bc0", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575864, "uuid": "b8a2732e-c107-4d5d-8715-24fd66161b95", "comment": "Malware payload (DanaBot)", "value": "9049eda2cee0cef67702773404d41b9e3f8958e3", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575864, "uuid": "782839dd-5af9-40d5-a3d4-3eb5e4a15ad2", "comment": "Malware payload (DanaBot)", "value": "9ab72e838b9137d89d7ad026ea2ec1a8df963cc0351e201826b39201dff3c8aa71b85866c63ac0cb8dfeee1346875dcd", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575864, "uuid": "9929b96f-0143-4220-b943-897d5d7b367e", "value": "T1954512307A91C435F5B710F846B6937A693D3BA0573450CF16E626FE02252EAEC3279B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575864, "uuid": "b1b9892c-2a8e-42b0-a0ba-9f29e476737a", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575864, "uuid": "d7e8f969-e0a9-4855-ae66-640f82ecbb42", "value": "24576:hKsIfstD6iQybmavixH7K0FVMtnRSY5EmVRL4DGrQn3N:H/QySmf0FVM0qrQ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575864, "uuid": "7f71b4eb-ff36-4243-a97a-ef3060d9ceed", "value": 1226752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575864, "uuid": "c59e7eed-1354-4918-869e-8195c8245baf", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575864, "uuid": "93dff226-5590-4dba-9943-c416d82e5d11", "value": "efd88b54cb2cb7330c632e3602c2ae58.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17d0a089-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627580011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580011, "uuid": "7d7eddc2-0193-4131-a8f7-9f4736497df3", "comment": "Malware payload (AgentTesla)", "value": "43760d04c72a063a5362e59348d637f2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580011, "uuid": "e3d4e521-9935-4ff7-9ff9-ed6afa2b658c", "comment": "Malware payload (AgentTesla)", "value": "96aa64a34e614014eec56b7c113d7e67ab03ebca68cf3e866025b7109f917ef9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580011, "uuid": "1acbc879-c6e1-4912-afa6-735fc3ac6def", "comment": "Malware payload (AgentTesla)", "value": "79e5b552ee18ae73ab414077408d29475a252891", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580011, "uuid": "271480c8-8363-48b4-9c9d-95094650d4ca", "comment": "Malware payload (AgentTesla)", "value": "11ba3cf043fcbc821bb25af4efedb911f16b7247ea0740afb004f93c690ca453b855fda2dd09a70afb9e2be84be1c45e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580011, "uuid": "be3afa11-d32c-49dc-9a66-49d539505fb1", "value": "T1E415BE2085CCEB9DD8BE0374176C0274AFF0A942E1B0EF686F5545B4AC91B61F6BE346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580011, "uuid": "14de9a55-0659-4e3c-9fcb-0dbbc56ac5ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580011, "uuid": "68bf2ab9-aa86-44af-8dfe-db89b19bb02f", "value": "12288:K2pchHng4FczV7iS/d348a/eeLFTEvwvO4VeqKKEnE5yBQqXu8YEbcsYI+T3c0ol:HcBg4FssS/d36qYv9VeVBH6EAOYUc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580011, "uuid": "d96e44ca-04fc-47c3-994a-b7aec0ab76a0", "value": 941056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580011, "uuid": "3033a5e5-25cd-467c-8c62-33fb9b28ae8b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580011, "uuid": "8bc5586e-80ef-4861-aa1b-7e97a9e4deff", "value": "Confirmaci\u00f3n de pago .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af64f11c-f069-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627562226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562226, "uuid": "cb64a0d3-5317-4d28-8bfd-4ff251d448b5", "comment": "Malware payload (AZORult)", "value": "1ea32dddabc7401fa9f12e5f4c01c209", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562226, "uuid": "9e2903fb-f8fd-403e-a02f-09c22e4a7136", "comment": "Malware payload (AZORult)", "value": "96ef205b273f3f89847c788c9b63797a5fcf899c4b25106f7a21ab57311e4c2a", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562226, "uuid": "5bc10a85-7f2e-4f48-9b12-cf6c5cf57e07", "comment": "Malware payload (AZORult)", "value": "f69624baab8c14252db2acc17d6f83ba111e6d72", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562226, "uuid": "be33baf3-1eea-4821-b07c-88532103f458", "comment": "Malware payload (AZORult)", "value": "c0e2ad44573e23942a9a97d2f1e7a687f9132200b81b5249c4b32cbddfeed1781024b6b5b1197cfd66a49bad5c298143", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562226, "uuid": "21221c1b-c369-4116-8e56-9d9df6863089", "value": "T11C94C05971C96190D4265E3C0DADE6F30B1B78943EB3A939FC867F9EC470C2B4B25229", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562226, "uuid": "1fc1d0fa-b2d8-405a-8c6c-1768a56d2543", "value": "913f6d6ea2411a4c15c51f2a8b2b970a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562226, "uuid": "0650e0c0-3787-437f-9f48-c0329a9bac1e", "value": "12288:0Z4SZt7Ru5igkb6Beigj+YGpvLrY9c3UbzeP6:dEttu5igk+BMiYGpPNUN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562226, "uuid": "a272e287-c9e1-4f4c-bece-4f5b47775fdf", "value": 409571, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562226, "uuid": "99c6bbc3-01f9-4a99-908d-ff0f77d29074", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562226, "uuid": "624b87f7-b6ed-4082-b327-a24b968f4223", "value": "transfer \u00f6demesi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3842469-f051-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627551899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551899, "uuid": "cd72bfb9-b40d-4048-a43a-213984914097", "comment": "Malware payload (CobaltStrike)", "value": "d8043c83caad8f040877fca78c31ffa8", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551899, "uuid": "caaf6076-95a0-4d4a-a607-d690ed5e888b", "comment": "Malware payload (CobaltStrike)", "value": "971c693bc67cf7b4b9655282b815bc1ba10ee937f1736ba1ef5fdb7aea392f6c", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551899, "uuid": "b15983c5-2800-4abc-a37f-74334ccdfd03", "comment": "Malware payload (CobaltStrike)", "value": "4c2c4154c2530686f9da216be762359d7d58ccf8", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551899, "uuid": "8b4e520f-4634-4198-89c0-424bd6983d15", "comment": "Malware payload (CobaltStrike)", "value": "cad7d992180516a500ae152090fc2dd1f4331e08d98c5c38a5073b33b3f8893a618cf452f164ce960f5b3027d08a2802", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551899, "uuid": "5367ac84-ac75-44d3-b622-8e4ca327904d", "value": "T1B8E27BCB52245C76E927C97DEBC0CA1BEDB5F44056F1D29E133A82A41F53321B1AE328", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551899, "uuid": "11631238-7104-4a2e-852e-a29acdc77c31", "value": "5ba8b48475bd58c9a7045240b5df9ce0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551899, "uuid": "c3f49f3a-b02f-4e07-976e-8e3720be0964", "value": "768:HMwOYA+00+aP3UZeefHPorXyEG6h55Yi6sIIa4J1:swOYA+9RcZeeYrXkM76sIIf1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627551899, "uuid": "6d9b89ba-84dc-440e-a718-8097ca947767", "value": 32728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627551899, "uuid": "5acf9e56-9b1d-42e5-bf7a-108b6cc33ae9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551899, "uuid": "78617733-41b0-4f70-987d-26f12d9e0ed2", "value": "971c693bc67cf7b4b9655282b815bc1ba10ee937f1736ba1ef5fdb7aea392f6c.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30d4b184-f08d-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627577476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577476, "uuid": "2007c246-c1cc-4ae5-825f-38b601bba298", "comment": "Malware payload (TrickBot)", "value": "d3443644a702ec59c73215763672908c", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577476, "uuid": "e63e88ba-b834-47b5-9886-10b45444be27", "comment": "Malware payload (TrickBot)", "value": "9753e3a6a69bf6dc609410d4950ea0943451e9b55c032dcfe0dbd7e4359e0c68", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577476, "uuid": "771017f9-e723-480d-be1a-0c56823f90b5", "comment": "Malware payload (TrickBot)", "value": "a53844dffa17ba3702cfa9f50118f53a3c0540dc", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577476, "uuid": "fce60408-fc0a-4460-8df3-0842359bccb0", "comment": "Malware payload (TrickBot)", "value": "7c6aa02e2cd3b431db8c051d00b1e7407f7b7e3a08e082873abb3d9edbeb4d09c4d8ad7e41ebd21d3d7021c3db900adb", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577476, "uuid": "a0dcfe37-fa86-4c0e-b900-786b4d9ba2c8", "value": "T19F6174FD7D59A1D138AA15892BEF6064BCF4EB330C09EA1096C1AE5D3D602DD9C97CD0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577476, "uuid": "f2aaa19d-e4ed-4b15-9119-3453e271ee51", "value": "96:8MC6HYPIBZ3cKuqaarczyYS94Yhqyurb4j2sZFDIKkRgkRmRx3qO0hp:8MC64PurlczyYQjhq/rb4j2IFDIKkRgw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627577476, "uuid": "fb263e51-52ad-45d1-851e-a60672a76ffb", "value": 3223, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627577476, "uuid": "1f290201-9f8f-4cde-b8c9-6f663c3cae5a", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577476, "uuid": "2b903d73-5bd6-45a2-ad40-4440b4a73ce2", "value": "coreForCode.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcb0a9f0-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535298, "uuid": "1302a0d5-6dcf-4a26-8f09-85f33ace9c6b", "comment": "Malware payload (TrickBot)", "value": "21d48f9e1b53b5f209cc8e26425ea90e", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535298, "uuid": "3ec928a2-c57f-4eed-93d4-668363cd6488", "comment": "Malware payload (TrickBot)", "value": "980fda231d5804103428c7840e220963a97e848ec21351e4e76eeed6add80dde", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535298, "uuid": "16bc93fb-8835-49a9-9144-b78eea82e4f9", "comment": "Malware payload (TrickBot)", "value": "8de072fa4af6622cb29bf653920e87b45b6d58a0", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535298, "uuid": "5d00adb1-950b-4c3b-94e1-0335de4aa361", "comment": "Malware payload (TrickBot)", "value": "bd8099867f36891ec3dcea3bdc6574cca3122648cbe7216984cf2cf606656d8dffc3c90552a59b586bd722d29941b494", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535298, "uuid": "7754f973-7d79-497a-a91e-fb41f03dd3e9", "value": "T1C162D11D29C80F47C045CDED95FD920B57767FF82C1CE5BD243696AC8A28278380BEA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535298, "uuid": "2a71e6b7-3617-4254-8876-bd29f3c8e0a7", "value": "192:+dI/mmvPcNdlCDdkhJ3vnHZVs4yKLSBhJIGV0oUXXRzr+BBq8N1pg6hwc5HS63Hg:+sm/NdzL3/yKmV0oKXNUNPSHUHed", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535298, "uuid": "c783bf1c-ac8a-4e2c-97c9-f15c10805e25", "value": 15549, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535298, "uuid": "1887d138-0c10-4cb7-8da3-dc8b563929f4", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535298, "uuid": "b291a868-fb87-4bae-b597-fc732675d899", "value": "2021APT-28_33480453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "749a8e25-f0bb-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627597347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597347, "uuid": "60a42247-9086-4a7e-9d95-ffc0ebd6ef82", "comment": "Malware payload (Formbook)", "value": "c04f70436cf53db113a202251a48c4a5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597347, "uuid": "e9c9f439-cc44-461c-a986-00f2a39abe87", "comment": "Malware payload (Formbook)", "value": "98308710dc37148bf2d9b00829e791e1b2eb92703e1cd80b13e9e1a58d751651", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597347, "uuid": "09c71aaf-6897-43db-a085-d17272035581", "comment": "Malware payload (Formbook)", "value": "f677a68c0cf634372001f5506c6681e06e5120a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627597347, "uuid": "83a7a8ba-d8b6-41a0-a349-b1c1783d7bc2", "comment": "Malware payload (Formbook)", "value": "2b782529217852b5e284053ae59cb3a28614493ee379fa1a8c949acff29e7aff947f2a79d85fe8c1dbd7748ebc29a8ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597347, "uuid": "b5d10a8b-9abf-471c-8897-043526efe187", "value": "T1C655E024C98C9FA6CC5C03740A9946745EF1ADE6F270D46C3D8E32B1B7F182ADAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597347, "uuid": "d13f2a96-4acf-4488-88b0-d6a10c14171c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597347, "uuid": "1703a837-6cb0-4932-91ab-a0fb5ef121f4", "value": "24576:G3S/d3YKzks/ksNBRWSnlbLF8CRAd56w/PdGhopy8jhMN6ZNbZ:oKJBRfnFFZUoishopCN6ZNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627597347, "uuid": "15ef5175-a09e-4665-b0e4-b10f2e4444c6", "value": 1328640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627597347, "uuid": "9e405e71-f849-424e-a9aa-c3eca94a3e91", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627597347, "uuid": "10201b1c-3932-42cd-b291-82a756a031ed", "value": "altnp3zI5hfg3Eg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85724b54-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595227, "uuid": "46c469a6-9b2b-414c-9032-47152c985bca", "comment": "Malware payload", "value": "7b9ab8b82d4f188fa8f476ed7c6c7176", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595227, "uuid": "74ee5dea-abaa-427c-8366-69c8f0fc1b31", "comment": "Malware payload", "value": "983ce11731c8aae08bc71c64f6d710c7c7b36854ceece5121688d166a07c2064", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595227, "uuid": "c71cf431-844e-41bf-b956-e37b6cb5b477", "comment": "Malware payload", "value": "5bdc98ea3c4ab0a2a4ada3d642eb1c467fd7a795", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595227, "uuid": "f9b32e12-924b-4ad1-a7eb-ac8e5797f6ff", "comment": "Malware payload", "value": "07f18b37ad0d784ab26c821ffdf7ea083bb92eca43584aaa1ef5dc3fedaace3f74b4e8c896404aea2b978198543756fe", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595227, "uuid": "46b8d74a-d1e7-4e16-a45c-68fee57c7b6c", "value": "T18092D1B4972EB223DB9C95339841C8E650776C83C7FF626BB08462C358EA1C84FA4F51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595227, "uuid": "597fb8ed-a4ce-4692-beb3-b958aaffea66", "value": "384:6jKJFNBeB7wE6GqVWqF7wA63yO0KaIC4bz81eK7DAPnifxMs7tcyiFqcJAJ:HFLGMFF7wH3yeN181//AafBtPs+J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595227, "uuid": "55cefb3f-0a5e-4b6e-af41-b2f9951d361e", "value": 19972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595227, "uuid": "5d0bf7c5-667e-46a5-ac00-e6f6090c426b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595227, "uuid": "4debdecd-4587-48a5-9ad0-ccf64c03b6d0", "value": "SecuriteInfo.com.ELF.Mirai-BHTTrj.1344.26331", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4eb60660-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627557769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557769, "uuid": "b1803781-707e-4db5-924c-5195229a0bf8", "comment": "Malware payload (AgentTesla)", "value": "08edb7e2e79541181e0af859e8bd9d84", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557769, "uuid": "336b29b1-67c0-4ad3-af89-94a50247ead4", "comment": "Malware payload (AgentTesla)", "value": "9841cca728f50d23427f64f173044a484f3fa16cb455b254f5bef6a01f95e7e3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557769, "uuid": "29a291c3-57a3-4688-a451-91d1c5326ec1", "comment": "Malware payload (AgentTesla)", "value": "f80cf937ee96d926047adc74ae787c5f8bf9a223", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557769, "uuid": "aeb24ff1-12c7-487e-994d-c7a5f1c7f640", "comment": "Malware payload (AgentTesla)", "value": "fafd440bb1f0bc33668756cdf7a226b3429bd2a6f5f428a362e04b48498d0f699c7f0c141f871f4bd57076295f74d282", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557769, "uuid": "8568478c-9367-410d-9bca-88c6a1b0c7ac", "value": "T1DC91F8610FB80C47CE419471E97CFD312AE2F669A2CB06D423EDFAA1062F324532A582", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557769, "uuid": "aa4e2ce9-f45a-4b81-aec1-f45c71cf47aa", "value": "96:NfO1oaVRLbyJtpQi0QOTH92+O5/0HurCa9GpWN8SL:J+TQOhWsHqZwWNbL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557769, "uuid": "d5d05d70-df1f-40ad-a95a-ecfd069d2994", "value": 4313, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557769, "uuid": "bdd74faf-4d7f-499f-b367-aaded029847f", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557769, "uuid": "3d0938c2-1bd3-4197-92af-b2569a6d3d08", "value": "order PT Macropharma.pdf.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a6f1143-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (BazaLoader)", "timestamp": 1627575076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575076, "uuid": "a7e01357-a637-4c57-841d-818c3a1a04a6", "comment": "Malware payload (BazaLoader)", "value": "d68207a53432cdab35cc3692b385f065", "object_relation": "md5", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575076, "uuid": "e455dd73-2f25-4011-8aba-f98ed6fd95c5", "comment": "Malware payload (BazaLoader)", "value": "986d22f03f04424181bc773a42db6283722baffe40b031d97c9562ab0ed8a6ae", "object_relation": "sha256", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575076, "uuid": "61a602cd-aea5-4fae-868e-5827bb983aae", "comment": "Malware payload (BazaLoader)", "value": "6037567a44fc6fd5e44519ab6a205ac53ba97fff", "object_relation": "sha1", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575076, "uuid": "93cf40f4-8a63-4df9-89a0-135f2f3f07ab", "comment": "Malware payload (BazaLoader)", "value": "a6876246d246ee8997cc46dd3d892f753b600bc25e4bd687f794d10729ecd5c06121f9bb2aecaa0272d34a2763e3dade", "object_relation": "sha3-384", "Tag": [ { "name": "bazacall", "colour": "#F247BA", "exportable": true, "hide_tag": false }, { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarCall", "colour": "#988BD8", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575076, "uuid": "509b2d82-a72b-48d5-b15d-17e71d346248", "value": "T1A7B48C45FAA485B5E06FD239C9B2864BE7B2349C4B7497CB4298872D2F336E15D3D320", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575076, "uuid": "b824e827-87f4-4e41-aa8f-59166c26b019", "value": "a20b734dd6778afe7198f19f86ad494d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575076, "uuid": "c7218616-3ba3-48ac-8825-7882ba95e516", "value": "12288:60yCotCdmK6d2DHLej32Ea8uG8VgL8YwV:QTCgd+HLeZuG8VWw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575076, "uuid": "22f25971-8c0d-4e60-a2b8-03eec2c17740", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575076, "uuid": "353dca30-a9a4-482d-89ac-7317cf2d5ce0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575076, "uuid": "0f107fd9-fe3a-454b-9cd7-1b73973ee10f", "value": "vWJpojwO.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "654fc212-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627558237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558237, "uuid": "b5289802-c63d-4300-a328-fe9acb9e8402", "comment": "Malware payload (AZORult)", "value": "a51be555c96c608f897f8d5fb8b291a0", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558237, "uuid": "d89e4da9-b469-4684-a514-1322c446acff", "comment": "Malware payload (AZORult)", "value": "98731563833b5df1e16acbc3fc3033f5d05c4c7d35cc0eab5d2a0d5bb2fb3a3e", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558237, "uuid": "507bd716-6775-4140-8e69-c364ac4f65a2", "comment": "Malware payload (AZORult)", "value": "e03dc375b737cb85b5a97210a9fb91086120462d", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558237, "uuid": "feef0a62-ab07-4676-8bd4-8b02d3d5fb33", "comment": "Malware payload (AZORult)", "value": "df1959202dda280288ff74d02dd9315108c3a55e9d8c1b6f9e97a335565a3b3bd15b0b66127e1cea3f4b118cd671c384", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558237, "uuid": "9827c643-0810-4139-8281-489389efd02c", "value": "T182058B26279A0523F77991757653ECF5F650BE92AA008E0B92C67F8734272C1EEC0C6D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558237, "uuid": "c05abc6b-7d1a-44c9-813b-05e1d161288a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558237, "uuid": "4182d699-ba03-4379-ace6-749f4404968e", "value": "12288:nPEp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXLdBxeQTYuL:Ppdj7os9s48gu4tEsFnoGLmlXB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558237, "uuid": "34788e45-b9e2-4fc1-b39e-03cb633fa637", "value": 843776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558237, "uuid": "edd58131-ecb5-4057-88f5-3185437b0528", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558237, "uuid": "b067f3fe-6151-4181-a96a-32eaf690a7c3", "value": "RFQ000169904#.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed9f4a5d-f071-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627565767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565767, "uuid": "af5cca02-7817-4066-8141-f2ae1f8998da", "comment": "Malware payload (AgentTesla)", "value": "6c14edae75fc0e904721728035fc15b0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565767, "uuid": "11f3325b-3291-4be0-a18c-30e4c30703bc", "comment": "Malware payload (AgentTesla)", "value": "988954279d7d6998885c73e4436ba19eeb6f5875262e562b655454c93d60ebdc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565767, "uuid": "254e8f80-5619-487a-8e04-30fac6642dee", "comment": "Malware payload (AgentTesla)", "value": "7606d7a4d7db5c732eb2167b1fa0182213e53b85", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565767, "uuid": "8a5ea339-ebf8-4be7-97ed-1fc48b00aba0", "comment": "Malware payload (AgentTesla)", "value": "9b97d9217da662596d8083d31f66c75bcb75aab0b5d61bf1f7efc56e7c1a57225f0ce21ad541786e18092b7d4ab8fbc3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565767, "uuid": "fd51a400-fd3f-46a6-8fe8-13eb0f683323", "value": "T185359D22B5C5CB29E52F833A8EEE20204BFCF6113972DB686DE163B54909F51F5311DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565767, "uuid": "ec6ce94c-96ec-4a6d-907a-73bfc581140e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565767, "uuid": "5d82ee77-6c14-4c01-91bb-eba3aeeab542", "value": "24576:3+ev+ebqzGV5/d37UK6x/Hm+6rIhw3oTRZ9Q/OMuanC:3+ev+e0kUK6xU2aSZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565767, "uuid": "7e7c45f4-52ed-4787-98c1-e40c79e3788e", "value": 1142272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565767, "uuid": "1b56bcbc-17e8-4c86-84b9-28c4ab8be3ec", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565767, "uuid": "c2f8602c-6865-4f33-9222-d55f73647812", "value": "New Order.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90de0015-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627547572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547572, "uuid": "6be76c7d-f038-4085-abe7-8c0b35394970", "comment": "Malware payload (RedLineStealer)", "value": "657cb97036e9703a01d6073afe4e5ca8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547572, "uuid": "fdb68076-7a82-4bb0-b783-c870a5207679", "comment": "Malware payload (RedLineStealer)", "value": "993318d95cf97090412972dd7e5cec57bc6aab81acaf1698390b004bbe1ec4ad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547572, "uuid": "ad354ace-0642-48f9-964b-bfc1f7e67c4c", "comment": "Malware payload (RedLineStealer)", "value": "c70f700c3b027fd4b1dd35597600e6dc5fdcc930", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547572, "uuid": "42136f09-a423-4708-995e-11dbd2b6d9db", "comment": "Malware payload (RedLineStealer)", "value": "e6ec91f2dddd151a953fccebc24486121549c27fcb2afc4baf61c0c3d08555765e5e91b4aa97ae5d165cf15bd46ed33f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547572, "uuid": "0701ff53-77fe-442c-b194-ef12e384d63d", "value": "T17A84442868BFC01981E3EEA12DDCA8FBD99A55E7640D703701B4633B8B51B84DE4F479", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547572, "uuid": "54411a70-ff4c-4a7e-94fd-2eaef9f41fbd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547572, "uuid": "9d57812b-c305-418f-b418-5f5a5e754c38", "value": "6144:dM4Ry8UCSdafyExh3gSaA1mPoeDSLMA5ApLU3Onu7CaokeuRx3nI:dM4EFCSdafyExh3gSaA1mPoeDSLMA5At", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547572, "uuid": "3e07ba8f-5b6e-463e-9d88-ab5a8c38508e", "value": 379904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547572, "uuid": "18ca28b7-f1bf-42a9-a258-d851cfef8af2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547572, "uuid": "bbbef67b-aa29-483e-852c-5c166c78a10e", "value": "657cb97036e9703a01d6073afe4e5ca8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c469a8dd-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535203, "uuid": "f43906fb-f780-4bef-b950-4f573f954e69", "comment": "Malware payload (TrickBot)", "value": "c61b5feb59416456ad5de4aa0af3be9d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535203, "uuid": "13f53fd0-3e44-4db0-b032-831418ca98f3", "comment": "Malware payload (TrickBot)", "value": "9a64532d58ebd19e94cb7bc5a656295c19044e243d638e835e355f6afc898e7a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535203, "uuid": "ffb0f7d8-ca61-4567-999e-1b9b0facf0b4", "comment": "Malware payload (TrickBot)", "value": "b9641c358617a18740d2a92dd0a0392f846d7b62", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535203, "uuid": "8fb2edf1-6187-4d18-b1e8-306404ada0e3", "comment": "Malware payload (TrickBot)", "value": "ae55ef7f097b3c8b037abc44b968fdd86a7b7faae6524a26a74e19682c60abedb2eda245b8d16a6db0419ce122e98389", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535203, "uuid": "29a4e596-8bd2-4248-ac4c-167adfdffbb1", "value": "T1A3F3F5D4ABC0D513378E2F1BFE0A36EAD17E985292C07607D15C7A4C25E925BC2A4DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535203, "uuid": "a5f92dd4-d6a8-4ded-a33e-bee0160c0c4a", "value": "3072:USWH4ffY1YzACj9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gdi:eK4YzR9Ry9RuXqW4SzUHmLKeMMU7GwWG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535203, "uuid": "ef31662a-5b78-48ca-ac24-612f25d11da2", "value": 172449, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535203, "uuid": "4efdd4aa-c634-4922-ae8e-24226bbc3487", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535203, "uuid": "13c8cc5f-076b-4eee-8eb6-80f99f1d6150", "value": "2021APT-28_84042453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ce72739-f04c-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627549633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549633, "uuid": "98b123aa-2915-40e6-a48e-19aa537ebb7e", "comment": "Malware payload", "value": "6f529061c4bbff584928d4cf3415c870", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549633, "uuid": "7d0ed8b5-e8ac-48c1-9f6f-3a1ca0d73799", "comment": "Malware payload", "value": "9a91315d0ab6f4f23b4c3b6bf85996b655336c99f82f5bd59dacb2c1666561a1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549633, "uuid": "a1862033-432c-4c67-95af-bed67e2e1551", "comment": "Malware payload", "value": "857d8fb38adb7a4cfb5b77aaa619dc8cb9291056", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549633, "uuid": "b7b7d81b-1ca5-4494-b6e4-736fc87a0570", "comment": "Malware payload", "value": "1cae4bdaf0e16c9459a71067157cae5456ab8162f37b11a882016a2de5f52cbcd950030316fc95ae3013ded3cb03cc37", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549633, "uuid": "91f77af9-9a50-412e-aee9-cc278bfb6733", "value": "T1D084234D70A97826D5F75AB0143228471E1FE4B20566BFD08442FD05E57BDA8DEC2B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549633, "uuid": "f1d665d3-b303-4586-a129-a66d1a752e25", "value": "fc6683d30d9f25244a50fd5357825e79", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549633, "uuid": "7bfb017a-9284-4e13-8536-d375d856dba7", "value": "12288:7Bw4tn8y3AGmEvX+3IdpvX5E6opcLyXTHSsr8fF:FFtNfmEvX+i/hopIyDy48d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627549633, "uuid": "adbfced3-3fa9-4100-9f3c-b7a4dbf90367", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627549633, "uuid": "5e54fdd3-76ca-41f6-bc03-8ccb5651b3b6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549633, "uuid": "69d5aa86-8d73-4055-ab93-761bfa7c81a8", "value": "infected", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c83547ae-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (Vjw0rm)", "timestamp": 1627580307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580307, "uuid": "9f7b5e38-721e-4871-b4dc-d5671c5167b2", "comment": "Malware payload (Vjw0rm)", "value": "f187bff85111c74bffe04e7148760bca", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580307, "uuid": "270fd67c-2bbd-45b5-97f6-2ca9db338b83", "comment": "Malware payload (Vjw0rm)", "value": "9b5c6c579c2dcff5c35cc16f59c49bd0d903edb8730e1f4f5424d33fdc19a677", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580307, "uuid": "2fec750b-99e0-412b-9a32-41a381b01135", "comment": "Malware payload (Vjw0rm)", "value": "e0436fb2079b01df779d28a29d3b52b4e5bae191", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580307, "uuid": "f4c7d04a-73e9-44dd-9d1c-00949ea27854", "comment": "Malware payload (Vjw0rm)", "value": "b2373be797e45b7385814f952853f5527a7613c874aa433e0c0c7029a49adc8ee7bb7a7198100843e7c2ed11309b8e63", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580307, "uuid": "a19acc60-8bc0-4a9b-9781-2854d14ab88f", "value": "T17B81109D285BC63C53D27B8A802DD148CDF548B47E28D2B6248CDAC5360ED7987B19BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580307, "uuid": "06f6925e-8fa8-47e0-8a30-ae100985824e", "value": "96:SABNo5Ddk2c24ZRMHXE6/BIu+Ys+fJPDdQqR7bJyKhCOS4UK:zS22c24ZRMlBIlYs+fJrfRf7p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580307, "uuid": "ca4a7293-d696-4304-9504-60e450b10879", "value": 3875, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580307, "uuid": "28cf5719-c186-4b6c-ac82-653ff5d2e838", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580307, "uuid": "6e45770d-fccf-41bc-aa7e-588db7bc48d8", "value": "Invoice.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7c71b0d-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627571233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571233, "uuid": "71e5757b-4a43-4a5f-80a2-54be3402d28e", "comment": "Malware payload (RaccoonStealer)", "value": "4132ae1ad2b34151ae25eecb5e772f50", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571233, "uuid": "ee11084d-d0c0-43b3-9161-cfaebe872c2f", "comment": "Malware payload (RaccoonStealer)", "value": "9cbe6a166cd361a2b224b06f93d77a13c63cb14b1429d47db2f8f1003c655c34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571233, "uuid": "281c164a-3369-4b94-a5fe-3f1a9614bc28", "comment": "Malware payload (RaccoonStealer)", "value": "86a516eeeb7b523ac33597a097dc1024a0842384", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571233, "uuid": "7187bb02-a59c-47ab-9b9a-f77d1fd2a963", "comment": "Malware payload (RaccoonStealer)", "value": "3b6f9389f6f1e42d9c56433e70a06cb6acc77d269fbe291244e8bdea7dd165b8b99f7dc521ad870cb7d30a7b4f480ae4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571233, "uuid": "acf8f313-7028-47ea-b8ea-80ef27c4a359", "value": "T14CC4E130AAA0C035F4F722F846BA93BDB82D7AB0573450CF62D52AED46356E8DC31657", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571233, "uuid": "0025a862-cffe-4e3a-8c0c-e0fc9b9115b5", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571233, "uuid": "11a4ec4f-5b8f-4aa9-bc11-bf9d0dfdf7e4", "value": "12288:pY4Zuu3LIqDbulAI6VmyAMRhu5L8DUmr0TAz6ffV8ekvREI58qQ8B6:ppuu3LxbuNnyAMRhu2jUff+pZS8B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571233, "uuid": "f2f85c6e-8fcd-4f00-9277-a52a1654df13", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571233, "uuid": "8b77df2e-c682-4eef-aab2-6d905303e700", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571233, "uuid": "a18931da-99eb-4467-9c67-e1ad1f0d0e6f", "value": "4132ae1ad2b34151ae25eecb5e772f50.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5de3a5a9-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627548346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548346, "uuid": "7c57ef31-1d81-4d8b-8eb8-bbeb84d7da82", "comment": "Malware payload (RedLineStealer)", "value": "8b79bb72723018f7566ba8c9226c062d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548346, "uuid": "2d6f57af-8708-4fc6-86f0-d7b07bd98055", "comment": "Malware payload (RedLineStealer)", "value": "9cefdffb73daf4a060fd9b44803eec6795db46ed96d49e1c6cb34e4224979321", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548346, "uuid": "cebce360-c6fb-493f-b87b-7160ad149f53", "comment": "Malware payload (RedLineStealer)", "value": "b63844d1636575fee963e6bf6afb3d82572f55e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548346, "uuid": "ece0ee8a-f9a5-420d-8fc6-b57bae8da0a2", "comment": "Malware payload (RedLineStealer)", "value": "20e96e2fe21b6cc924805506bad4e1f9e684a8b33eab0b779f2bd93e27ee1daf754855d353b69d0e36f44da7fae4da84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548346, "uuid": "8925a87d-1eab-44f1-bca3-8c85b7598853", "value": "T127D4F130B9D0C039F5B712F446B69369B82D7AB06B3450CB66D51AEE07386E8EC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548346, "uuid": "b7be4c7b-e339-4c9b-807c-58505dfd3880", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548346, "uuid": "3b77a998-f87a-4383-b8fe-f6bb83e2dad0", "value": "12288:F0am8hmjiKMqiQfhSGb4gLEYMwMf2yQF6XPJNvtecEHwo/RT/0qc+uV:Dm8hmjwm9bVH0s6fJNvt5EHjmt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548346, "uuid": "c2e12e17-10ec-48f4-be26-06780598994c", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548346, "uuid": "7e4ae7c9-58ff-45fa-8bbc-bfac84b2c741", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548346, "uuid": "b492dd83-7de6-4805-963f-3a988a24d0e0", "value": "8b79bb72723018f7566ba8c9226c062d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f3b47b5-f061-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558737, "uuid": "16163a97-d1f1-4244-874a-099c3a6da08f", "comment": "Malware payload", "value": "865b1bb1332a13052fcc502715a1f0e0", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558737, "uuid": "f9a26c94-441e-4a33-8055-a5f47d96bcef", "comment": "Malware payload", "value": "9ef10db2487d7acbd0a4a79667565e62897685e9485f3d0e90f025544f744927", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558737, "uuid": "52ec6e4b-98c3-4add-8648-a580bec74930", "comment": "Malware payload", "value": "340373e9fb92018aefb09817855196a713473ffa", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558737, "uuid": "455bddf1-bded-42d0-b099-596881de4f4c", "comment": "Malware payload", "value": "86419eeb603a31d7137d05741cb5f30a0ed7b99a0dc6a69ebcdfe679795cd43b784f921e3a28c1b7bf63d5c43636f512", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558737, "uuid": "52517487-ab09-4044-bc1f-25be6bb54f1a", "value": "T19FB4231CEE9521DED2181CF23323C47604E8846AF5F3CEE256BA4A55ED4CBC45E692CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558737, "uuid": "fbb6a2a7-682a-4413-95ee-01e390cf7a87", "value": "12288:08w+MdmOx2PO26JBqdqx5+kBZ7lxlubKBXzCjy607Nt/pQ:RwHTxnJ4q3hZ7ViKBXzcA7e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558737, "uuid": "d0ff5b19-5038-4197-a291-31cae33d4dcd", "value": 505715, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558737, "uuid": "9e9060d8-0d6d-49d4-970b-c08c0ff1b1b7", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558737, "uuid": "b469bbb5-f2ad-445b-b02e-abaf19027cd0", "value": "paym_reminder_488876.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "304f40d4-f0c2-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627600238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600238, "uuid": "7d984122-ad5b-4e22-8705-0505c3466433", "comment": "Malware payload (Mirai)", "value": "ba0b8c6d23350af6a4587fb88002d302", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600238, "uuid": "db5a8b0d-65b5-4a7a-b2f0-9b4709ab91fa", "comment": "Malware payload (Mirai)", "value": "a0b70408c75eb10cf70c1e9cae13a222da2940c4586e7bd726622a451615cad6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600238, "uuid": "21036e42-04e8-496b-9652-9618b09d5773", "comment": "Malware payload (Mirai)", "value": "fce9c9fe4d545722fbe3ecf670d19d4c3ee7ebad", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627600238, "uuid": "0c791b88-9717-4cb7-ad7d-8e6777735e52", "comment": "Malware payload (Mirai)", "value": "c3e9d7455d411a640003e37206b94791264ff92ba567d7b67a0e7916011e4673d66640def322d5dc4f0406697f14808a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600238, "uuid": "24db93ca-c863-437a-861b-a6383fd51a9a", "value": "T1B0B2C0727015B4B3C7A200B79DEDCB83BA810EF8D0E8B3295469099DEAD5C42BAF1147", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600238, "uuid": "6019ebc3-5673-437f-a15e-c0429f4d8b51", "value": "768:qX9nxn8o9wnBoWzEQf2EjKb3pSfpqs3UozB:qtn+o9wjfBAZSfZzB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627600238, "uuid": "6efb130b-29e0-4c07-af71-de2b0954fb53", "value": 25004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627600238, "uuid": "592a45a1-c268-4e70-934c-02cf66cd522b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627600238, "uuid": "94f5d1a5-0613-4b34-be90-130032b17b4c", "value": "ba0b8c6d23350af6a4587fb88002d302", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a338d50a-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627571225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571225, "uuid": "44f5f45c-be26-4880-a137-7ca87f6c3d82", "comment": "Malware payload (SnakeKeylogger)", "value": "a50dcfca2bedbc9d465f7b22371a9ae4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571225, "uuid": "aa296829-4b71-4f8a-81b4-87ed940d9c96", "comment": "Malware payload (SnakeKeylogger)", "value": "a13293dce020d8dc1fb36ab5a6181f129dc2e9aa3b97417f5f5b62ba5466eed7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571225, "uuid": "4672825f-9893-4ed9-b375-d481e4a6ef29", "comment": "Malware payload (SnakeKeylogger)", "value": "4e244b01dbd01effc2e5dd6ff9052d0c94fe4c28", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571225, "uuid": "6eb87fa0-ab14-4dbe-8118-f06f6b117503", "comment": "Malware payload (SnakeKeylogger)", "value": "3688e541adcf6071a55437a6c750574d487d4f02bcd1e8301e5ff469b658f1dc6b26070e80ccd153b08aa2488a23cf75", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571225, "uuid": "4c195635-47ad-4625-8a28-62b26d0819d8", "value": "T14915E502EB5CCA71C870757B0A8B626E3766E4D7D7A0C7C577099A3D205AFC22BCD648", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571225, "uuid": "ede9fe8d-9e18-4a8b-84d3-38ac15df60d6", "value": "6144:QopQQy0mOTRcoy3DF/5892Rfx7iZ5a3c+Z5a9B923Aas9NFYtk7gp54t7qgnKj/Q:QeQQYwyzF/B1eSdILkqEpwAg/T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571225, "uuid": "c3ae09e6-b7f2-420c-aa30-a93fe834a30c", "value": 903561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571225, "uuid": "bfd0bd5b-f522-4f27-b957-68fc8d617c68", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571225, "uuid": "079bce1e-f1ea-42c9-a645-fb0b6e79ff94", "value": "a50dcfca2bedbc9d465f7b22371a9ae4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5107c994-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627557773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557773, "uuid": "35052b5d-d720-40e0-bb4d-2bad60bc3b30", "comment": "Malware payload (AgentTesla)", "value": "1f48f725e1a5894937bb7ad89acbdfa4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557773, "uuid": "9e12de9d-80a7-4d78-9a13-064435c64b7c", "comment": "Malware payload (AgentTesla)", "value": "a173b1ad98a853561bdfd1af7f41316c47c49672ba4df20ae824166a66f953fe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557773, "uuid": "ea249c2c-3ac7-417f-9dcd-0fa7d6865a23", "comment": "Malware payload (AgentTesla)", "value": "ad2ef4961481534651d4f9971b2e5f93ef58f5b6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557773, "uuid": "8787c45d-4518-4955-bd61-8c1dfa4fb90d", "comment": "Malware payload (AgentTesla)", "value": "313d6bd87a9764d4056c2aab476d5e9d7491146bd4427aa018f72faff82cb2bedb49d528d17b672dfc12b872b04df640", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557773, "uuid": "867cd8e9-772b-4aa3-a778-a59d21ec2837", "value": "T12D610964BA6C58E3E21E505AAED57C9DC15234A348C759C632FC6BC54308EDE9F074A2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557773, "uuid": "02c327fe-05b7-4316-9d7e-fbfdfe324d2e", "value": "96:pwMsi1yC0Zaj1jQ+0AwDC3isci08dIdRuI8MVN7yyL9zdu:Wvi1yC0Za1jQHDC3HcL8dInuIRVB/LxQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557773, "uuid": "3a8b22bd-57f4-4349-91b7-d68adc4ed013", "value": 3463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557773, "uuid": "21bf16ac-c8b9-4944-bb6d-90875be34c71", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557773, "uuid": "8b9796ce-19f8-42aa-92b5-ac8c9971361a", "value": "Purchase Order No. PHS-01521-22..doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0138906c-f03f-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627543895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543895, "uuid": "b6554439-5d78-425d-99bf-8a0d15363d7b", "comment": "Malware payload (CobaltStrike)", "value": "e8e26af11ed7f85a67c7a8c883fbd704", "object_relation": "md5", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543895, "uuid": "5711bd7c-fb39-4d6a-8a75-bcf90bea8ca1", "comment": "Malware payload (CobaltStrike)", "value": "a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774", "object_relation": "sha256", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543895, "uuid": "dcc5fcc3-53d7-4494-a12b-1842a6c5df32", "comment": "Malware payload (CobaltStrike)", "value": "fdc2b562fca2445c0804548315c61b7bc50176bc", "object_relation": "sha1", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543895, "uuid": "298d61d7-bd4b-4efb-8520-ed2ac5ef04d2", "comment": "Malware payload (CobaltStrike)", "value": "f2e3d31c43003c73c39582b7f5bc1eb3b1ecf4482f0eda4cf6fa3d9dc4be5fb0e20c7f7e9ab446068ff963ea6839e251", "object_relation": "sha3-384", "Tag": [ { "name": "185.123.53.33", "colour": "#28924B", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543895, "uuid": "0fb37443-28b8-4089-a943-4f167a7d2556", "value": "T10194BF30B7A1C039F5F722F459B593A9A93A3DB1AB3450CF12D42AEE16346E1AC30757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543895, "uuid": "698bdd2e-2274-4fa6-9daa-ef5e303a0f93", "value": "fbe702755e2fb4e20a84826fa92fd750", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543895, "uuid": "19bffe5c-fe95-4e04-9219-ba2d63e9ea0d", "value": "6144:a4WXu2IZ8UO63rJbPR+iYiUjCkqnMaD+HtGsrnk6slH4qJr6j9xU3WHLalj7RKjo:+XZIZTxrD+y/MoYIwEH4qJyrUmrahHd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627543895, "uuid": "d967e636-7155-4a9c-87dd-6e4a050bbf01", "value": 429056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627543895, "uuid": "81e79cfa-b333-450d-b300-a793b1c47763", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543895, "uuid": "efbee080-d41e-46cb-bceb-39f574d71add", "value": "a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed8030dd-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (DanaBot)", "timestamp": 1627547728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547728, "uuid": "cbdfdf7b-4be5-4639-b9c1-8186909eaf27", "comment": "Malware payload (DanaBot)", "value": "b19b5a3a677dfb6eb3c6c88bc14328f0", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547728, "uuid": "56e3fba8-5f24-482f-b6c3-be3010de6407", "comment": "Malware payload (DanaBot)", "value": "a4b1ad9683d5208a4cef9cd3aa5a055007e88d9f712163ea599feb23f6f43e0c", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547728, "uuid": "c4bbc19e-97ef-45ba-9252-fee6231b16d4", "comment": "Malware payload (DanaBot)", "value": "4157b1958b28e24e58cd614c2aa53c20f61d3001", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547728, "uuid": "de042e0a-fb59-4597-8c1a-b80db6d6ec7b", "comment": "Malware payload (DanaBot)", "value": "7cf281b8986478cf84e761938fbc7ab91de500a346f25b8b5ed8a9c2d6a76d125cea6663544c5552775120f79da083dd", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547728, "uuid": "97f3e900-f1b4-4a58-8858-cf863bb620ff", "value": "T106351230A690C435F4B311F819BAA37AB82D7E715731A4CF52E126EE4235AE9EC31357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547728, "uuid": "918a5c6b-7e83-4e63-a422-7e6906516c47", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547728, "uuid": "5d653a95-8367-45b4-ab17-9a45b9d138ee", "value": "24576:5Gsv7UJ0yshakeJYM69TU93f3PaCSMtvBWoLnbrac:JZysBeGPlU9v3PaFMt0+nb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547728, "uuid": "a7cbdf72-534f-4d56-93ed-c49556828729", "value": 1161216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547728, "uuid": "811f776e-c905-4d9b-a305-b1b89615a8e6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547728, "uuid": "447b2211-6d90-4a3b-ada0-929b4b3e733e", "value": "b19b5a3a677dfb6eb3c6c88bc14328f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ead3f71-f0c6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627602034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602034, "uuid": "e177aeda-a5d2-4172-9814-01270c9dea45", "comment": "Malware payload", "value": "631779ef3aecb4838360304f162dbd8c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602034, "uuid": "bd86e08c-6db5-4747-aa6c-cf015a1764fd", "comment": "Malware payload", "value": "a4c7d46ab94add85adc74f9686c7367fd82eaae508b3e2227db8e62930fb3da0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602034, "uuid": "3cd08fe1-427c-428f-b9f3-e9d3508c2883", "comment": "Malware payload", "value": "9103735e9771b40fb26b5b273683934dfea38402", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602034, "uuid": "0fe8b67c-dc91-43f1-94a8-8f9e86c0e6ef", "comment": "Malware payload", "value": "b8fe13c89e5ce7c22527cfa581a9b5e50669d22ab93619b9a14dc281e2c5c0deec67b19cc97062e437b53adb946cf923", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602034, "uuid": "82a43bc0-aa7c-4d5d-9b95-db2cfbdf0dc0", "value": "T1DEE47D10BA509835E1F362B54B6AA269631D35B12B2050CF72FC6EEE1FB45E27D3530B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602034, "uuid": "1bf6c41c-c4ad-4f6b-b098-f53cb7a95f9c", "value": "5423692ba88a3c92be390093c1045a0c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602034, "uuid": "23b3417a-64a1-43c4-a4d0-30846a0a77a0", "value": "12288:HMUpikM1ABVY4lsBnllWzwazxRvwe9QKC71L715+PoR5nFIlW2i:K4Y4lglQzwyxRvwySJLT5FIV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627602034, "uuid": "ec7defe8-4d09-4fab-a9e6-4ba294a8afd7", "value": 658944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627602034, "uuid": "2df5b1a6-cbda-4a1b-89d9-d66defba7381", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602034, "uuid": "145a57b2-db1b-4442-89b5-5dcd8882723e", "value": "beneficial.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a342492b-f033-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627539013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539013, "uuid": "03a35c46-1c01-4a08-a54d-37f3fec0b3f6", "comment": "Malware payload (AgentTesla)", "value": "4b00384427d2b432d615c5c87db53d36", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539013, "uuid": "c8bd6db6-456b-49c4-a50a-64e3f266bce0", "comment": "Malware payload (AgentTesla)", "value": "a50383b6ad4661cdf8d6b2acdba251a846999e4533761488fcf9e8e5abc8a11f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539013, "uuid": "8b32e57f-af3b-44ec-9ff2-3e9729ea1b04", "comment": "Malware payload (AgentTesla)", "value": "f5f660548acb92521c97ddc0eaf4b6acf8ae9d0f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539013, "uuid": "bfce2cf9-64a7-4171-8c2f-9bd0f18a5f92", "comment": "Malware payload (AgentTesla)", "value": "539db4069f4256fdd45a6f9689a032454a9177a84304ebf2ac62633c1dcb0a516c3fd1e538e5d4c8ad6e16ceecbde327", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539013, "uuid": "1202eda0-7143-436e-8e1d-27097a697ec5", "value": "T135359E2176C0DE36E16D933A8ECE10205BFCF62135719B68ADE322B34546B75D8B41EE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539013, "uuid": "45391cda-1c94-49da-a3e7-f4f96f435e4d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539013, "uuid": "8f9d6fd4-0f42-4cd0-bdf4-757ea5825b07", "value": "24576:EBtAvZk+3/d3dCK64J6OrqEcSQySqsqvWKd5GpJAroWdJE:ZkVK64JZvp5OK6TqJE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539013, "uuid": "992351df-6ce4-452a-b190-a32035da6369", "value": 1116160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539013, "uuid": "b4e5aa90-bef2-468d-9887-667e14c9b969", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539013, "uuid": "dfd6c78b-e0ca-45d0-8e2a-f948c6afe58b", "value": "Aro Pac SDN BHD_Enquiry_Scan_Doc_6077.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7124d04-f007-11eb-875b-42010a9c0053", "comment": "Malware payload (AsyncRAT)", "timestamp": 1627520122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627520122, "uuid": "c92e23d2-2676-4292-889f-a6c0c2ebfdc3", "comment": "Malware payload (AsyncRAT)", "value": "c70f8e0bcb114bc7e6dd688b63da90f1", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627520122, "uuid": "15e0c9ae-5bef-4eba-a870-34468115fdba", "comment": "Malware payload (AsyncRAT)", "value": "a566767c8788be9740934447f91402a0214f424b9ef32689c8247fedbacdefdd", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627520122, "uuid": "08b49806-d807-4f9c-a977-c607ae88412d", "comment": "Malware payload (AsyncRAT)", "value": "183e9930a7a2f449fd2bcabb44a925663da2aa52", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627520122, "uuid": "49489ff8-91cb-436f-ab96-2528123522cf", "comment": "Malware payload (AsyncRAT)", "value": "65a13af2bf013f429545d37c4479f31c1df4504d7c3df7c290c8f551919cabcd8183e3604c5e31f83330efde512680fe", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627520122, "uuid": "e4fef415-802f-4581-8dcc-ee9ce6fc8476", "value": "T18892C09AC9C4E502C961E2FC0520A2FB7A8D5A869307268B5C50F39E19C32CB577F7D9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627520122, "uuid": "09cbdb66-a9c8-4a18-8f94-f9a8f91712d6", "value": "384:AKT25Bf2Yp8eV+cFI/JNNIWyf5QYIBHwoGLsnwUPT:AKTQuYp7V+c+HI1fge2wUPT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627520122, "uuid": "a8e30e8f-4e7d-4718-97b7-2c48faf97f79", "value": 20179, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627520122, "uuid": "69915870-c51a-453e-97c4-9ad73c13ed89", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627520122, "uuid": "9f57340c-20d8-4a66-877a-493d03a4087b", "value": "INFORME Y RESULTADO S EXITOSO .xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adbfeaa9-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535165, "uuid": "c44d89b7-42a2-486f-b84c-5e4662d1ae12", "comment": "Malware payload (TrickBot)", "value": "1c98aae4605ce7fd63f29f9cd85cf407", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535165, "uuid": "aa2045f8-f0a9-45c5-bd21-ef25d69ee712", "comment": "Malware payload (TrickBot)", "value": "a60d2cc35cdd5d58b2e32b09a463ebca4a7d6690d6e8de92f4f01123f9797505", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535165, "uuid": "b1671ad4-32d7-4b0a-b4f9-0e680c8267f5", "comment": "Malware payload (TrickBot)", "value": "d73535859c23c550cddf52f57549dbada9f5b0b5", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535165, "uuid": "6ee44a2a-4f04-4291-98c5-e9fded15a92c", "comment": "Malware payload (TrickBot)", "value": "f648718307e959ea452ab4dea5063647eb5a806ba5150bf8d45f441228bd960ed7da875a67d2732fcb9f3fcdae1e53e5", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535165, "uuid": "04f56c38-7066-4c4a-b07d-a7d3afdc8c82", "value": "T1D13302B400D4F3DAD0E2A4B52C1BD0EEF24D504AA1B2057473565B48DAD25F6532BF9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535165, "uuid": "9a70565f-abb2-4ffe-b024-59be2b812162", "value": "1536:1eDhoviVXPoKEEI51e8g49wxTjy+MyICJauIt:k9ovEXP4xRwxTTNhodt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535165, "uuid": "a148023e-566f-495d-b795-850e3b200d2a", "value": 54516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535165, "uuid": "99e6ac28-5478-47b6-92d9-34e1167b29cd", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535165, "uuid": "6738ba6a-9209-41fb-b6d3-76949fd3c7ce", "value": "2021APT-28_28998453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a97a17fa-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535158, "uuid": "192b94fb-a16c-46e7-8b24-1ad4f7fe22ca", "comment": "Malware payload (TrickBot)", "value": "7c1420054c32209ab0f890dcdcb1580c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535158, "uuid": "6b291898-5bfd-453f-ae4d-34f319e159cd", "comment": "Malware payload (TrickBot)", "value": "a63d13b837402362b78cd324b8efe8c5bc58fca7fe1373fccbed082bc1166863", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535158, "uuid": "3c5ede83-67ed-4508-940a-2a484ad6893f", "comment": "Malware payload (TrickBot)", "value": "04fb950f88f6d95a14cda5ded672ae878181bc73", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535158, "uuid": "61af6786-8a05-4669-82cf-581bf38e6f17", "comment": "Malware payload (TrickBot)", "value": "6ebb4fb94a9a81bca34f59aaa58cd00c0a082bf0c567bdc6d831f41898c8df5f974d69b39affe4eee9614423dd887750", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535158, "uuid": "b06ec792-abab-4afb-ae26-eefcf7a7e2da", "value": "T13773CAD82BD1E417338D2F17FE0A7AEAD1BA685796C47607D1587A4C24EC21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535158, "uuid": "d1f9809d-5123-4242-a35b-1f7fad7e190f", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oU:59Ry98guHVBqqg2bcruzUHmLKeMMU7G+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535158, "uuid": "c84addc3-6a69-4ba7-b34b-4c785f5641ed", "value": 78007, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535158, "uuid": "eaf5f603-a6d4-46d1-8559-240921fdc072", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535158, "uuid": "d1f3cbf2-398a-4755-9a1e-6866dafdeea1", "value": "2021APT-28_18972453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17bea588-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535343, "uuid": "4f19e566-a36b-48a5-b014-f3ba395d13e8", "comment": "Malware payload (TrickBot)", "value": "180d13dbb0bfdd92bb09d9455c1d489e", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535343, "uuid": "368df29e-d3a4-4246-ab07-d21d04002518", "comment": "Malware payload (TrickBot)", "value": "a6cd8cee95d2a69dec4206e46d5fd45a0621d7d13a5c3c5e06d0ebf738b9cf2f", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535343, "uuid": "4cfb5405-889d-49a3-be2a-b589c08caa56", "comment": "Malware payload (TrickBot)", "value": "b1caebed3900533340884891cf0950a6561e04cc", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535343, "uuid": "a237be41-ecb0-4466-8030-8b262091082c", "comment": "Malware payload (TrickBot)", "value": "8435d37df323bdc2ea2c16accbe2305236d8691df47a5e6b69dd91254d3af01f725d64d4fea7b54f9215ae4b112204fd", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535343, "uuid": "ea6fe6d5-3b78-4a1d-995f-bf0bcb59a489", "value": "T107E2E2BC3369A787F3FB2818758AE5149280742E283FD49C4651FFE6DCE7660B822156", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535343, "uuid": "2223019d-2bdc-4d11-8aa4-99a976a9f2c3", "value": "768:rw7kbn9KGf53+Bf456gC6O5VZajWnpovLzyA:rwIb9Kk53KuCj5zaApov/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535343, "uuid": "17c349ab-bac6-4517-9aa9-084af13f62c0", "value": 33140, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535343, "uuid": "969ca790-17cc-49f3-9cdd-76cda58ee620", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535343, "uuid": "a48e558e-d1fc-46e5-a76a-46749e45b68e", "value": "2021APT-28_43326453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88f763b6-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595233, "uuid": "483756ae-52cf-4154-8ab4-880b85dea9dd", "comment": "Malware payload", "value": "602aa9579f441f945b200aba9459c689", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595233, "uuid": "a3a9d055-e1e3-4bb1-8e2e-d438c1385457", "comment": "Malware payload", "value": "a6db72966382861ca1f9d3a77bde96de66e13f4aff2df160bad761ab8d4138cc", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595233, "uuid": "e270d5fa-8a27-4f14-b2af-33c0298623ea", "comment": "Malware payload", "value": "e54ba0c09f76e54d39185130c86783e02b30e883", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595233, "uuid": "a6fa1b63-c808-4ecd-84c5-5fa8d7912fd2", "comment": "Malware payload", "value": "986ee6d096445d52de523d9cf7bda115b4b2a608a02757b0a177ef17e8340481bf7e1572a4feb5e50d284eaa0f0f47d3", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595233, "uuid": "ab562e0f-f578-4ecf-88bc-d172a5344940", "value": "T11DB2D0B07509EFA3C63034315A5AC78CAB526BFCB5F631E61256090C8DE94C9A677287", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595233, "uuid": "f1aa6788-6e49-463d-98d8-ba8ad01bc587", "value": "768:Kw0mMOY2/bVnM0FqvqYXYcfz8xC7C69q3UELTM:r0Y/JnMMHYocojL4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595233, "uuid": "a5d70bfe-255c-46fb-a16a-36f56ac5a5e0", "value": 25244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595233, "uuid": "b9cadc4b-f6e2-4ebe-b9a6-1ce2c3774740", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595233, "uuid": "82953d15-7b6b-45a4-a9cc-a75b1a39e5cf", "value": "SecuriteInfo.com.Malware.ELF-Script.Save.5cd1e3ca.410.13194", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75502310-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627559123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559123, "uuid": "b21bfe2b-cb79-421a-a1ad-67f941cec20e", "comment": "Malware payload (Formbook)", "value": "ca32520874e38fc536a376c050984bf2", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559123, "uuid": "1f31e115-cefd-4733-95f6-88d83774118a", "comment": "Malware payload (Formbook)", "value": "a724ba2e3550896b2cb0d9ffa8fdc600c05cfe96b54075c078c3bf31e2907fcd", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559123, "uuid": "f4805f19-31b3-40ff-ae39-cd4ef9119168", "comment": "Malware payload (Formbook)", "value": "6a1fa79dfdb317826c0d87801914be4a06555e2a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559123, "uuid": "dc33225a-9051-4379-9371-a34f166ab204", "comment": "Malware payload (Formbook)", "value": "521e74e6c04da89a3debbea4677f8f079b11d8a8c64a8b5baacb1a240d02414cb5997d86ae8097d9eca24878c108dc76", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559123, "uuid": "4a0618d5-2237-41ba-be79-bef434fb16e8", "value": "T1F9D4236C846F2BA9650990B239409CC42096D9F11D3592C90A3772B6378BF4EB7FFC79", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559123, "uuid": "9e61a3c8-3ef4-41a6-87f5-9cb219916925", "value": "12288:QI4JAFaKLbDqT71rbJbLT9IkgXJCa0iamC21+o+rhOM26cpZukIkbmGNPvcN:Q/JAoK3D0b9wXga05s+rcMKIkfN3y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559123, "uuid": "8ee93359-ed66-4d5d-80ff-2a6375f2e333", "value": 624504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559123, "uuid": "1dd5d3fa-6471-41b2-b297-3c1d83321fef", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559123, "uuid": "7985e393-2b75-4546-8585-65874582ff40", "value": "W7f.PDF.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14a33f6e-f034-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627539204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539204, "uuid": "11fdf57a-db4a-4237-9cd3-f65741417785", "comment": "Malware payload (AgentTesla)", "value": "ca2b355d4558040f4f66c5f76b447e5f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539204, "uuid": "6407842b-7eb1-448c-b546-2e6581f4254f", "comment": "Malware payload (AgentTesla)", "value": "a7379c1e2452081884337575afa29ec218cf1a242936a1e998d311939633bf03", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539204, "uuid": "c2799cd0-85c9-4114-8d2b-3af4e86f144e", "comment": "Malware payload (AgentTesla)", "value": "697b7b1b1062612cf898ba6f271d2ee1df8c8248", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539204, "uuid": "bdfae5a3-3b5c-4641-a753-c239f204c8d9", "comment": "Malware payload (AgentTesla)", "value": "bf45abcf0583698f00ffb62eeec295c9e3e3a6ae654ca965659470ded9a8713236fda4f537057df519b36aaa74eaa7ec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539204, "uuid": "f1119632-f50a-435d-bc6a-2abfd1700048", "value": "T19425BF3889C897AFF9AF037D0BD92070EBF4E152317197A91ED140B859A2F55CCB42A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539204, "uuid": "a48106d5-7348-4226-a580-2370d8e891a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539204, "uuid": "edab8e36-2fd9-4c6c-a09f-6285250161c0", "value": "24576:ZSK8nS/d3YK64JhuswM+goJ+h5hhEX2Y:wJK64J0+Yw50", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539204, "uuid": "c461c06e-de92-4977-8566-9677c686d47f", "value": 977920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539204, "uuid": "2b7925ac-02d1-4c6f-bcdf-96a70340a319", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539204, "uuid": "0efe5ed5-04e9-4ddf-a78e-3d24ea485b90", "value": "P1HycbxfmCBAMOG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "133445ff-f046-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627546932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546932, "uuid": "c6a52524-6a76-4046-8913-ee002472a32a", "comment": "Malware payload (AgentTesla)", "value": "1ab0d19b78e3aea83a6a07f505c0a747", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546932, "uuid": "dfa8755e-a868-4c44-8bc1-0880727011b1", "comment": "Malware payload (AgentTesla)", "value": "a87fe4d0a4104d38592687a14002f70993af593fe3b05fe293886c8469a0ab55", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546932, "uuid": "17898ada-754b-42ab-8c7d-187806f60d72", "comment": "Malware payload (AgentTesla)", "value": "c7a10e7192765089250fe6755b52c319c1579f60", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627546932, "uuid": "2630859d-937a-4397-b01e-508b9244f4a4", "comment": "Malware payload (AgentTesla)", "value": "c8e0e0d8ff0db8bbba269745dab2262111924ee1244129d0fbb05f8979fd56f103f4fabf26633a2089da717f051b284f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546932, "uuid": "b0b40855-19dd-4ead-8d86-d254bc7fb3ac", "value": "T1B7E401711600049AFE9915B1C40ACE101F93796F51B1664AB0FB66DFDAE3331C673A77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546932, "uuid": "bd2419f4-0752-4455-aac7-d752aa1638ae", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546932, "uuid": "db2e76e6-63f9-4dea-8bee-e614f29b9836", "value": "12288:FlAjXxP/hP+5WyKVXY9KjcNPDY2AxRFHzf+KN8YH4+ejOjdUcPbCdkU7YgApu:XADxP/85WyKe9gcNPDsxRFHzfTKYY+e7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627546932, "uuid": "999bc221-95cb-4424-b2b6-cf313ec7ec7a", "value": 691200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627546932, "uuid": "da105d0c-d284-4bb7-a4e2-fcf6161fec9d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627546932, "uuid": "5cff27f3-decb-4e96-ba26-066ba7b6db56", "value": "MV. KG ASIA - VESSEL DETAILS 27-07.DOCX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf7a2c43-f061-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627558817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558817, "uuid": "f15edd0c-7e00-432e-be88-ddb7f3d6612c", "comment": "Malware payload (AgentTesla)", "value": "dc50bc5cab0728f5072e4e944d82c1ce", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558817, "uuid": "62bbf351-3572-4a44-a1e6-3e2db7ab7823", "comment": "Malware payload (AgentTesla)", "value": "a9ba588dc9da50b3d3a7c78a42d3734d3336de3e3cabed9db41bbc742520b204", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558817, "uuid": "f37aa45f-ff8c-4ab6-a0f7-78bed7722e28", "comment": "Malware payload (AgentTesla)", "value": "382619df4c0e7bff056cfd3a551d8f4b463a13b7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558817, "uuid": "453570ed-7485-4c51-b10f-87122f8457f0", "comment": "Malware payload (AgentTesla)", "value": "64703c73fc3664fa13d8bc82ca1fa57e741ee536b4328af9602dc0520e9af8e6b1f7787aeec3035b2dfdaaeb2be118a0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558817, "uuid": "52d46643-7160-4603-98dc-5826bb451f35", "value": "T11F159B6A235A0527F67AD1747653ECF5F650BE82AA019D0B82C67F8335232C1EDC6C2D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558817, "uuid": "e3bebd7f-14c3-43f1-98cf-14660b6111a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558817, "uuid": "8d3620cb-5bd9-4243-9ecf-b2adab9f503d", "value": "24576:crhqbidgrQM9em4Rz8EAtQELfZ+f0tMcGk37eyko:oPQQM934Rz5aQCfcS6kCyk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558817, "uuid": "704f1362-9a1a-459e-a51d-017f44cbc056", "value": 935424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558817, "uuid": "11385618-11bb-4ac1-b154-67e957d9e879", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558817, "uuid": "42ea560d-6780-48f0-ad57-05c048f9be28", "value": "Purchase order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c2bb50e-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627559107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559107, "uuid": "2a8c11f4-bd5a-4a02-bb5e-953962aa573f", "comment": "Malware payload (Formbook)", "value": "0f03eab5505bb4a4df99ccead0fc28f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559107, "uuid": "4dec9143-b5f6-48aa-8f81-76768aa8a0b7", "comment": "Malware payload (Formbook)", "value": "aaa40ee2b509dc2b3a2f12f62d70565c85eb9aa13a7efd43bb86cfba0a3e1a88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559107, "uuid": "35992219-7dd5-49fe-8e5c-4908d935f858", "comment": "Malware payload (Formbook)", "value": "3b77986e8695f04266eb03393272a7fc66d5415d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559107, "uuid": "84e9f80d-7e24-46fc-9a89-c928c1a86ad1", "comment": "Malware payload (Formbook)", "value": "ed7cf47b38d3b492914ff30aef3b5944dc249c9ac111eb3885ea047b2ebf7e1494edc2699ca5781342f257fc20e5979b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559107, "uuid": "2d2b44b8-97ea-4784-a48a-da7858168666", "value": "T1D4358E3166C4CE19E12E833A8ECF60206FFCF9113572A76A7DE113B5496AF51E8781C9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559107, "uuid": "043816c8-3d85-4b92-a6b1-87519a9eac4b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559107, "uuid": "81d52ef9-5641-4106-a75c-2116dc003474", "value": "24576:Dqz0NjVC/d3mK64J2R2CAkll97v7PPR67G:WcRK64JdC1lllzHo7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559107, "uuid": "1aa4ed70-718f-4082-99fb-fdc2a6d2cb00", "value": 1083904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559107, "uuid": "43bc5639-2a8b-4c92-aabc-12c5906f5eed", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559107, "uuid": "d8b277a2-2135-47bc-8b26-578d12376e40", "value": "EoH35.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d41489a1-f058-11eb-875b-42010a9c0053", "comment": "Malware payload (Anubis)", "timestamp": 1627554987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554987, "uuid": "f5108083-9924-4c57-bbcc-566d597319d3", "comment": "Malware payload (Anubis)", "value": "dc030efa5973ba809bad2f544d9b18d2", "object_relation": "md5", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554987, "uuid": "50d76766-43f9-48f2-82ad-d49c040cb31d", "comment": "Malware payload (Anubis)", "value": "ad2053bc0cf1cc54c5a0f7e6de4653b8012ba349219ac56b27e26e6cf2b96077", "object_relation": "sha256", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554987, "uuid": "949d1205-8f37-4349-a184-895e907db340", "comment": "Malware payload (Anubis)", "value": "baf73bca4e730cfe9f4ca2704d2da88073fb9224", "object_relation": "sha1", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554987, "uuid": "07890360-b76d-43ba-912b-f93f03853338", "comment": "Malware payload (Anubis)", "value": "8d4172d6a609fbeac6674283555897d2fca620404d8f9c1ac30ea280e2f96df958d36e864a063289bf186f92e6182250", "object_relation": "sha3-384", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554987, "uuid": "180ed985-0e4e-4773-87b4-e28c0c60af80", "value": "T13F55BE46F7D8AD2FCC77D1330BA60A3611468D0ACA42E7475569B36C6CBBAC44F85BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554987, "uuid": "01d3ff4f-ab29-4bf9-80a3-15c1efbeecfc", "value": "24576:Jn/4FMK94P8y791TTrgZXOhljSJKOOlI9heaRYictN2yDMipa1Xx7k:VKaPD59ThQATIf3RX0N2yAipa1BY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627554987, "uuid": "683199fc-d210-4b53-81bd-38e2bb3939d4", "value": 1385715, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627554987, "uuid": "5461dccc-7631-461c-aa46-5f971098af3b", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554987, "uuid": "7762f257-0432-4308-8b2e-3ca18869b240", "value": "694271_Telegram_Buratino-T.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6feb131-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535235, "uuid": "96c2365e-df5f-4c27-b22c-c6fa5518d241", "comment": "Malware payload (TrickBot)", "value": "c98c29491065599b4f603abaa9ddad8c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535235, "uuid": "d06c23c9-a9bf-479c-91bd-117953d80617", "comment": "Malware payload (TrickBot)", "value": "ae453bf5d56ec15c51c40570ed7a4d274e87ee52c7b6273bafa20ba5c33cc686", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535235, "uuid": "b3fbdc22-85a9-4619-9fe2-00b7ba1b2d22", "comment": "Malware payload (TrickBot)", "value": "78c69cda486a3b20d8acffd1f99a47a6c39f61a7", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535235, "uuid": "feb48b79-ecf6-47ef-8735-51ddfb57a80a", "comment": "Malware payload (TrickBot)", "value": "2339ece64dba7eaa2de8d9754c8c463322820def7e5755b7e9ebe85644c04c3deafabda031251e62c26612e097100430", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535235, "uuid": "9f9acb5d-519e-43bf-a280-28b8f19ffcd6", "value": "T14D83FCE82AD0E417338D2F1BFE0A3AEAD17A6C5796C47507D1587A5C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535235, "uuid": "1b11d1ec-a84b-4287-b558-b0c9ae759e56", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/op:59Ry98guHVBqqg2bcruzUHmLKeMMU7G3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535235, "uuid": "eb24be32-55a2-4de6-bffd-09b1025a9b02", "value": 86085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535235, "uuid": "2ab362a7-93cd-4e4a-bff4-5395535be482", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535235, "uuid": "e011d1eb-387a-436f-8326-1911604afad8", "value": "2021APT-28_59874453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01bbda25-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (DanaBot)", "timestamp": 1627570955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570955, "uuid": "7cf0a431-4e09-420f-988d-f55e1634979c", "comment": "Malware payload (DanaBot)", "value": "cfb3b161aa1c622775e4658a29b62844", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570955, "uuid": "fb112b37-af2b-4d63-a454-ece97a043cae", "comment": "Malware payload (DanaBot)", "value": "aec978b1d7a4e019602887ee759f224078c6938e2086c136efbfadaa286938e7", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570955, "uuid": "4799d0fc-f622-4648-8eba-908702069329", "comment": "Malware payload (DanaBot)", "value": "b28ae37bc7ba4fb0579df7bd2670f1a75744b658", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570955, "uuid": "38752a70-018d-4171-aba6-e07dc94966a9", "comment": "Malware payload (DanaBot)", "value": "f62f5adcb3ad2fd9d029bc29fbacea46813ce1ac4bbff68b6a99bd8d582b6e3cb72a02b93ea2c62d67209e7e3a55d72a", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570955, "uuid": "6e6aa0da-e8cb-41dc-acb4-f254644b8b8c", "value": "T1464512317690C034F0F726F848B6937974397EA2A72451CFA2D52AEE93346E59C3075B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570955, "uuid": "8855c7d1-076d-4611-a765-b2d9fe8df1c1", "value": "f69d275c0dda431bea9e1980bd7b9759", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570955, "uuid": "136e3948-aef1-4da4-9a57-74ffac2e2545", "value": "24576:jBSvgZn+U4iBBSfr2vsr/7omr58ZbRosViK4hp/sIwrPMmw2a:0CSauPyZbqasX/ETMga", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570955, "uuid": "e7bf2cfa-f1b4-42f3-b04f-1c7eb0281051", "value": 1242624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570955, "uuid": "6b017e51-e4ac-4cda-834b-832ab8dcc47a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570955, "uuid": "ff7ab166-58b7-4edb-b18e-4ceb86ae10da", "value": "cfb3b161aa1c622775e4658a29b62844.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53d44ede-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627548329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548329, "uuid": "ac271203-b685-44cb-80cc-3bcbe5fcc17e", "comment": "Malware payload (RaccoonStealer)", "value": "801bf6606f63d831e26def8f5976dac8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548329, "uuid": "b05ecb38-2c1f-466f-a479-f8b4e156553d", "comment": "Malware payload (RaccoonStealer)", "value": "aeeabbefb0ce4cc909ebc3c7d36d3272d55c09db77a162b7e607936e126d05c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548329, "uuid": "4a76fe15-968f-49d4-801e-fe31363acf15", "comment": "Malware payload (RaccoonStealer)", "value": "f7be1ff5e020bb3322d822cc5bff77c23b370319", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548329, "uuid": "f1199840-c20d-4798-8543-16a7afdd0fe5", "comment": "Malware payload (RaccoonStealer)", "value": "f4f84cd31d8dfbc21f2c9c424b44b70ee87b87933d7ffffb96a8625085c1b01e0b89638300c5f6960499823d83a3526d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548329, "uuid": "4190fc13-18ff-4465-b224-a9f95c685c64", "value": "T1BCB4D030AAA0C035F0F752F856BAD378A52E3EA15B3050CB56D52AEE07356E9EC30757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548329, "uuid": "7e43f4ec-4f14-43fb-b82d-a8532444f970", "value": "ebe339f33228ec9cb9963341e6449ca2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548329, "uuid": "c20f44ff-8db6-46c6-be4d-b5af89a3ca89", "value": "12288:IOTnm+muUdkh8sdyjlUctBer/5eMRnxZYZz49AgwILoeYlAru:IL+YdkrdJsBw/oMRnx3Ag90bk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548329, "uuid": "e0e6089f-688c-40ae-9396-a823c16b6e8e", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548329, "uuid": "497a8415-7744-4c65-9f8c-115460b8248e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548329, "uuid": "9401c4c7-0e4b-4391-ab30-b8a874c3ec7d", "value": "801bf6606f63d831e26def8f5976dac8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04e140e6-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535312, "uuid": "133e1c1f-3567-4766-b469-f5c52fde25c2", "comment": "Malware payload (TrickBot)", "value": "cb2821f2f5e33ba5c067204466578d2c", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535312, "uuid": "3c759539-e471-4c2e-8622-42b4b02b21ec", "comment": "Malware payload (TrickBot)", "value": "af226be294f2b3d68170f805a46b55a8cebb285c039bb35c002d9d9a5a5205bd", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535312, "uuid": "6256e79b-af27-4d64-b876-0f923ad2a804", "comment": "Malware payload (TrickBot)", "value": "8463cc56632c286bd7b1d89f29d2c0b572ac2d81", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535312, "uuid": "7cf108b3-d723-4e1c-95ad-7fb0b56b0975", "comment": "Malware payload (TrickBot)", "value": "0d84f28d495f4e3bc721134585aa41b6950d132472effbd7597a699f1490beffabd47c3e29d339e6d0884e4e5d0e3f67", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535312, "uuid": "f038165a-d3eb-48d6-b664-58ab8ded3aea", "value": "T13B3301D761FFE1FD972D116AA3D6733A2FB7512F270D8122E84C8400DB25A547E24978", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535312, "uuid": "f0ff4101-3943-41bb-88f9-fb1855668324", "value": "768:Lazbhp28CNnvKdwWyURN5gP6pfuezG88zkDJdKXbLtJERsiHIcvN5Q7rPA90Rf+Y:0pGvjJURnNY88zGJWOKEf38jWqOPM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535312, "uuid": "b878f548-d666-46bc-80c9-f590937c538f", "value": 54426, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535312, "uuid": "27b2b971-4544-4991-aec3-7ba81011ee6e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535312, "uuid": "7cc25b3d-9e33-46fa-b355-f3059afbcc6c", "value": "2021APT-28_76992453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04135c58-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (LimeRAT)", "timestamp": 1627548195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548195, "uuid": "dc89a39f-6e62-4ce3-a8ad-4e33658f6302", "comment": "Malware payload (LimeRAT)", "value": "80aabd5337136686aefe2ff1e6da8d5a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548195, "uuid": "2b0e8e39-3799-49c2-a943-e9bea1190a06", "comment": "Malware payload (LimeRAT)", "value": "afd7b91be42e614fa8f3488f8cf2024b1a5b364c4b66c514fa86940b06c93515", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548195, "uuid": "0db0f57b-98d8-4753-8ba5-8d7a4b8dc87d", "comment": "Malware payload (LimeRAT)", "value": "a749d303f5a928cff0d66ac23a704b90837ea0f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548195, "uuid": "9f02ff8e-ece1-40ab-904a-ea4a68ebc79d", "comment": "Malware payload (LimeRAT)", "value": "bab537c84b0608e013c63023f2ace5fcc29dd36f3bd2a3d9d4780ccd832bc47b815c9a3b2aa8ae6439ef035ac6d63172", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548195, "uuid": "43a082db-b2e9-4efe-b784-76aff08b5764", "value": "T153C4AE4132C40704E0FD5CB1C1E775718BF9B9C31637F69EBEC512A90E22B919D8BA9A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548195, "uuid": "5a56e09b-9e3d-4ec6-b815-08e89689c9c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548195, "uuid": "35d1b2bb-6df3-4eb3-abef-a21de363e0bf", "value": "12288:6V6zPygCa+DZjF1/A/ZMvGTsv+wD1IRJ+ZN1JBCGoOdnq1T:c6zPXCa+DZj3/SOvPGkZ13ox", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548195, "uuid": "140b5531-0cb0-44d0-bf18-760205de1d10", "value": 577024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548195, "uuid": "d5c19668-f72c-423e-b246-46850032c952", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548195, "uuid": "657c09ca-3b35-4668-9f21-b7d3390ea41f", "value": "80aabd5337136686aefe2ff1e6da8d5a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cb28fd0-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627547861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547861, "uuid": "cc23fb4f-a43f-4a29-97a0-72c6447d0d12", "comment": "Malware payload (RedLineStealer)", "value": "927faf69c9270db57ff4aa3b16b51044", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547861, "uuid": "d3a06064-9c4c-434e-9a22-31c69f87ab74", "comment": "Malware payload (RedLineStealer)", "value": "b00dc3b0fb77b5893417308a832cfaabd7440230a1800807444af33f0475b005", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547861, "uuid": "5a58ac9c-3ca7-4b20-8225-2250fe617d23", "comment": "Malware payload (RedLineStealer)", "value": "a4870b221cda7127effd25a436eb208a8ebc332f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547861, "uuid": "b1db4d55-bf64-4a15-94ae-04af1abb2aba", "comment": "Malware payload (RedLineStealer)", "value": "4f3ffa2899d4d972fbc423360d418277d2dbf8e341bf60d7b492c85d5ec99b4c2f4bd0440f26697eb06bd7993a37d60a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547861, "uuid": "8cd893e5-fc30-49ba-b096-0c5061dcaa82", "value": "T126D4F230BA91C035F4F712F446BAD3BCA82D3AA16B3044CB52E516DE12356E9ED3179B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547861, "uuid": "653bebeb-5188-4cce-9a26-9d081b9a5557", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547861, "uuid": "e199f4fe-1770-4610-b218-7bb92daa30e8", "value": "12288:C/Wut0fbjUBFHa2YT3thYor/UQOfLQs3MMyhtUt9+CK:fut0fbmSi4UV3M/3UbI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547861, "uuid": "e88e0e32-aaf3-475e-b0a7-4e415b05fc5f", "value": 638464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547861, "uuid": "53a3760d-a6be-4fa5-8d7f-6d25674cdb55", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547861, "uuid": "f6126982-e0ae-4961-ac87-8be77546e893", "value": "927faf69c9270db57ff4aa3b16b51044.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6c2539f-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535154, "uuid": "167b1a8e-cefd-4884-8f06-af9b5b6e758b", "comment": "Malware payload (TrickBot)", "value": "f18f89e590eb4d7c5975793cf58c9acc", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535154, "uuid": "422145c3-3a13-475b-b17e-c4c245a5bd7d", "comment": "Malware payload (TrickBot)", "value": "b03a32e277661e838eaf2d175bbd21b20a2e66b9f9ec31f21185ec6e8515a5bf", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535154, "uuid": "2b3df2ea-9e45-4b8a-b67c-7fb8476a96f9", "comment": "Malware payload (TrickBot)", "value": "8b352cda0d44592e39c80d18723c9d06426da936", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535154, "uuid": "16cb6c91-3515-494f-88a9-adf8fc346fba", "comment": "Malware payload (TrickBot)", "value": "4cf249ca8a42956c03406d8c98001fc3507cd46edc4dfe875957065c39334672ce79aa4fd8857e47e0084eec7e82bddc", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535154, "uuid": "4a8c6db6-f9b1-41ad-964d-5c0d65a63a50", "value": "T1BFB2E1B0D2799583D73FC0B942A52DFE9B7E52904EDDC025EF20B249507AD2916376CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535154, "uuid": "22e2d9b7-9129-4f0b-afa4-e185b0c94916", "value": "384:ureYO9St0un2yJ5rm+1QTgh6oAh5T6CR1CPP/qYG9XwaOG0/ocXpz2HMe8X:rgSC2yJiUgoMVrqvuwC0/lIHlu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535154, "uuid": "b6464cf3-003f-4d9a-afb4-c07468530406", "value": 25105, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535154, "uuid": "8809b5f0-bdc1-4575-ad09-3de47b16302a", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535154, "uuid": "bded2cc5-af58-48c3-8c62-d4b050279655", "value": "2021APT-28_18972453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e817794-f03c-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627542790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542790, "uuid": "05525e84-1615-45bb-9b3a-97c2adf17c1d", "comment": "Malware payload (Mirai)", "value": "25910f5b8f50f8612d654d2d1f068881", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542790, "uuid": "3421ba90-2fde-407b-b13a-200d5c5b7922", "comment": "Malware payload (Mirai)", "value": "b040984b9c946ea91ee41b75ff92c98e59b95f23fce7465cda0487f414af5ceb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542790, "uuid": "04e31693-4086-429f-83a9-0748aa05abac", "comment": "Malware payload (Mirai)", "value": "e33b93e090bf2196b150c003e4fc6938b638f93a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542790, "uuid": "1b11ad41-da7d-44a2-a121-7fcd714a732b", "comment": "Malware payload (Mirai)", "value": "4a4867665a3e3d2fef5cecedbaa17b0cc9f17464f785eea489dfd6b4cb90b256f4b64480fc7ea44728cc09b4597ceef0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542790, "uuid": "ce5ee56b-403d-406d-bdb2-6a4edaedc38d", "value": "T11F930946F9819F02D4C625BAFE9E114933136BBDE3EE3102DD20AF6427CA5DB0B76512", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542790, "uuid": "e43ccf16-0b47-4d14-a16c-1a47bc0a8a6b", "value": "1536:a/nakkdDsK3KpKTjnKCKJKGUbFj0ZH751UIR9dfJgabsyNeauU0D6llBwin2WYeJ:+kOK3KpKnnKCKJKGUb9GHRffJgabsyN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542790, "uuid": "39678d1e-f6d5-4183-ae0a-95312a5470a1", "value": 96060, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542790, "uuid": "bcccdbc2-908c-44bd-bb3f-8eb24911dc4f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542790, "uuid": "36aaa80b-efca-4257-a2c5-85a32ead5674", "value": "25910f5b8f50f8612d654d2d1f068881", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b73d4dba-f061-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627558804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558804, "uuid": "2231cb4d-6af6-4e36-8b02-c554dd552a8e", "comment": "Malware payload (AgentTesla)", "value": "6f3570636cf23152e05747048cf8d8fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558804, "uuid": "277e7c68-7502-4dae-a43f-17599211647c", "comment": "Malware payload (AgentTesla)", "value": "b0db665ee10001c98ba8fb94048fc94d17474115b1db146b081c8c82ad1a0aac", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558804, "uuid": "eab028fc-b7eb-4982-9ff3-b864b4adccab", "comment": "Malware payload (AgentTesla)", "value": "5496e0b56f426ca83ba68c831f4e2103317217c9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558804, "uuid": "24eee037-e4db-4451-8586-cfdbb035d87a", "comment": "Malware payload (AgentTesla)", "value": "24e71c58c2bace2e0d21e5392f19e4148f2c61a38e117241cf6b2cfc9cb9e50a9a9c1175f628597f4be1b8848b3021e3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558804, "uuid": "df10b35b-9951-4397-8f18-03b552c85232", "value": "T1FAF4330D2DFA8055060B5CFD18A8F852F95B419F6C6F4ECD61D690FE96B21B88F2C2D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558804, "uuid": "665602ab-1542-4199-96bf-24073a109b6c", "value": "12288:O4YnvvSEqAyrbx/P3vkRKpVlr29uoYMhlbryIYqwhq1xxiernXQgf3T:ORirlERwmA/MhVryIYCVvfT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558804, "uuid": "863d5051-d616-4005-915b-283a6d9e46aa", "value": 787540, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558804, "uuid": "e5f7afb1-2924-43ba-9fb9-a71c7cddda3c", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558804, "uuid": "1ed8cb73-69fe-45f8-82c0-68ead37a4276", "value": "Purchase order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8912ed8e-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627547559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547559, "uuid": "14af1c41-a316-4484-9d03-bcd7ad58fa0f", "comment": "Malware payload (RedLineStealer)", "value": "5d1194073e247a4ea17bf057e6fc72e3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547559, "uuid": "02e082a4-14ac-483a-88b7-931e22200fdf", "comment": "Malware payload (RedLineStealer)", "value": "b1330a858ce06e3f08a15aa545af2976de9fbf212fa0ebbee92efaa1962dad85", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547559, "uuid": "7a11c5ab-6bd3-4792-b512-9d2d28ef6e8b", "comment": "Malware payload (RedLineStealer)", "value": "acca5276d6983f43fc82d6a02d6a5e1b62b6bc13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547559, "uuid": "a47da05e-d6fa-463d-8bf6-bca0f4fbb79e", "comment": "Malware payload (RedLineStealer)", "value": "f7f69824deff0cf98ed686047e9beb3ecf22a70694be79f69916fdc858dec30288153a923ca30a3e76c0d3acb9024185", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547559, "uuid": "cb969db3-a41b-4d3c-a120-77aa5deb54ff", "value": "T12974BF30AA90C035F4F712F846BAD379A92D3B60673050CF62D52AED46356E9EC3179B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547559, "uuid": "9bdd0c57-5159-4f70-a579-0d24eb806ced", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547559, "uuid": "4186b007-5b52-44f8-9a7e-c8a108c63402", "value": "6144:fMMMDlmXVCpKir4EPL3SJRHUUCuwGVJ7O7HLZe1du+OAaFD:NM5mXVCpJrZL3Sn4uwGVJC7rAE+OJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547559, "uuid": "9916bb3f-cdcb-4ff8-ab18-d0433e87511b", "value": 338432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547559, "uuid": "d2c32fcb-4577-4794-951d-5b4398195ff4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547559, "uuid": "2456e90f-17de-4ee3-8595-caa71f07dc3d", "value": "5d1194073e247a4ea17bf057e6fc72e3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69e6cc0e-f03c-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627542783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542783, "uuid": "23bd0687-70dd-4d8d-ab3b-1b34d4700e0e", "comment": "Malware payload (Mirai)", "value": "a95856be23610a8283a4e40493eb7ab7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542783, "uuid": "daad3d30-743d-4845-85f7-b3c8694d63b6", "comment": "Malware payload (Mirai)", "value": "b1717fa9cb043e6d9f00c7ca43d476e691de870b9b514dcba25b369ecab39b6f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542783, "uuid": "e84a5980-6da3-420d-a27a-c5c132439baf", "comment": "Malware payload (Mirai)", "value": "ce2fdcd73c5c58d9143dcc2dfb3eda2a91cf877c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542783, "uuid": "6970d431-7b71-439a-aebf-c0a7d560a40a", "comment": "Malware payload (Mirai)", "value": "fe43f040bff2259a5c686c53b735773fa48ed937c62d9a1e10a6414c67865f9b6034560ef51c7b08bf19cd4926c148b5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542783, "uuid": "04d3c5e7-097f-4612-b7fd-5f6c2a4c316e", "value": "T12E93285AF8816B12E4C925BAFE0E118973135BBDE3EE7202DD145B2427CB95B0F7B502", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542783, "uuid": "959c652b-1b3d-4c5d-88a8-8d16eff3bca6", "value": "1536:k/nakkdDsK3KpKTjnKCKJKGUbFj0JH751UIR9dfJgabsyNeauU0D6llBwin2WYec:skOK3KpKnnKCKJKGUb92HRffJgabsyNq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542783, "uuid": "f20d2c81-fd4f-4c2b-b0cc-0e73427879c5", "value": 92968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542783, "uuid": "fe2be258-f01f-4bd9-b4e6-231f1d72cbef", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542783, "uuid": "2cd7cdc0-0054-400b-a05f-c72b61af4ec6", "value": "a95856be23610a8283a4e40493eb7ab7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d96a96d1-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536527, "uuid": "30d421ae-f65a-43c0-81cf-9d0d8dee80cd", "comment": "Malware payload (AgentTesla)", "value": "f7d523e122590530aede01448916e4cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536527, "uuid": "1d0544fc-6ce9-4cfc-8226-ae35fe231e2e", "comment": "Malware payload (AgentTesla)", "value": "b234fd2b368732a6c68a39b2d0c4386764e089a3f0bd74e595c73b40bc0c1c7d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536527, "uuid": "ce1ce5b9-5b89-4306-850a-8178222d0d50", "comment": "Malware payload (AgentTesla)", "value": "2387ad67eea7eb202c900ae1a283abae7a0e4515", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536527, "uuid": "7c0de82b-1d2d-4da3-9d4a-195940949138", "comment": "Malware payload (AgentTesla)", "value": "c7cee21e6f79fa1ab92b7b5eda522d7e8166e0dda09319d690cc77873395e0432cabbd9653c53ea0f55122c705ce3002", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536527, "uuid": "03fcadd1-a9ef-4714-9e1f-d81f49127909", "value": "T1C8359D3166C4DA1AE52E533A8FCF60204BFCF9113572E3A86EE512F54905FA1D8742EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536527, "uuid": "508e1965-1c83-4266-a8cf-19252c6934a4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536527, "uuid": "a70d8f7f-8032-4294-b283-f45a17035b65", "value": "24576:o48bLqjqfWg/dq64JadiezwCGRRDFP4sUmpSL:R8bIB64Ja1aGEp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536527, "uuid": "644ce848-5ea7-491c-b255-7689b1cdc825", "value": 1147904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536527, "uuid": "1f04ea7c-8eb5-4779-80c6-c8092950070d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536527, "uuid": "ed377beb-c914-42d5-a851-881de054d73d", "value": "PAYMENT BANK INSTRUCTIONS COPY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1012d6f6-f08c-11eb-875b-42010a9c0053", "comment": "Malware payload (BazaLoader)", "timestamp": 1627576992, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576992, "uuid": "506347d5-4474-4534-abff-8464f10b1e55", "comment": "Malware payload (BazaLoader)", "value": "6ac3fa2dd2ccb70ad47c9583a29e9ad6", "object_relation": "md5", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576992, "uuid": "4d981be4-446d-42df-93ff-5b33c0a21fb9", "comment": "Malware payload (BazaLoader)", "value": "b2a996a9301cdb9f19dec6105880aa5530758cc29347c389de48c15728cad25d", "object_relation": "sha256", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576992, "uuid": "d7148098-2325-42a5-b2ef-c4e7c3b32ca7", "comment": "Malware payload (BazaLoader)", "value": "e18100cdb3e19c64a2ee56533ed18020a2105462", "object_relation": "sha1", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576992, "uuid": "01397d52-533a-49c2-9215-7468051a5da6", "comment": "Malware payload (BazaLoader)", "value": "f9027625ff021263ad8ad0730b12de8a104efc373721f469288a56fc20b0339b02db6eb84cde915c62dc473590590daa", "object_relation": "sha3-384", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "BazarLoader", "colour": "#4D0DF8", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576992, "uuid": "35cef020-8732-45e0-adef-0e175f3a90c6", "value": "T16EC19D67CAE11E9EEFAFECB91D016C73F4ADBF7010F901BA408142557F40A2661538B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576992, "uuid": "35b03dbc-ac67-4c71-a28c-083a92a65833", "value": "96:AlFDGMTHiuewrV3xfrBnBpWmPca65FollvwvlpHh19kNz4Ze2LfCaeyjG3OEN7HF:6DXHlVBnzhGu7w11I2ua1DENrq2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627576992, "uuid": "d036b531-ace5-4e26-b438-e74acd2d2f72", "value": 6000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627576992, "uuid": "8d808abb-ecd2-4506-a48d-ea6e606d3637", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576992, "uuid": "f5313c11-9179-43b1-878c-bf678a9cb134", "value": "Stolen Images Evidence.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f09c17-f051-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627551904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551904, "uuid": "e9807444-67d5-493a-82a5-aef02ca5db87", "comment": "Malware payload (CobaltStrike)", "value": "708de21dd452143261bf214d36a2fae2", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551904, "uuid": "edceb872-93b8-42b2-a34e-5d14b0b5f58c", "comment": "Malware payload (CobaltStrike)", "value": "b2c5438734cf3ebe39b97749d4d994d0d1a59a50705090625a09214331bc1b45", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551904, "uuid": "a7c10ae6-0cad-481d-812d-4da604235f67", "comment": "Malware payload (CobaltStrike)", "value": "2e93bcbe8bcb7821cfe4ae9a9c1fc859d3841f56", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551904, "uuid": "99850dee-a8b1-4eb2-a37f-84e5f7d71247", "comment": "Malware payload (CobaltStrike)", "value": "4694c48ddbbb9a60d22740dda5479ac60ed5cc55ad6456479998ddf7387f93e53e901379ce234e43233cb83095b79a54", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551904, "uuid": "5faad081-f087-4d2b-8760-a4c4aa9cfd5d", "value": "T1A5D4BE86F2E448F6E073913ACA92874AEA737820573187CB5290971E3F772D16D3DB61", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551904, "uuid": "42f4cc75-98bc-4d0a-b950-d201395a9709", "value": "06f6808307bfcd0a44362619be120637", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551904, "uuid": "aee4dbb1-f1f4-43c7-9883-5c0b4d705547", "value": "12288:AbA5gT/0LXBC0DOIm3EPr8Y0cJiy7cVm5KmnSG42ZAj:A0LXBC0DOIFH0tInnS9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627551904, "uuid": "6c48a99c-7467-4f6b-8e99-1325757e9506", "value": 644056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627551904, "uuid": "0bf03b22-7714-476d-9e81-24566b9127f1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551904, "uuid": "4a78d122-976f-4fb6-ad57-50679c4b7cfd", "value": "b2c5438734cf3ebe39b97749d4d994d0d1a59a50705090625a09214331bc1b45.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7e5896e-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627575233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575233, "uuid": "de6fc2a6-e902-4a66-9073-cb5b5fea78d1", "comment": "Malware payload (RaccoonStealer)", "value": "8c86f307443271e3b3d09cb4c4253f3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575233, "uuid": "792203c4-3f9e-4be3-a634-30ed64b48678", "comment": "Malware payload (RaccoonStealer)", "value": "b3095e407bf94331957f4b3725dd9cde35d5881afce2bf76e57f1400a4e0ab73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575233, "uuid": "558b7b35-b645-476a-b502-d1c1694257f5", "comment": "Malware payload (RaccoonStealer)", "value": "87c2876eff15db2a13e1ea5e213be0e5ce2040df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575233, "uuid": "303dbd94-2ecb-44b2-9519-8aed09ef1fec", "comment": "Malware payload (RaccoonStealer)", "value": "a9b53ec10ef001bf3afb71c4b38ee5088822ea9a512d9885602fd8993bbcb3d504ed4fc8d35b80c77eef1ac827673043", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575233, "uuid": "6d787b74-b1af-49fa-9a3d-e92bde6d6fa0", "value": "T1D7D4D030B690C039E4F711F485BAC3BD6539BEA2972050CB52D52BDE8635AF8AD3075B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575233, "uuid": "f611244d-d9c5-43cb-bc97-6327d45b7775", "value": "8aa54a1ff76755cd8a1e65ca9aab3463", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575233, "uuid": "87913e47-0220-4be2-bcb1-79a42ec7c9fe", "value": "12288:oY64O/t20Zal4hxqnDdwA1sea0p581mGMDg6N:xO/tJ6nBwA1XbGMDg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575233, "uuid": "7ada0d28-ce00-4de0-8faa-eafea471548b", "value": 608256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575233, "uuid": "94f734c1-7c7b-48e4-a135-dbfb64307833", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575233, "uuid": "ad096eeb-6caa-405b-b4ef-5ca09e8da3d8", "value": "8c86f307443271e3b3d09cb4c4253f3c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d838d3e-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627568854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568854, "uuid": "98fa4d7b-e9bf-4110-991c-29a578a8d666", "comment": "Malware payload (Gafgyt)", "value": "678aacc1d1b31a3236e7bb06917f7cb3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568854, "uuid": "3ae3f147-7755-41fb-bebc-1c8b253698d8", "comment": "Malware payload (Gafgyt)", "value": "b363758e3af3ed47b3a6f055774d60c63097b8f9ffc9eb18735e4ed600eedc90", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568854, "uuid": "3ad4dc14-a45e-4784-abd9-8216be030702", "comment": "Malware payload (Gafgyt)", "value": "728363e0fbb0b4dea63636a08b1ade68121060a3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568854, "uuid": "33a8f43f-d5e8-4d9e-923a-9783cfd2c13b", "comment": "Malware payload (Gafgyt)", "value": "8b9e091fdc2a6dc6d3de7c1a254be896d355495d14afface8d5741a12d52181a4365e535f5d14dd7496c9c318cc38d71", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568854, "uuid": "b8e6add8-2e9c-4453-aae3-ca56796893b6", "value": "T193F2E016D739D429C8DE20723C6EBE0B9278572E80D87DC57BD431386CE3FA10699B5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568854, "uuid": "faa0961e-c618-4c25-9442-65d0b017716f", "value": "768:b/sEwRw4+ZXl9BUX+XLzYYbrMwkAWVSWnbcuyD7Uryq7WJDkDo3n:bhMw4Cl9BUX+XXHrf4Hnouy8mqyJDkDe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627568854, "uuid": "32820f94-9869-487e-b8cd-d0a6d6d767ad", "value": 37396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627568854, "uuid": "c84651d6-4f65-4600-bd7e-3ae5ace88dc8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568854, "uuid": "8a24ab51-5032-4861-af31-c2e94bb4f953", "value": "678aacc1d1b31a3236e7bb06917f7cb3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8603707a-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595228, "uuid": "27e3938c-c0f3-4490-a741-346f7d6e8916", "comment": "Malware payload", "value": "f7c2281aaf13307354d49f8065b4dcaa", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595228, "uuid": "fb8de6c3-6d63-4a7c-8523-783d01804174", "comment": "Malware payload", "value": "b39a7260b5c365f620bbce30fdb6a5691226a5259c20766d3ebd4c1412d7a60a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595228, "uuid": "5f66b97c-a2d5-411a-b45f-ba3923918488", "comment": "Malware payload", "value": "06c610a38472a3fd919c2476b77a3913f16de811", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595228, "uuid": "de1b0c62-d9bc-4249-ab6c-600651921f55", "comment": "Malware payload", "value": "14106567d70cb6fc4da13d5a228817978200cbd6b3a97a8a4268f7a572cafb389bf747b2087f46e661f78adf38b4cc98", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595228, "uuid": "fe49c14c-2c7d-44d4-9e44-8d4f6883be2f", "value": "T11992CF30A2854931D3617E3BFA49A78133E50F9AB0F937751B74C2F06AD06D574B54A2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595228, "uuid": "edab9aec-94db-489c-9af7-b5df6ade5547", "value": "384:6G2ZBVjsEXbNKvoUrLe5oqs57qR9yKLVYHRY91M57WhymdGUop5hm:6G2ZBVjnRKvFrLe5pRztKQ1M57Ws3UoU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595228, "uuid": "6150e44e-1419-430d-a19b-db4749d49f53", "value": 20124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595228, "uuid": "d2acbc38-19fe-46e9-b490-a4643dd7e51e", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595228, "uuid": "2a1c9ef0-0ac7-43fb-bbd0-14b435fd23e1", "value": "SecuriteInfo.com.ELF.Svirtu-AATrj.1032.22409", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66b3512a-f034-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627539341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539341, "uuid": "eb04c9a7-d329-4562-b331-b46d98fec60d", "comment": "Malware payload (Loki)", "value": "9d3852e3422f6f85a64d612b738282fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539341, "uuid": "7fc3c773-d56f-49af-8d83-8d45ac1df033", "comment": "Malware payload (Loki)", "value": "b43f61f0ce7cc012f811460ae0c1483e90c6f5936a6c9033bdb9a14212879e42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539341, "uuid": "da87b594-6250-4fd5-b034-fdbaed744c82", "comment": "Malware payload (Loki)", "value": "30498cb38fecdbd3db9fec8cfa4f504be867131e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539341, "uuid": "e64b7ced-349e-4ac5-88b4-b6e8a0b8a70d", "comment": "Malware payload (Loki)", "value": "72e03e175942b5258e1d7466e2bd981f49bdb7bcecc2ae7d61db55563e174a61295d945d1e887f9618003b14a571ece6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539341, "uuid": "c2cfbb77-85fb-4bcb-ac06-77ac465752a6", "value": "T12334F1C96AE10E56F571A2786E3136C498ED7E391C69D14EE6A03D6AF3F0E96C018703", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539341, "uuid": "e2723ac7-5c61-4a70-bae7-05041b9199a1", "value": "d51f4756e17d2e0cb52cc870ed396809", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539341, "uuid": "c4667730-58ad-4551-8fda-ab7f775d196e", "value": "6144:YOmNeCtqzK92vWF3HOr84RJAXKhsRx3bE8gDZAnktcYK:Yls5zO2vWF+r8s6XdRVEZAnko", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539341, "uuid": "4905c258-0954-4ed7-9eaa-135d1fa4bf86", "value": 246571, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539341, "uuid": "10f90652-caeb-431a-88a5-58d438534c68", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539341, "uuid": "48f57e07-dcbf-40d2-9dd1-7753e26c02a6", "value": "9d3852e3422f6f85a64d612b738282fd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0072ae0c-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (Neshta)", "timestamp": 1627558067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558067, "uuid": "7a48273d-538f-4d39-9566-d105efaee287", "comment": "Malware payload (Neshta)", "value": "5f8fa6e46302b11f6934954df848a20f", "object_relation": "md5", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558067, "uuid": "42568ccf-2258-4cd9-b124-6a150645242e", "comment": "Malware payload (Neshta)", "value": "b4621b74fade93a4102c8912a08e47b44ec60bc69017aacab084d8982097d7c8", "object_relation": "sha256", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558067, "uuid": "282f6d54-92a0-406f-bedd-4fe23bbb02aa", "comment": "Malware payload (Neshta)", "value": "6e4903c2f690fbc8d3f0f7e32bb5e7678a880329", "object_relation": "sha1", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558067, "uuid": "3e900d5f-72d6-4ef3-897c-7fe7c5070afc", "comment": "Malware payload (Neshta)", "value": "85c4f8153e78e2331a971ee7b761c7650732721ef006baeda84269f539c68a2b4e73e3c8cc944adc47adabf861c517cf", "object_relation": "sha3-384", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558067, "uuid": "30c2e052-3443-4653-bbd9-d1db1bfd2d72", "value": "T11855133AAA40166AF53B0A357F839E2543D45F0C27547073A93AB13C78F2B720E69D6D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558067, "uuid": "fb0991e2-1ed9-4b98-9b3e-c19087b0bf56", "value": "24576:1hO6RMS/igbGI44aqZTgzFjLlom5nnH1qn7Gh8hmm1Xx0aYMs:1c6Rtpn4TqZT0jx5nHWLXxm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558067, "uuid": "e4e4a762-4f18-45c7-af39-e8db584b88b7", "value": 1291776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558067, "uuid": "531489ff-0c7a-4153-a752-dd74302c460a", "value": "application/encrypted", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558067, "uuid": "cfc3a297-f914-4665-9273-4757fd6f7bc2", "value": "SKMBT_C552210622130.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bee8875a-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627536483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536483, "uuid": "deeb33b0-9828-466e-b38d-a7ff31507339", "comment": "Malware payload (AgentTesla)", "value": "56d44e3ca910ff7698d8ed0ada28dae6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536483, "uuid": "027ff0b7-0843-47ad-ae1d-3daa16874554", "comment": "Malware payload (AgentTesla)", "value": "b561e46a889187aafaca806fc1633c5eeafc68b5acf17aa7a2232d5efbc64f54", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536483, "uuid": "462da505-ee33-4f9d-9121-e986e023e322", "comment": "Malware payload (AgentTesla)", "value": "9886dbc91312cc2e4dfffb57a0192cdd03dfa773", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536483, "uuid": "cfc87241-17b5-4f6f-ba6f-70d63a0378da", "comment": "Malware payload (AgentTesla)", "value": "b7c810fe754f2f9c275d8f21e525bd39e9a6f4f6d87b3f20a00bc4f8da29365f319b25848119f243ec856dc21205b3f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536483, "uuid": "89306853-59b8-4059-b871-ea088cbbfbd5", "value": "T1B7E25BE87BB448F2C2ACF332D193198943B0B7F364619D2F25C492874946786AEC535E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536483, "uuid": "579a028f-894b-4390-86c9-c20e3933d9fe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536483, "uuid": "d11e368e-5582-439a-90d0-d3ebd044e1d3", "value": "768:4Qbm/9xtGfFRmBJqkvlHbJLkXBopew+74ngfj8WGfl7DGZX:4QbmbtC7mB8kWBopg7OJg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536483, "uuid": "68576ad3-2222-4214-8c59-146a28aed70b", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536483, "uuid": "287d0d8c-2193-4795-806b-00fdfeb64340", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536483, "uuid": "dd1c8765-7f8b-42e4-9bd2-966ad9e56277", "value": "Drawing 427351_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a72adc6-f06b-11eb-875b-42010a9c0053", "comment": "Malware payload (DanaBot)", "timestamp": 1627562809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562809, "uuid": "d62c82d0-a727-471f-98fc-7bcc796b261a", "comment": "Malware payload (DanaBot)", "value": "99b6edd21a762c8dd15b83688516469e", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562809, "uuid": "606e594b-9860-431d-9c1e-49a326b70832", "comment": "Malware payload (DanaBot)", "value": "b5835bcf48839eb68a402761c8474123758bd43d08b81738bbf84620df49e307", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562809, "uuid": "b871e122-076a-4a89-b482-6e87efaaee7d", "comment": "Malware payload (DanaBot)", "value": "0db1c3b2a66c0d34889b673c8df266a31d654d7c", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562809, "uuid": "735e70b9-e4e2-49ec-b7b7-86b15cb34a34", "comment": "Malware payload (DanaBot)", "value": "038e9983599d6a99dc0447d9332d4f08dfa2a61304313d2e1118d2a8edc57044dfa6def48b613f7311613404ede1a739", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562809, "uuid": "30b02d47-f461-4606-ae96-daabea5e0275", "value": "T11BE4F130BAA0C035F4B722FC46BA9379742D7A61673450CB62D165EE07386EAEC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562809, "uuid": "48e9a037-209a-49b1-804d-fdf38b7a627e", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562809, "uuid": "2db16f5d-efd2-441d-a66a-9f109ed6d184", "value": "12288:YXiyk60+CTsa+mK6AxeyW0En3u/+y8v1NzQpF+lI/acaxXS5VRTx:Ryk60fsF6aPBE3u/ds1OOIV6XS5zd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562809, "uuid": "656afddd-7a5b-4058-9377-df0e98bf3009", "value": 690688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562809, "uuid": "defb8a04-1f77-4ee8-a505-4334e24de2ed", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562809, "uuid": "1f0fb1a5-1390-4c36-bee5-c2f0766424b4", "value": "SecuriteInfo.com.W32.AIDetect.malware1.12337.2904", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2e808b1-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (Vjw0rm)", "timestamp": 1627580244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580244, "uuid": "9760c135-45e9-489a-a514-1622e2f8451f", "comment": "Malware payload (Vjw0rm)", "value": "51870c24bd72f9fd10a0eef0f479e2b6", "object_relation": "md5", "Tag": [ { "name": "agga", "colour": "#7E14E6", "exportable": true, "hide_tag": false }, { "name": "haggah", "colour": "#4A0645", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580244, "uuid": "7e4d7c3b-bd00-418b-8758-0bad1b657963", "comment": "Malware payload (Vjw0rm)", "value": "b959f4a0000dfd9a05f84022d4d08d6876ef7c8629e9a66d75dc4bfb0707b93e", "object_relation": "sha256", "Tag": [ { "name": "agga", "colour": "#7E14E6", "exportable": true, "hide_tag": false }, { "name": "haggah", "colour": "#4A0645", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580244, "uuid": "50ca4c34-4c56-4469-9273-9d306860be9b", "comment": "Malware payload (Vjw0rm)", "value": "384138c6f53dabafbabc8431d35d8ce9c536d282", "object_relation": "sha1", "Tag": [ { "name": "agga", "colour": "#7E14E6", "exportable": true, "hide_tag": false }, { "name": "haggah", "colour": "#4A0645", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580244, "uuid": "33aa2d6d-5ca9-4aa6-94ad-c1d374ef1038", "comment": "Malware payload (Vjw0rm)", "value": "686dee69a6c039f847955287bc299fdffae01bd06fc9e5c8851acba17e2a10776d811ba1980945e69dfe1c9ac1d75d87", "object_relation": "sha3-384", "Tag": [ { "name": "agga", "colour": "#7E14E6", "exportable": true, "hide_tag": false }, { "name": "haggah", "colour": "#4A0645", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580244, "uuid": "e1434a92-0408-4db2-be9d-81b94aeb5e46", "value": "T15A12A04394C03827C3A123E796FE6E61693F9EB2D385FCFC90C792CA2045F40752185A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580244, "uuid": "edb223d5-655f-4e75-a8af-469936e53680", "value": "192:QfEwAGGp9IDNc3JP3nhoxkUykZ3hO65jDAji9JUY:QMZGGXN5P3nhNpCxOiUjinUY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580244, "uuid": "4278c629-3268-4fab-848f-ace1226b62eb", "value": 9490, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580244, "uuid": "099bb463-b521-4ee2-a4a1-960bbf3d1586", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580244, "uuid": "af530687-86af-4ebf-b4ff-e2dc8944891c", "value": "Invoice#01.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90ab543b-f03d-11eb-875b-42010a9c0053", "comment": "Malware payload (GuLoader)", "timestamp": 1627543277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543277, "uuid": "f477e47e-e110-44d1-abb2-e380bb6dd5a1", "comment": "Malware payload (GuLoader)", "value": "c85ee9fe0a4d346432307651cb4357a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543277, "uuid": "e72c47b2-396d-48bf-810c-95838ee76757", "comment": "Malware payload (GuLoader)", "value": "b9677a659f448378a905926188cf5bb05937016d65ad16cf1210817e909324f0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543277, "uuid": "9e011077-32c7-4552-9e85-bf5d2e7834ea", "comment": "Malware payload (GuLoader)", "value": "e12c9a97047bae19470107c698a783e5d08d8868", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627543277, "uuid": "786bdbf5-de3b-4444-97fc-d60b95cde86a", "comment": "Malware payload (GuLoader)", "value": "6f373de5c698945c64b72ae4032ec39b6c2f92f8073e784c0a82487dd5124163db18ac736ec2e41a3d9dd7f2c745d576", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543277, "uuid": "aedadc3a-d836-43e5-b907-22866af68c8d", "value": "T136D3AE59F2BA284EDB338270171C94DE5ADA6C2730994374DB4FF9E6D45BCE90C822B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543277, "uuid": "12427f55-b30d-442b-a2da-11cc3d61523a", "value": "73b8cec9d966d2100b9daa6840b6cd9b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543277, "uuid": "042252ac-dbec-4e99-ad74-2f3a68bd7a4e", "value": "1536:pfm9nt/fJxs+BBBBBBBBBBBNQ6pAqnxoJpqQXRm8WSPHPKh22JCFEHmqpxGoEoQO:Knt/RxpYqnxcpqH8n5qaC/xtTys/Dn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627543277, "uuid": "ae4ce2b6-68cf-41a1-ae7b-e53a7450d3db", "value": 135168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627543277, "uuid": "9c6fcf71-75be-4317-ab2e-80ddf371493e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627543277, "uuid": "af0d77ff-2411-4de3-a6bc-e8c4130b64af", "value": "c85ee9fe0a4d346432307651cb4357a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b95add25-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535185, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535185, "uuid": "705dde40-dc57-4417-a157-dc2ab42ba25d", "comment": "Malware payload (TrickBot)", "value": "8d63b09a656a130f22a86ecb89da26de", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535185, "uuid": "9cb89dd7-bcbb-4d7a-84b1-991af562862b", "comment": "Malware payload (TrickBot)", "value": "b9756669acc0124718dcd8eeda936ee8639a26a4bf1c8c2b302c60cbdc1e1df6", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535185, "uuid": "58483c7a-8595-4b54-9830-f759a5efa891", "comment": "Malware payload (TrickBot)", "value": "98592c351fbb8b90fa6a05abe374e4cb2fb0a483", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535185, "uuid": "4b2503a7-3050-4fbc-9163-c53c4ee645eb", "comment": "Malware payload (TrickBot)", "value": "74d159e7a5fe6a383e18d1d52dbec7e4a5cd77740a40781503e7bdf4f3c9114e263851c96d738f4f1abc59f8ea414d2e", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535185, "uuid": "4c16b953-363b-4bed-8f69-fab779965717", "value": "T1F7330229BAFF0E3549C7921FAA005D049F03E9619B124F862D1F1E5F5502EA7E6FC44C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535185, "uuid": "33beac7c-34a2-4de8-8c89-c97eede103ee", "value": "768:PetuuhuFBekLNfqlbkGGcooHTcbvk6lAViAIf/N9OQROuVJfNHuPq6nfYWg7ga5R:PUJOBeyGGcrA7/qDe5JVH0f7nKR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535185, "uuid": "f68f2d8c-464c-4f49-adf2-cbc6c4ed5f1d", "value": 54910, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535185, "uuid": "5e7604a2-75d2-4238-bb70-537ddc475715", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535185, "uuid": "8de52d0e-fae6-41f3-9df8-5d08d7dc5a5e", "value": "2021APT-28_43734453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c7a1aa1-f072-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627565872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565872, "uuid": "b9459c66-bdcb-4ea7-ae9c-fba85ad72760", "comment": "Malware payload", "value": "de266d98237a49750c9fba40af5379ab", "object_relation": "md5", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565872, "uuid": "42c70338-84fc-4f48-9fd4-7243c4a650e9", "comment": "Malware payload", "value": "bacbdc47bc9db06ae7de4632e8fc182f54aa98c5633f249ee11f5068f858934d", "object_relation": "sha256", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565872, "uuid": "5b5d3517-1bcc-4b11-a5e4-87013d1aaa56", "comment": "Malware payload", "value": "613de89cf482e448aa04dacfd513e41a07935d1c", "object_relation": "sha1", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565872, "uuid": "2ed18068-fb39-41f4-8855-b7a684fe8478", "comment": "Malware payload", "value": "b599d4b8f1b5e85ad8e34586d8faab3ed4be389dcb3eab99ad1ff3b6952240f207277dfb5a08b7d9cfbb31f1dc14aaa2", "object_relation": "sha3-384", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565872, "uuid": "60441e49-048a-4474-a958-deeb4e60be44", "value": "T1F1A4F5C5A2D7A8E3C8A6A03885828601F5613FD50725B9DBE755778AEF3F2D06D3D320", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565872, "uuid": "87da1f8b-e0aa-4b50-aeb7-02a9fcb384ba", "value": "649c73417efa16940e341e291b80897c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565872, "uuid": "05e49197-728b-4d79-9fa9-dd1c44ace58d", "value": "6144:WOKYF5S/W3Q4FPU7zISFBT6zefEdEg28ALohinUMXKLw:1KYFpQV7t56KfLoPLw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565872, "uuid": "16a738cb-42f6-4b65-ae65-e500170b8da4", "value": 468480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565872, "uuid": "6732f7f9-71c3-4b26-bb3e-e1d0cb4edb2b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565872, "uuid": "acef6b35-8775-48da-b8e5-223cdf7c86bd", "value": "bacbdc47bc9db06ae7de4632e8fc182f54aa98c5633f249ee11f5068f858934d.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e40071b-f051-11eb-875b-42010a9c0053", "comment": "Malware payload (CobaltStrike)", "timestamp": 1627551890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551890, "uuid": "340096b5-a5a5-4130-a8d6-c24e5db7fe44", "comment": "Malware payload (CobaltStrike)", "value": "28729c062ed2be6f4e3bd35d4214932f", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551890, "uuid": "d76668e3-f6b5-401b-8aeb-8eb1ed400fb6", "comment": "Malware payload (CobaltStrike)", "value": "bb4efe96748fcc28b827fc297d060c3ab32053cfb8ea506f8c97000debd22121", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551890, "uuid": "b4993569-023d-4ca6-9c4c-bdef8d0620f7", "comment": "Malware payload (CobaltStrike)", "value": "75c0b309813d18e7951e6b9c2624b17d1cb48e72", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627551890, "uuid": "ef64a8d7-b1cc-4ae7-9cc3-1745febda246", "comment": "Malware payload (CobaltStrike)", "value": "3c4746c03fba9a0ec5279858940ce663ab972b88ce0770fc30eee81f380cf1fde8595071298dd268818adc901f54f44a", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "StackUp ApS", "colour": "#366322", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551890, "uuid": "e761eb36-d470-4e06-aa55-b95505face1f", "value": "T118844955F2A444B6E4BF9179CA92864AE7727C609B34C3CB1260971E3E337E05D3EB60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551890, "uuid": "b0ed417f-bb48-45dc-bae0-f021e733bdf9", "value": "fae493efa26713ca7b380aa1d24764cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551890, "uuid": "df0037d6-a141-4d35-a80c-75bb63046c4b", "value": "6144:38pNywtge9BQRoQ8gcIZuVfZAgPRZOEUXNtsEPbmsx:INHthSRBXcegRPResEP9x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627551890, "uuid": "0271bfe1-ceab-4d75-bf0b-ec27ffeb0d77", "value": 387544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627551890, "uuid": "c1485db7-3e24-49ad-aced-c993cf9c5081", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627551890, "uuid": "a5f2acdb-f548-468a-930f-6248174304ed", "value": "bb4efe96748fcc28b827fc297d060c3ab32053cfb8ea506f8c97000debd22121.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29fa8603-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (AsyncRAT)", "timestamp": 1627534944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534944, "uuid": "6ac940e9-5bb2-44ee-96b1-43f666dd6c4f", "comment": "Malware payload (AsyncRAT)", "value": "339b893ea8fff15a0475cc0218706472", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534944, "uuid": "5d8a731c-12d6-4b4b-89ab-bf26c5be1bd3", "comment": "Malware payload (AsyncRAT)", "value": "bb56a63d7279e3aeed1b23f2e4a77792b3be95d36807adc3c081de17fd35ea09", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534944, "uuid": "bf48e2f7-289c-4ef2-a053-73856ce7cec0", "comment": "Malware payload (AsyncRAT)", "value": "918d4b5512770ed638afef78fa7ba80127cafe3a", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534944, "uuid": "b48e495d-8dd7-4b74-8121-236390403322", "comment": "Malware payload (AsyncRAT)", "value": "bfd793ef6bc1b4dee23a6d1597daae6b530e130132a3f85d8fb45963d7ed86c407976e5217bbf9a0e76806e3aa9ed9ab", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534944, "uuid": "1c6ae460-5ec2-41a4-8ae2-18fd672f617f", "value": "T1AA232B003BE9C12BF27E4F74ADF26245457BF2677603D54E2CC442965A13FC29A42AFA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534944, "uuid": "30aea635-51ef-4fbf-a185-955faf4537be", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534944, "uuid": "7c18cd6a-adf3-4e80-94e7-2d9027341da3", "value": "768:eu2n0TckJ26WUswvgmo2q7dgb5iZubIKPIVCoKUQvhJpT0bDeENpqyGpVDgLEPCB:eu2n0Tce42Uxub2VCiIpYbDe4sGLbidO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534944, "uuid": "b3e025ee-9171-4b00-8dbd-9110280cfc94", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534944, "uuid": "eb3b498d-3cdb-400d-aa4f-f902dae9cdb4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534944, "uuid": "788bba4f-0e30-4421-b6a6-c7c9c8008ad0", "value": "itu1cjmk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61569fac-f075-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627567249, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567249, "uuid": "df528d45-3ce8-4bab-a6d2-0e63ea8857a0", "comment": "Malware payload (AgentTesla)", "value": "e01f1380aeb3502ac454470540ad53c5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567249, "uuid": "904ba2ce-60d6-422e-8ed3-0a37ef19aed0", "comment": "Malware payload (AgentTesla)", "value": "bbd2977d69441d934917ec16e2adf08db3a5ba8a55d2800edff5715dbcb80a23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567249, "uuid": "18b5c192-1389-4da8-8d58-08877d6a1d40", "comment": "Malware payload (AgentTesla)", "value": "6da056bd6c1c4b0f34f5d7ceff58398729eb9129", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567249, "uuid": "3edf08dc-a841-458e-8a52-2db984b1c4c4", "comment": "Malware payload (AgentTesla)", "value": "a1ed25a0440fd60883c1c8b6cef435890533fc32175be84d477eba92dc03270cb1bbdfa7bfb4a4dade15baf33625ea77", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567249, "uuid": "544922e6-3251-463f-876e-f4095b0f9f26", "value": "T17155E034C9889B96CC1D03320AA846741EF9ADE6B2B0C86C3DAD36F0B7F2D55E575346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567249, "uuid": "f968bb3a-be0c-467b-87a9-55b68143e060", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567249, "uuid": "0c3210e1-b5ad-4cfd-8940-592f7120a3fa", "value": "24576:VCvxKFksKksqv7JvZI14dCp9fLSUNBOvx5y8jP8N6ZxHaE75/dZZ:VCvxKXJvZIJfLl7YEN6Zxb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567249, "uuid": "5e71ffd2-912a-473b-a15b-118cb47b8886", "value": 1319936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567249, "uuid": "6c11f155-9aee-44ac-a0af-68290e695c9e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567249, "uuid": "135e2c84-79a5-452f-a72f-18a6554a3c82", "value": "Payment copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dd675af-f072-11eb-875b-42010a9c0053", "comment": "Malware payload (NanoCore)", "timestamp": 1627566036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566036, "uuid": "71e9ba8c-bd8c-401d-923a-83aad0c90f26", "comment": "Malware payload (NanoCore)", "value": "1d75d3756cf8f649a81b741b86b6c89b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566036, "uuid": "1c2ece1f-84a1-4923-9291-4b15ba965643", "comment": "Malware payload (NanoCore)", "value": "bc16c48ef4435300121e3e14fd1b06c27447935e7fb14166f1cd7d16e0fc1fa3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566036, "uuid": "daba37c6-4097-4bbb-b263-dd21de4bc29f", "comment": "Malware payload (NanoCore)", "value": "33984fa4514e704f12f3b9268077790d9481b2ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627566036, "uuid": "6fd7dd25-5271-45d0-9ef2-b9dc50dd7605", "comment": "Malware payload (NanoCore)", "value": "20910f2b022cb1f6b8353098c2f593d12bca10d2c551b07785fda76126e3b692b2373d5d12253dbec05fa72f2c1ce2b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566036, "uuid": "bda6987d-2fae-40c1-a6c7-fedd0db6264a", "value": "T1F355E038C98C9F9ACC5803740A5846786EF5ADE2F270C46C3D8D71B5B7F182AEAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566036, "uuid": "eb074cbe-694b-4ab4-9294-4ed3a9481fb1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566036, "uuid": "fc51a2af-4450-4fa5-b005-fc1d248eccd0", "value": "24576:qNLS/d3LKzks6ksazEwRUWzqMccQTF3PsFC6syy8jh8N6ZNcZ:1KhwwiWzccQpfs8GeN6ZNc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627566036, "uuid": "11f38ed5-b2cf-4462-a8d2-fa7cc1892000", "value": 1326080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627566036, "uuid": "0ac92abc-896c-47c8-8a1a-a84edb20cb8d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627566036, "uuid": "57b2ff89-b663-4250-a963-6bbb189867c5", "value": "Quotation RequestQR28072021.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abcfb6e4-f094-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627580689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580689, "uuid": "3966f396-77d1-4ea7-abf9-023cdbe14d1a", "comment": "Malware payload (Smoke Loader)", "value": "4b5bd26f22fff1533f5a9599c54c07ef", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580689, "uuid": "20d03414-3fb1-43b8-9e4f-105f530756c2", "comment": "Malware payload (Smoke Loader)", "value": "bc7bb70f59502991cb2f9470c067596f6c24da5deb7669aae79cdc9912b6e00d", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580689, "uuid": "53737aa6-a9fc-4c99-b799-b1abfcc7729c", "comment": "Malware payload (Smoke Loader)", "value": "78897a65a809cd45107c1cfd592f018b1dcb3425", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580689, "uuid": "3823bb0d-4a69-4055-9538-0b8933dfbd64", "comment": "Malware payload (Smoke Loader)", "value": "9acff54c5c136dcac46ee86357e490510b1665769e2621e86f63bb74abb9dd0fbd8c9fde652d7478ced533c4f6d5a039", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580689, "uuid": "a5b7a072-4031-43ca-964e-3456622c4204", "value": "T118749E30B690C035F4B712F845BA83BCB929BEA19B3450CB52E53AEE52356E4DC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580689, "uuid": "ac038654-233f-444c-a35e-8bd23d530eba", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580689, "uuid": "766e87d2-757d-427d-837f-162e11f6172f", "value": "6144:aykGDD4vSsGBZuGwO14gk8W7JXewkkgXET4FIQQF:aGn4vSsGhwOa8W9qkmE8FXo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580689, "uuid": "3ca61278-65ce-4c75-9857-d55c5e5994ba", "value": 347136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580689, "uuid": "fd4963ac-06db-42ad-8925-5aceef0041e8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580689, "uuid": "9d18774c-6def-4dce-ac7d-ddf2896eea84", "value": "4b5bd26f22fff1533f5a9599c54c07ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f0fa07-f090-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627578963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578963, "uuid": "8565f64d-a1df-4704-8ab0-539e47a9d24a", "comment": "Malware payload (TrickBot)", "value": "c040adf4a8e2f990bb6a9b567a5e6318", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578963, "uuid": "9e47bbe2-ae3d-4ebb-a17d-350e0a4640f3", "comment": "Malware payload (TrickBot)", "value": "c02737abdf4d7a8ac8ce86414f130d78d730544d1d940b5dda79356a923b0638", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578963, "uuid": "ba4d03e7-127f-4164-b992-527aa3379844", "comment": "Malware payload (TrickBot)", "value": "c213e9698e915eac1d38df6cfe0a1f629cec664f", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627578963, "uuid": "1a0a0ab2-2fad-4659-9630-f0f04faacc0d", "comment": "Malware payload (TrickBot)", "value": "70f3d188b2d4fb9892ef14ad9187467cf41ee7a5e1c810c5e1f2404a92468f78be1aca5775f3035ed44980e5542a0b68", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578963, "uuid": "3bca2bf6-b630-4d3e-9c5e-6ba2081576cb", "value": "T1586301E9F5CFDFBC10BF7A29A6873AD30E63A51E421E635EAD21394E22581C85C05172", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578963, "uuid": "f8d38c55-ef05-4407-804b-8ca6ab794a24", "value": "1536:WfPnkYFqUWdAa1HLwdCHCbDVqGTdVkmvlSN5x3bSCJk8X+1u:W3nPUUWRLwPhi5RDJr+1u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627578963, "uuid": "8a5c8090-f9d1-4b08-a936-7ffd2151d9a7", "value": 71292, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627578963, "uuid": "748992fd-b558-484f-8389-a7cb1e6a2f00", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627578963, "uuid": "5e1b3a2e-1e7f-4536-b71e-1f2c1a87e39c", "value": "2021APT-28_42918453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dce8bce-f029-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627534682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534682, "uuid": "738507e3-a0f5-4d0c-96fa-079aa2421d94", "comment": "Malware payload (AgentTesla)", "value": "8492c164e8697084b7f14c46da9e3e11", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534682, "uuid": "93dc3063-84ab-4ccb-a001-b08d0a5e1d39", "comment": "Malware payload (AgentTesla)", "value": "c0492f4bff3180e2a251a52a91775d6a6907851187d849aa40f477548a694c76", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534682, "uuid": "826ce5f1-7f31-4acb-8d31-aa33f0aa24c0", "comment": "Malware payload (AgentTesla)", "value": "5454606f6594f6d5e8b68cae884073b6507d4621", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534682, "uuid": "ca1080fe-8579-423f-b2c9-f9cc09e2e7d6", "comment": "Malware payload (AgentTesla)", "value": "c8ee8e4bfe2b2d760c23a27558a34e61a4de6d2477c6165c275958719b99e33f447eb7c1b537bc84605a9683d7a1d01e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534682, "uuid": "e18ef727-fd77-4c12-9be5-c4b7ec895d7c", "value": "T13DF4BF748488DF9ADC5C03B4CB8C02F02EF14CA6E174E5A33E857DB5B5B0A15DAB9396", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534682, "uuid": "85b902d8-ceef-40f8-9077-769fce5a980f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534682, "uuid": "a277bb5b-b10f-455a-857e-09d913a3c2bd", "value": "12288:Aj3pxX7iS/d348uwz/IXToFi2bjg7eyfn7UZraEPC4eIo8v7:AdxmS/d3rz/IXY5c77zMbHt/T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534682, "uuid": "be7c30df-1f31-4020-be34-40cfdaa2f01a", "value": 724992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534682, "uuid": "4fb911d3-1bac-4187-88c7-badac65416ff", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534682, "uuid": "c7e5cb0c-060c-4c01-bba8-eb9bc305d865", "value": "TNT Einvoice No TNTMX9853 Consignment Notification Delivery_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1aa78e36-f07f-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627571426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571426, "uuid": "46abef47-54ce-443e-84c3-654c551224aa", "comment": "Malware payload (RaccoonStealer)", "value": "2781fe3e53cd06e3c18790d41628a8fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571426, "uuid": "f1560b1e-735a-4623-b730-0567ccbacbcb", "comment": "Malware payload (RaccoonStealer)", "value": "c0a2a3ce3b4d633a25e139b8929ebb2ee008f176a24f5a06168debd646acb004", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571426, "uuid": "b1bcff12-5446-4937-b5b5-989b15a8c2b3", "comment": "Malware payload (RaccoonStealer)", "value": "a0acaed4f399aef7f5cdb8525617b608bd9ba350", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571426, "uuid": "9b3d423c-cfc0-4677-8636-a7e9ea8cb81c", "comment": "Malware payload (RaccoonStealer)", "value": "cca438141cbbf4baf142b348b3ea649855cc832ebf51226446c0e6b6438b1a42383ce189ff9e59a5dcb8a10cbc4de9f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571426, "uuid": "c0de9d21-123d-4ad2-a5dc-b7a61b45f7ff", "value": "T19CC4E030AA90C035E9B712F846B9D37DB52D7AA06B3450CF62D61AEE03352E9EC31757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571426, "uuid": "f7f8acbe-6f18-405d-a94d-0d81a441f007", "value": "ae8d52d466f0b65d50fa6d5967396375", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571426, "uuid": "8f50a50b-ef84-41ec-ac51-d140b9e5b92f", "value": "12288:SV8ySVsajTcP6NK6ILMgkBHTvlhGFfH1DkdW19a:nySVswcf6akBHTvlov6dOa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571426, "uuid": "e53850dc-080a-42e0-a831-f8ca8d3c6ff7", "value": 593408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571426, "uuid": "e8e3931c-a16a-4610-bc49-b3d5e6311095", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571426, "uuid": "8cc395d1-cff2-4580-8b8d-f49e72b46304", "value": "2781fe3e53cd06e3c18790d41628a8fe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23469800-f07c-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627570152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570152, "uuid": "6a44b20c-4c6f-47d0-9023-05a6df1f45c1", "comment": "Malware payload (AgentTesla)", "value": "7ecacb8e709d9ed5a4441de13177a620", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570152, "uuid": "ff580137-c469-43b7-82b1-95ac02839495", "comment": "Malware payload (AgentTesla)", "value": "c0c0552b6fe1a289d5a15f1c74282acd119a00d3865eddb5126dfdba142ddc8e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570152, "uuid": "ac21259a-324a-46f2-b3c7-90ba200602ed", "comment": "Malware payload (AgentTesla)", "value": "6691817966454c0c4e1653f1fd8ea3b74e69520b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570152, "uuid": "c20c9005-8ddf-4b5d-a591-fa2bdc977b15", "comment": "Malware payload (AgentTesla)", "value": "6b4098abf8105f55d558302dc9a4241c6937028d5bd67642c8275558cfe1c0e7d56ca219085f076a23df35fb92c16c56", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570152, "uuid": "39bc72af-9cf0-4d1b-b60c-8c14229ad696", "value": "T16255E024898C9F96CC5C03740B9846745EF5AEE6F270D8AC3D8D31B1B7F181AEAB6345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570152, "uuid": "4caccb2a-376a-41f7-a3ce-5a854708f66b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570152, "uuid": "4acb48c9-3679-4a0c-aa7d-4fe656caaf42", "value": "24576:WEjS/d3ZKzksxkscck3g2KOlW6v9Qna0ZDZ5Wy8jh8N6ZNAZ:uKFkQ2Kf6V0Zi+N6ZNA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570152, "uuid": "bf7af134-65fb-466d-8512-5b5fdc1ed9fd", "value": 1328128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570152, "uuid": "dfc1d13a-017f-420e-a0c9-05334ebc91a8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570152, "uuid": "7169974f-182a-4d4f-9b23-8125ec830343", "value": "SecuriteInfo.com.Trojan.PackedNET.967.18099.8620", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0511398-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627548457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548457, "uuid": "18592792-a1b8-4665-b22d-8898023cd887", "comment": "Malware payload (AgentTesla)", "value": "0831ed956371fd46cd0fb3fdb9720b65", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548457, "uuid": "e0b765ea-b861-48cb-b12f-3ef5fe34f1ad", "comment": "Malware payload (AgentTesla)", "value": "c19f16f127fcb44f20f2d94b7b876b1e41287e1ec12cbe6d0052cf416d805b1d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548457, "uuid": "dff838df-d262-407b-a1d8-3e70dd4dc734", "comment": "Malware payload (AgentTesla)", "value": "1de3752cab2e01a35673b2eb3b2fed614459b648", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548457, "uuid": "770d7eac-cecf-4c98-9b97-aeb48a9f77cd", "comment": "Malware payload (AgentTesla)", "value": "7a50837627ae24c12186e0266c8692b6a2d3f0aeb00b73d6c6c09a4b899e22d2255487ce26d4ed691296ddbf5ee7dc7c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548457, "uuid": "3dfa9985-5d88-4c24-8826-6a16784f3872", "value": "T18135AE217AC4CA2AE5AE873E8EDF502047FCBE423A71D7286DE212B55505F51E6343CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548457, "uuid": "e0300a03-2464-42b4-834a-9de75b6d6d92", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548457, "uuid": "9be5fe91-bd99-4f5d-8b5e-8e7f4d4b816b", "value": "24576:lNoVNiKPTt3wQBc/d3FyK64JfUpwncGixGgRqFldpkjO:l5udK64J3UqHdpkjO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548457, "uuid": "74b369ea-9dd5-431c-a415-9da983c2ccb9", "value": 1141760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548457, "uuid": "ef2fae63-4209-4504-a802-0c89a93e1ca1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548457, "uuid": "1f41cdb0-be1b-4654-b9b9-192897b3d5b6", "value": "0831ed956371fd46cd0fb3fdb9720b65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f5c3e4b-f030-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627537504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627537504, "uuid": "027d7e60-cc4b-4347-9438-b4928f6047a7", "comment": "Malware payload", "value": "1ebfac3f95ba0d29646329ea2b015035", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627537504, "uuid": "6b41cfc0-18d2-4580-9a64-9cd310cc341b", "comment": "Malware payload", "value": "c1bf8e2ad7a838d2a3366a6b5d8ddeddb18f08c1564d68498ae10f736abe776f", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627537504, "uuid": "0a81fa02-ee94-4c7e-a756-4bd7a63b952e", "comment": "Malware payload", "value": "5d9830cb04838a234d60fee6076f6c354d804cf8", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627537504, "uuid": "fd43c935-a679-47ae-96c3-1e29691347b0", "comment": "Malware payload", "value": "354cd2aace1d10b9c134f96ed66c8e0ef8431737ac44c2e64a9f47f51c6ce1e52748ba43e4a68acf66f200193bf47629", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627537504, "uuid": "31a83478-6c4e-41c2-81d1-fb67aef8d923", "value": "T1B84345C87BD0D817734D2F63EF1976E9E1AB389B94C87A0B81447F5824E821BC5A5DB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627537504, "uuid": "79b4cda8-4333-470f-b911-1d0792407be2", "value": "1536:WjEB4Vr1fZwHYVDAC7JkqFEdL/gr6lL8CU+NLsHiz5DQ5D4yUKAPAuQc:WIB4Vr1fZwHYVDN7JkqFEdL/grQL8Cx/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627537504, "uuid": "b8c064f0-3208-4c75-a09d-e08af9785b4e", "value": 59739, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627537504, "uuid": "4f031759-ce31-4a5b-a1f1-069cacf212cd", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627537504, "uuid": "e5cdf745-896b-4dce-8e85-539d11f723f9", "value": "Dynamic_OrderDetails&Invoice.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a7a2441-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (CryptBot)", "timestamp": 1627547911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547911, "uuid": "64ff09ee-cdad-4736-982d-fb53f8e5f458", "comment": "Malware payload (CryptBot)", "value": "6a2c1831c6131eb0f59078d477f4247f", "object_relation": "md5", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547911, "uuid": "17e033e3-e190-49e7-9694-d19462ed57e6", "comment": "Malware payload (CryptBot)", "value": "c1d11f66c89d2b7a284d8b61092fab044066c5443250d90d2dd9f3221857900a", "object_relation": "sha256", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547911, "uuid": "1279d3b5-57fd-4ec2-922f-604e42f6b021", "comment": "Malware payload (CryptBot)", "value": "c17ecf688c67d509d646023fc7634b8e497119b4", "object_relation": "sha1", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547911, "uuid": "db42052a-132d-431a-a738-0b7b1ab91ab1", "comment": "Malware payload (CryptBot)", "value": "b89ed806f83ed592611be2bf0e41bc6d2c19fa1e0360987edd876634d48f4e573025044f63f26409bcbf46a1ff434b21", "object_relation": "sha3-384", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547911, "uuid": "02d094b9-18ec-4904-b035-740d0571a2cd", "value": "T180D4F130AAA0D035F5B726F846BAD37DB92D7AB1677440CB12D416EE06346E4EC3139B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547911, "uuid": "50b0004a-34ea-41a7-b87c-5bca6a52241c", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547911, "uuid": "953d36dc-0c20-4199-b418-2bcb2474126f", "value": "12288:q6nudbPYiEZ2n6k4hcMcBveeEjwAdNUHl3QyNfwLw/NIbDTyTZ6y:judbPYjFOMcBv9EMXHlXCpvO7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547911, "uuid": "cb71fc52-d80b-4321-8469-a8ce69269f9d", "value": 624640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547911, "uuid": "708ba8b6-8965-4aa5-99a8-374967d97fa8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547911, "uuid": "ff1e16e9-615c-4cdd-900e-94d48cced58f", "value": "6a2c1831c6131eb0f59078d477f4247f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34805650-f08a-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627576194, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576194, "uuid": "23b86d75-db2c-48a0-a205-8dfbb1d60f14", "comment": "Malware payload (Formbook)", "value": "6b05e8d4ac63085a1265644de1eb7a5d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576194, "uuid": "3f8d5f81-4706-471d-a859-1fd52974afef", "comment": "Malware payload (Formbook)", "value": "c2cb078eb2c403c28a5badd375c953897492602259a52b16afaa635126344a10", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576194, "uuid": "56dc4f44-0f21-4d4a-91a8-0247dcf90438", "comment": "Malware payload (Formbook)", "value": "da552ea164e7db17e2d391a9a3609587bc91f3f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576194, "uuid": "40236fc8-4719-4c0a-a679-aa4b50e83e5b", "comment": "Malware payload (Formbook)", "value": "0a452e4b80c59a28b6b305d375826f1434ac47dcf77554aac6587afc6acd46e37e2c3c7aec145a42383adf9e5d42daff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576194, "uuid": "8650c202-eb09-4ac4-ac34-d25608cd7613", "value": "T1CC55E024C8889F9ACC2D03754EA845742EF5ACE5B1B0C8AC3DAD31F4B3F2965E975346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576194, "uuid": "04fc5dfa-ef94-4320-81e0-1eb748602c56", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576194, "uuid": "75b55b3e-de7d-4772-9e2a-56331a78b005", "value": "24576:TKjksoksnElQz8IT/huklVmoz28Awy8jhMN6Z7TQ/dHFFZ:TKwPIIToomOiN6Z7U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627576194, "uuid": "ee4f09dc-c764-4d41-8220-8037c6918f49", "value": 1314304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627576194, "uuid": "b29b0e46-c5ea-4d33-ae8c-8bcd3855d3e7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576194, "uuid": "ce646402-2086-46eb-be3f-aba541f602ae", "value": "soa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58bfe6c6-f059-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627555209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555209, "uuid": "3762815e-8bdb-4c5f-994a-e49bf7bee949", "comment": "Malware payload (AZORult)", "value": "a59f482b3304890ef526694515853371", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555209, "uuid": "f98f8f21-9824-49fc-b321-a9c4ea00f9d4", "comment": "Malware payload (AZORult)", "value": "c2fa8e507fd8eac778c190c8841073a6dddb78789169df79f0445c4a19871c23", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555209, "uuid": "c85254c3-a957-47ee-9cb0-b469b2ba03d2", "comment": "Malware payload (AZORult)", "value": "c2cfc323b1a90b4f77428a0634d2bae93d064e7b", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555209, "uuid": "13a3b3d0-5518-4e84-8d96-6e6a01f6b741", "comment": "Malware payload (AZORult)", "value": "41a1d202493eb360189417989526f9177ad4a1e6e2b23df3ce0eda55eb4528e2da02cf95fb44405a3a195919f354df2b", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555209, "uuid": "56395530-2c22-49ef-8ebd-85bb27f48f9b", "value": "T106340287F15935C9EA5317311CE9840878048ED36521D5FE7B43E1B22C92BFBACA9A1F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555209, "uuid": "a2c675a9-10e5-4196-b592-932b4985057e", "value": "6144:OQUR/GEh8pw/MDlHOENWjxUIkKGW+ab1uvr8mLzeGI4cR4mi:VSkpwkBOEN2GFu+aS64cG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555209, "uuid": "8c2af678-4b3e-475f-9c63-1af2192b6c0d", "value": 238229, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555209, "uuid": "960c77a0-be92-4857-b752-57138bb7f58a", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555209, "uuid": "ab661db1-95a0-4f3a-b076-c81dfcab9a8a", "value": "QAFAC_request.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "285cf11d-f092-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627579609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579609, "uuid": "3d51372a-17ec-4a20-9019-f84144d15f6a", "comment": "Malware payload (SnakeKeylogger)", "value": "a7fc916cad2c132b57248c433533343d", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579609, "uuid": "a2acba5e-4604-4d29-94b9-5298dc2fa787", "comment": "Malware payload (SnakeKeylogger)", "value": "c48a9d272329003f8efbf51aadef055cb30c807d30b5e3d1aedbbf725e6bf9e7", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579609, "uuid": "67539ace-82ae-4340-99bf-0f1df1a8d57e", "comment": "Malware payload (SnakeKeylogger)", "value": "e0a481b85c48e1ef2466b222b53c07b9a9d04836", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627579609, "uuid": "cd904917-4ecf-4a6f-9206-6cf98283d3dc", "comment": "Malware payload (SnakeKeylogger)", "value": "c0e565c7aead19fdae470c0ba822aa9b938e0a61e96f156fa477230a1d895a00fb86e5d6670f392ea55c5c34a2fdf019", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579609, "uuid": "47357615-d5fc-40c1-a74a-0b52dac5ef15", "value": "T1F3C423BE5BBB267EB9693E6350C4803C58C3615278630E8BD5E9D0EF98AFB15DC74084", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579609, "uuid": "5a05ac1e-c450-457a-b9da-cbc3929292e4", "value": "12288:myH/DbMjjlyEO/8GZHVR2sRyQ3cNea+IjEQcq69MUr:XvqByXbHRJg/oC83", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627579609, "uuid": "3e389654-9653-443a-ba4d-2cc796a64759", "value": 565812, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627579609, "uuid": "d91eec9d-e0fd-44a2-b653-959eeea7c863", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627579609, "uuid": "2a3617a6-db87-4d63-8f7c-1f405dfd8899", "value": "INVOICE - Q0002255 - LKJIN001 (29-07-21)-pdf.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "030e20de-f072-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627565803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565803, "uuid": "e539d0ff-2c35-4ab9-85f6-5a3a2714d549", "comment": "Malware payload (Loki)", "value": "af4ec0bc13149037006f88effdbd7643", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565803, "uuid": "17af30a8-8d96-4f4b-a974-cbce32daf2f3", "comment": "Malware payload (Loki)", "value": "c589ffaa33d14dab47ceff46ff04c32286f4d14f17ddd9c7cf64b1de69525c48", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565803, "uuid": "ec07f7b9-b385-4fae-9a29-4d6e56822d9d", "comment": "Malware payload (Loki)", "value": "533a0dddbdc5339a461b419fb12911219dcac119", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565803, "uuid": "88f8e7ef-b029-4944-9db6-73b2bbb48af8", "comment": "Malware payload (Loki)", "value": "c1bb640bc47a8eadb3544aa64e87a2fc69057461f284db2b3521b43f6ae9ebbd716ea867b90cb4f5816f3d15855d5fa8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565803, "uuid": "7e9dbe13-dcef-43d7-97ef-2e918833bcf0", "value": "T124449D30AA90C035E4F712F846BAD3B9B52D7A606B3450CF52E126EE47346E9EC31797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565803, "uuid": "990188d9-0af2-4dc3-ac3c-360919c29528", "value": "ebe339f33228ec9cb9963341e6449ca2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565803, "uuid": "2ac5db0d-3f49-4deb-b489-725d68b366b6", "value": "6144:18hySTUMuJfUqMURwSUZdfDNUahafv9O1Fk4mwyE:KySIMuJfUqMURedfDNUX3I1FKL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565803, "uuid": "5742b6fc-2882-486b-a242-81a363f89a84", "value": 266240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565803, "uuid": "a9d3dd49-9ada-4f61-a733-7155d606a687", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565803, "uuid": "2179a194-8acb-47bf-9a22-ef81abdc8ee6", "value": "vbc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c17b2045-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535199, "uuid": "501e4587-7836-498b-af9e-b4ac88be7079", "comment": "Malware payload (TrickBot)", "value": "0ce2eb7ad1d012de3fd857bd86709dd3", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535199, "uuid": "d50cd59a-963a-4a35-8388-830f1d0bd428", "comment": "Malware payload (TrickBot)", "value": "c5ab412eea44d50d146a80dff50e5d993f982f9222078d126dcebd1933fd650d", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535199, "uuid": "511f24f2-2920-4d43-a6f8-e208c37c8d41", "comment": "Malware payload (TrickBot)", "value": "705f50ec78812fd0521caaf03b81e5ce167b1b33", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535199, "uuid": "fad8abdf-c199-4e1c-863d-a262d3c48868", "comment": "Malware payload (TrickBot)", "value": "9ed213037b85c46c9bde5ffbe8132acdd45760fa8ccd57cf775ebb817fcc3129b1a6fe8084ba80a38fed011a7b332366", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535199, "uuid": "3097e863-cb1a-4760-8ccb-4818aa6e4b49", "value": "T126830243A472F92EA1F0A73A456F0C5C4B69F073F7026DC5459E390BC90A7B9878E99C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535199, "uuid": "b8edcc15-f1d6-4b6d-b565-97bfa2b0dd2a", "value": "1536:Y4Uu6g64u2oKDihDso/V68P32p9GlYuJulW6VC5oxo3EHfeFsMxI:Y4Uufe2TeswRv2mllN6VCEo37FsMW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535199, "uuid": "d3be16c9-9772-487a-9a4d-fbf2035e2651", "value": 84870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535199, "uuid": "eb74fb86-6243-461b-8c63-5b44a049dbb4", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535199, "uuid": "37536300-9cd3-4995-9051-f5042a324271", "value": "2021APT-28_84042453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11270384-f079-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627568833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568833, "uuid": "087a8673-b814-4a87-b8d7-8671361b0c1c", "comment": "Malware payload", "value": "d998a3a5de2f6ac3062dccb258affa2a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568833, "uuid": "1527984c-4ffe-4781-a7e6-8a453458b4cd", "comment": "Malware payload", "value": "c65447eeba539403bed03c30375fb5e88af1ea5da437533d2c30544e6422e494", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568833, "uuid": "a2e58e23-9f05-4b12-a7bc-605eb14df0da", "comment": "Malware payload", "value": "e485e4239972a2e51f55e19b88b9011d172b18a3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568833, "uuid": "0bacece6-23b0-424b-aa3d-4a6226bc7ccf", "comment": "Malware payload", "value": "2a74fe594c73dad4fabe6c2375afb19e069bb3f748f2ef8c103dde869bb69e31c22353ca9733ca7471847f83981554ef", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568833, "uuid": "28716e19-c18e-4777-8e2f-1b7d497fe544", "value": "T109F2D174F0C66C5BFBF955F4A794A3E5E3F95E8A78A58BA1A371AF8095322133000CD1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568833, "uuid": "82fe527a-a9f2-4e94-8bf4-b779859408eb", "value": "768:rlAmfvjWvqm4ja4moDVkBby3Dxnx5Dy4uVcqgw02NWXTMg:5bzs4j8oDVEy3dnx5+4u+qgw06WXTMg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627568833, "uuid": "be057217-1c1b-4cbb-84e8-b443de69cce1", "value": 37188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627568833, "uuid": "31a19abb-2ef3-4a8d-8729-bc6a6a8b8624", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568833, "uuid": "a513e990-aa16-41f5-b9bc-f49d87206920", "value": "d998a3a5de2f6ac3062dccb258affa2a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b167f12-f08d-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627577574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577574, "uuid": "4a464bbf-3540-4816-b92a-c2e3fafe5c5b", "comment": "Malware payload (Formbook)", "value": "8a198f826a896800764e969974a389df", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577574, "uuid": "839af21d-70fc-4296-9016-3b085f5f8898", "comment": "Malware payload (Formbook)", "value": "c6ffda0b218063c2924ba897d8fd4abcfb4c53a4dd2cb99f30a2aaadac30530c", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577574, "uuid": "5811a3b1-efd5-46cf-8fb4-0b8c8c67b080", "comment": "Malware payload (Formbook)", "value": "0b3be6b5752f8834a84406b737a289c052f758f8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577574, "uuid": "c4e7552f-e8be-4f4d-9131-e5be4832a5b5", "comment": "Malware payload (Formbook)", "value": "d8187b054709560bac9fb1a7363271c4f94658d1ec3b8a446688affdcb285ca1abc535dfb70285b7f01755ba48d1141b", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577574, "uuid": "65098063-72d5-4da5-ba44-4615a99be5b2", "value": "T1DB2533796E7109B82E2B04F0B12BFDFCC8954776218336A9F01065E6A1368BF22D6775", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577574, "uuid": "3e16d841-d0c4-4588-a15e-36e373442f85", "value": "24576:+r+rqhVy8vMw14AcQ6/9JIHPerZmlYAgIFF3Tn85A2G09G:ALMM4XQ6/9JIWr8l6IFBTn85609G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627577574, "uuid": "f95bdeea-32b0-4bdd-b827-cd5308b7ce7c", "value": 1057092, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627577574, "uuid": "39a169f1-d133-406c-8a01-6f19a7dd279b", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577574, "uuid": "3e4ab076-2648-4a86-a557-330520682900", "value": "Payment_Advice.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "808517a1-f070-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627565154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565154, "uuid": "39e3020e-ee29-4a7c-919b-7e94016c39a4", "comment": "Malware payload (Loki)", "value": "05efd6ba4c4b9eddcdb1d2bd10cfbc07", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565154, "uuid": "c36fe99d-93e2-44f4-9383-3478c9002438", "comment": "Malware payload (Loki)", "value": "c71ec671ccefec181f4cd81fae5a4f1365474872e4a5a0eea3c0c3945015a21f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565154, "uuid": "04b23c11-4a0d-43b0-a6a5-d542e39d9474", "comment": "Malware payload (Loki)", "value": "8fe6ceef1d1164b855ed587e4af0ebbd31c1ed66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565154, "uuid": "cdef85f4-1793-4848-9ea4-bee10b0d19ad", "comment": "Malware payload (Loki)", "value": "b4b752342f88d3df1bad38558fdc28069854837e5fb908fc1ee00751ed3e472d865f44bb53c5c10ba7b3364a2781da60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565154, "uuid": "2ec85613-e5d9-49ad-8680-3e7430e449eb", "value": "T1E345DF28C98C9F96CC1803740A5546742EF5ADE6F2B0C8AC3D8D71B1B7F1D2AEAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565154, "uuid": "f5223f37-1697-458c-9062-4b88605e2622", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565154, "uuid": "c4e56332-2dce-4837-809c-0ba0a92c51e7", "value": "24576:vCS/d3+Kzksfks2y8jaYgRwpZ5HEwazcQ8N6ZNLZ:kKKJ+OBazc5N6ZNL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565154, "uuid": "1961fc86-1ee1-4228-b917-b503c9e2bd56", "value": 1209856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565154, "uuid": "d2641b13-b76b-41ec-850e-85b00bbb14ad", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565154, "uuid": "cd101ebb-9318-44e9-b757-9c3e73dde876", "value": "gunzipped.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b7e66a8-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535027, "uuid": "92195faa-240c-465a-b5e5-4f8fd30376b3", "comment": "Malware payload (TrickBot)", "value": "ca5f7cdbb1c77854601e2cf7d6a0106c", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535027, "uuid": "901ccc91-70a5-4858-a594-6b1f68d10d50", "comment": "Malware payload (TrickBot)", "value": "c820c9b3a65ce631f0026073ce08b943f34f57d4468cc15b117f1b0ebb562160", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535027, "uuid": "ca634c13-7bb5-4b56-90da-fbf13c1b9bcc", "comment": "Malware payload (TrickBot)", "value": "0eef548ad2a95c983a1b666f25a88ab09be44454", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535027, "uuid": "6ca145af-9779-40dc-a479-28ba53d34f93", "comment": "Malware payload (TrickBot)", "value": "5db1ab299bfb0fbeb1f8d085d2b338d70fcb0219b756d20437035e5a10f05b5610fc4a50bca063d7d60080717cc57beb", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535027, "uuid": "95b85f93-3974-43d8-aa4f-e9477feb0efb", "value": "T1E1C2E1A711AA4F70FAF01B565E35CBA790172FFA50AE0B59C7494C0187AC1691DCFB34", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535027, "uuid": "72b910b5-115d-420e-a523-755e051d8d03", "value": "384:qqJoAMwL86OgI9XEkdA4pJxcVUJsuCB2nX771z5/qVUSBfWnvlGBTgCYrcpKGr19:xZ8pfrpku9Cw75zxqSndwzYrxGQISO4g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535027, "uuid": "90a51c9f-b794-4f77-98fb-d8b8242c7a8f", "value": 28037, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535027, "uuid": "c3301f54-a9ee-4286-8378-fe92fb57be33", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535027, "uuid": "e1494536-ef52-45f1-9bba-6096a432153e", "value": "2021APT-28_8394453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e9d25d9-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627571003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571003, "uuid": "ac2b01de-df78-4a8a-a704-79462e4c0331", "comment": "Malware payload (SnakeKeylogger)", "value": "d2a9e49776298ab89d6f16ebf23544dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571003, "uuid": "639b2a74-3017-43e2-8205-2152833ea2f5", "comment": "Malware payload (SnakeKeylogger)", "value": "c960feace2c77da35d8b79d2d416df005743a907f1f885e58f514a3d3ce8e59f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571003, "uuid": "86eaac80-90e1-4b45-8bd1-e110e3406ae2", "comment": "Malware payload (SnakeKeylogger)", "value": "95eb2bff1f9b4d75f3a0915296938f44bcaf028a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571003, "uuid": "ef3dc17d-290b-4658-b113-5473765f0f41", "comment": "Malware payload (SnakeKeylogger)", "value": "b5667c1f361540f0c3160062e05f20c8b8043a8170dddce7b186834dffd0697af241727f75741ce884ba6cdea670b761", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571003, "uuid": "9a2fcec4-5197-41db-bfe2-c03ce3f3fb00", "value": "T13B942803E25C9515C9247DFE5C5B736DAA26C987CB90DAD17B2BBD1E30A0FC15EC8882", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571003, "uuid": "8f07fe59-d868-4bbc-afc4-6ef3b39e9591", "value": "3072:Zm6i8U+hywLDcDFrL589eWMlbdI+z3D+6KXy3oGU93Wb+fllHS:ZJy3DF/5892Rfx7ifllHS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571003, "uuid": "1296cce5-1c4f-414c-a088-e74f24504043", "value": 421633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571003, "uuid": "5f6c5197-a517-4550-bdbe-5fa27a9b3d54", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571003, "uuid": "af2e64bf-ee70-4682-9350-7446c34bd9c6", "value": "d2a9e49776298ab89d6f16ebf23544dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "189e4522-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (Neshta)", "timestamp": 1627574858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574858, "uuid": "e9750d9f-fe07-47f7-a5ce-9487a7f79389", "comment": "Malware payload (Neshta)", "value": "d7c3ab252ef50bfbce42bd5ef67a4217", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574858, "uuid": "72e3cb39-5036-4e3a-ac54-9ed6c108411e", "comment": "Malware payload (Neshta)", "value": "c991dbd92d2f3e6f3ff5d1de12016460a2cb557f7482d3322c7b495f0cbe9b89", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574858, "uuid": "d3626d39-8129-4dd2-91d4-02d0ff54bbda", "comment": "Malware payload (Neshta)", "value": "9d4bceabeff0e2e0bab26331910c694119584c9d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574858, "uuid": "2bb55b15-4709-4039-b88a-b2128a97dba7", "comment": "Malware payload (Neshta)", "value": "a5c504d18814540c28ad954d353d6377d99d2864e403b28074863596a91008bf84e274ed9c0a77cdaedb2faf43cfb7b3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574858, "uuid": "c8fdf2c0-8a36-4836-9c4d-2de5801c470c", "value": "T1BC35AE21B6D4DE1EE4BE96368ECF102817FCFA133632B7686DE512B90506F01D9752CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574858, "uuid": "964362c2-9042-400f-ac5e-f92cf45f1eda", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574858, "uuid": "b070d394-159d-4581-8784-c17c98f5b4de", "value": "24576:0cK6NvIeig5/diMK64JaVbCrPNKkr9ZOQZQDx1zP:1XdK64Jgm7Nr5NZGX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574858, "uuid": "fe22df5a-6a24-4844-8c40-2317ea1d1d36", "value": 1150464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574858, "uuid": "b0a093ef-29a9-493d-9549-ac971885709b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574858, "uuid": "1e2a87ba-8721-4ab6-a68c-4578f1381129", "value": "d7c3ab252ef50bfbce42bd5ef67a4217", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c44b6ac-f05f-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627557765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557765, "uuid": "60463136-3518-4185-bdc9-f4f9ab462521", "comment": "Malware payload (AgentTesla)", "value": "19ae31366f51b91c33186a9deb1f7afd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557765, "uuid": "aad9079d-7383-421c-88b4-d21c32bbb4cf", "comment": "Malware payload (AgentTesla)", "value": "cac731ca3082f9dfc896fbe6000891302c563e09eea7103c6848868565d24549", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557765, "uuid": "dc5d9c62-e1db-4998-9225-ada9ce576a87", "comment": "Malware payload (AgentTesla)", "value": "6a854efaea070bba7918b223f5b567fec245d8cf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557765, "uuid": "54739b24-85fd-4ac7-8253-b43d33a8edb7", "comment": "Malware payload (AgentTesla)", "value": "bbe05ba91ef62f0466fb226ac1f15ed04e7420258843640747f832f849a588c8cb73279c06af4a3b9b6bfa60724518cd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557765, "uuid": "4ab3031a-66b4-4e0d-ae42-107773a8d709", "value": "T12281199429BC7D96FE15457A8EB7FE204AEB7032DAEE1C9A304EA5A3036E3625C10045", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557765, "uuid": "fee3526c-2338-497a-b3fe-aa866151c475", "value": "96:QDuFJds57PbfLLeASoeWRHlHkcLa1rzclOWkvT:QDuF457bfneLoeWRHlHjLa1rzjlT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557765, "uuid": "290d7692-6681-4e6f-866d-1e777e4758c9", "value": 4001, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557765, "uuid": "d71ffb36-8e92-4e25-a438-17476b3a08ba", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557765, "uuid": "411cce95-ff06-4ee5-bb6b-e96c0ebc37a1", "value": "DETAILS OF ORDERS.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0f5875d-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535144, "uuid": "92139287-77a9-47a1-a3bf-0e3bab2b959c", "comment": "Malware payload (TrickBot)", "value": "29a76c5fdb5147c66092d0f4e424ec80", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535144, "uuid": "4fa67f1b-c014-4125-8f47-94b892a78436", "comment": "Malware payload (TrickBot)", "value": "cc006ebbcc9dafa2056bdef21d69836a9b46d9accc6080b93e768a98397e9afa", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535144, "uuid": "f64221bf-1b8d-4e2f-9c0c-d9965f5e2d10", "comment": "Malware payload (TrickBot)", "value": "ede9d41990fc808a17021f351fc7583720a4e5f1", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535144, "uuid": "1eb488d7-66e6-4081-b081-d9a0d1fb1d00", "comment": "Malware payload (TrickBot)", "value": "34d7883a0af4c068779d6c70c95fad6acb361ac7cbbc2dee872de1b13421964b61ab5c79a06ea94b5abbb80c1385fb45", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535144, "uuid": "f226fdfa-c5b7-4833-adbc-86791eee08e5", "value": "T13DA35FD86BD0E413338D2F17FE0A3AEAD17AAC5796C47607D1587A5C24E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535144, "uuid": "e131a696-3d71-406e-b296-d4d8d4a54b92", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXd:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535144, "uuid": "dc17383d-9270-4c8d-80ce-830f32bdaf17", "value": 102712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535144, "uuid": "f6491122-b4ee-4f12-82f2-2e97d019a1f2", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535144, "uuid": "2c029859-b30c-480f-89e9-2e9e939b9519", "value": "2021APT-28_86826453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "311f29f1-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627558149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558149, "uuid": "d28185cd-0885-49d3-b5d7-93054fbc15a0", "comment": "Malware payload (RedLineStealer)", "value": "bed15058430acaf20567fba8f287dd4c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558149, "uuid": "2822c71e-094f-4bbe-829c-395264278dc4", "comment": "Malware payload (RedLineStealer)", "value": "cc2cc6baae7dea7349b52df05fe18659ee0e85750020ce2592c1e433686cd4e4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558149, "uuid": "02b0a927-6a0c-4a8c-a5d2-cb2c125f2d74", "comment": "Malware payload (RedLineStealer)", "value": "674b6651738649ae56add4d1c409a5f0b8bd6974", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558149, "uuid": "2da75ba3-9cc7-40fb-83d4-e43de65c76ac", "comment": "Malware payload (RedLineStealer)", "value": "9f1b312619435b70976ec10be1cd8e12abe18affc2e8a2f8effe33c2d52104f0e65e5ff59d093f1ca212590350d1bcf2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558149, "uuid": "67dd51eb-5729-42a2-8372-0ed5068bbd6e", "value": "T1FDA34D2163D8DA29F6BE063474701615C7F0E08FB411E75F8EC5A4DB2EB6B822A546F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558149, "uuid": "c45fa56b-eff4-4cf2-87ae-1539a6b7b1d4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558149, "uuid": "ab210257-0622-4370-a981-f46cf06a9cc4", "value": "1536:b3LNmocO8gbywzIU9KgBGMJFD0smbfexvBuvayyedg73uqCxXsE6G6ijoigx:bxmocFoBJChgBuSyzdcSna", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558149, "uuid": "259e5656-9f75-43ed-991a-bba6612829c7", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558149, "uuid": "1795a55e-88f6-4aeb-be91-ca6f99b7a138", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558149, "uuid": "c61fe884-4f44-41dc-bd9b-bcf60887c42f", "value": "bed15058430acaf20567fba8f287dd4c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e1a9d09-f07c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627570277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570277, "uuid": "d1fd3e5f-e190-4822-a6b1-9fe9f2d62dbf", "comment": "Malware payload (TrickBot)", "value": "8dcc2d557edcd14aa33dd738ea58f937", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570277, "uuid": "64ecd4dc-a8ac-4cb1-ae8f-6e6768603c74", "comment": "Malware payload (TrickBot)", "value": "cd774e6a643ce65364e57bdd6e4eea43c08ad5ac157d43d9c232e7bbdce81dd4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570277, "uuid": "9c4a6d25-c29a-4ff9-94f7-f509069c4f9a", "comment": "Malware payload (TrickBot)", "value": "6b4f51126c575dbf9ba264bab17b602e31c23e0d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627570277, "uuid": "691a5e95-1d91-46d7-a45b-b6313c78be6f", "comment": "Malware payload (TrickBot)", "value": "5ef23dcbe64d41a515b04af8e6155b0abdcf2b43470cfe09244029128db4ab4a994fd4393dd18d3d4650466b6e294024", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "rob116", "colour": "#4DB1C3", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570277, "uuid": "861a7f58-bb09-4558-99a2-4f04d6f4c54a", "value": "T1C7D4DF03F2E0C039C1BE02343F656BA8E6F9FD605DB5DA4767C18B4E5D32941AA36726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570277, "uuid": "69c9070f-61f0-4d19-bb16-e65cbf3efeab", "value": "170fa18cf362a3ea8cc8edbec346f3aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570277, "uuid": "3fa48911-ec79-4b29-9724-b604622a8827", "value": "12288:gjBb925xIKt+wxNoC2NXH0tndFqvK9tZHkS1oKfqe9KS:A25xIKwlNEtdAvKjLzfES", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627570277, "uuid": "f9826f2a-a78b-4071-9083-5b4c9d30b071", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627570277, "uuid": "a1501d5a-3dca-4eed-bff1-672cb1227740", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627570277, "uuid": "b9254d6b-5417-4621-b770-5e7e2ce37897", "value": "rockstargarmes.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6646546f-f061-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558668, "uuid": "8811081d-5df6-4e2e-bf40-677c5e703f07", "comment": "Malware payload", "value": "9d44f5a62741c5c60090a6b3973f18d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558668, "uuid": "2f13507c-889f-4dc2-a67d-18ca7530e4ed", "comment": "Malware payload", "value": "ce1977cbe744139ebd1d2372d2336775fc77e7d81d97397eeabdfa7f1c8ca441", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558668, "uuid": "9a697c05-452b-4127-96d7-a41eff8d9542", "comment": "Malware payload", "value": "e4e1593c6a498d3ce3f8f16614505b26607c4a8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558668, "uuid": "2486cbd7-dc50-46c8-a7de-211c532d0f08", "comment": "Malware payload", "value": "477537a964d9e882ea5f5a1cc0843d20e8061c82feb0c5ac3de00f9b27f5f9d3df23e3886483a87106941c0e59d3d342", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558668, "uuid": "23472998-f37d-44f3-88a1-fd0f112456c0", "value": "T138E4E031AE3A5587FAA904B6188A81150DF4327B838BA55EF0DCA7570F933C50E5F3AC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558668, "uuid": "b3b9937d-4a42-46d0-b600-34da313ea77e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558668, "uuid": "f6e4990e-944a-4490-a0f1-f1fa76f01f1a", "value": "12288:a/n9sa7RKjbzoj7WA9VKbsqVPhejtT14fQ8YS8s4Tbboa0GUa0:S9saFWCWA9kbs2PhotZ48bLDjUv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558668, "uuid": "d4d1a1b1-3b00-4a2e-a8e6-ba19039c945b", "value": 701952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558668, "uuid": "f7edeabd-35f2-4b1f-8d45-7ac045a4db09", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558668, "uuid": "ff3a01ce-63db-4b22-a40f-fcccdbfdad1c", "value": "Adrienne__Voy.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a86ac58-f062-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558943, "uuid": "0073fe3f-d8f1-4418-9d49-22cdf8fc6f5e", "comment": "Malware payload", "value": "c9eff75a3d9f96a813ed6b315ac3e6c2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558943, "uuid": "173d5531-4311-4d98-be02-ac4cb9624b92", "comment": "Malware payload", "value": "cf7e6607d30702b6f488216069c0b94e4531fe3a1e4b26e57c47d9874a27b00f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558943, "uuid": "a1902817-7ba8-4e8f-b116-bad226bab620", "comment": "Malware payload", "value": "8cf8ce63dda0c621174065b77e8e35549bcf594d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558943, "uuid": "030dc8bf-7768-4632-9335-d7fa2d4123fb", "comment": "Malware payload", "value": "2c1d9543d49aad8717bff80a84378696fd151cd4e3f1098396d16f1f65d254071fcde21443b6dc42e2bb6d5f1ed8741d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558943, "uuid": "68561aaa-e348-4a94-8774-2d629bd6cb8d", "value": "T1AD541209BACD5C0FCEF8267861DA4F6A576499027CB43F7F995703872A8270463BA871", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558943, "uuid": "f6d7ea00-bbc9-45aa-b665-8e0d2c1c0e5e", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558943, "uuid": "22827f22-f5ce-4ed1-abd7-485c851c5aaf", "value": "6144:Si0I7M7ahKCbXhex6eSNBxhxkSulrVbNbX7msJHiY5ceRE65B82+CW:33M7XCDhekl0SuN1BrRPXWCB82/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558943, "uuid": "e7898f98-f017-4afe-956b-b623cd927077", "value": 284160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558943, "uuid": "8c4b42ca-4cd9-40ed-b476-f38bc17a6ece", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558943, "uuid": "8f18b384-a28b-440c-819c-b6771a87a9a0", "value": "IAccessible2Proxy2.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e750666-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627574868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574868, "uuid": "2c24ce7c-9b98-447f-89b2-4a4ffa8becd1", "comment": "Malware payload (AgentTesla)", "value": "a9bab19e0b23c9493ebf3ddd8415bea6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574868, "uuid": "e0c4d218-61f4-4143-92a9-28d35b5a7307", "comment": "Malware payload (AgentTesla)", "value": "cf8519de5dbcc543a62429969d65a506b88195fffa4441a88f66e35a5d968bbb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574868, "uuid": "036f4b94-3ba5-4534-a0f3-4b6bbccf4517", "comment": "Malware payload (AgentTesla)", "value": "25b9634c502cb67f4fbc6b9d829552d6ab0aa3d6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574868, "uuid": "193166f6-ab29-4f8e-843d-cae0e474e6ed", "comment": "Malware payload (AgentTesla)", "value": "4bb041e55c24cad923eb5af45c9572e2a0830bf7c56e3494eadecc95b2c094cd929b9ab06314c681da1c801d387bf3e6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574868, "uuid": "2ff1a333-3255-4ff2-8184-c6f28e7dbaa5", "value": "T19055E024898C9BA6CC5C03740E5846785EF5ADE2F2B0D4AC3D8D35B1B7F2C2AEA75345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574868, "uuid": "d12d0b81-e5ce-404b-af34-dc9afb14919a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574868, "uuid": "1e552d96-13a6-49d2-811b-1c8e46394493", "value": "24576:sfS/d3WKzksdks2y8jytzylTchENfxnQoO7vsuwuxeoMN6ZNfZ:AKo6ylghcfxnQoLuFe3N6ZNf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574868, "uuid": "c32cd956-d9a7-4d3c-96e8-a07bdfe6678d", "value": 1296896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574868, "uuid": "8d3d68d2-d300-4635-a05d-9838d5136316", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574868, "uuid": "e67dc2cb-77bb-4493-8018-1b18db89e7c1", "value": "a9bab19e0b23c9493ebf3ddd8415bea6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "711c2b98-f05e-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627557398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557398, "uuid": "9e3c2283-72b0-4902-ba58-31240cafab5a", "comment": "Malware payload (RedLineStealer)", "value": "536e4abcd95e47970c6dcad2a6a4dec8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557398, "uuid": "978bc2a8-3777-47fe-a3fb-a6c291cb51f1", "comment": "Malware payload (RedLineStealer)", "value": "cfead95d7c8a5769d14c2d5cf989237af61be10241de21523f8a955e5b36f1e7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557398, "uuid": "6e62bbf5-22d6-45ca-8a0c-76ab6796124f", "comment": "Malware payload (RedLineStealer)", "value": "e1e7b800573cded1cfcbde06b49945c867aad9af", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627557398, "uuid": "23c0b15a-3aee-4d5f-82a9-b578556f9d18", "comment": "Malware payload (RedLineStealer)", "value": "1523d6ba2f9a83b29435fcccdb9377e411fc62d68361e1019e269e84d1e9c5e3857210b587abbefc6f4a6c8c2605086b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557398, "uuid": "6dc8bdc9-4df6-43f1-b5b3-622156c88d7b", "value": "T107A34D28A3AC9B25D2FE477576B011254FF0E18B6012EB4B4ED1B8CB2E76BC235155F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557398, "uuid": "a7d11d7e-da1f-44b2-ae95-f2f9e8193b9a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557398, "uuid": "cb292748-d8fe-44d8-8d15-09602ff727c8", "value": "1536:qHB+zRmEOBSIUoCXWAiMHLVbn27CyJ55xkS2mbf9Bo3dH1PyHddok3LtxbIj8E/J:qwzRmElIUvWAiMHNn27xxZj1UdHty9ds", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627557398, "uuid": "c386027a-ad0d-4c85-8cd0-77ed904c0389", "value": 98304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627557398, "uuid": "c0dba477-d051-4eae-abd6-2712d71d68a5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627557398, "uuid": "c62d3a98-d861-475e-b6db-dee7bfee5626", "value": "536e4abcd95e47970c6dcad2a6a4dec8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2cc4c44-f071-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627565668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565668, "uuid": "a0454b89-ba50-4791-a87c-73e7fd996235", "comment": "Malware payload (AZORult)", "value": "ddb1b11c0fe88c29507f637ce5d5ad0c", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565668, "uuid": "b0e2d6b7-dc75-4a7a-9993-e31fff818d60", "comment": "Malware payload (AZORult)", "value": "cff2f4cae0440ebd4c4e57589210b0198dc604006e0fb70c127add914c5be655", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565668, "uuid": "8e0a1814-9866-4951-bc5e-db3caf423beb", "comment": "Malware payload (AZORult)", "value": "d635393d6ab24c920b5a08268c9884a9dfb5c970", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565668, "uuid": "9751f5b1-f92e-49f9-b9cb-acb082564b32", "comment": "Malware payload (AZORult)", "value": "304a16f8bce2349da58b15571778fd3925bfeea3cd546eb17e8a1fabb7e90e5774c0aaad6a9055c070036d0902f82ccd", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565668, "uuid": "35d9797a-bb12-4b4b-a27a-3d916aff50f0", "value": "T1B354F19F81D4C515E532BE7559B3A2C8432E7E2B8D69B05F42D73790C871AA2FCF120A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565668, "uuid": "e1834c51-2212-48fc-a34d-2e98f55b1d1c", "value": "d51f4756e17d2e0cb52cc870ed396809", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565668, "uuid": "c94ffe01-af2c-4c59-9e08-055944bfff92", "value": "6144:B7AEzX1MCI7ThkXJ191agec4dSH+EnKeR2Xu:BjMD7TiXraMmSH+bXu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565668, "uuid": "fc2d63e3-3399-4c02-9df3-2df956fbe77a", "value": 282116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565668, "uuid": "ad2abc9c-d984-4201-82d7-f95160ff7e94", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565668, "uuid": "e70e8491-cc83-428f-ab97-8be9fea54c26", "value": "Pfanner_106888964.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cd9571c-f095-11eb-875b-42010a9c0053", "comment": "Malware payload (Vjw0rm)", "timestamp": 1627580986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580986, "uuid": "9a6ec4b7-8f4f-4be3-a12e-c8f87171786d", "comment": "Malware payload (Vjw0rm)", "value": "06d681290744bbf4f3e3ce4966bee5a3", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580986, "uuid": "e5e7b0b3-658a-4061-b2d5-3d79f2417bb0", "comment": "Malware payload (Vjw0rm)", "value": "d0cc8244a01a4c3f5149b7410460e358bba41c5db300a5056bf12b5955e452ec", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580986, "uuid": "99ea3e9d-d89f-4e3b-90af-31224e02ee25", "comment": "Malware payload (Vjw0rm)", "value": "f0a97be8b41680128bbb40fa36a22ea48452b6a3", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580986, "uuid": "feadbb44-3a20-4a53-b832-adecdbaecb47", "comment": "Malware payload (Vjw0rm)", "value": "04775b47d7544f6ef3c6b4292465bc01aebc395db5407040a2ce3371c82dd61109c0f67e953dc493656d37720a111187", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580986, "uuid": "2a422d45-7f38-4fd6-b41b-82069738fcb2", "value": "T1BB52B8125B1FB9061E5E3B80AC795A8E1E06CFB0994A023F7F0B4D7FC05E9894593F68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580986, "uuid": "8549dcab-e07b-48a4-b5da-b86ae0f2a0ee", "value": "384:ZnOU9HpghaxToI601fkTsjIYPCuikjruqSj:ZL9HpgsxToI60yQjIYG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580986, "uuid": "fc4e1f5d-8645-4f5f-8c5f-e7508e6811b4", "value": 13516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580986, "uuid": "88f24e48-1f1e-4dea-918a-c84ce8794d0b", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580986, "uuid": "0dc17de5-4bed-45aa-bb73-fc11631a3f10", "value": "SLM-3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d79ddad8-f058-11eb-875b-42010a9c0053", "comment": "Malware payload (Anubis)", "timestamp": 1627554993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554993, "uuid": "f0f81b6f-3bde-49b7-a987-d0771c4739c9", "comment": "Malware payload (Anubis)", "value": "1500db8918ba79b5599969f805295373", "object_relation": "md5", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554993, "uuid": "f32a2980-9403-44a4-a0fe-725fbc3a3801", "comment": "Malware payload (Anubis)", "value": "d0e684dedd320a8b1838dab6c94e97384058fb18b831ceb3f479aea849d83811", "object_relation": "sha256", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554993, "uuid": "7dcc03f7-d431-4aa0-bb8d-287cfda41619", "comment": "Malware payload (Anubis)", "value": "d242e578bacdfdd3e687aead63aeaffcba6f0498", "object_relation": "sha1", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554993, "uuid": "4c7511e4-a7b6-44c3-8ea4-9e8885ee3cbf", "comment": "Malware payload (Anubis)", "value": "d56714e6610fec9c85ce503f119d75eb2e44164d18243a3e2cd5f917901501c43937d6313a41c110c41bb5d523c3a5f4", "object_relation": "sha3-384", "Tag": [ { "name": "188.225.33.92", "colour": "#417ECA", "exportable": true, "hide_tag": false }, { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "Anubis", "colour": "#CA26C4", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554993, "uuid": "5170ba0e-01c9-4fa0-9cb9-694e84f9daf9", "value": "T1AC75CF96F7C8AD2FCC77D13307A61636124A8D1ACA42D7474568B36C78BBAC44F85BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554993, "uuid": "aa701798-d87d-48e5-ae07-f98c3ce385b7", "value": "24576:bpuq+zDJCBPGc/md3EZUw9/eaRYihc4opZoLFzEiipa1RjWr:d3+zDJCLZjh3RXmLCFzEiipa1p8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627554993, "uuid": "7438ebf8-e588-4c22-ada1-0b6cb3ec8db1", "value": 1619209, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627554993, "uuid": "8b88a7ab-07f3-46b4-a5e1-c2ba265ee615", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554993, "uuid": "4a4a7301-b72e-4ca1-a48d-68520b8b11d3", "value": "602833_WhatsApp_WhatsApp.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c26a738-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627547564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547564, "uuid": "891605e8-c602-4187-94b7-555b1b7dbb90", "comment": "Malware payload (Smoke Loader)", "value": "b470bca882ffa82febbfc1f7e7996edc", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547564, "uuid": "b9978f08-f150-4db4-914e-3194d65b3d70", "comment": "Malware payload (Smoke Loader)", "value": "d1697994428238aced8ff24acff0b131d9737a0659a81e4a7395a746c5ce353e", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547564, "uuid": "22f08725-c202-4192-bb15-8795cf225cb6", "comment": "Malware payload (Smoke Loader)", "value": "e69cdb183255a26b6fbb44163750f3f76b4a0b8c", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547564, "uuid": "1b182ec0-6949-4095-bd59-62783705bbbf", "comment": "Malware payload (Smoke Loader)", "value": "573410e2ff42be65b2c1654c725604553063016ea5ae07171562d81948782ff7ff98d6531b6e303bc77d6da299decad5", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547564, "uuid": "0f199a53-3dec-44a2-9d32-b60dfea4555a", "value": "T117649E30AA90C035F4B712F846FAD37DB82D7AA05B3450CB52D526EE06356E9EC3179B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547564, "uuid": "a756e30b-4352-43d8-85bf-81910808e354", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547564, "uuid": "13936099-4ed1-4db0-ad6c-8547e417bdde", "value": "6144:vsxcD+2V1EoDiGUEP24MRHiil81fN6ROnxbLa8o:0cy2V1EoGGV24M4x6yxbLa8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547564, "uuid": "9044c214-c821-40d3-8cae-67a6b697c242", "value": 333312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547564, "uuid": "090ecc92-8b6a-4d2d-9292-fb1c8bb2388d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547564, "uuid": "bdc55e88-bf0d-4b75-a1d1-4b2f503e77c7", "value": "b470bca882ffa82febbfc1f7e7996edc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1db4729-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535655, "uuid": "a7426a5e-d36f-4318-98e1-8ed305ac596b", "comment": "Malware payload (TrickBot)", "value": "f6a393d8108626ada8accd41aeda7c15", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535655, "uuid": "da7109b1-d82e-425a-8251-361b07ec80e1", "comment": "Malware payload (TrickBot)", "value": "d1fa39c36a3c6bb33f2cfb305537720415eafa40c5621233654382c5247b7802", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535655, "uuid": "1e36de60-bfeb-48fc-92fb-f940fdebd1d8", "comment": "Malware payload (TrickBot)", "value": "dce9fa178fe5ac244d759a6e2a2a3847463406da", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535655, "uuid": "271a253a-c010-437a-9514-bbe9bdbcd0eb", "comment": "Malware payload (TrickBot)", "value": "cc7e2c9dca6e94d172de15073cbc2332dac5e42ec1e4632a7d930683fee05a4790d499ad12b10847bce851dc3fbda888", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535655, "uuid": "434fcfad-8b73-4de1-b3c1-1fe092f7e595", "value": "T110B371E86BD0E417738D1F17FE0A3AEAD17AAC9696C07507C15C7A4C25E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535655, "uuid": "ae604b44-0c27-416c-9e9e-b7ba3056ca21", "value": "3072:DUB0+wbwRBneQ9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd51:hRnQ9Ry9RuXqW4SzUHmLKeMMU7GwWBP5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535655, "uuid": "3125f997-2353-4ee2-a5de-70832a27dbdc", "value": 111622, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535655, "uuid": "6024501d-0ea3-4a00-a976-cb2f519abdbb", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535655, "uuid": "93219d17-422a-4dd8-91e5-9f14538cd352", "value": "2021APT-28_71700453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "240b8af4-f093-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627580032, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580032, "uuid": "b90f22f5-05a4-4cb4-9efc-8900021f41b6", "comment": "Malware payload (AgentTesla)", "value": "a34ac9dc979d51577e791cce581e8bc2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580032, "uuid": "ee590251-bc17-4b33-b995-d6055c0c6ff0", "comment": "Malware payload (AgentTesla)", "value": "d2c172066fb08ed826a7c2cbbb8601729325668964e1c72ef87f0f462c772c03", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580032, "uuid": "acc180c4-9d42-4ce5-a96c-0a3d0b9effa3", "comment": "Malware payload (AgentTesla)", "value": "39f3b8475936deb83bd381018ae5c8d370ac98ca", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627580032, "uuid": "69f47fd5-0b1a-47a3-8aab-0a800bb6f675", "comment": "Malware payload (AgentTesla)", "value": "4fbd142ca445e20e5d1cd64ba78f8ccdfe6fba9701ced4808103169dcb4d42a13de4bffbb234b7505b1ada6318e58c44", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580032, "uuid": "b1f9c3e5-8c44-4e17-b115-9c2fe630b9fc", "value": "T1C3D423B8903E67D9D34816B740B1ED2613FACB4DEB16756816B8273608B30EE9F44D27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580032, "uuid": "c7502c98-02b3-46c3-90da-722611625c51", "value": "12288:DYVbupmgitJldBBWDPhvmesiubSFKfgyK2NhgGw66ahjN/5A7:DYbuw7dBUhvtHZ4f7nekL6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627580032, "uuid": "34b4707a-e9ef-4a04-a77b-0eb5441b8d51", "value": 601124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627580032, "uuid": "75349c68-a1f4-4dc3-8536-6cd65f45cae9", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627580032, "uuid": "00710c55-3d7f-4816-a556-4e7e572ab0f6", "value": "Payment Slip.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8db5fc10-f062-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627559163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559163, "uuid": "02bc09c1-7c0b-4cfb-bb35-6f0b6cd92422", "comment": "Malware payload", "value": "1f45c44254bb1968cfe6ca54ebe161c2", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559163, "uuid": "957ff686-6100-407b-bfd9-831199abe227", "comment": "Malware payload", "value": "d2f1ce00a499c97a1df38e12b6812a020e5410636d8277ef24b9032905c11fc2", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559163, "uuid": "30617e36-f4ce-49b4-ae74-7ab4f4e1e0f9", "comment": "Malware payload", "value": "007f7cb4b45c570ea332259c0a9af7dd34cf48f3", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559163, "uuid": "f28e539d-9603-49d4-87fe-e959122b5017", "comment": "Malware payload", "value": "9aee822d1ef2d0944e7863f60b89dfb4984621a7487ed94b02c40f2a62ccb6abdb1febe75e1d8a28486eac9d0ea46532", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559163, "uuid": "db4276bc-6d2f-4086-99f9-07ef0ece8e43", "value": "T19DB13B34AFA1DC70D7064379A14A46C5F91811AB431AB55B272532DC0AA3E885F97ECF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559163, "uuid": "6134e71e-1825-4f49-b952-1f71182e6de3", "value": "96:+GAVs5OTGIUA74htTRZ2rr95tUccK2DrWa53YsjuCfKwvnYaI3PlYtFR9:+eaSlXRZ+9YjK2fWau6bjqlAH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559163, "uuid": "dbdde75d-a1e7-487d-876b-26dfdedd34cd", "value": 5294, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559163, "uuid": "d38c41d5-9957-4a65-b93f-b1d1fa3106f0", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559163, "uuid": "b0d57e9f-bf90-4c75-abb1-a7f941328e35", "value": "Eine Einladung f\u00fcr Sie!.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fe2614f-f060-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627558120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558120, "uuid": "5c7fbf59-3d10-4b8d-8074-173fc934f031", "comment": "Malware payload (RedLineStealer)", "value": "59fb7442592a9c032fbabad5a797fbde", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558120, "uuid": "c4badebe-6e58-4fc6-a328-d9e5f8caf9f3", "comment": "Malware payload (RedLineStealer)", "value": "d34e796266410aff6fcad07b74545d3121bfc595cadef5370c01153b4dbf0047", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558120, "uuid": "227767b8-65b2-45dd-9178-3822cb04f47d", "comment": "Malware payload (RedLineStealer)", "value": "c9477fc460b0b44c63c2a5f83a178c398b6a36fd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558120, "uuid": "6d473e18-4d81-4a06-a63a-339928915276", "comment": "Malware payload (RedLineStealer)", "value": "5d519d319cf4c447b2269678732949798fd4eb3ae62e693a18d053ecec2fdece151557761ab946a6243d839a69041e84", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558120, "uuid": "56023c1e-c5d7-425c-b1b5-43c84951704e", "value": "T132A33C28A3AC9B25D2FD4B7566B001194FF0F18B6012EB4B4DC1BCDE2F66BC275195E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558120, "uuid": "24edab9a-7102-41e2-b3ae-d67ce25fb5e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558120, "uuid": "101c4bda-3857-4e65-a0d8-f6aa051ff1e1", "value": "1536:XHB+zRmEOBCoUi6HW+iGXgktM20VbN8FAh8xx+Ombf9Bo3HHTPyHddoh30txbIjf:XwzRmEVoUxW+iGXNtM2EuA8x+b1UHHbL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558120, "uuid": "f77cf482-38a1-4e06-b30e-a4ce079428cc", "value": 98304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558120, "uuid": "9311b1df-8ba1-4248-9c18-6be1a25f0d6d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558120, "uuid": "d60d395a-3382-4447-a36d-5f841a4ebb26", "value": "59fb7442592a9c032fbabad5a797fbde", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0469542d-f034-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627539176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539176, "uuid": "4260eb1a-2067-4735-800b-14f309749df4", "comment": "Malware payload", "value": "63845cc49983c0ba39d72bc05f740dac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539176, "uuid": "853c671c-ec7e-411c-b2f3-009b5dc06138", "comment": "Malware payload", "value": "d34ef9018fe160ad28ce30d039fac14ffb5023b6e11e1d6e67f1265d68791c8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539176, "uuid": "364c2c08-7048-4070-bee6-aad76f8badc3", "comment": "Malware payload", "value": "b07d274d2c11424c21e349ff120f9e29b0f81fb4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539176, "uuid": "7f7d6e50-b654-4160-96b8-0d894aedcc36", "comment": "Malware payload", "value": "217d46452c4d7784198586e864a4386f41d2bd094474ddcce2d647e588906b7e7f27854a7c08216d9db368e8eeec8e07", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539176, "uuid": "7f56d7dc-a7d1-4ee7-acdf-8e47d79c8683", "value": "T129F4033066FAC2C2C59838B4EC8BB0F44A50EE56D6658C9FBC883E0A35F16D9F57215D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539176, "uuid": "e30e22ed-c64d-462e-bf71-a3b32622d254", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539176, "uuid": "01c70c4e-2dc3-4d8e-b9b4-4561a92eeb05", "value": "12288:/Y7l5Pd6HdP6FPiP6dYoDAVGnNS6VWC7dK:w5c9iJiXobQuxK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539176, "uuid": "8d5b05b4-1b7d-4590-9fbc-160aa8b2f147", "value": 751192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539176, "uuid": "99c4beb1-b45f-4290-a16f-36b40a7303c2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539176, "uuid": "70b0a740-3a7a-4ed4-a8ce-39afd1a8cd37", "value": "Order_Confirmation.pdf ..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e36d121f-f046-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627547281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547281, "uuid": "17a75c62-f3fe-44d5-9bc9-3cac64daf969", "comment": "Malware payload", "value": "37b04022bdd169709fa57c343dd9aab8", "object_relation": "md5", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547281, "uuid": "fca568e5-3009-4297-bf36-42f0c87b17fb", "comment": "Malware payload", "value": "d3a03e5f16f90dc9a07bb74bf0c7ffc5c89c7bbbef4e91d60f0e3ab0d14de15c", "object_relation": "sha256", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547281, "uuid": "65f7152d-9519-46db-9e14-d2d368fcc5a9", "comment": "Malware payload", "value": "88e10e595cf9b806ed84e5e078d552c77419a076", "object_relation": "sha1", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547281, "uuid": "ccd24204-7c94-4a24-925c-ef05dce64e35", "comment": "Malware payload", "value": "a114f966f1f1ffc2b7c9ac2343e6c1e768beb765bda3920ac10db0b931d419fcb9ba1db58dc2ffd30e02efc8688f8a34", "object_relation": "sha3-384", "Tag": [ { "name": "brave", "colour": "#D3C101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547281, "uuid": "a69819e3-86f6-4738-8e6c-cbf1e3027ad9", "value": "T1E9157C1373E18022FFABA1739B5EF31646BC6D290323A52F139C1E79A970171166E772", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547281, "uuid": "e7572584-bd42-4106-8ba6-ba5c5d7b5af2", "value": "12288:KpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:KT3E53Myyzl0hMf1tr7Caw8M01", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547281, "uuid": "4a6be9b4-11f0-4aef-8dac-659b9decc3d8", "value": 893749, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547281, "uuid": "26761c46-0eb6-47a5-9741-a5527b442abe", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547281, "uuid": "531d065c-76dc-47b2-ad65-adb92dfb250f", "value": "Orrore", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bc82dfe-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (RemcosRAT)", "timestamp": 1627535108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535108, "uuid": "a9ec9513-e689-4ab0-b3c9-2f49964121f3", "comment": "Malware payload (RemcosRAT)", "value": "839c6e5e3093c733112b6c6a0e921045", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535108, "uuid": "90ce9944-32a6-4cd0-a526-94105598c2cd", "comment": "Malware payload (RemcosRAT)", "value": "d50b0c8adb2ffb4d3a4b64b2f44ab11be28ad028650f17f0d9c083374cbc02ef", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535108, "uuid": "4718ac16-6519-4045-974a-39d2a813d372", "comment": "Malware payload (RemcosRAT)", "value": "df3dd4a5749d16dcdf1a2fc584f15411882b920c", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535108, "uuid": "f6a4231e-bd38-4907-a883-73c4e6e5bfe1", "comment": "Malware payload (RemcosRAT)", "value": "d5ab1e483020f17e2b601f31d87e1f5d02385a6adff4d6be7fc89bdac458e5832c9c0c5d554f898347955eba3db3f62e", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535108, "uuid": "1a0d7fe9-8787-4ed2-bc8d-56acc51c892e", "value": "T1F3759E63B2A31437CC27243C5C2B87A4AD1DFB902F14A4D63BF51DE8AF35697B82514A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535108, "uuid": "18dc3aaa-a02a-4b58-81eb-13683d7ba5c7", "value": "12288:Tmt6Xn/fYF7E9rTdcDNVn14ZNBehaSXYG0aAJ92PHiLeN0aSy3V6+1G6q:at0XnVcDNcm7JBa2HKaLFt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535108, "uuid": "22660476-1d15-4cff-afcd-84c7762773bf", "value": 1638400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535108, "uuid": "b65e7844-1fe8-4f42-9b8a-e6957153ba09", "value": "application/x-iso9660-image", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535108, "uuid": "020231d1-7d54-4b1c-85bb-eb418045069e", "value": "Attachment.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30103b94-f088-11eb-875b-42010a9c0053", "comment": "Malware payload (njrat)", "timestamp": 1627575327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575327, "uuid": "ab4b759c-e50e-4d0b-b5fa-7ebedb412ae0", "comment": "Malware payload (njrat)", "value": "970d2089e6430c48a4e8a2ed2a7300cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575327, "uuid": "277ac453-82f3-4c8c-b7a7-37d08014e73a", "comment": "Malware payload (njrat)", "value": "d56a94b30656d83090b9018a5c07d4203061936eff5cdf6ee4e44f7152b7aeda", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575327, "uuid": "51bde60e-f56b-4d23-9807-fe04fa40b60b", "comment": "Malware payload (njrat)", "value": "bee544119d0ef5c33b4621688d2f564621ac2c1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575327, "uuid": "a2035758-c2f1-4c46-ac65-a8b7e51c7e36", "comment": "Malware payload (njrat)", "value": "fd82ebb28cf7f74b530f0ef8e8728bcd9bac9e2d00fac2fdd83a5f4eac5b3045ae07140b6d3e7a457cc10e3e1b65605e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575327, "uuid": "56c167b2-c6c7-4db4-9ad3-7204103af855", "value": "T1BC059D3489C897AFF9AF077907E920B0EBF4E112317193A92ED100B95DA2F55CDB4267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575327, "uuid": "aa5b3605-ee0b-4779-9978-6ed982d286d4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575327, "uuid": "ca311bb8-e973-4fda-bd9f-89d8d8fd7de0", "value": "12288:r4mDy17AJ8KSm07iS/d348yoBoRoDoyooI8IqvrWYuqswO8A97xnjJ1H:nFJ8AS/d3YK64JjZOwO8A1d1V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575327, "uuid": "8bcd44df-8189-4bfa-b7e7-4b069649da30", "value": 827904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575327, "uuid": "6bc9e31b-b5cd-4e22-8d13-46091a95c18b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575327, "uuid": "ba3a61ca-5267-496e-bc1d-22517f22b91c", "value": "970d2089e6430c48a4e8a2ed2a7300cf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1f26a78-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627548460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548460, "uuid": "4d9f0f1f-0c31-4c24-b418-2fc8ae1488e6", "comment": "Malware payload (RaccoonStealer)", "value": "15aaf947579e38300d042603547c866a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548460, "uuid": "4a500758-64fa-4721-ab30-8a2d24cde458", "comment": "Malware payload (RaccoonStealer)", "value": "d5b9b72950395ae3b512f96e87184429b9744c514ed14891cce9f5972764a296", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548460, "uuid": "0f6494e1-5755-4b53-9e83-3218e41ab44f", "comment": "Malware payload (RaccoonStealer)", "value": "d7a23f5c93d03fd3c7d298277b20f5182e6ea8d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548460, "uuid": "552c3ef8-cb26-4ddc-9e2d-af20617d147a", "comment": "Malware payload (RaccoonStealer)", "value": "0b5f7388703d7a1d088ab5b0f10dd6dd1f1eb4e0bff8e39342e57de55d2967636bc6c348f008890d74e87c4565a6a718", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548460, "uuid": "ea2cf4e6-17a2-4798-b803-c7e859dc3025", "value": "T106B4E030EA90C035F4F722F846BAD779A92D3AA15B3450CB52D516EE03356EAEC30797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548460, "uuid": "f395b5cf-9c1c-4bde-9f41-cfa3e0c97b43", "value": "11e62b16813848a97abc497cbed1b36a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548460, "uuid": "3f3758a9-538a-4531-8e2d-b8001252565a", "value": "12288:c63OKi5Bo55bDWIcuxdX4W7gdbGuHkducFStgyvMDM7ifpl5iv1EzIw:cnKi5Bo55bDW+xwdbGuHkIcFStg5r5ia", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548460, "uuid": "8ca915b8-ee77-4446-81f6-92b5dcca638f", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548460, "uuid": "bb17a780-ff61-4fb2-8a6d-0649fd8462f2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548460, "uuid": "60fa6909-d669-4357-8a03-47cfd5f2a81e", "value": "15aaf947579e38300d042603547c866a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3959de1f-f060-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558163, "uuid": "949e73cf-951e-4762-a05b-ef32c736eb57", "comment": "Malware payload", "value": "096fc2ac3b2337b2293a9f64a8bc06c7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558163, "uuid": "1c200f42-728a-4d2a-b6ee-6bd33e85c886", "comment": "Malware payload", "value": "d632932299301c0e00fb74d348ebca88a6a5d0636abbe4994c9a0c7dc6e8ecfa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558163, "uuid": "5a92b99a-ed29-4a48-af4b-c61738265cef", "comment": "Malware payload", "value": "b0ff8ca57fc80a7b1d5a65ad266b7f331cb08350", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558163, "uuid": "a3215401-1cd2-4a8c-91ee-0eab46f17a42", "comment": "Malware payload", "value": "96c8ab0b932b04f655d9d3b5abbcb71518b4831ca33b6f910b9a5354c575ea5af8e82ae9a67bc073a7ebb8011c6df4ed", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558163, "uuid": "0ff75048-aa58-4273-a6c9-06168f4566bc", "value": "T12A353B5E5A439DE6EE4E16F383340E441B70DA5FEA30A66CA37023DBA75D28F5C85063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558163, "uuid": "281af615-12e7-4fae-bbd9-d83c00c7c21a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558163, "uuid": "5811da3f-1098-40d2-973d-5509e0995848", "value": "12288:qkuptkoPRJ832h4dYSfXJVV9LaNezOqro0LAemY1cPPXPwW2PCxBalUENp0sVUE:qkA83V97V9sezlrozY17Nv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558163, "uuid": "69f14ea8-c64f-42d8-bcac-248482915810", "value": 1062912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558163, "uuid": "c44e79de-a132-4775-87c7-0b3e45616fb8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558163, "uuid": "56a02352-3e19-4f9b-a934-5ab4a7750260", "value": "096fc2ac3b2337b2293a9f64a8bc06c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72cdcd87-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (Stop)", "timestamp": 1627575010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575010, "uuid": "5e00d285-0d8f-4c07-b922-b2e0f556394f", "comment": "Malware payload (Stop)", "value": "9c21fa308bc59e6498923679945461e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575010, "uuid": "1d2d7924-1b1b-4ca0-b4b1-b975cfeba542", "comment": "Malware payload (Stop)", "value": "d6353ac6a08f1e678698f658274332bcc27588c14e75e029e761dd6af0b4ef41", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575010, "uuid": "218129e0-1ee8-4469-ba45-56d568d47349", "comment": "Malware payload (Stop)", "value": "d641d795181f0255558757ba88cefa809c9e2e77", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575010, "uuid": "cf7809f1-f197-4bf5-858a-838fbb4952b2", "comment": "Malware payload (Stop)", "value": "72eeef87f2e15d736707e92cf96cc7444fd495153f3e1c5d26e82dddc01ff5374dd5cc598da89351adf50f1d5762f49e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware.Stop", "colour": "#589677", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575010, "uuid": "498fadbd-1884-442d-91ee-f3fb2ac946c3", "value": "T15D150230A690C035E4F716F845BA93BC792D7EA25B2450CBA2E53AEE1335AE4DC30757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575010, "uuid": "03efc7a3-c74c-4648-b18d-92f763fd0f4f", "value": "c27a98a29b21693846ec47ce91a249f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575010, "uuid": "be829d1c-7612-4ec2-b62e-a06d44ed6e34", "value": "24576:s/NK2O3djwoSPwdwc2D4HgXDfbQD8UfxYzpXSJ:XNjwoSgzHcbQD8UfV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575010, "uuid": "d4ea1116-4ccf-40b8-ad68-3c731f521542", "value": 878592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575010, "uuid": "ffd42b47-1b26-40bf-892d-484cf170ff11", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575010, "uuid": "3a6223dc-b545-4c96-b499-8669a7015564", "value": "9c21fa308bc59e6498923679945461e1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2823a681-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535371, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535371, "uuid": "6a21001f-2118-4af1-8e8e-a8e514842651", "comment": "Malware payload (TrickBot)", "value": "120f96d9f0df47c8ec849d468c8a4580", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535371, "uuid": "30850cbb-b10b-4a25-bb9d-27d43fafafdb", "comment": "Malware payload (TrickBot)", "value": "d65b888593e6b97cbc3bb63117250e2860c1dc99de3d5f92e6b0a18541d3629a", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535371, "uuid": "c3b3071a-f378-4741-9480-bd67fed1032f", "comment": "Malware payload (TrickBot)", "value": "b198520de76035068801de23487eca8db1c87384", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535371, "uuid": "2e554d27-928e-4cd2-bece-01be72b18b8f", "comment": "Malware payload (TrickBot)", "value": "b380b032f4b1c049c84e05ff87bbb6aacd05222c013b4fbcc96a654ae824411a1c75a8c390f158d6a0d4866dba35a378", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535371, "uuid": "348975e1-c986-4cc6-af2d-785a7fb4d024", "value": "T1F1F2F16AF004376AE127F6A04EEB47C23AA5904E7536D9711665C428258FF830BF4DE7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535371, "uuid": "3d3c4405-5616-4b18-a6d2-84af9caf1ee6", "value": "768:k8Evwuy8zlndsDX4NHuCcAs1JzBb+N2tIcqajc:k8EW8z7sUpgLzBqAtVjc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535371, "uuid": "ea5321da-6386-480c-8030-fdd1c70bab4d", "value": 37377, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535371, "uuid": "e8f0ba6e-36f1-4f65-8412-11bfb47e33fb", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535371, "uuid": "06d651a3-c9eb-4fff-987b-4bdcecbca6a9", "value": "2021APT-28_47514453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bbc1937-f0a1-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627586165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586165, "uuid": "4aabcd78-927c-417b-af66-a9e8ba9c5ded", "comment": "Malware payload (RedLineStealer)", "value": "98e380a1b54840a29eb84c217a96028b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586165, "uuid": "86fd9a3b-631f-411f-9c90-7626874e4bb9", "comment": "Malware payload (RedLineStealer)", "value": "d673b8f790d1a92b00b4cfe07f962747116b63dfade5c4772d085ae37878305f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586165, "uuid": "12f30482-e5e2-4ba9-9c75-4d3a292c9b60", "comment": "Malware payload (RedLineStealer)", "value": "e13fac0b4e23cdd4c39f1ef0a769de80b1d36ea1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627586165, "uuid": "3ae5baa9-f493-4fc6-84f7-d78b7f4833a2", "comment": "Malware payload (RedLineStealer)", "value": "63afbad3d3127801f234d46d1d580ab0c05d015ef252efc871a5994be58ae2939361c3c81ad42c6eb4bd05b45813fc97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586165, "uuid": "6a6ff469-f668-4e01-9ebd-0236fe6c8476", "value": "T1FF84342864BFC05984E3EEA52EDCA8FBD99A55E3640C743701B4633B8B51B80DE4F479", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586165, "uuid": "6d8c9ae0-7e12-4d1e-b938-7c977e51a4c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586165, "uuid": "f17b3c5a-4a70-407d-9044-f3ed3a4893f9", "value": "3072:68MHrYUVNCkr/Rrd1hthQI1PSbYOc9WhgwqkO+7m58gCp3D9qp9PYBV5KXgM2uX9:1OLvCkr/Rjhtht1POG9Whgwqk7m587B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627586165, "uuid": "176b8b53-08b1-4d6c-b73f-abafb25ea868", "value": 373760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627586165, "uuid": "fca03c7e-5fde-4e66-8646-2d166defced2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627586165, "uuid": "1869e589-bea6-4257-a7e2-0be56aace335", "value": "98e380a1b54840a29eb84c217a96028b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37aaaae2-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535826, "uuid": "ebd06e89-59b4-481d-816f-ab0a54eea247", "comment": "Malware payload (TrickBot)", "value": "803e6abdd19183b8a246e1e313a2e672", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535826, "uuid": "13a68994-f10d-4014-9fe6-8f60f66ff901", "comment": "Malware payload (TrickBot)", "value": "d77f2f1a34ec1963e6a999fc99a076fbad3a51f88e0d2fdb80fcc86424f6740a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535826, "uuid": "88a72772-77b2-4311-880a-453bfcad10f6", "comment": "Malware payload (TrickBot)", "value": "f75465eaa849e95fc16deafa0e76a3625d7107df", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535826, "uuid": "1842377d-0535-4450-b8fc-123e4e1e6f23", "comment": "Malware payload (TrickBot)", "value": "3f9f81243d5ccd3b8a5d9f5321f27e6b500daadd338aa9cb28261737db3a7590c50b836c98b2b139fa5459a9213b426e", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535826, "uuid": "f05cf8f5-074a-4d20-9640-889f5eaa5886", "value": "T148D3B4D86BC0E517338D1F1BFE0A3AEAD1BA985696C07507C15C7A5C29E921BC2B0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535826, "uuid": "e362885e-358a-413e-8feb-f31ac8ed2e19", "value": "3072:D50gFYXvF+9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIw:agWXvF+9Ry9RuXqW4SzUHmLKeMMU7GwS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535826, "uuid": "a69f31f0-3a77-44a0-b112-588eab36f5d7", "value": 133264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535826, "uuid": "f62ee81e-7250-422c-800d-ee8039263dcb", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535826, "uuid": "07969554-dc20-4663-b0f5-e661b6398fb3", "value": "2021APT-28_60060453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd682294-f049-11eb-875b-42010a9c0053", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1627548560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548560, "uuid": "f88bc587-0d5c-4d1c-bdd9-aa9ac2354521", "comment": "Malware payload (RaccoonStealer)", "value": "f9667599e251af696f8a87776c66eca0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548560, "uuid": "0afe688b-593b-4ecc-a792-11efaed9f91a", "comment": "Malware payload (RaccoonStealer)", "value": "d7b0af7c27ad1013e5edb42078590f6060a210ce48b460e6fd50616a4278295d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548560, "uuid": "f2241e82-8a4c-428d-97b3-b666ecd074ba", "comment": "Malware payload (RaccoonStealer)", "value": "308978e91169e5ec7899cb46b0fc172af88bb35a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548560, "uuid": "e61156ca-4a47-4ec2-8e32-6ae7d4bd4382", "comment": "Malware payload (RaccoonStealer)", "value": "9e5ddd4142d0545adfc2a569088cdaa8f93ea0cd816680518fad335ac89632a4de5dd3b48a5fcae0b8147ccfedda0b79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548560, "uuid": "d7341f86-0536-4521-881c-6a3895c8d175", "value": "T17DB4E030BAA0C035F4BB11F852BAD379B92E3A61673450CF52D616ED42346E9EC3179B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548560, "uuid": "c7553618-34bf-45e9-84d8-6bfa56eb8c86", "value": "255f8d5c29d68d23ef9b098d124cc19f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548560, "uuid": "0b901150-2c1e-4462-88ed-d546a54a39d6", "value": "12288:HOD++B4gsc9dXHZfIjZyCzLCmKlaTGX96EQ5IRzKmHDvruh:Hr+B4gJdal58laqX96X0RH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548560, "uuid": "c5a8fd88-5676-4c4f-ad13-2b19aa8c95ab", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548560, "uuid": "c02ea503-4600-4ed3-ad82-893e3364f2c0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548560, "uuid": "70b19c29-3b2d-43d1-9d38-9422f3a953a0", "value": "f9667599e251af696f8a87776c66eca0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c14646c-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535565, "uuid": "9a243d28-f586-4fc5-9205-6965dac1a7d4", "comment": "Malware payload (TrickBot)", "value": "317fabc5c9abf575ca1f690500e1c2f7", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535565, "uuid": "53e679c7-263d-4f5a-86ef-fd8ff0966743", "comment": "Malware payload (TrickBot)", "value": "d7ffa227a5a9f9569a387cadcb3b55d6ff79968a6cb9e86889e59bcdff205bd9", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535565, "uuid": "7732f174-34f3-4333-b3fb-ae5f31e697c7", "comment": "Malware payload (TrickBot)", "value": "e5c7448768b2a3f45dd479a2c23e9f5dee3fe919", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535565, "uuid": "6568d5a8-eb4c-4843-8033-86a79d1c81f9", "comment": "Malware payload (TrickBot)", "value": "7c799dce06eca490a9df65911e000806e2c6802179c8ba351706de7b4524e4e8d3d5298c392807b9f8958a6356cf18a2", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535565, "uuid": "9dd4dd52-138b-454d-bfd6-6162de06edae", "value": "T101F2F2F29A5E179FF83913E401249EF18680EEBD8A94B51CFBF3598903045649CC5FD1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535565, "uuid": "67ec703e-a548-4d03-8064-0f388dc9c9e5", "value": "768:UEzkySyFfcR3XhJAhA6LDuGr221m8okoItjQBP4TnGm2MLO:9kySSqhYLDvSw1ntkWMyO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535565, "uuid": "4f0ce325-4e3d-4246-aec7-26b47b5c1db9", "value": 34609, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535565, "uuid": "d5f7f002-145b-4e73-9dd6-ccaac9830aa8", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535565, "uuid": "dc4d594e-f6fb-4b27-95cc-4517900e8458", "value": "2021APT-28_65976453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cfc5d72-f08d-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627577496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577496, "uuid": "19399da7-e07c-479f-94da-014eabc8ff8c", "comment": "Malware payload (TrickBot)", "value": "003a4ba017898adfb1b0e324cdb78fed", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577496, "uuid": "599270af-da76-4726-8218-54289b68b823", "comment": "Malware payload (TrickBot)", "value": "d88418d1a937b7d76a18db5d6e58209c27df38b5bb880937db2232bca4ea9b80", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577496, "uuid": "6cd20f77-f7ba-4339-97d0-37205130bc0b", "comment": "Malware payload (TrickBot)", "value": "3e786bc28762f20adbab9e821cdc84048a0f7314", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627577496, "uuid": "c5d0d512-b9a5-41b0-bb3c-f2642f383d88", "comment": "Malware payload (TrickBot)", "value": "033d05bfbaa54d669a963b07bbf6fc2a4268438cd6e43e19cf9a2991e9f2eb69bfe87b48a66beb4207ef9f69927c2116", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Shathak", "colour": "#440EAD", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577496, "uuid": "4d62dbca-eb34-4466-81fc-1acd46149a48", "value": "T160A4AFFB668C0392E2036879EF18E2B7915367AD6F42C1C5F66AD9D72633092C51CB43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577496, "uuid": "36e81433-8934-491e-bcb6-6b36d2242bf5", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577496, "uuid": "83e80f42-a9c1-45a6-b48d-e1b74c263f21", "value": "6144:7bVPXLakbTqht5o+nKivd8Z4sPYwp4KltOzlZRMCKy6fcWWHDecHAI3C+8hkBx:db4DmavdW4svpLtmRlKMHDuIycx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627577496, "uuid": "f9f6ae4b-5439-40b7-abd7-66c3fec7d52d", "value": 473224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627577496, "uuid": "f5a67600-27a8-4e68-8b8f-5aa354b5d5c8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627577496, "uuid": "d9e602e5-154d-4fe1-ae3b-2a49f2b8dabc", "value": "coreForCode.jpg", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72d0dac9-f03c-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627542797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "ac427755-1ac1-4b7e-b59a-70bb3b620e1a", "comment": "Malware payload (Mirai)", "value": "ef9d6c60e28d47ee86f437848b40ecd2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "d3992cb1-46bb-43d7-bcbd-ae20124e2ea5", "comment": "Malware payload (Mirai)", "value": "d8bfc41d2911b884cf6ad5cf0d0a4e9be49867a6c79ae5e5d59f14c9b36e3704", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "20f337bf-31a2-42b8-b0ba-5852133f3fa8", "comment": "Malware payload (Mirai)", "value": "626beb550be11508bcdf0c4bd21b5533e762bbe9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542797, "uuid": "7361f4b7-9c71-4f61-8287-2d184e78d67a", "comment": "Malware payload (Mirai)", "value": "9eab9cca1b88e10a50fa859c81f759119f472d3933f0d11ec51e5c618ea5dcf1b240d8287e5f5a06b63a80c98396d405", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "23143371-e86e-4fd4-a9d2-5c04fa8d1b28", "value": "T1FD536CDAD543CAF3D46680F16425A726E672A077A099D8D3F3B53E30FC52EE0C909798", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "fa4753a6-056a-4bbd-83a4-749dc244a7e2", "value": "1536:pJWQNBw9HNejzwSMDqPdMhhpBcUO0sJp:Wp9eZPdMhLKUy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542797, "uuid": "4d7a5688-7a0c-4f3d-a118-ae9d31ec17fe", "value": 62928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542797, "uuid": "bd9993e5-dc3b-4d93-9652-55b2cebddc45", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542797, "uuid": "0f92e3bc-c21a-4624-923b-cdc28fa1fd6c", "value": "ef9d6c60e28d47ee86f437848b40ecd2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "539fd526-f019-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627527713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527713, "uuid": "5fe8a4be-6d66-4bd1-8520-f39020b880df", "comment": "Malware payload (Gafgyt)", "value": "d655f01fab793906d76618fa42e167e9", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527713, "uuid": "58726f2b-c70f-4066-b711-2adc9e4a52a4", "comment": "Malware payload (Gafgyt)", "value": "d9b497cae877d5657ac01d54b941f5f452e252c02698d1db8edddc1456de540c", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527713, "uuid": "1373d864-4a63-4ec8-a4c8-d2c41d0c003f", "comment": "Malware payload (Gafgyt)", "value": "e59d7dfd2f667cc71610888ae710605afced28d1", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527713, "uuid": "128aaa87-f329-4fba-895d-35ae5e54d9a7", "comment": "Malware payload (Gafgyt)", "value": "61e97a5b74d9609784abe96b1ebb2cf8f13fa5dfd372f35996301d7eb9cfefdbf6e6e50ccb4793054c14eb2a2dc986a8", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527713, "uuid": "4d995dd4-976e-43d9-9abd-8cd136239fe9", "value": "T1AB92D1310A860B43C60B72F0B361BA556D2892E6B53F2EB40738636D330A57CE0DD6BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527713, "uuid": "76aa769a-4be1-4f79-be83-62ded69b06da", "value": "384:rNy7yLLZg2ANEiginnwaOCD3FFV9uFHZC9RHetko0XBnjU67E6aBj8AKwxR:pymLLG2ABgyO4FFrkHZWlh77Ij0wT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627527713, "uuid": "cfbb2eb3-bc09-466c-aea8-f36a9a674375", "value": 20272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627527713, "uuid": "fa298d60-1d46-4a8b-8b2a-83a5185668ed", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527713, "uuid": "85c4d691-8490-45e2-8f78-e8a54ca8a5ae", "value": "Mozi.m", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "520a2f2c-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535441, "uuid": "f3b612c2-aa87-437d-a0c6-f6eaa3ca48c4", "comment": "Malware payload (TrickBot)", "value": "92d0c12abeb300f190b96ebca09391d0", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535441, "uuid": "c9f0948a-9963-4c65-9ed8-1f9e19dbb450", "comment": "Malware payload (TrickBot)", "value": "d9dad9af7238f83de0559e86ed777a3198356211e75638550e32c127764f2701", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535441, "uuid": "17eff312-4596-4496-a42f-bb49a964259d", "comment": "Malware payload (TrickBot)", "value": "7cdf3408101b041cd99c62aae2106fe6b7b49962", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535441, "uuid": "4289c960-4cd8-4526-aeaa-8bb2cf5dcef5", "comment": "Malware payload (TrickBot)", "value": "4fc5c3f1cadf720be47a7fc4bd2a0ffdfcc1a6c65d30f66df1211523076d08743679e414e7064395bddf63463c41d5e7", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535441, "uuid": "2bd0956c-c8cc-4aba-9b85-1e76ead84210", "value": "T1B0A2D1206EEC07A5C1D496BEEC8E0A4D9696C7C6207C9F5F8877F8C6C60D2C78F12465", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535441, "uuid": "dab441fd-8c9d-41c2-9c36-fe1d9feba4fa", "value": "384:zUNqq693FMImYRXuLhx9hsh0q3fZy5ADTalveI61SvTI3k4WMcQLC88NW:zRFtMqSlvS04OcCVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535441, "uuid": "6b3c47e9-091f-4ece-88da-1f92c43b64de", "value": 23165, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535441, "uuid": "83675ceb-900c-4137-8532-c15ff830a126", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535441, "uuid": "237bf214-32c9-42d1-afc6-c25dc1abb92c", "value": "2021APT-28_55776453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12081542-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535334, "uuid": "751f0246-81af-4d95-bc01-76da628b05d9", "comment": "Malware payload (TrickBot)", "value": "663954b69b0f064e19b89496757d4a84", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535334, "uuid": "6fc6086d-2111-4f03-a1d1-616c3933bcf2", "comment": "Malware payload (TrickBot)", "value": "da02c7e21137056a93b981bfc544b1f77ad7840c8da446730b8e40eaf41a2c6c", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535334, "uuid": "4a4a79a4-5387-46d4-8873-57350bd22f43", "comment": "Malware payload (TrickBot)", "value": "5454fc4e170b209d24d0c6c23225307c5f79e926", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535334, "uuid": "61102665-0f4f-4b63-8287-ebd0a34f0c67", "comment": "Malware payload (TrickBot)", "value": "d5b642bff30a45d53f1ec6010c4833614371a127e655a884efe95fc8c9b03e692c382f1a0bd097ed58ed52292e02ae45", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535334, "uuid": "da73bf4c-1ebf-402b-92ce-5edc5ada88fa", "value": "T1E4933ED86AD0E417338D2F1BFE0A3AEAD17A6C5796C07607D15C3A5C25E921BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535334, "uuid": "671aa353-fc26-4c90-b461-dde7a20dff48", "value": "1536:l+cmDdl9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIx:l+cmDdl9Ry98guHVBqqg2bcruzUHmLKH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535334, "uuid": "a69a16b7-ab92-4307-8664-8d66263d5358", "value": 95565, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535334, "uuid": "88d72bc4-2302-4faf-9933-03a47d96b45c", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535334, "uuid": "82d55f52-63e6-46d3-b511-73550e15eb2a", "value": "2021APT-28_56052453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be3ff102-f08b-11eb-875b-42010a9c0053", "comment": "Malware payload (AsyncRAT)", "timestamp": 1627576854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576854, "uuid": "e29e017c-a58c-452c-ba4f-279bd3d0426d", "comment": "Malware payload (AsyncRAT)", "value": "6601a95025fb193869e4927e1199b30a", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576854, "uuid": "9cf34754-26fb-4573-9ace-4034df30f3ff", "comment": "Malware payload (AsyncRAT)", "value": "da9a8fb28545fce58e1a061e0b492da9af15a7ec1b9e64ca51e5cb3039465f39", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576854, "uuid": "98bf339d-5e7d-4eb1-8253-222e21536a0d", "comment": "Malware payload (AsyncRAT)", "value": "7988a0d26abc1e3932918f604a205444b436fd8d", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627576854, "uuid": "5309693d-1844-4044-abfd-8b9963c3ea66", "comment": "Malware payload (AsyncRAT)", "value": "44cdef2d6a640f448371def1b99cd2a4364674ac132a79bdad6e61a9ee819c94c145db1ef2bb4b02bc03a54828baa418", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576854, "uuid": "184a72bf-489b-46b9-ab1c-fed459d2fa57", "value": "T198233B003FE9822BF2BE4F789CF25145857AF5672603E54E1CC4529B5613FC68A42AFE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576854, "uuid": "9e0f8d4c-bad4-4184-9bf1-defb0dc59a8f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576854, "uuid": "3e6cadbe-5951-4bd9-9ade-24e017f77743", "value": "768:PuwCfTg46YbWUn9jjmo2qrDKjPGaG6PIyzjbFgX3ioXpCfu8nWl9BDZLG+:PuwCfTgpM2OKTkDy3bCXSoX4dIdLG+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627576854, "uuid": "e214cd47-935e-4674-bf8e-3de900b76637", "value": 46592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627576854, "uuid": "647843ef-a370-45b3-bc88-1b6fbea1b756", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627576854, "uuid": "818c6c02-2599-4085-ab8d-ad60a0721ca6", "value": "6601a95025fb193869e4927e1199b30a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02397f65-f03a-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627541750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541750, "uuid": "86609df0-4674-46d1-b192-f4a69af09e77", "comment": "Malware payload (Mirai)", "value": "1da60c4f5a6e96f7b37de6bdd0c6a213", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541750, "uuid": "9b47ba09-d09f-4422-b24e-600a2550bba4", "comment": "Malware payload (Mirai)", "value": "dc554e3a67232a40a06eb96f0323903bfa4f7350b74123c6f93e5df889345344", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541750, "uuid": "bfd10f60-5e1e-4be3-8d00-6673654fde1f", "comment": "Malware payload (Mirai)", "value": "a2c1b47a7c7f520d2346ea6f57ca0315966a38a7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627541750, "uuid": "1a9d6067-5a00-445d-b4c2-86967e5679d3", "comment": "Malware payload (Mirai)", "value": "d1dc39e6bfb0597eabff5f882daf412934a00d0cc6e4b27dffd817e849e9d48576887df77055ee5e5e610bfaf65dc337", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541750, "uuid": "2e8c8986-0522-4960-ad63-2e3097d9aea4", "value": "T113435AC5A992CCB6FC5350F18927D3B1A7B3F13A6015DA53F3866A34EC70A90DA4639C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541750, "uuid": "b8d47fbd-2554-48ef-9874-ebca9a7d5533", "value": "1536:49S/9t6RLtBkFmm9gQ+MepCnELb/4HPDvy8mkySZs3:FWkFpkEnk/O7alks", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627541750, "uuid": "cd578a84-9667-4aad-9d1b-c070086c018b", "value": 56756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627541750, "uuid": "06fe729d-332c-482c-bf21-eb99681cc01c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627541750, "uuid": "6b74b744-0ac8-43a4-ae24-4a966c8adae4", "value": "1da60c4f5a6e96f7b37de6bdd0c6a213", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a81c13c-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535858, "uuid": "8a68568e-e2e2-426c-b502-dd592f2c3100", "comment": "Malware payload (TrickBot)", "value": "2c386bf2a25f97e15ced335950b58361", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535858, "uuid": "ee89ddb7-2d94-4f48-b057-acc8cfe0e878", "comment": "Malware payload (TrickBot)", "value": "de3e1c954084269b3eb49477af5305537eddde97655f01951adc42ac517ffbac", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535858, "uuid": "2a0cceda-d272-474c-98e4-a9919a005501", "comment": "Malware payload (TrickBot)", "value": "70a37585b1e952c458781eb94430c049e41fe8aa", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535858, "uuid": "47990f35-72d2-47e0-9795-3ea40e3617bb", "comment": "Malware payload (TrickBot)", "value": "a2774fce9e7b9281f21c35a73c0b696335508219408128a414b61446e54399c78946937d2680329791dbfebf21bf26a1", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535858, "uuid": "1610ded7-71d4-470e-8370-95d26854759e", "value": "T10FB382D86BD0E413338D2F17FE0A3AEAD17A985696C07607D15C3A5C29E921BC6B0DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535858, "uuid": "00a3d41f-7686-44fb-8bcb-832802cc4bcf", "value": "3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaX8:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535858, "uuid": "801d1dfb-7950-4cb6-aa3e-fa0d86e9e887", "value": 114115, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535858, "uuid": "0bfef9f0-1cdc-4f5c-acb4-12632af3eb59", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535858, "uuid": "00c6d503-673d-464a-a47c-b772b6916275", "value": "2021APT-28_4770453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd43a3ea-f056-11eb-875b-42010a9c0053", "comment": "Malware payload (GuLoader)", "timestamp": 1627554197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554197, "uuid": "bcfac366-2110-4e70-9578-02ef3091a8cf", "comment": "Malware payload (GuLoader)", "value": "1f563d126e328d5f75a96738a3bfdedd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554197, "uuid": "9707e089-73e6-4159-a9e7-25880872f57a", "comment": "Malware payload (GuLoader)", "value": "df73eb67c77011507825a9f915a5b2ef04a51e071e65c87409291eabf2307e64", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554197, "uuid": "acfc3c3d-8aa9-4b7c-89af-952d8af7a35a", "comment": "Malware payload (GuLoader)", "value": "b6cd3e3747d1e35093cdeca39726f2e21954ccad", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627554197, "uuid": "5c66387c-d1c9-4019-bdff-ad6e6e731e42", "comment": "Malware payload (GuLoader)", "value": "bb1c100a4f64ea0fe32c913417aa9a033e5c697bbc01675fd42dda73ab2cf8a07877307c57b40c5bed2add1f5343b033", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554197, "uuid": "1565421d-1aeb-469b-99db-3eeed394c96b", "value": "T1054418505BA83C66E408F837EB43B460A1B5F4B79E4C8793E4C476159CB5EB287B03DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554197, "uuid": "f9822358-ac80-4457-9b62-dc7c9a5e9d0e", "value": "d4ddbfb32d829f09195ac39344cde3ef", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554197, "uuid": "54f59c91-7fa9-4f63-9c9c-32020c2f21a4", "value": "1536:LPKJncBrYuThd3HeWv2WSeQbl4kHTdlCYi:OuVo154Sdl3i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627554197, "uuid": "47e07190-9a1c-4a3c-a43c-41bfc70263be", "value": 255064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627554197, "uuid": "00465541-c30f-4361-99d6-e164047fda46", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627554197, "uuid": "52a27c84-07bb-4a07-9058-2fcb2b839849", "value": "1f563d126e328d5f75a96738a3bfdedd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "755e5a7d-f09c-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627584033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584033, "uuid": "6a771297-972d-4563-8a23-6efb773df84f", "comment": "Malware payload (RedLineStealer)", "value": "718b5089505fed92d1a44dc0dbeb36dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584033, "uuid": "15bb331b-e970-42e4-bf5e-f9294d138580", "comment": "Malware payload (RedLineStealer)", "value": "df872b0b7c336241db1a1ff9e83100d6ffb2b898a46c0c7b37a47dcbd002b056", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584033, "uuid": "d48ab636-60da-4fae-90bd-8834e4113315", "comment": "Malware payload (RedLineStealer)", "value": "f4afe14c1b392514350f4495c44f998d3f19128f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627584033, "uuid": "8300395c-3dcf-416a-b64b-8d1b98936625", "comment": "Malware payload (RedLineStealer)", "value": "873a02d3acf3b858d84fa2c6fa626043c245f6c8df7edd0d6323f77053fd13806b46c30f81f3fb54e0df872c6515af02", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584033, "uuid": "ce74187c-08b1-4924-99c5-9ae5a238b9b4", "value": "T19CD533227BE282FBDAA14132E60A5BF270FDD3C6192415977380831E5F7ECA1D16F469", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584033, "uuid": "90d9e8c1-9a1c-4615-b325-22cde5441c89", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584033, "uuid": "a61e4aa3-aea0-4944-9cd8-dc2bf811a5db", "value": "49152:xcBszOxu3gCpbwOXh+1b4yFjErlsV6SP5iWyZ9KFFdZyZmj9MJ0yEwJ84vLRaBtf:xSizpbwOxKb4y8sVwWyZ0aZw9zCvLUBN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627584033, "uuid": "68c0f412-4fce-4112-bf53-64e5930ed1f4", "value": 2907816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627584033, "uuid": "81867d1c-dcd1-4945-93c3-0e55ad4d40ac", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627584033, "uuid": "032703e3-d9ad-406c-9e3b-33f3b0be72bc", "value": "718B5089505FED92D1A44DC0DBEB36DC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e530aa1d-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535258, "uuid": "30fae93b-435b-41a8-8785-d0b1a65e4826", "comment": "Malware payload (TrickBot)", "value": "caac1603c47dffc764be496782b4aace", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535258, "uuid": "ddb87d87-894a-4004-858c-904b27972675", "comment": "Malware payload (TrickBot)", "value": "e06112a171907f0f55a0b2003f13ae089f4ec892575988ce038307b3f006f643", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535258, "uuid": "e8f034e1-4183-4abc-ac26-dba38c487874", "comment": "Malware payload (TrickBot)", "value": "8732056125789e67025476f9f3c4ee7642cf9c50", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535258, "uuid": "edd489f6-f1a7-4ae0-8dc5-625b51aecbb3", "comment": "Malware payload (TrickBot)", "value": "615a16920b36100dc4c821c7292713b323d8cbcbdb193c7efcc22a5f32c36589acf15daff3077fb88f58fac77e771d8d", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535258, "uuid": "edc9d978-7253-4c49-9c2d-a72fccf17060", "value": "T1B473CAE82AD0E417338D2F17FE0A3AEAD1BA6C5796C47507D1587A5C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535258, "uuid": "eb575ad8-fb4e-4a7e-beb0-51f63ff38b69", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oq:59Ry98guHVBqqg2bcruzUHmLKeMMU7GE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535258, "uuid": "b621e254-57ce-4f4a-8dc8-e82db0186d1c", "value": 79560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535258, "uuid": "b5d1baba-a4df-43c9-a222-4b920f70d7ed", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535258, "uuid": "13c9cc4a-7137-4ecb-990f-51ce572829c5", "value": "2021APT-28_73170453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22e24ada-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627558984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558984, "uuid": "fb1861a1-e3be-4edf-b31c-95ca342f3959", "comment": "Malware payload (AgentTesla)", "value": "a801af578522599b5fa5bd80da8da253", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558984, "uuid": "74e994d9-d3ae-4790-87eb-69889dd11a41", "comment": "Malware payload (AgentTesla)", "value": "e13c26e3f597f9408603d053ee4e246995adf0973b96f7d0eabfadc9d63d52c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558984, "uuid": "208fcc05-ea85-4023-80f8-73e7d7fd4d35", "comment": "Malware payload (AgentTesla)", "value": "5e06480fe342682eb425a66ad61e2eccbbed79f1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558984, "uuid": "4bbf7ec0-60c4-4910-9a3e-f5d89fc25fb9", "comment": "Malware payload (AgentTesla)", "value": "37eac40caa4e9ddb819cdd2267e4a9f29e7babe508b98e5dd8cdae23492b5638dad1a89aa39cffd3e4354e15fd4dd9dc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558984, "uuid": "05daeef5-77e3-470f-9a36-5692a6615ef7", "value": "T17E55D024C98C9B9ACC5C03740E5846345EF56DE2F2B0D8AC3D8D72B5B7F2829DAB5346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558984, "uuid": "395f0403-aeae-4239-94fc-ddff141cce3b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558984, "uuid": "319c0416-31b0-481e-b6be-3191d6898239", "value": "24576:tgS/d3eKzks9kswQXwMWy65mQBttnIKHc4wWq1Gy8jhMN6ZNwZ:UKycNCDnIIc4wJAyN6ZNw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558984, "uuid": "69a5fbe7-39bc-413b-9395-cbc04c67ef78", "value": 1315840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558984, "uuid": "183adf85-9c39-4422-8564-f57c0f89c783", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558984, "uuid": "5dfe1b02-2d86-43be-824b-9e76beaa6459", "value": "PO NOAB1088 ALEMO INDUSTRIAL ENGINEERS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64cc8a83-f034-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627539338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539338, "uuid": "31a7867b-26ec-488a-a4dc-92a8e8992f51", "comment": "Malware payload (Loki)", "value": "6bfe2fb7f8d57f8ed975854b2d95c6bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539338, "uuid": "f7b10ccc-e2d0-44d6-bcfd-4ece829f35b8", "comment": "Malware payload (Loki)", "value": "e18238936a0fd8123a5e4f3ac03e9f31e314e7620bbda7b65540da64668bcf20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539338, "uuid": "2f99c359-0c35-46e3-974a-486279d6f4da", "comment": "Malware payload (Loki)", "value": "8f5db88dd56f916be78522539bb26a5dbb49410d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627539338, "uuid": "d4061ca1-e6f5-4f2e-b27a-68ab0c0bbfdb", "comment": "Malware payload (Loki)", "value": "ed5c3ac8ff0ec3807a00911de29938147cd18a345beb43bfd634497f9d091f7f93d818f667d7e2232e2fe608a2f3897c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539338, "uuid": "a0025155-b4f0-42a2-a11e-84f62298d92c", "value": "T154259D227AC4DE19E42FA33A8FCF50205BFCF9123572A7A47EE122B50945F55E4342DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539338, "uuid": "dc1d3ac9-240d-4d97-b50f-54c7e7583f35", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539338, "uuid": "469d163b-c309-4590-a84a-63805c205032", "value": "24576:OYKB9pd/d34HK64JLsPz7/QVPbR6d0Lh8jU:NqoK64JuYDRzy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627539338, "uuid": "6f92b6f4-a00b-4ca5-8a46-5bd6cee54333", "value": 1026048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627539338, "uuid": "9a96a9ef-78de-4e3a-bc8f-f5d3b5ad415a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627539338, "uuid": "75363688-fa1c-4fbe-b1fa-f84d4bd5d05b", "value": "6bfe2fb7f8d57f8ed975854b2d95c6bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d13f7c58-f04c-11eb-875b-42010a9c0053", "comment": "Malware payload (NanoCore)", "timestamp": 1627549828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549828, "uuid": "d3c1f0d8-252d-4917-935f-000260ef70cb", "comment": "Malware payload (NanoCore)", "value": "2c576a87b820ab1568614056efba4928", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549828, "uuid": "f2ac8d9a-9fce-4fa5-9d81-669d0b43f31e", "comment": "Malware payload (NanoCore)", "value": "e1ddfaa70ebfc6e272c1f31098903070b1bb82e5035ebc0b2e355dad6552af70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549828, "uuid": "281460d6-b3dc-4b86-8729-52840f6b095e", "comment": "Malware payload (NanoCore)", "value": "3d7e076cd4e06a4703b8ad1a58ed735244971601", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627549828, "uuid": "021d48e4-44ad-42c8-ad9f-0d8637fb9718", "comment": "Malware payload (NanoCore)", "value": "4033c79d828639095d569614ab420b46197b8ae6f0ba00a1ce714a46b8ef8f78558d4fe915e92fe13acb2b243079ce6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549828, "uuid": "1e0a652e-843e-4241-953e-fad49890b705", "value": "T1E2E41235536364C1CB2C4A7354A79E000F62EFB798976ECFB04E32254BBA38D765681E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549828, "uuid": "d2493bac-f545-45e3-9699-d6b74a1a59a0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549828, "uuid": "dec4b5f2-74d0-44f0-b23e-f5e3cc42b4eb", "value": "12288:gfhxJ7Nnpfez0yge9FdIdD4Es5QTzziqk8GfQh7B66zPyYRnAr+uV+yeYnghAHMO:wZNnpfez0ygkIdD4jfdQJBDzPLRq+NyL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627549828, "uuid": "df5078a9-b321-448b-ad34-bf7b689e1722", "value": 722736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627549828, "uuid": "fe194722-b702-4b9f-90ee-f02df31ba35c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627549828, "uuid": "f7621d7e-4fff-4ec5-a256-65cfa5e5ab1b", "value": "KB20210729.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "728328f5-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535066, "uuid": "927ffd1f-077c-4ac0-8879-c3cc6e5369ff", "comment": "Malware payload (TrickBot)", "value": "ca4e92d05af2d0270fc6a9e1367782a5", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535066, "uuid": "abd52fd1-5f5b-4b8b-a9f1-66180ec3583e", "comment": "Malware payload (TrickBot)", "value": "e217fb9c7807c9d2dab8065aedc4f5fb375840377ea8ff493b26e4db92f2f94a", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535066, "uuid": "645d683a-e761-47df-8462-2b591e71fdbe", "comment": "Malware payload (TrickBot)", "value": "aaba85b3d021221e66f2f128691f58efade90b41", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535066, "uuid": "864f0344-d710-40c7-aa51-3e1a92a76dd8", "comment": "Malware payload (TrickBot)", "value": "f6d889d9cac3e4bfffd66a9269849c123d6f998639b5593adb935dd1ccaafe137638fd6a24bcd2f418d28e780ff27dff", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535066, "uuid": "592a978b-59c4-441e-b953-271c0cfe28cd", "value": "T1E1A2E10FB75995E9A10F80A346218EEEDA3D327B10F7761038AD0D1847665D52B8EE8D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535066, "uuid": "0461d454-d6d8-40aa-9b0d-8ec53fbb2d6d", "value": "384:Ukr0MAHjBRMAHFk7wV/rD22HwdHNmvCOmqUStX7kc6MBMJvNnP7YWNpiqp98b+P7:VsBRMA6wVzDPwtTSl7kcQvNnTPpidW7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535066, "uuid": "a2123111-a417-4a9f-b540-e42e8d53beff", "value": 22401, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535066, "uuid": "5a459a2c-8667-4fbd-9374-20fbd72c1c5d", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535066, "uuid": "c3ff4500-ab58-4ad4-b3ef-523701536f73", "value": "2021APT-28_12408453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2964efbc-f076-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627567585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567585, "uuid": "1447c274-8047-4bef-9ccf-bf8725d0491d", "comment": "Malware payload", "value": "db5535e87487ddee9e21296d8f968800", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567585, "uuid": "c40f8b57-92a8-45a5-b20b-49ea9e5fd7e3", "comment": "Malware payload", "value": "e2ea7ad7bb5d55e074c8a9d81f3399841c136ffbaa95e2172637a0047b4cc931", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567585, "uuid": "f872c122-2ed7-446e-8ad2-d73a626183ce", "comment": "Malware payload", "value": "cdb3649ddf5b7ef07ec63483a7012d505618e6dc", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567585, "uuid": "a3f3ee79-7439-4c42-841c-b6d2a57d6093", "comment": "Malware payload", "value": "ba9702642b1aed7eff69726ba9b9886b993d0fb25e08403117dfebb436a05024714b9882b99511df11b8b3b056c42df6", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567585, "uuid": "55a1f8f0-bb2a-4e41-a6f6-524d48ad1b0e", "value": "T1A8356BD441CB1AF3F1CD3A541A50F04E572AA64E50914C6A2B2D9FE4BF093FB5F8829B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567585, "uuid": "2257c51b-940d-42e1-aacc-b38cccd79b9e", "value": "6144:lVcVx/qxUC2LEctZ2b7B/u43mWZ2bBdzFA1RDAUwV:vxUC2LEctZ2b7B/u43mWZ2bBdzFERsUQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567585, "uuid": "6f440644-cc64-4de1-8712-8377da026294", "value": 1068206, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567585, "uuid": "9492764e-8d74-4fa4-adc3-8bf32224c9bb", "value": "text/rtf", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567585, "uuid": "e4a37d8e-9747-4a23-a6a8-1aea834e9155", "value": "Proof of payment for overdue invoice.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82ec8752-f0b6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595223, "uuid": "9b45974d-741a-40ea-83d6-e9374034230b", "comment": "Malware payload", "value": "6f8145f921698fd01e405d4b304166d1", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595223, "uuid": "01f8baa2-5d53-433e-8df1-dfda048b1b34", "comment": "Malware payload", "value": "e2f5a0de7865761a649c4c8cd3290c2f0ea95308ada46aaf2e331fb50430ce39", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595223, "uuid": "fac3eb2f-916c-4790-9ae0-7991947c9aba", "comment": "Malware payload", "value": "c7fd30107b1feb5da2cb3f2db7644872011165fd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595223, "uuid": "088e166e-c61f-483d-b712-496a43d27823", "comment": "Malware payload", "value": "36498041090b7f4e75e764e35e7971adfcd63cca4d8c1372156b563ffffe04c658db568a26aa701231083e3be85f3087", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595223, "uuid": "4c663e2e-3fc2-4176-b48e-f72dd12ce869", "value": "T19F51ED20B6A2DD4AE8409F364C91D7883731BC40AF12E6833686733F5D372C04912072", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595223, "uuid": "ceee930d-62b5-450b-82ec-70a59aa6ab1f", "value": "6:j1bxc+CF2DqbXbEGR1/CX22qQ0CJcmXI//UA4EHnC10MmyG81Gj:pbaF2uLbEY/iL0b4I/yEHnC10Mt1u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595223, "uuid": "a177c005-7e49-4b91-8b7a-91aed59fb1e1", "value": 2560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595223, "uuid": "091768ff-eb8a-42c6-b499-f4fa9494cd40", "value": "application/CDFV2", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595223, "uuid": "4f7ff9bd-b12e-40d3-b37e-69ecbb5c75ec", "value": "SecuriteInfo.com.Exp.CVE-2017-8570.OLE.35938.12905.12654", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "642f1fb2-f075-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627567254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567254, "uuid": "f767e06a-e0e3-4369-bdf3-e9ae5715980d", "comment": "Malware payload", "value": "8b56a205729faacd8a2e07fffb8cb028", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567254, "uuid": "ac3fc3dd-ebc0-40c1-b16c-7fcaa5096bbf", "comment": "Malware payload", "value": "e33c37760243e2a955c519e37dfad06919471115457e0cbf7e7577e6ee319a1f", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567254, "uuid": "41889ae9-3c41-45bb-a9c3-9af941620bc6", "comment": "Malware payload", "value": "372235715ae148cabaa7ebd0ee3e33a2282755f7", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627567254, "uuid": "4d2087fb-4394-4ad2-8aba-53646c3eee6c", "comment": "Malware payload", "value": "29e1b6e6583ba7c554125a034686e17e86a76030e116357f02ab08c9e81e0332f356ac2b259d6e625def45dad67a83ef", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567254, "uuid": "cc05a295-f506-4821-8a54-a0f66b173e6f", "value": "T1FB0412ABC8FA89CEFE6A4FF5265B1D4B0EF6E1D5E5C43DA4412B008017F8356A514B4C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567254, "uuid": "a142533e-9baa-4076-8960-e95085f577ff", "value": "3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6co:7O/QJHZweEL/NOjCHm7FZZnc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627567254, "uuid": "4cbf1b11-ab48-49ce-b0d3-3143f20d5d6e", "value": 175680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627567254, "uuid": "77161a79-abc2-455e-951e-28ad4763c3b2", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627567254, "uuid": "88b9fa62-6d91-44a3-b414-300621e33485", "value": "Mozi.m", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caaab82d-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627575157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575157, "uuid": "1ca061e6-a0a2-46ef-95a6-1bd04b430673", "comment": "Malware payload (AgentTesla)", "value": "65729e5452e34e1ca17c422f8d365ff4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575157, "uuid": "00d2fad8-397c-4193-bbf5-96542f7578b1", "comment": "Malware payload (AgentTesla)", "value": "e3a65142664004b40ec4ef3de8a63403b72d9dbf2f722e312c9adacbc9b79dcc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575157, "uuid": "093dcd2d-0f69-4e1f-a81d-a52b03d55ed4", "comment": "Malware payload (AgentTesla)", "value": "d466775f86dc38de9c12b706342b80e25ae9943f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627575157, "uuid": "5f5569cf-a5aa-42f8-97d5-e87821236886", "comment": "Malware payload (AgentTesla)", "value": "acb5b236aabf602f6d7d9b6452e50bf4106c421301fded7d48065bf225b848ff913a59746875d8e5efcbc1828505a2df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575157, "uuid": "39fe4fb4-3185-4add-919d-7c404662884a", "value": "T1B845D024C98C9FA6CC5C03740EA946385EF1AEE6F2B0C4AC3D8D35B1B7F1916DA75246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575157, "uuid": "3ebc81d4-cf34-4877-9473-614f9da8e7b9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575157, "uuid": "33fa2597-8313-4786-9d3d-f26393e18970", "value": "24576:0EFS/d3HKzksLksF/c95zTxUcgHTq9uUsO/Pqy8jh8N6ZNpZ:gKOvzTx5yq9uUsO/PquN6ZNp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627575157, "uuid": "09496e79-32af-424e-b1b0-45eee3287b93", "value": 1269760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627575157, "uuid": "c43b5aa5-2389-4330-b1d0-3917e32f69e6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627575157, "uuid": "d12f642f-b34b-46f2-bab4-befbb15847f1", "value": "65729e5452e34e1ca17c422f8d365ff4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65611e92-f072-11eb-875b-42010a9c0053", "comment": "Malware payload (Socelars)", "timestamp": 1627565968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565968, "uuid": "8df2c643-6306-45dc-8912-748a246813d5", "comment": "Malware payload (Socelars)", "value": "2bedc5cb582ef4a9f879790910ebc5a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565968, "uuid": "f05b15dc-a3e1-4ea1-a14e-2adf464dad80", "comment": "Malware payload (Socelars)", "value": "e44e40c6de35ee17b6b0a09c6b1591331806f0a8e73e457d2cd82798fe3a389b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565968, "uuid": "829f6501-3df8-4453-9144-ddb6d08b4c0d", "comment": "Malware payload (Socelars)", "value": "150e4432004c4d7fd7ced706786967922f437619", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565968, "uuid": "875d94d9-3ee0-41c3-af32-14c3d3f05344", "comment": "Malware payload (Socelars)", "value": "f501893cafcb84a9d9355986e5add86213e8909c99a18d183c3af5829a93d30e5285ca535b7320a9d9cf827213b06c4f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565968, "uuid": "1e1f8092-4c0f-4868-9670-5e824004cd07", "value": "T164658F21F6429036F8E310B686FE477E8D6CBA21031494D7E3C42D5A9E719E27A37727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565968, "uuid": "a679e3ae-2875-47f0-8b0f-3ab632da996a", "value": "4f0608b5638c60342069764638589dcf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565968, "uuid": "cff8e1cc-ca9d-4207-aeb9-02e7807b2825", "value": "24576:dTj7ope1XnPzDuPxy3nyjmaRNKMZ8HBrFCKezQDP8lISqbC9GqzWea:h7opuPXuM3nomCNChhCn+UlISqG9Gq6N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565968, "uuid": "7c426dd3-e766-493f-8d2d-1084958c9eff", "value": 1448448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565968, "uuid": "70033fbe-7636-4134-b2cf-90e33e932026", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565968, "uuid": "33125ce5-f5cb-4e01-9fcb-1705672c2e75", "value": "2bedc5cb582ef4a9f879790910ebc5a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07ae8c30-f059-11eb-875b-42010a9c0053", "comment": "Malware payload (NanoCore)", "timestamp": 1627555073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555073, "uuid": "fbe4386d-91eb-41cc-8e81-91a2e75d4e3b", "comment": "Malware payload (NanoCore)", "value": "a79d3f87fd1a7d9b6564b25e416857e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555073, "uuid": "3a368183-82e5-4469-a390-a76c699d16ea", "comment": "Malware payload (NanoCore)", "value": "e4a221ce6089104f55075f2a249380c86d1bbcf8994e131db850bd2bd6dc73c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555073, "uuid": "1fb0a15e-c1a9-464a-aed3-4efb9c89973a", "comment": "Malware payload (NanoCore)", "value": "ebd72658e276e9378047b3a70fcdc7d33d89e739", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627555073, "uuid": "28ce737c-973c-42e6-8b8f-372c42df898d", "comment": "Malware payload (NanoCore)", "value": "a514b9e597d638b014137f21bf015b9e05ab1f2a308c34af5b8b221112d00010891d6bff2b9a4572f5ba1b7e96adf703", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555073, "uuid": "921f95ce-a993-4125-ad4e-ed395fa0da3b", "value": "T1F255E028C98C8F9ACC5C03750A5846345EF5AEE6F2B0D8AC3D8D31B1B7F2865DAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555073, "uuid": "b015547a-7f22-4e5f-9d26-bb86a0bfb7c7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555073, "uuid": "274b54bf-1b24-4126-922e-ca429a16dfe4", "value": "24576:y27S/d38Kzksskst+sIyQnj1e0pxNk20Okty8jh8N6ZN1Z:vKg+1yQnhe7ruN6ZN1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627555073, "uuid": "d448a7d3-fb38-482a-be4e-adf14912f745", "value": 1341440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627555073, "uuid": "7edb4805-4e12-4890-a533-b68534de7845", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627555073, "uuid": "7132af9b-59c7-4c60-b132-6171289b93f1", "value": "Order List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d92fee30-f03b-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627542540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542540, "uuid": "1f940ddf-0239-4be4-937d-4d3036d72d80", "comment": "Malware payload (Mirai)", "value": "ca8573f8442618f4ea20b9d034a79af4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542540, "uuid": "438c2baf-bb7e-4cfc-8ec2-a3b477e33133", "comment": "Malware payload (Mirai)", "value": "e521eb04a5edb138feb4600c3fb5f9812ca6804580240f5e37521c7f56d672de", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542540, "uuid": "5a91b5a9-236a-4590-953b-08d2d2a3871e", "comment": "Malware payload (Mirai)", "value": "2ab033ab92c1aa46ce6e0326988a450cce9422dc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627542540, "uuid": "56b493ff-4da1-436c-a4bf-bff712317266", "comment": "Malware payload (Mirai)", "value": "c5fa2290adc385803165d25cf982bb1418f7154d8f795d3aeea2dae56340a0332bb814d216191d83371c114b407a49ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542540, "uuid": "ff6088b7-f8fe-45b1-9aa8-acb16602517f", "value": "T136732956F8819B12D4C515BAFE0E128E731327BDE3DE7213AD146B247B8B56B0E3B811", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542540, "uuid": "0fa10285-78d9-4039-b161-371ffd215e2a", "value": "1536:8+nY9WR6LK5KzKTZcKRKjKpX8kcBjBi7MUJRPoUnat6IQJMigiYK8jueJ4Ol5tY3:inLK5KzKFcKRKjKpX1KVQRvnaDK8jueC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627542540, "uuid": "73cbe850-71ad-4aec-9e27-47488ed68a5f", "value": 79664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627542540, "uuid": "86ae050a-39cd-4bd2-8ec9-4490fc70a7ed", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627542540, "uuid": "b2981f7d-5db3-4fde-a8ad-6971ccc5f883", "value": "ca8573f8442618f4ea20b9d034a79af4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39ba2f03-f06a-11eb-875b-42010a9c0053", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1627562459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562459, "uuid": "321f6593-dfac-4cf9-a7b2-8ecceb1ff318", "comment": "Malware payload (SnakeKeylogger)", "value": "c8d2b85a2bb4c07ce178454bc380093f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562459, "uuid": "a710c0c4-280f-4c73-acb8-f8b8bf63aebc", "comment": "Malware payload (SnakeKeylogger)", "value": "e55e49b9294c894535a4dffa7283af398605491d047df445359e74a0359b62c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562459, "uuid": "83f792fc-b769-40e3-98e9-59ab3a82dc2d", "comment": "Malware payload (SnakeKeylogger)", "value": "bac0d4cf1d7304e369a4739a250647732ee0a9a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562459, "uuid": "01282b84-a7c5-4bb9-9eb6-07e9e1da1edf", "comment": "Malware payload (SnakeKeylogger)", "value": "3ba12b309202f0edae5aad6747f0855e29c1e631fed16458dd0f240b5bf1c2e88bc81556ea5fff3bd6a02096a16d9452", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562459, "uuid": "69fe1f61-be6f-479a-b28e-7342171327f9", "value": "T13445E028C98C9FE6CC6803740A5846385EF1ADE6F2B0D86C3D8D71B5B3F1925EAB5345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562459, "uuid": "6b3d9def-53fa-40b7-99b6-760efcc6f1e3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562459, "uuid": "1d8bd9a1-b75d-4482-82da-ca5541118d58", "value": "24576:hcS/d3EKzksRksUj1bEL2spNQh4trjqbLvn4Cy8jhMN6ZNCZ:mKqbEKspbZqfvniN6ZNC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562459, "uuid": "066f2c8e-a5de-4710-a5cc-e4d5ea10b81f", "value": 1253888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562459, "uuid": "fe2dd89c-fd3b-4558-ae86-140acf3fb003", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562459, "uuid": "7debfd92-f627-4ab7-92b1-612385d048c4", "value": "K36LEv6DCDo8MiQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27028cbe-f060-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627558132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558132, "uuid": "0638c0e1-2095-467f-9006-a7a1bca02e08", "comment": "Malware payload", "value": "9f6215f166653c320ed7e749d6114cdd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558132, "uuid": "da4cb235-1ec9-431b-bd71-ca772e6e3d52", "comment": "Malware payload", "value": "e5ebf928e029cbd3799e7db55f61252e11ab3a821a5998b9044c0ea76aa65b20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558132, "uuid": "eff0a3eb-c49e-44cc-b63e-46e1e7cb22a4", "comment": "Malware payload", "value": "6411ca9abd480e6ef45291843e8e7dfbc85ff7b0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627558132, "uuid": "72e6d52d-22a6-4069-9e63-3f374d553531", "comment": "Malware payload", "value": "06b600829fa42a5f512c274583d8fc62de5e42fa4f324a1293da7d35678615ffac136ea950b594192b8b2b7a8fc4aeda", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558132, "uuid": "2a9ca530-84c0-41c5-a5e8-0c417135f803", "value": "T1519533CD6BA21678F1428E3D84B98C7B3F3EDB54AE9606E0137C178959C3F1C96913A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558132, "uuid": "69e46829-1a05-41b5-b844-cf69a4ed8fde", "value": "49152:BGoOaVzui+hZiGDP5jracR106F7/LNW0AFtfELStScik:0Baxu7iyBWcR1L9/LsbFtfELu4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627558132, "uuid": "b31e0cc6-76ed-43ee-ba6c-e3dd4f9e846b", "value": 1993728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627558132, "uuid": "9b9199cc-d9be-4c3c-8b94-35742b8241e3", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627558132, "uuid": "77b230ef-dacd-45ef-86f2-f44244ca4ffd", "value": "9f6215f166653c320ed7e749d6114cdd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "240af876-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535364, "uuid": "bcf81999-dd25-4bb2-a2e8-15c1dfdbfcec", "comment": "Malware payload (TrickBot)", "value": "2f11d8b9bd140d2d32a7a500c01b3a80", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535364, "uuid": "4bdde779-0bea-49f8-9d02-1f86e10edc77", "comment": "Malware payload (TrickBot)", "value": "e5f9a544e33c6f9a22acb5415162597b671f95b9434b914a414c5f380719a679", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535364, "uuid": "c47dc097-e71f-48b2-bc70-fc27650b5099", "comment": "Malware payload (TrickBot)", "value": "d31ec1511f6691e212d05f50f08c7e4c6e365b00", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535364, "uuid": "e4fda378-9f70-4544-99c2-bafc41d10488", "comment": "Malware payload (TrickBot)", "value": "244f916cc7a96bb6095c3f9804a5aedf63461590c8175b48f755f1634b511e2d21d862b51eb3eea65ae7ec4937ada605", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535364, "uuid": "18046c49-2995-41b2-ad38-67b3d0761054", "value": "T1945335E82AD1E417338D2F17FE0A3AEAD1BA6C9796C47507D1587A5C24ED21BC5A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535364, "uuid": "95eb49be-c84e-401e-82ab-c0a5a10caa04", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oR:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535364, "uuid": "ee5690c4-ab6a-4e4d-9e7a-5c3875caaa50", "value": 61063, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535364, "uuid": "50852be4-8211-4374-9e1f-1566fb6ba0a2", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535364, "uuid": "8d72b557-73d9-41a5-ba75-3ab992df013a", "value": "2021APT-28_8586453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6634f27-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627569164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569164, "uuid": "d5a5aece-bb7a-461b-add5-36e533616147", "comment": "Malware payload (Gafgyt)", "value": "f76693f7f45f20a5b22d09f77d38780f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569164, "uuid": "224b2482-7d7a-4a88-ba1f-a9b82fae7a62", "comment": "Malware payload (Gafgyt)", "value": "e6392e6e0cb3dc63500de52a08eabe1269d6243a317a75a06d9ce89093ae662d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569164, "uuid": "a5953880-718e-4dbb-8526-1bef5028701f", "comment": "Malware payload (Gafgyt)", "value": "eddec1beffd95dd161413acbb4780ed5695e7561", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569164, "uuid": "2f978e05-4025-49cf-acbb-1fd17d9f5563", "comment": "Malware payload (Gafgyt)", "value": "4567e662f3e5533ac01ccf671183338aa5eb126878edb60efe260d7f5bb3ec9d43f69266f9d8834a7b9617fa4bb9f6ef", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569164, "uuid": "2d71b8de-108a-4655-bd66-0e3286b70e50", "value": "T1FFA319A3F800DFB2F40AD67604D74B25B630FBE60E93156273573966AE362D52823F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569164, "uuid": "789dc7a1-28cf-4239-86fe-8c7b57829066", "value": "3072:kp2w0JjNffY7xzXd/rpy9csJ3w/xmK10PZHbf3Fj:kEFNffY7xHy9JJ3w/xmK10PZHbf3Fj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569164, "uuid": "dfa2626a-c588-4bcc-b41c-ce7eea3d6288", "value": 101644, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569164, "uuid": "34fda158-a5ad-462a-b7e4-168c12a9d952", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569164, "uuid": "14572bfc-1923-4ce5-a8d8-d28a09cce1cb", "value": "f76693f7f45f20a5b22d09f77d38780f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "919f2f37-f0b0-11eb-875b-42010a9c0053", "comment": "Malware payload (Zegost)", "timestamp": 1627592671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592671, "uuid": "4b58c363-76fb-4b59-94cf-a9812f7ab2d6", "comment": "Malware payload (Zegost)", "value": "2136731abbe410fb24240c34f1a47260", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zegost", "colour": "#84DF17", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592671, "uuid": "11c58024-4dd2-418a-ba3d-656fea0946ff", "comment": "Malware payload (Zegost)", "value": "e63ae6b6a21682cc06993ce09d717f3713b04a84b5567653bd8ccfdba1f89f06", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zegost", "colour": "#84DF17", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592671, "uuid": "2c5208e2-4b7a-474c-8d20-cff9cd0e8b48", "comment": "Malware payload (Zegost)", "value": "ffd5bb4b62d7816f0ce4af5843cd82ab7edf5cb0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zegost", "colour": "#84DF17", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627592671, "uuid": "27a832e7-9d61-48d3-8ca6-2a5ca7cfb30a", "comment": "Malware payload (Zegost)", "value": "6a5d148c3f7ba963037237627ce75a1b491cd4b53a0de4150db20ccdfa4d2c753ad70d276c74bcf6d455ab22172902fd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zegost", "colour": "#84DF17", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592671, "uuid": "0a615dfa-5207-49a7-a572-448bf390ea34", "value": "T1CCE512007981C071D4BA15350CF9A77A2A7D7D310B68CAEFABE44E7E5E780D06A35A73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592671, "uuid": "ed8e5a10-ef79-40b0-bc7e-22592c3c572d", "value": "3c27231b356af8ced28fb04cd41acd2d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592671, "uuid": "0a74b9f3-f67e-40c7-acf3-a535bc56f0fe", "value": "49152:j2Tz8wIYwesVWRj1DLBaxMHQH2DeVpsjN8lLJ+cSK8ZOqUgzXVJVjIK9zWLNCab5:MzPsYR9LBaxLWD2sh8l4ASOqUQVJhd9E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627592671, "uuid": "1780f7db-6187-499b-978e-f2d6f8258721", "value": 3106304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627592671, "uuid": "a6b6793e-9275-4cf6-bbe9-892d394d17a0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627592671, "uuid": "a469f743-21b5-4d37-8d31-c16c1114e967", "value": "2136731abbe410fb24240c34f1a47260", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f02ad91-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535490, "uuid": "2b5ade96-38ec-4e0d-b1c8-5a0ecbf46703", "comment": "Malware payload (TrickBot)", "value": "906a75c0d5bd0c141acf239d602a81fb", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535490, "uuid": "4dc3452d-1f66-4a32-a397-b465e22929c3", "comment": "Malware payload (TrickBot)", "value": "e712a5abc8a6bb263f06d7b6cf4bdca8d7bf1d422af0b9585f48f4df3bfc58fb", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535490, "uuid": "cf4489b7-8d28-4943-be37-d7e3ff1ed69c", "comment": "Malware payload (TrickBot)", "value": "1faf1df1d1966ea2d1aeb7f5d8e993d6bc7d2758", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535490, "uuid": "17d60199-a30a-4575-9ab0-b2cf3107b645", "comment": "Malware payload (TrickBot)", "value": "30fe6bbfc940f2b9074ce9aea3e9e2fc841ca676cded242ad984a57c55bbc2b713a3731d7cb9b015e4ceec0d6e601b33", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535490, "uuid": "b4c47564-5699-4ffc-9267-713a609c880b", "value": "T177931DD86BD0E417338D2F1BFE0A3AEAD1BA685796C47507D1587A4C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535490, "uuid": "dbb4223a-85dd-4d5e-b35e-ab6b9484ced1", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oV:59Ry98guHVBqqg2bcruzUHmLKeMMU7GH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535490, "uuid": "f5eb4ca3-99a7-4e6d-8125-d2ff7fd008c8", "value": 89232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535490, "uuid": "5bdb7790-48e4-4d59-b547-df40426ea4fc", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535490, "uuid": "c3b9b324-240e-4d10-ae42-608ef37e2d2f", "value": "2021APT-28_51438453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7ec7ca2-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627569113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569113, "uuid": "613f2323-090f-4618-b4e4-00c1c4e4354b", "comment": "Malware payload (Gafgyt)", "value": "6673ed8df83a67b674da9c48551259c5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569113, "uuid": "9e560420-f8f2-4e3b-b2d8-a48828a58f2a", "comment": "Malware payload (Gafgyt)", "value": "e75492c82c1e5f543c5df469dddc0d89449e7053d5a73a185a265d2e43bc94e5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569113, "uuid": "35b11a48-67cf-417a-9daa-52af424fc954", "comment": "Malware payload (Gafgyt)", "value": "04561e864a6e5132fc8bfc01bf96d2b752a3cd95", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569113, "uuid": "340e5b0c-8eba-4994-a77d-40263d25a762", "comment": "Malware payload (Gafgyt)", "value": "02d1f3d7a5339ca1e9ded72c9b7d804d53263eea51617015f2dee3cbf9513fde17d3c843f8144fbb1bf74289630d4e27", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569113, "uuid": "bcf90830-678b-4bf0-8d41-66511482f831", "value": "T186934D43A8654FB3C0825AB1256B5E304757E8D20F4F1B96713DAAF4474B9CEB80EFA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569113, "uuid": "8660261a-9f33-4c15-a4a7-39ff59a41aa0", "value": "1536:86fb6NtiK2XBYUwvIXlm1dCME5hxdddddv7HOhuAim/j10PILDLf3Ij:vfEtF2jwv7dw5hXmimb10PIvLf3Ij", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569113, "uuid": "72fcc31f-2f8d-441a-9b7b-6d759615fa04", "value": 89836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569113, "uuid": "fb347a7b-62dd-4084-82b8-393353062cf8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569113, "uuid": "b9fe2fcc-ba39-4191-a5d7-027c3194db34", "value": "6673ed8df83a67b674da9c48551259c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce327e3a-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627569150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569150, "uuid": "ce8ebbae-852e-40a1-97f2-15eab7404cd7", "comment": "Malware payload (Gafgyt)", "value": "595b9368c65c9db35fe34848ffa45796", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569150, "uuid": "d49fa93d-79e3-4c89-92ff-6b5303058f28", "comment": "Malware payload (Gafgyt)", "value": "e8639668a05f41fc3465946d33bfb0a963637f37126def0412f22ee64c9dbdbc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569150, "uuid": "6a78297c-2d65-4f85-bc3b-0fed2a15c3ea", "comment": "Malware payload (Gafgyt)", "value": "0a63315ccbb3011fd2c35afe320be807412dced0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627569150, "uuid": "b2122d68-17de-45c7-a3a5-35c924c8d358", "comment": "Malware payload (Gafgyt)", "value": "92e1806b718dd247fce37405dd18f364d90d869f8a1e27248559ca37da5be9dc0961100cd57cda06b5d885d436a345ba", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569150, "uuid": "12ca440f-b9d3-4b97-b4fd-773375198932", "value": "T113B329377B270E23C0CA147112D70732AAB5C6D938FA5397B9E06DAC2F16A843916FD4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569150, "uuid": "cc63ae94-e7e7-490d-9ae1-fc76f97795d7", "value": "1536:BXYQBTSNM5+ZtzOftEj30phmdddddTFOrJfIVmYj1EPZjDbfKasj:B7TSN8+DOfpphwQ6VmK1EPZHbfvsj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627569150, "uuid": "7a70bbbd-7bb0-47a7-b120-6af44e1365b5", "value": 108147, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627569150, "uuid": "92a11b39-4f71-4a15-9519-0dbcce48ce5f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627569150, "uuid": "2b60a82a-d0f5-4844-8d25-03c29b302c87", "value": "595b9368c65c9db35fe34848ffa45796", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9216f3d-f0c0-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627599636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599636, "uuid": "9010e527-0b68-42f6-bce4-4cbc70774fac", "comment": "Malware payload (Mirai)", "value": "7ea589f46f665059c634fb874d3a01a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599636, "uuid": "6d6dd3c4-67fe-4f3c-b03f-ebad4368f325", "comment": "Malware payload (Mirai)", "value": "ea6b74dd2b75416fca9a8b0328f0df981e46a6480f68fc219dabb02959499f68", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599636, "uuid": "dc28584a-1fa8-4cde-a0ed-58ef540f8aaa", "comment": "Malware payload (Mirai)", "value": "305e9266a08353e160946ea37bd54cccc21c5ed8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627599636, "uuid": "d1ae801f-dbf8-4580-b929-a4f90d76aaf4", "comment": "Malware payload (Mirai)", "value": "a4374af52335cfe19d18bb866fd9caeb0dac7b8c4daf9868a921a0db83040e3590a88835e0bc7d92093b36e390910d5d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599636, "uuid": "bcdc9a5b-6f86-44c2-85dd-53b2f7cbb571", "value": "T139332ADAB902AD7CF98BEABE80160E0AB23123541053073777EBFDD37E321549956E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599636, "uuid": "f82a1a24-66db-43a4-b5ba-8cf25c89bc97", "value": "768:mLGOe2kf9e9X9nbermI7vc59QPQs5gFHviPuzWeHXpi2UJTpDnH638gO:mL/4f8F1ef0YgFvimzpZi2UJJnHY8z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627599636, "uuid": "a41f1dec-5d17-425e-9088-9195d51377dd", "value": 53056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627599636, "uuid": "15a08736-14eb-49f4-8053-101f70bf3925", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627599636, "uuid": "5adc4636-46d2-460f-9624-718600684022", "value": "7ea589f46f665059c634fb874d3a01a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14f995b3-f079-11eb-875b-42010a9c0053", "comment": "Malware payload (Gafgyt)", "timestamp": 1627568839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568839, "uuid": "17854b22-dcfd-451f-9d8c-5f2dffd93499", "comment": "Malware payload (Gafgyt)", "value": "364900a8e65582d06499c1e23b7ea77b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568839, "uuid": "776902e7-a968-44c3-9dc9-479050af15d3", "comment": "Malware payload (Gafgyt)", "value": "ebafea261a018eb56e79994af7e4585707091ef3459147f51c5060359a769961", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568839, "uuid": "6a26c8de-45ed-4be4-92de-40b3197c64f0", "comment": "Malware payload (Gafgyt)", "value": "c2ee9ae99a92b13b6c0406a3eeb2677118d9d762", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627568839, "uuid": "d8ac7ceb-f763-4b15-aac1-916edcdfadcd", "comment": "Malware payload (Gafgyt)", "value": "92c49f0b39de8c7af8246b861a940ac61215b481add700eb2282dd2b19ab00c50778b78f754cdc6bbdc5f1484c6fa9ab", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568839, "uuid": "036abf76-b12b-438f-ba2d-5d2d9abc0b06", "value": "T19003F102D55CACF3AAB513F3A5FDC2CA621603B894FB32D60571424C7E45AF268F6462", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568839, "uuid": "4a0bf5f1-cc70-422d-b663-0f05f16496d5", "value": "768:Mzev1AYCj6aqvmPSSmITwIXgGeTR43UWAFD56GhE:MzhY7lMSSmITwRTRBXZa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627568839, "uuid": "b53c3c9e-43a8-4f2a-a407-fdfc9bbfc1e0", "value": 38288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627568839, "uuid": "d620d294-0d52-4a99-9511-707ea182bc58", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627568839, "uuid": "13f1a278-9a89-4abe-819e-c69621aa0053", "value": "364900a8e65582d06499c1e23b7ea77b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c615189-f087-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627574865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574865, "uuid": "666cb056-33ac-4840-bdc2-9ba5d648b622", "comment": "Malware payload (AgentTesla)", "value": "005ed9b1e262849f32f005e246415489", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574865, "uuid": "2505551a-885b-41c4-b672-6743da50ebef", "comment": "Malware payload (AgentTesla)", "value": "ec7617c8d87ed7305c67639178801f6f3ccd802776e7cd4143f33c1964c6f553", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574865, "uuid": "1fdbd8d8-34ce-43f6-b05d-fa7ed3d2aa4d", "comment": "Malware payload (AgentTesla)", "value": "9c2e6b3dde6d3f20bad70e805fb173f8dfdc4888", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627574865, "uuid": "5df85a45-15d4-4072-aa79-31a4d353bd16", "comment": "Malware payload (AgentTesla)", "value": "d1229e8c9a83301616ca03d3e45eb424d792bdd7419168091ccbe61efa2c7707775bfb2948bd4c77600da3ecc59029e4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574865, "uuid": "82181de7-bfbf-4661-8cf9-0cc40b318ce1", "value": "T1A055D028898C9F96CC5803740B984A345EF5ADE6F2B0D8AC3D9D32B1B7F1C16DA79305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574865, "uuid": "8a01eedc-814a-4422-bbd9-a34662629352", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574865, "uuid": "4a9a100e-5e70-48db-bc9b-5ed7868d7318", "value": "24576:CCS/d3HKzkskksrcSUEA08cL5zLx1/ov6ooy8jhMN6ZNJZ:mK7c9Db/1iN6ZNJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627574865, "uuid": "44fb2074-9a58-464d-b674-6d7912d12621", "value": 1324032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627574865, "uuid": "2123b1b7-9102-44a9-ac12-a373e7b0b026", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627574865, "uuid": "1158bf8e-0e30-4067-ab01-6a6afa4c4d37", "value": "005ed9b1e262849f32f005e246415489", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2967dd39-f072-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627565867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565867, "uuid": "81114b76-4b71-41ff-b6ce-e5d126225511", "comment": "Malware payload", "value": "6cad4b80dbf7c6851a2bdb127154b796", "object_relation": "md5", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565867, "uuid": "1b8869e2-4500-4101-8aa8-803e6f929dbc", "comment": "Malware payload", "value": "ed025aedc78222c577e6f95f0d7b354bf109a6d61a7157d9fa3fb9029ac21b4e", "object_relation": "sha256", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565867, "uuid": "0188bd2a-ddbc-4a71-81ce-f8f306bb1a25", "comment": "Malware payload", "value": "553f889ef0e355dc346d73fbbe41c9ede0027ab0", "object_relation": "sha1", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627565867, "uuid": "da69cb23-36c4-46cd-a756-26590a3e2e2f", "comment": "Malware payload", "value": "76666dcc3f4430d0a3df01a7045d9bd373f42e46cc2abc62be54fd660230c167d2faf07b95dcf52ee5584e46d02a1eac", "object_relation": "sha3-384", "Tag": [ { "name": "106.110.28.138", "colour": "#4A97B7", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565867, "uuid": "dfbd524f-2741-4960-a374-42630a5ea4b0", "value": "T1A9F494447A5C38B7C911B37DB019028CA61C6C41F6A19587CA74FEEFD9B61F0862EA37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565867, "uuid": "426a0544-3e68-4062-8979-f0f2dccbddf9", "value": "649c73417efa16940e341e291b80897c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565867, "uuid": "d023d523-5086-4230-9dec-0b909578a252", "value": "6144:2jAYtOpHc14kAeY2PPcyg+8tguCdBIohU46bZt:OZtj4kHcyzvIob", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627565867, "uuid": "92520321-7836-4ff2-96f6-a2fb00bca407", "value": 730112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627565867, "uuid": "1d1500b7-57af-4dd1-b687-061038852cc8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627565867, "uuid": "1c0acdbf-dcbb-406b-a6e9-642d67dca8b8", "value": "ed025aedc78222c577e6f95f0d7b354bf109a6d61a7157d9fa3fb9029ac21b4e.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20854d0c-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535358, "uuid": "01a47c94-fab0-42f1-bd72-c9fd24fe38a3", "comment": "Malware payload (TrickBot)", "value": "ffc21398490627d78bd5e9d7181d0268", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535358, "uuid": "c2c92289-33a6-4936-9e18-5063e278db84", "comment": "Malware payload (TrickBot)", "value": "ed8f837a1ff0b170c2843c20b0409227a21c6de030fd55fb5a11a56fdad701b5", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535358, "uuid": "4e818ca0-fed3-43a6-8f0d-26d8d092260e", "comment": "Malware payload (TrickBot)", "value": "7c359585bf7fa73f14c5e89948607c587687d761", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535358, "uuid": "d295a9bd-4454-4db5-876d-ef96f8ab3fe7", "comment": "Malware payload (TrickBot)", "value": "7c27ee2db09537c92886cfd5f582eb89bd90519d614e650c7e58ef09ac5b4c229464d12cb4d8a3e10c71a2126919c487", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535358, "uuid": "b62fdc45-c8f1-4ce1-beb5-5b225032be13", "value": "T1D952D170E793D025499E8BFA884E93426B01A241D0BF95D0A372BEAE49CE4518FF234D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535358, "uuid": "cd8d234f-244d-4a83-aad7-536198ddfefc", "value": "384:WCDsXXzkqZiJvcnyqSLML+SuTqSmdJqfRA5vmj5fiRw:aalgyPLM6DTcecQ5fF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535358, "uuid": "0276e267-be69-4100-9fb9-c3b9ced2b8d4", "value": 14189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535358, "uuid": "b80c4829-8d0d-47b9-b01e-9e94c377e4bc", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535358, "uuid": "d8f5f7f4-39e8-41be-868e-9b1b46095390", "value": "2021APT-28_8586453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff8c7842-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535303, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535303, "uuid": "5bf2c387-2ad0-403c-b34e-d139d32623e1", "comment": "Malware payload (TrickBot)", "value": "24a9c82f4a914cd5a2ab6df4863c6f4e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535303, "uuid": "3982e6e3-4867-40b2-a4dd-d49ccff30fda", "comment": "Malware payload (TrickBot)", "value": "ee5f98e95f8467cb9c8a370a4dd3948181c1201790301e22fc3e81797430dd7e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535303, "uuid": "05f4c1e4-6ff8-4d20-8920-793fb75a2606", "comment": "Malware payload (TrickBot)", "value": "339dc1e5d2dd71a03ffc65512f2ad895760eb66e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535303, "uuid": "696e9566-708e-4661-b86f-4fade5e736dc", "comment": "Malware payload (TrickBot)", "value": "6572b19779fab324fb4ca2c5eadd757df6379670662c6a847b7de6ac7e2264462480be5216309800ac967a6b1ed9a0a5", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535303, "uuid": "013654ea-f24f-4755-9cb1-5b39ab98076d", "value": "T1135355E82AD1E417338D2F17FE0A3AEAD1BA6C9796C47507D1587A5C24ED21BC5A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535303, "uuid": "f1be53ac-4126-42fe-8443-876bf0aad456", "value": "1536:KvI9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4tz:f9Ry98guHVBqqg2bcruzUHmLKeMMU7Gw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535303, "uuid": "8ffb3625-c0fb-438b-8a9b-96cbba1eccd8", "value": 62648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535303, "uuid": "fdc834f0-db63-4a8f-b65e-992e6ec138c1", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535303, "uuid": "4722bf6e-f28c-42d9-b923-1ed752357341", "value": "2021APT-28_33480453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34dab9eb-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535392, "uuid": "26990f1c-ef3e-4a60-84d5-3dbab9168eed", "comment": "Malware payload (TrickBot)", "value": "096e424b33b6222a0513d3af03baeffb", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535392, "uuid": "4ed30b7c-3291-4d56-bd4a-1cda25026c60", "comment": "Malware payload (TrickBot)", "value": "ee8dd46f96f93fe1aae0c23ac7d15e7665c93529a6e120c89297b2c5bc57cbe1", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535392, "uuid": "1a18d4a6-5329-47f2-9b68-7fd4bd6e10ad", "comment": "Malware payload (TrickBot)", "value": "cd5af1b6eecb8f13786dd5a63e34d1dac269f866", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535392, "uuid": "3d38c4f5-d9e9-4802-aaf8-30035dbb86c1", "comment": "Malware payload (TrickBot)", "value": "06e01cb25697d345d2d7e257e3636c68266b75ae8e3911ba6fedbd7727afa500a9e43b5bf8b2e5f540fe071632c69d1c", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535392, "uuid": "fae117a1-8672-4468-9fc7-f6079784e16e", "value": "T146A361D86BD0E417338D2F1BFE0A3AEAD17A6C5796C47507D1583A4C28E921BC6A4CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535392, "uuid": "ea7eaa29-bfa0-4b1d-b545-c714d1017167", "value": "3072:EwMGTMVVNKkOp9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5K:EwMGqVpOp9Ry9RuXqW4SzUHmLKeMMU7l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535392, "uuid": "81d100cc-a9d9-4c3a-9ab5-d0df8740edf3", "value": 104573, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535392, "uuid": "e9b0f0e1-2463-4de5-9ffa-141ac71e5c1d", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535392, "uuid": "2a654b8b-ddc8-43fa-8616-3e49249da6e5", "value": "2021APT-28_79422453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b56d7e8c-f06f-11eb-875b-42010a9c0053", "comment": "Malware payload (BitRAT)", "timestamp": 1627564814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564814, "uuid": "dda81d8e-ef90-4d30-aed2-698409142439", "comment": "Malware payload (BitRAT)", "value": "2c717df70f11ed8083be287522c0fc58", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564814, "uuid": "96d05c8a-1943-4ac4-908d-517dc7805e6c", "comment": "Malware payload (BitRAT)", "value": "ef9e853a343f1d3588eeaf60c443add28e376fd97f3bc77309b8436349b60bb3", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564814, "uuid": "094f9511-a7c5-413c-bab4-53db2d57f898", "comment": "Malware payload (BitRAT)", "value": "a6dd53b680819540f630a6d1319966446fb5c130", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627564814, "uuid": "5bc17371-889a-4251-8785-d24a9e7b8605", "comment": "Malware payload (BitRAT)", "value": "bc296800676eeb98f2d94e7863a4206205f3dd02c8696a9fc49d77e758dc158e14fd60d92964abffb57164a6e397bcd8", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564814, "uuid": "d2cf205a-5e14-4764-be10-030eb34e5f3d", "value": "T110B2C405277C9B37D4BD4BFEA092324003FAAA279423E7581EE560DB6652B018752FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564814, "uuid": "5c237ec8-0216-4b8b-8594-b0cc7c360d7f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564814, "uuid": "4f359fae-ff41-42c1-9d9f-9e4f06c5471e", "value": "384:eYgNlrF/vNMMo7WkdotnBGLqBWha2HbUigf3fJlr6arRWh/VUSkA0Ewfff1X:eYXobN1XvX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627564814, "uuid": "0ba054df-9e74-474c-b96b-69e7f550bee6", "value": 25600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627564814, "uuid": "3737a2c0-29b4-4ecb-9492-830948739e99", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627564814, "uuid": "20e6a4e1-78d8-4ea2-a805-6b51efcf2972", "value": "UpdatedHUD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16054b9f-f018-11eb-875b-42010a9c0053", "comment": "Malware payload (GuLoader)", "timestamp": 1627527180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527180, "uuid": "d4b61cf4-72c9-4d62-b454-53d946587f73", "comment": "Malware payload (GuLoader)", "value": "a00b8e3e362cc4e0936c6cca6c138546", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527180, "uuid": "02ac30df-74a5-4863-afac-7382d55cfc7d", "comment": "Malware payload (GuLoader)", "value": "efe16afbeb2871fb3e07ccb7e6152c736440577485cceb463b6228cdd1d9d198", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527180, "uuid": "43a275cb-a961-4e41-87aa-ee41bd542b34", "comment": "Malware payload (GuLoader)", "value": "8eab3a054e1de788c6d59500a7bda1c50b0c980e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627527180, "uuid": "a49e5a25-2894-4201-ae8d-08d247c996a5", "comment": "Malware payload (GuLoader)", "value": "863b5b12026ce6b3f539c2e73d3e332e382dc60c3e43515899aebce7e29e4d71bd338782125516d5ad218781b32ba6ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527180, "uuid": "5096f47c-beb9-4584-ac85-5f9a27c1d2d0", "value": "T1FB8439B2B100A835F43255B58927A92B2605FC757CBB9B0BB5CBB37622F77D24017A07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527180, "uuid": "e938cfe3-8e96-4ad7-837e-cc05b895ddde", "value": "dade52372ec772a4d40015c84cdf4459", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527180, "uuid": "31e7a38e-e9a2-4c9c-af7f-b35bec3efdc3", "value": "3072:ESUrwKQF9xteK6t4r8qRPjzob1Db65exTnu1gyMEhwQ1Dyexd/ocWMXchuGZk5CE:ESpKq/QK648qRbzoOJ15", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627527180, "uuid": "fea88f2f-146b-49f9-bb6c-02fa2a415386", "value": 380928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627527180, "uuid": "c7260eca-a3a8-489d-9cf5-87115ac0b8d3", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627527180, "uuid": "dd834fe8-8c52-4e63-add5-224597010879", "value": "202101081055756.ex", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "149fce3e-f02e-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627536627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536627, "uuid": "acea5902-a8a3-4dd5-aa6c-f0bce9acaa87", "comment": "Malware payload (TrickBot)", "value": "2cb1272429c830b5ccdda07a125b8fc0", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536627, "uuid": "9ac1b815-609c-442f-be39-b42938082bd4", "comment": "Malware payload (TrickBot)", "value": "f09e58c715accf7898a9cdfcc46fafa5ef78c4a27ec19a531682d982ef1efd1c", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536627, "uuid": "a992ed09-8031-4325-b361-bdd4e10eea2c", "comment": "Malware payload (TrickBot)", "value": "32b3f763c048c43155fec8e4eee42a245e8f7742", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536627, "uuid": "ae9e60f8-6a9a-4f66-af88-7a4ce81b7cfc", "comment": "Malware payload (TrickBot)", "value": "2c9b50ce75104eed80a2ff7272837f09e9b21c420edb7d5972f3a13c7ab1bde4f1fefbe18b29565542910fb073fecee7", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536627, "uuid": "77cee50a-4645-4e7e-9b52-b42f3b6f7b6b", "value": "T1F94301E2E369BCBD0A7B82D7B4824FED03949246424D21D87D7B116C719C6BC6F287E1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536627, "uuid": "4d29cd54-232f-44ad-a61d-de1988d47b2e", "value": "1536:B3qV8q+cKDP7agUE2v70hEjb9yBS1hwgsqj9Vu:B3qD+R7agUE2v70hEjbo88qj9c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536627, "uuid": "13d42bd0-c255-4177-98ca-0990fb502b78", "value": 59345, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536627, "uuid": "46c68347-060d-42a6-9fb0-27fd703eea7c", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536627, "uuid": "18a489c5-61d2-44fd-9e05-1d0a80d821ef", "value": "2021APT-28_13128453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0aded3f-f048-11eb-875b-42010a9c0053", "comment": "Malware payload (RedLineStealer)", "timestamp": 1627548136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548136, "uuid": "423968cc-ec64-4f6d-9926-dfcab404ee8f", "comment": "Malware payload (RedLineStealer)", "value": "0acd898b5324e076d998267053eba01d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548136, "uuid": "629b1014-84f6-40af-927f-9ba5ac820654", "comment": "Malware payload (RedLineStealer)", "value": "f1b072a4977439e50f66ceaa57528f53227d95fe762d0cd5250c45ed59e3ee9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548136, "uuid": "183467cc-a078-4671-b838-6e73306dac4c", "comment": "Malware payload (RedLineStealer)", "value": "88c3d9a4e9d063d1d4c86887a8b0a4f3c590790b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627548136, "uuid": "12fba196-07de-44ba-9d1f-913da496f1ed", "comment": "Malware payload (RedLineStealer)", "value": "add0e16c4b927765bfa9c71c3db1036b536fff2843e7d13ce663d2db7c9edd95064962c67ba5817f1d20dfa166ac7552", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548136, "uuid": "36155568-5ea0-41b4-bf8b-72d081e67777", "value": "T1FED4F130AA90C035F1B712F416FAD77CA92D7AA06B3455CB62E526DE47342E8EC31787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548136, "uuid": "7c3bd6e8-5735-458a-addb-e89b0710d1e9", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548136, "uuid": "7d87efa9-9701-4817-9a5f-8d4c3e583afa", "value": "12288:G9dm6e0M7pSe/qDSd3jw2t+uEwMT5hHBDSZRAS6wDNMEiI3wznBNb:Km6e0M06d3EIWbB+ZqiNNKbb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627548136, "uuid": "51394354-bd9d-4e83-92d5-dbdfc6d819cf", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627548136, "uuid": "c5b08a81-1dad-4fff-8722-91e6ae558aa8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627548136, "uuid": "c4ccf17f-fd41-44ef-a68d-e16e8d8a62c3", "value": "0acd898b5324e076d998267053eba01d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "906d62c9-f02b-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535546, "uuid": "525f38c5-3062-4808-9f7b-eba161902db9", "comment": "Malware payload (TrickBot)", "value": "59f9fe0c4435e859d9b8643f8e52af27", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535546, "uuid": "cc16b150-8126-41a5-b931-0267a6d16cec", "comment": "Malware payload (TrickBot)", "value": "f2ee4a9b3d60d62d484fdf9af0b325214d3a4de574b7832e9cd9b2b896c27909", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535546, "uuid": "a1807edf-fcdb-41fd-8549-159aed698f8f", "comment": "Malware payload (TrickBot)", "value": "c53317de66e181f9a930b930e1d7609c0c90eb1c", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535546, "uuid": "9487d407-d58e-495c-9469-370f7f13cc79", "comment": "Malware payload (TrickBot)", "value": "e9962523ae8708292076f948213596696e46db5364597d78b63a3b4fd0a03ccd9694d374e71de5ee38471181d79f9644", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535546, "uuid": "55dc3abe-361b-486c-9c96-ae2e8037ad77", "value": "T174E2E120A7651348A8FB453F5B8A2F39227B33F46853789188F21C1426E69DDDF7B40B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535546, "uuid": "c60d4201-be76-4a55-94ca-5a1fe5ae3049", "value": "768:M/Bz8z4u9THr5kX5BGCwkjN+MdDi2+cxJp+LDHMYEUSpK3sE1JdZH:m88CT2X7pMmVxX+nBthH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535546, "uuid": "8ad893ca-0692-4ca9-86a2-a45da7abfb40", "value": 33323, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535546, "uuid": "d9ae4597-3f63-406e-a007-c64e094f35d6", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535546, "uuid": "a84e66cb-d37e-4daf-8f5a-a96dd0bf6e93", "value": "2021APT-28_44382453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aeba5b2-f02c-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535805, "uuid": "c9856f8b-0b26-4a17-8aea-9f465e113a39", "comment": "Malware payload (TrickBot)", "value": "70cc9e40e28785dd86f261ca1d0d41d3", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535805, "uuid": "7d47d3d7-78f5-48e8-8532-483a294bdc99", "comment": "Malware payload (TrickBot)", "value": "f359144da37c8f4b3b18a910f56aa89b0e1b97089f527b421211e8b913dc5ba9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535805, "uuid": "ce387a4f-d03c-4459-94e5-3b2e25df1c8b", "comment": "Malware payload (TrickBot)", "value": "08a056aae77aaa912d3fd1166be15055969a1b88", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535805, "uuid": "bf540731-1126-4870-b6f8-f71fb185bd7e", "comment": "Malware payload (TrickBot)", "value": "b98379052dbab38a8ff19214ed3a1e5eaf409ee404dfd3df572a99efc9a060cf27e07f859c192a89935df3b6dce44cd6", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535805, "uuid": "55a0975d-6a21-4b4e-a9f0-2fbd133c60e1", "value": "T144932DD82BD0E417334D2F1BFE0A3AEAD1BA685796C47607D1587A5C24ED21BC6A0CF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535805, "uuid": "9e8d3e4d-86ef-4d75-b449-8c44179ae372", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/ob:59Ry98guHVBqqg2bcruzUHmLKeMMU7GN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535805, "uuid": "e4e2f6aa-ac4b-4790-825d-b577f868d63d", "value": 91188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535805, "uuid": "f07e01a5-9137-4ccb-9ee3-5bf359d2760f", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535805, "uuid": "f10fedf3-55cd-4315-97ee-cc784b295c9e", "value": "2021APT-28_47334453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "439cfadf-f062-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627559039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559039, "uuid": "07ec7482-6e9d-479d-8198-3238811e3eda", "comment": "Malware payload (AgentTesla)", "value": "aa09beffd86037dedb161db5f7bfd90f", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559039, "uuid": "9b65a8a8-2161-447e-8e6b-b107bf92de11", "comment": "Malware payload (AgentTesla)", "value": "f3959d94fadfc76bbde0d2f9d0e6401cb09c330332007bb1298547be0d82140e", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559039, "uuid": "9d75e967-d871-4919-b592-643368daa2da", "comment": "Malware payload (AgentTesla)", "value": "0da2f06239358957a8df88b948426f79dbd8266b", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627559039, "uuid": "3f4a2aa1-4983-45b1-b350-8192c21e8c98", "comment": "Malware payload (AgentTesla)", "value": "9f77dbff2453524950688fc68de60a8f8ebf0f4233f3ee5ce6957197d99266b3978c3917b18456b108cb95b22b604f93", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559039, "uuid": "cdd6313f-3346-4867-9a39-a4348a1d76ef", "value": "T10F42C02452F634E50200064A420B97BBBF9B19C90852BCFB71ED141A72B479F3266BC6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559039, "uuid": "b3621252-de5d-4978-b8a8-3c67d59e999b", "value": "192:peohVGbSKWUdauI8r8gJQOmuBsNWLz82i7wKZ25tARBbL/bnu5CdSRkOqO:vVSWUYumXurz82i/eUVzYCoRhqO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627559039, "uuid": "e467ace6-3bb7-4661-9bef-5beefbd2d528", "value": 12042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627559039, "uuid": "eca47dd7-0713-40d1-ac07-8c0de5563604", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627559039, "uuid": "e0424183-5745-405b-99a9-b8aabf44f929", "value": "RFQ(scan documents).doc.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4506d228-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627534990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534990, "uuid": "da30c559-0fcc-4367-a016-2a9af268bfa6", "comment": "Malware payload (TrickBot)", "value": "153c4db701ecc1a14346752a3e575f6a", "object_relation": "md5", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534990, "uuid": "43f82504-b4f4-42d8-bb86-07997bba717f", "comment": "Malware payload (TrickBot)", "value": "f4aaafbaa0469eb26a37cf3c73d46f6fc2f05f579fe0bee3ba9b0af27368ae7e", "object_relation": "sha256", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534990, "uuid": "44aba32e-7954-4dc3-aab6-6ed08f900d66", "comment": "Malware payload (TrickBot)", "value": "6cabb729034707c9769330ee056512f2d6c45121", "object_relation": "sha1", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627534990, "uuid": "a34293e5-132c-4496-8cc1-4f99f0bd7856", "comment": "Malware payload (TrickBot)", "value": "5dc9c7d03e413d40f2d8d6b73c8bc2ac6a66fd8f068a6e031a5b9651fe322b0eaebf102847e95bf63efe40b1424d82a6", "object_relation": "sha3-384", "Tag": [ { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534990, "uuid": "e8231738-1d3b-4c29-a0e0-88f30a682cd7", "value": "T19DF2F1C5F3770B60FBB9DFA946E2E11A051CD4BE29582A0D92F42AF7C4B41680B415DF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534990, "uuid": "a36a8156-9f58-4576-95df-49731d91920d", "value": "768:LLpNJYPC3dJDsUd7MG14AKl7b6rHFGlJjUo8GH:Ld3D3N9MG1437bwHyR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627534990, "uuid": "c6b181bd-7770-4729-94a3-c5587eeca984", "value": 35829, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627534990, "uuid": "b7d6b104-a39b-41fb-aa27-d7c6923ebbc1", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627534990, "uuid": "58ed320e-9e1b-4337-8dbe-f973f4d1c185", "value": "2021APT-28_3438453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c813f21b-f07e-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627571287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571287, "uuid": "798565d5-addd-4340-b768-e4046547c67a", "comment": "Malware payload", "value": "2ce1e1c56c82708afcdcfccc8c3892f7", "object_relation": "md5", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571287, "uuid": "665daa67-61e3-409b-9be3-59844bb07b1d", "comment": "Malware payload", "value": "f551e2fe91759214b38f06d03c73f8afcc6171bf0218439106b00533855b4639", "object_relation": "sha256", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571287, "uuid": "bad2003a-8e5c-44ba-8833-395f69b48234", "comment": "Malware payload", "value": "a9b57f3ab08bfc51e7e1cdc93036035a0086f1ad", "object_relation": "sha1", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627571287, "uuid": "2c6d810e-9a13-4eb5-9592-0242e421fa46", "comment": "Malware payload", "value": "9419fb2c67bf66325dc3102b081e07a5553e687fafc10a33954846795f972f768ca295e4989afdb81cc66cd7949058a5", "object_relation": "sha3-384", "Tag": [ { "name": "47.106.217.103", "colour": "#3E39B4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571287, "uuid": "2dbf529e-469a-484f-927b-dd8473ef9311", "value": "T10614D049C6C0FC81E2BFD0C9BDC36B2A757177BCA9445A389452D16BD2C32CF21AAD25", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571287, "uuid": "d798d65b-0b94-434b-ab6a-d88a48862cb0", "value": "6144:6gcAT9NFl6yaM8ADqlkGFalzWSOlBOcE+7Wp1u:/l9NT6yFkknaScUc3Eg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627571287, "uuid": "110d9381-f754-4a78-b046-c978115aa28f", "value": 208968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627571287, "uuid": "b1265595-a8d6-465b-be53-48d91dc9363a", "value": "application/octet-stream", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627571287, "uuid": "2739ab82-955a-40ee-9ee2-090d6541730c", "value": "7rDo", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35ce04b8-f0b8-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627595953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595953, "uuid": "3fbf6937-4f33-40a2-808e-0c355b374dbf", "comment": "Malware payload", "value": "36ff4bc4f115dcbd1df72fee2d437faa", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595953, "uuid": "466c16ba-66af-4659-9b1b-e9b5d460ed74", "comment": "Malware payload", "value": "f5cde504acc103fa1cbec78c35367133f5bcae035962727dbd3384dd655639f8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595953, "uuid": "d0299637-437e-4bf8-a694-2accc608312e", "comment": "Malware payload", "value": "691d0b87d0da6ded4432bb4239a64bb92e68b0d2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627595953, "uuid": "f44cdb53-c7c3-4159-85b5-f1767616ddb9", "comment": "Malware payload", "value": "2117806ee7e2973d08f684769e087351341308f803db366a913e8a4bd30539dac49ecfcf240dd2f658943172104f0c1e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595953, "uuid": "54836103-89ae-442c-83df-7c0e6950fdf6", "value": "T16123A54676889316D8A41276C0FF686503F4BFDBD733968AAF4C768C1C523D6ADC0A4D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595953, "uuid": "a9ef896b-4198-4eb3-94ea-78269664c6c5", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595953, "uuid": "2cb7a5d2-c50c-4dec-98b1-38b21f98883d", "value": "768:/mBxxKAGShQxnQsSzx3Md94DOB8QodbXLr3X8mc0daryywF4t7ihu:ocAthAQLDOBadbX3scd8wuEhu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627595953, "uuid": "2c41b310-6e3c-4333-aef2-2f2b210ab37c", "value": 47616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627595953, "uuid": "9de4d116-1ad1-4371-8279-2aa471ae959a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627595953, "uuid": "e2e63351-790d-4343-a7be-9f8aa151dd74", "value": "01_extracted.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "351a82f9-f01f-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627530239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627530239, "uuid": "d2839d36-af0b-4753-aaca-1fcaee924749", "comment": "Malware payload (Loki)", "value": "0392453270a71b5a7a29b8c8d415978f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627530239, "uuid": "eb4707c3-bc5e-4093-91ca-4fe54d615fcf", "comment": "Malware payload (Loki)", "value": "f70bb08ecbd6548a7a3a52a0a2a151e87af472b185dd1adaa718a87a340e777b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627530239, "uuid": "2b79e603-254d-4f66-9000-2e7be769e62e", "comment": "Malware payload (Loki)", "value": "37869819f38607bb0f2a30f05573dfed03136d62", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627530239, "uuid": "09c98273-8fed-4e8a-bcd6-c243e230caea", "comment": "Malware payload (Loki)", "value": "5c5c510c9c2dfd120a3b8845d64b3336ed9ebb848ac4e10cf2ecbf9a6d252fc4c1564523b42c2df3a061468c6de858b3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627530239, "uuid": "b96eef48-f5da-433b-9025-84fd178c3b7a", "value": "T11E15AF3885D8976FF9EF077907E820B0ABF4E2123171A3992ED101B95CA2F55CDB4267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627530239, "uuid": "4005b15d-3d82-4ca8-bcd3-65eaac2fd630", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627530239, "uuid": "7c6f07c0-4fca-43bf-8ec8-b522645ffdda", "value": "24576:UTc8iS/d3YK64J1CiqlytXgB/Npsu+gio4:O8K64JAibt2arg5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627530239, "uuid": "c844aa46-e31c-4b58-9724-eeaf3c14e87a", "value": 892416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627530239, "uuid": "c4e45706-a641-4873-b7de-5d6057afd8fe", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627530239, "uuid": "5b91f1a3-16ed-4dde-a789-07a17c887ea9", "value": "0392453270a71b5a7a29b8c8d415978f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1825891-f053-11eb-875b-42010a9c0053", "comment": "Malware payload (Mirai)", "timestamp": 1627552808, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552808, "uuid": "4465d435-c8d8-4f6d-8d9c-c756ccf79720", "comment": "Malware payload (Mirai)", "value": "310a0f9cdcb37cc732567afc45d412a0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552808, "uuid": "cc445495-37b6-4015-8d78-422bc8f7be9f", "comment": "Malware payload (Mirai)", "value": "f72c316a9cf1debdcd077490dfab7c00a123f43e4354fcc37baf3859f43b85ec", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552808, "uuid": "75826a53-420b-4225-ba3d-34094feaba4c", "comment": "Malware payload (Mirai)", "value": "b505cf1604d0081f29109c9d4bbcd352d166cadf", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627552808, "uuid": "de085b8c-fe27-4182-8baf-e30f330a5d6b", "comment": "Malware payload (Mirai)", "value": "c0891253f47a42716e6b482304d815dc096c41830999d48cd961f09f40c86816ae9a5bdc48eeb6aa4322a2a08e6c76e0", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552808, "uuid": "65fbc922-924d-4450-b29e-0283ab992c51", "value": "T1E56402CBEB51BC7AFD9A8BB025670B1A77F4D6C5D2C3A580B36885443CBE241E7542C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552808, "uuid": "33adb114-373e-45ad-aac4-bd70a6ba5194", "value": "3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6coTa5POdOQ33Q:7O/QJHZweEL/NOjCHm7FZZncPPqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627552808, "uuid": "5bf83f2d-3b14-4550-846e-e0a010f36379", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627552808, "uuid": "4bed4b4d-88e6-4580-ae4e-9786ed6bae98", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627552808, "uuid": "0104a1d8-4b0b-4688-a048-19d6e846287f", "value": "Mozi.m", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fc41f58-f02a-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627535035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535035, "uuid": "16370fed-2341-42ea-b320-04b590470aa3", "comment": "Malware payload (TrickBot)", "value": "4286d6257c1965ac3e11521e6b11f116", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535035, "uuid": "dd33ceec-7564-45da-81fa-40be4e68fde5", "comment": "Malware payload (TrickBot)", "value": "f773f92cb396736d794019f16644150f97888960464edc061fb8ebd54359717c", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535035, "uuid": "d9b94385-7990-4b56-b5f8-0c619e1520f3", "comment": "Malware payload (TrickBot)", "value": "33dc71875ae670273e62dd43946d1e6f1f84ba2c", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627535035, "uuid": "dc22b6d6-2e84-4486-b2bc-de3f645eec72", "comment": "Malware payload (TrickBot)", "value": "2414884564400ca865f3b0e5001814e4d9a28e0aa737d09b6b70486038f0828594d35591b64715976144f0c8362f2faf", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535035, "uuid": "038dcfa9-c82e-4e57-8928-207dde0c4c84", "value": "T1D683EBE86BD0E417338D2F1BFE0A3AEAD1BA5C5796C47507D1587A5C24E921BC6A0CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535035, "uuid": "ffa6e5c1-b6ea-4e8c-9e2c-db065c3503ef", "value": "1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oH:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627535035, "uuid": "0d95c7d0-5b92-48d8-b46e-cce0cb726f5a", "value": 82781, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627535035, "uuid": "a36e70a2-4485-4967-a934-b7be6fb3b75c", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627535035, "uuid": "832e2213-6c62-4aff-81ad-8d7bdf650fc4", "value": "2021APT-28_8394453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f94b1c76-f06a-11eb-875b-42010a9c0053", "comment": "Malware payload (AgentTesla)", "timestamp": 1627562780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562780, "uuid": "57a09552-d247-4442-856e-884fb31b8ea1", "comment": "Malware payload (AgentTesla)", "value": "0d7ec0a18de21a37ea3f54e7d0a1972e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562780, "uuid": "9d2ec935-3be8-43a3-8b09-cd674ffd8af4", "comment": "Malware payload (AgentTesla)", "value": "f816449f25161cfd95e25d3e885ef160832e35214a0782237bd976f177e0f841", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562780, "uuid": "fb2fd89a-16a3-465e-9cf5-761329e90b9d", "comment": "Malware payload (AgentTesla)", "value": "7e1580335d6a2269f4b1eeb2d5dab5a0a2071b63", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562780, "uuid": "ce9a4545-04bd-4cdf-a549-c80f02868914", "comment": "Malware payload (AgentTesla)", "value": "ec541e6df08d4d4504405686ed9dea80511ac3a14cdee9183b9047bd4583063102c950b26c95e8c61d4b3efd6a7c0460", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562780, "uuid": "199fcb51-5544-4df9-8057-41cfc5ddb554", "value": "T18435AE3175D4CE1AF46F933A8FCE20244BFCF9023672A7A96EE122B54909F61D4741CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562780, "uuid": "fe203d6e-9efb-44f0-b65b-847f9e6bd729", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562780, "uuid": "5b850aa9-7ac8-48ca-89f6-03c21f3d54ce", "value": "24576:UwJPy6Tw8NN8iUbk5/dyaK64OfBhpeFhHIiNVSB:UDaK64YBhpeLIi7SB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562780, "uuid": "80302c28-d60d-4e1c-a2a6-b9bf4796d341", "value": 1137152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562780, "uuid": "e10cad8e-05b3-4c08-b79d-a512a925c84a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562780, "uuid": "d845b524-9291-4fc3-bfaa-1210dfda0d58", "value": "Zapytanie ofertowe-ETG4791.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "187d9999-f02e-11eb-875b-42010a9c0053", "comment": "Malware payload (TrickBot)", "timestamp": 1627536633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536633, "uuid": "1a43d4dc-c479-484a-9f6c-20966fce390a", "comment": "Malware payload (TrickBot)", "value": "6ef9bba4c012fe952257d6ddfeb32640", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536633, "uuid": "d7519978-91f6-4c55-98c2-f7771b8acdd7", "comment": "Malware payload (TrickBot)", "value": "f8f20084f32fb359436412a559fdba8cb99e29c1b4e4bf0aed877ab29117b472", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536633, "uuid": "bc3c506e-3c27-4a91-b168-3313a3c5c723", "comment": "Malware payload (TrickBot)", "value": "4cf6cee2eea955a332bd79cf542e1e0d0e23dc1e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536633, "uuid": "abeed3bc-e887-465c-80f6-758ad56f04c3", "comment": "Malware payload (TrickBot)", "value": "7fb8924937ea3713f1e0d7291c567435262ed285dc7c66b8724d860bf672fe6b67633820c93000a179edb13f66af0a87", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TrickBot", "colour": "#5349A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536633, "uuid": "9fac05a6-d249-4866-a606-592b1b1b9314", "value": "T14DD3C4D86BC0E413338D2F1BFE0A36EAD17A985792C07607D05C7A5C29E921BC6A5DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536633, "uuid": "ac22ce1f-8259-4b16-ab80-1be3122d1695", "value": "3072:6OL9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eb:99Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536633, "uuid": "3c121eee-c4db-4eca-83eb-998967a7c9c6", "value": 131370, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536633, "uuid": "46144949-344c-4e51-a1d4-51aece42600c", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536633, "uuid": "afbd56bf-82a2-4bd5-8557-ee6ddde73a81", "value": "2021APT-28_13128453.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e40890b5-f0c6-11eb-875b-42010a9c0053", "comment": "Malware payload", "timestamp": 1627602258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602258, "uuid": "669a5bf4-bce2-461f-b4c8-c7d17882413f", "comment": "Malware payload", "value": "167234957cd355de59279f397c80b336", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602258, "uuid": "7460ef37-ff5a-4585-afbe-4da446bc8ec4", "comment": "Malware payload", "value": "fa7dad6f360738993df98d339d51f095814902f38c924ff0125ec5112e9ca5c1", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602258, "uuid": "976f2102-be26-4058-93a9-0a086d82d571", "comment": "Malware payload", "value": "84b3ad6ffbbadee92a146dad250919a5229bd258", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627602258, "uuid": "eb73116d-1e3b-4ecf-b770-530024f757eb", "comment": "Malware payload", "value": "089351ac9e4fd98d1ebe558dcc4bbce72e805d64e27a58abef6c24b9d392e188a175568d1e5251f2744463ba8b3b8fcf", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602258, "uuid": "cbf7dc35-3bf9-476c-abd5-c3216f973175", "value": "T14AA5857B05FF12B01F54A29FAA30958E600E8526CCEB32972D95F517847CABB34C36D6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602258, "uuid": "4a159254-62d9-4534-adaa-84ef6afbe2a0", "value": "24576:XXPk3DlGCTdgAY8BoiPwebRSbzQUOJ0HnGc7KALe2yY5:XMIHQaoI5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627602258, "uuid": "ff772028-86dc-405e-8b30-47f682f155ca", "value": 2160502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627602258, "uuid": "eab11b7a-0fbb-4b78-b073-bb7f969b14ca", "value": "text/plain", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627602258, "uuid": "006e4d8f-86fd-44c3-b1f3-57b55b5aa5f2", "value": "presentation_70128.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e81f25f-f06a-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627562547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562547, "uuid": "8c18d664-1bd2-4569-8e27-d2ba5284430f", "comment": "Malware payload (Loki)", "value": "0a1790bae687e47fb09c3729bc9d4e97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562547, "uuid": "bd9d36d9-ff53-48ac-98b4-0f9faced0534", "comment": "Malware payload (Loki)", "value": "fbad50907d950465e55d98eea7d9a594ac5ecfe7c556b61feb0b5c9097c4edfd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562547, "uuid": "8a62f696-aeae-4fa5-b371-111b11eda4e4", "comment": "Malware payload (Loki)", "value": "0990cd0454c155e37c9db411bfe68510d1430995", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627562547, "uuid": "8fb87fc3-c4db-4844-80d7-d3f645ab83bc", "comment": "Malware payload (Loki)", "value": "28f77a0b3ba49bb9dd5da28b1ae0889901587d225d9a76ff40e08a13438c184010e81345649a75fd0c37c4faec45c21e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562547, "uuid": "0ea2f76b-2c69-4dd5-ab87-2267e51e28fc", "value": "T12C05AD3817570A63E275D6B69254E6C1FEE0D9D3B3C1CF09BA8365CB0D22A02159EE4F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562547, "uuid": "9eb46d6d-84bc-4152-b1c0-a7ca80fd8565", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562547, "uuid": "b2bbe20a-b9b0-4537-87e3-76922d0b65e8", "value": "12288:D5tMQBLw02iNv4suM3t4/4GHVvULPDyqxA/DMnc/QPR+iqY0+ra0hn8X4V7SxttV:N9Lw01usuD4HqqxAbM0Qa+BhK45S3t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627562547, "uuid": "5d02987d-cc93-4a28-965f-98ac08a56df3", "value": 844800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627562547, "uuid": "5666ce8c-5583-4640-90c5-7d0f340aef1a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627562547, "uuid": "badec009-c09f-4005-ac53-1be0f6e8e3b3", "value": "b5BBy6Py0vokTLF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf1b78c0-f0c5-11eb-875b-42010a9c0053", "comment": "Malware payload (LimeRAT)", "timestamp": 1627601767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601767, "uuid": "a0fd4755-1a06-48db-8aa0-f2486e9d1a26", "comment": "Malware payload (LimeRAT)", "value": "12cb486e08aceea42a1d3a2ce7eaea69", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601767, "uuid": "d07a41ed-67de-4eb2-a20e-69fee533d52b", "comment": "Malware payload (LimeRAT)", "value": "fbf0388628cb2dfc1457adee1af6c5ca5ba58338f9e80b5fc496a5ead2e8c8ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601767, "uuid": "14b625c2-05ee-42d8-a57d-437ecdb06b9a", "comment": "Malware payload (LimeRAT)", "value": "00dddccfb0d47c296db963ae91cd9530dde9e61c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627601767, "uuid": "3eb22b77-c968-4515-9662-200e446f73d7", "comment": "Malware payload (LimeRAT)", "value": "27d63f34b735327138b52cc338f6a803dc20a1e0f118185969687ce03f4eb789f0dea89cbc8be65f5d39305582d66d55", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601767, "uuid": "bf48a2a6-d5a6-4030-83ec-613fce744bf7", "value": "T10515AE157D88DE06C47E57368EDE42244BF8B882E5B1DF293EE433B85450763E83A74A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601767, "uuid": "362390ec-a7cc-44f8-bed4-41be7313fd02", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601767, "uuid": "2f1cd7b7-d09f-45d0-bf8e-0f9e8e499287", "value": "12288:vRu10z5N3Sy5/dehF8ACG0EJKjS+UPweBMW+FEyXeiksBEc:vQSNiy5/dGoRtjSFPw7JFVS/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627601767, "uuid": "f423fd04-410d-4871-ad84-9fa2bf8be54b", "value": 909312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627601767, "uuid": "85c95427-a9a0-455a-b72d-fff4765f0c91", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627601767, "uuid": "a3e13a8d-5589-4559-af8d-d2914effdd39", "value": "SPECIFIC.SCR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82505287-f02d-11eb-875b-42010a9c0053", "comment": "Malware payload (Formbook)", "timestamp": 1627536381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536381, "uuid": "a2a738d2-858a-4963-8e7b-0a0fc3bab0c2", "comment": "Malware payload (Formbook)", "value": "73b2297816d781be59b08d9beb6feb11", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536381, "uuid": "9098fc93-301f-4d28-b5d7-3d797e97bc1c", "comment": "Malware payload (Formbook)", "value": "fdf3a76b0ceb57085c3440ecc0f9ad8c22dba1c13782e6e0c84ffc29176e169b", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536381, "uuid": "783a7778-cce0-4d7b-b1f7-ac7c93b3af28", "comment": "Malware payload (Formbook)", "value": "8c10a3176b09f3d19ad337c7c6b759a5c6ae7ccf", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627536381, "uuid": "17830562-f259-4759-a66e-17826292bf5a", "comment": "Malware payload (Formbook)", "value": "cd793848aa1759a3676325bdcfc8c6fffb9500dc9b5b4975be157000938bba197ccc7fce7dc67d9795a615d424ee8891", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536381, "uuid": "519a7ddb-2b96-4097-bf2d-34850e6ca929", "value": "T164A4233915A09DE67DF4A22B201CC4F75AD0196AF1003E1F3BB718A454FD638C676AF6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536381, "uuid": "cc58df0c-40a3-4d28-a5d3-be0ccaee77fb", "value": "12288:w8/c4nW009paubjh6AHUGDkyFGdIbj5LoFRFMUtCJr+7kCov25VVkKA:IrKqlHUCkyjJoFRptA+kCI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627536381, "uuid": "5a0b1f9e-635a-4310-bf8f-91554f850d15", "value": 477494, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627536381, "uuid": "dcf269ce-4584-4d6b-910d-bdfcee68b6ae", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627536381, "uuid": "91aebf9b-ae6f-422a-8c36-a7be473c5860", "value": "AWB & Shipping Tracking Details pdf.tar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9be59bae-f082-11eb-875b-42010a9c0053", "comment": "Malware payload (Loki)", "timestamp": 1627572931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572931, "uuid": "993ee3c9-e154-4e63-a18a-482ea44af20d", "comment": "Malware payload (Loki)", "value": "078f1b5854ec5d8045046f828496e551", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572931, "uuid": "1fc6a6c8-3739-4e78-92c7-1224c0b5aa0e", "comment": "Malware payload (Loki)", "value": "fe2668f630e5386dd98f128872daf97950d7946d517a7b790611f0a4f7c85d4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572931, "uuid": "1532988c-fb39-4f92-9411-a490fee9da26", "comment": "Malware payload (Loki)", "value": "17d30776cc8fcb27c815e90ef80ad560a05aa356", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627572931, "uuid": "12dc2aa8-4336-491b-a149-30a07d57d6b8", "comment": "Malware payload (Loki)", "value": "fd8ab660d081504831c09d30e58c2ad26e705dc1f7238f1089424ce7d7ee91e796ab2894c31348d0a9246c6576785e3d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572931, "uuid": "11619903-f9d5-4ed7-9536-4ce2c83148d1", "value": "T1CFA4046A238A4917F679C1757653ECF5F610BE82AA119D0B86C67F8334232C1EEC5C2D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572931, "uuid": "f8323f4b-8c02-4e2c-b9d0-d93d77efa35a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572931, "uuid": "5dd2a1ab-d98a-408a-9a73-7cc9215e45e3", "value": "12288:NQ3p+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXmQfwTVtA+H:e1Q4JpzhtkC1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627572931, "uuid": "4e08f47d-6098-4970-bfa5-97e3d731de10", "value": 478208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627572931, "uuid": "bf6180b9-72b5-4975-b64e-d6ad083d7b4b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627572931, "uuid": "8358c321-8b4b-4fac-ae51-6e9e43408395", "value": "lz0th8Kf7EOOzD1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f956129-f065-11eb-875b-42010a9c0053", "comment": "Malware payload (AZORult)", "timestamp": 1627560240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560240, "uuid": "f3366879-6b3e-44ed-b3bb-144663d85ba2", "comment": "Malware payload (AZORult)", "value": "91e00dfab0a4c96a3eb89ea38eff74c4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560240, "uuid": "e547174d-315f-4299-9d82-e2294d5c35d7", "comment": "Malware payload (AZORult)", "value": "fe3b01680d6af2bf9852a095d114071b406e23e8ce0e4ad10b596fd8c6038315", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560240, "uuid": "01982266-d783-4dbf-9a30-235ec198c899", "comment": "Malware payload (AZORult)", "value": "36437c1ce663d7d812d3904d2af22ff38b2b215a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627560240, "uuid": "81c0c5f3-2c73-41fa-89d8-3a33e2e8ff12", "comment": "Malware payload (AZORult)", "value": "a78440f1ea0f55108c6ccc140141ffb1b317b17c2449a7b71b7757c13b48b1e29899338bb5a9de72daabeba5431d7f7c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560240, "uuid": "866a5517-1413-4db7-b7b0-7020a7c42345", "value": "T1AA35016AC6446F9BCD2C177885A2A81442FA7FF17171ED8CBCDC31E5A3F3A852301296", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560240, "uuid": "5e5a29cd-b78e-4fb1-bed2-f1cd02d2fbef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560240, "uuid": "da79865e-20ff-430b-a991-cd4a748cf2d5", "value": "24576:wjsyKjksSkssz+zuNAkoo6bquPATy8jh8N6Z9UnIZs:wj/K5zEu3//u8+N6Z9UnIK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627560240, "uuid": "de95369d-d330-4b6d-b1fa-aac0ece94b8f", "value": 1138688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627560240, "uuid": "dea3a655-1d73-4695-9be2-d72a5f83b753", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627560240, "uuid": "1d79f1e8-1b23-4a54-a872-6cfbd6475215", "value": "91e00dfab0a4c96a3eb89ea38eff74c4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eff31446-f047-11eb-875b-42010a9c0053", "comment": "Malware payload (Smoke Loader)", "timestamp": 1627547732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547732, "uuid": "a6a23d27-a63b-49f6-bde8-74df096e7c5b", "comment": "Malware payload (Smoke Loader)", "value": "ed41fd20293a6d8b7fda9594cc2b926e", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547732, "uuid": "1e583ed1-adfc-4c20-83ab-563324563fc3", "comment": "Malware payload (Smoke Loader)", "value": "fff093b2593add9b7f59377b88e4e9586a8b728d82df197aad087d7e95615fd9", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547732, "uuid": "8d108585-8d58-40a3-9f55-bdfe746bd1e2", "comment": "Malware payload (Smoke Loader)", "value": "776eaaa9e5ca33845087b480caade9239f6ad93f", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1627547732, "uuid": "630ad01f-2801-43a9-bd24-7ceab014f6b4", "comment": "Malware payload (Smoke Loader)", "value": "7cbe78a55576f874c337c3d8405c4ef11eaf24d4018885c311e44d7dacbb2cf3ee47c27db7085185b26160f6c8a900c4", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547732, "uuid": "40b151ce-29a0-4d8a-ad0a-c586e9d4ef3c", "value": "T15C449E30AA90C035F5F712F84ABAD37CA82D7AA15B3450CF52E516EE46346E9EC30757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547732, "uuid": "1a39207d-78c9-4d60-ab9c-0b4c2e10a321", "value": "1b88af86c3862540a4c514edccd5dac7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547732, "uuid": "98b84f20-f8f8-4c3a-ab90-1d42679b0993", "value": "6144:FO+cDZg2Dd1e3iSuEPgn8eliKPLxvEiVCug6:Pcq2Dd1eyS/gn8re4ug", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1627547732, "uuid": "e90eaad5-212e-447b-b128-d83ed2dc9a66", "value": 266240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1627547732, "uuid": "1d7a0250-ce81-4361-9bb9-1e9f7fdf066c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1627547732, "uuid": "06f75102-7ee3-4dc3-b5d1-4f609fb944cb", "value": "ed41fd20293a6d8b7fda9594cc2b926e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }