{ "Event": { "published": true, "date": "2023-05-19", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-05-19", "timestamp": 1684540981, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "fd934199-4988-4291-8da3-3093f0566c5e", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b54b196-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466859, "uuid": "dd39cbf0-e84d-4e1b-8f28-38bcfb90babd", "comment": "Malware payload", "value": "5d33cc46a2452b54fd938b302d004aec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466859, "uuid": "842829c1-f5da-49b9-83c6-405923b19d18", "comment": "Malware payload", "value": "001c988e2be28156ce6328d798d71fddcec425305cab1e4d098468a710ef6c2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466859, "uuid": "2fa4cde0-a16e-4428-bcdd-cf4c96591b1f", "comment": "Malware payload", "value": "f18568511c06a3d1ee0296a5e983857aafcbd8d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466859, "uuid": "361e64ff-81b6-4d90-bd33-afc7b4fa9df8", "comment": "Malware payload", "value": "fbc923e32c031cc9c651c6e82381ea15bbee1eb18b45fafe8612804ffd82fc5cd18a4663a8c12e7aab477d8c520f2c6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466859, "uuid": "86c007e1-652d-4a43-bccb-10082ef2fdfb", "value": "T13AD35B0287DB80B1D8A2CB7054BCD7B6A63FFE855B34D28FCB4A0DAA1431910E955F76", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466859, "uuid": "e7b0591e-83bf-40f8-b07b-b4f6077443b6", "value": "3072:dafpCgi7wjfRUb41fKQLh4HvNNE/DGweY:Uwgi0bRUbzQLuH8/DG1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466859, "uuid": "71c3547e-5fc2-46ab-ae54-9530429673b6", "value": 139264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466859, "uuid": "aedaacca-c4ef-4658-b4b7-36552b68c052", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466859, "uuid": "7f893bf2-26cf-446e-b58e-4dfe50780c54", "value": "SecuriteInfo.com.Win32.Evo-gen.9567.18074", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bbdac2c-f63e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684498213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498213, "uuid": "7c0efc79-15b6-4de8-9651-d25128184a90", "comment": "Malware payload (AgentTesla)", "value": "8b43bc2b7753df8164a07880a77b06bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498213, "uuid": "0280b3ed-656c-4495-91e6-c629fa8d0fc2", "comment": "Malware payload (AgentTesla)", "value": "005db23050895f239546d175465a49e57e399c1a880b9f585eebcce477f4e872", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498213, "uuid": "5042b4e2-c53a-4760-bcd3-91efecc9f4dd", "comment": "Malware payload (AgentTesla)", "value": "944be1e5149683a14fff284915b49c287eb98616", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498213, "uuid": "7148a63b-4920-4f52-97db-7f8fd796bebc", "comment": "Malware payload (AgentTesla)", "value": "11737ad9fef0189368f124ef8465a8131c784519f1f0dfc42b23ebf71cbae62b15f42cc1f60ccef2bcff7872eba81888", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498213, "uuid": "77696292-24ef-4497-a3b1-5dbb7522f05b", "value": "T175546855E99D68C8F3F73B009BAC19A4776BB8D7883A8D0C54B4E93E33DE401AC51762", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498213, "uuid": "33b2dc4c-00ae-44dd-a30c-8299ed5f9de1", "value": "1536:9Hmd+CKN/SoY+oYFt6C2AqtjZSv6FbheGzDv7b0DUZEZbI2WffTs2:9Hmxw/kYF8tjZ46FDfvv0DUZWat", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498213, "uuid": "e7bc832a-7a80-49e5-b84d-f7bd3e43560e", "value": 292184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498213, "uuid": "6425d311-89ab-4649-8894-cf0f83951e3f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498213, "uuid": "6f0c0948-c2e7-41e5-974d-a49cdccf9650", "value": "listener.dll.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "994091ea-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684486827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486827, "uuid": "3b01eb91-0e1f-4b54-8d14-93f3ab8a1579", "comment": "Malware payload (AgentTesla)", "value": "6b646f78ecaa120f33f8be8867d43d2a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486827, "uuid": "d043c4c9-9237-4c5b-a587-ae46347d6303", "comment": "Malware payload (AgentTesla)", "value": "00e77355e35927bbdca2fdebe7c8251af91d1ab90a5cd58957fd7587ef4fd71a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486827, "uuid": "23fdd875-e11b-48c0-afea-38f23f89aec5", "comment": "Malware payload (AgentTesla)", "value": "6664cd0853992d7c4361c04930abb9ab59ce65f2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486827, "uuid": "6114250f-26a1-4aba-9bc0-80d02b4a95c1", "comment": "Malware payload (AgentTesla)", "value": "cb72e8dea54d7447f0811ec8b6391b60fe57f19d0cb7283b0ab4e007fee4c6e2f6ef9214af543264ef1e5e35986fb7f5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486827, "uuid": "c91cd5ac-3f99-4c09-abcd-7a48ad971ca9", "value": "T1F6132EA671AAD501C5450F360CAFA7FB5736BC129EAA8357339EF32DDF31B448902606", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486827, "uuid": "e6e59012-c055-4e3b-bcaa-35a2abf53056", "value": "768:BPjk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJzkFBDip1NzJZvQ5lbtY5C2nONS+xz:pjk3hbdlylKsgqopeJBWhZFGkE+cL2NR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486827, "uuid": "990eb842-36ab-43e0-be89-792b54165f09", "value": 41472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486827, "uuid": "7bd75153-ca18-4e48-91bb-2d8865864f9f", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486827, "uuid": "5cc13ded-eab8-44bf-bd81-4292ad640865", "value": "BL Invoice Shipping_Document China FOB.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c05fc53-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497945, "uuid": "7888399c-9e2c-4da8-a860-f779e5daa646", "comment": "Malware payload (RedLineStealer)", "value": "5eea3cc2084f9c1fb72bed3a867f0491", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497945, "uuid": "544fd17e-91e2-4390-8162-1c76f0d8d00a", "comment": "Malware payload (RedLineStealer)", "value": "01226e42ad617ab2ba3974a6ac8922123f06181beb122a876e24d3a71ff2fede", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497945, "uuid": "48c6dc9d-8b71-4853-9c2d-0c984ea6fd28", "comment": "Malware payload (RedLineStealer)", "value": "06c8ea6bf74188b82e0d8b8f148b0153df5cbb66", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497945, "uuid": "1cb31544-0cbd-406d-8a92-8b337608a94b", "comment": "Malware payload (RedLineStealer)", "value": "0251988fbcdb202cde328490bef921e8d057fc780ba80871bf26424ccdc6e3f775f49a534819dd573b5566b42ab17523", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497945, "uuid": "037cc437-63db-4c51-8867-96908f4572ed", "value": "T17A252302B3C990B2ECF56B3295F703971E35BC5154BC464A3782A9AA0D725D2B73633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497945, "uuid": "39d7aeea-c82a-488c-a520-a870929bec92", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497945, "uuid": "01bffbc5-7dc4-4c3c-b63c-adaa0222258d", "value": "24576:IyNHx4bES9tJ1lVdsqIcQfN+vegtSKkF/F4Kp1yz:PZx49J1l8dH+vegkpFqKe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497945, "uuid": "d77ae251-88cf-45ac-81c7-b2f337bd5786", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497945, "uuid": "4cf28850-535d-4037-84c2-44984daf09d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497945, "uuid": "189d02e7-7f73-4079-b11e-1b6a54865d02", "value": "updater.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9fcce79-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524355, "uuid": "9f58507d-59b7-4398-a335-8a82644dff67", "comment": "Malware payload (RedLineStealer)", "value": "1db644fc82463b97e7dd217a4e3ea51e", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524355, "uuid": "360cfc8f-c5d3-4688-b780-c420aa4f2bdb", "comment": "Malware payload (RedLineStealer)", "value": "013a574c5d5d42b1df9bffbbf9c87e3ed28c2038539df2e75db95e905eeda168", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524355, "uuid": "9d7cb024-1490-49ab-b4a2-5db420b86fd4", "comment": "Malware payload (RedLineStealer)", "value": "9c597d85c81a4351c1f711b0f8af080999dbf7e5", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524355, "uuid": "b419183d-d33c-4e61-a393-9b9f17164d74", "comment": "Malware payload (RedLineStealer)", "value": "4414279740e68dfd4ef5cd4ba10cb46ee29a203715ca4aabc01dddd167e5ee235b759b29ff1e8026b9185b4a748a1908", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524355, "uuid": "1a4bd323-7ecc-4408-9373-24fa9adab228", "value": "T11EE3C524279F8934D67B4E3DACB19CC076BCEC12A542D74A4ECCF1593A73B809B116B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524355, "uuid": "eca492d1-dc33-4310-af0d-a260f455ed44", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524355, "uuid": "efc61aa0-13f8-4a6a-ab05-5fce148b4991", "value": "3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524355, "uuid": "9a88fe93-4ee7-41bd-be9b-9083ea90c44b", "value": 148528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524355, "uuid": "9c8b0191-f67a-46d5-92e8-a7da4fb90328", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524355, "uuid": "af5f1b89-0c63-4be5-9d77-9b6082f83b90", "value": "download.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54dbf26d-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524508, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524508, "uuid": "5b35e704-97d2-49eb-b6cb-a38b878bea8f", "comment": "Malware payload (Amadey)", "value": "66a4818b2f3fe5f49889e4fbd83bb9a7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524508, "uuid": "d2e65344-73d3-48fc-bcef-8fb68461d15a", "comment": "Malware payload (Amadey)", "value": "0163bd944ce8cdd3502f39d6eaf21d39a8611ca8155dae69fbca73e3765c61b4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524508, "uuid": "bf58b081-c0f2-44f6-bc50-503dff589ae2", "comment": "Malware payload (Amadey)", "value": "48d2626b09c2ac67fe4f3f328c949818aa428d0c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524508, "uuid": "a0697e5b-c19b-4f97-89ec-9d866a738147", "comment": "Malware payload (Amadey)", "value": "232baa161775bb88a9b7afbb39d839c04a824d2b326f151c1cef1190d9787cf66f38f171f991ef430b37a006fbaad788", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524508, "uuid": "f59d5954-7b85-4b8b-b26c-6815ac26a34b", "value": "T1FC252323B6D88073D9F817B048FA96C316397CA199B9831B23C5D44B5EB3AD2713176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524508, "uuid": "f4b649c0-617a-46bc-a8b5-af9e970b8071", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524508, "uuid": "1b724c69-b228-4c02-83de-65cc65376e62", "value": "24576:fy70dEGisdwCYTi7liFPRyqkSmecAOzzlwSj:qqEGisdvYTiZiF5fmvAO/l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524508, "uuid": "4d0d22d2-1efe-4e2c-8adb-610416f65090", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524508, "uuid": "8ffc129b-002a-472d-8937-956d3e63ef27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524508, "uuid": "f1988388-8250-43c7-8952-979800928903", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "979f253b-f637-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684495414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495414, "uuid": "968479e2-6d77-4cef-9c3e-6c5de45e0b7a", "comment": "Malware payload", "value": "cc1500fc9f497cfc47a35482bbda7f4b", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495414, "uuid": "25a34dc1-fdeb-429b-ba65-b5ca672d2e27", "comment": "Malware payload", "value": "027af12ab56369384794d451113a419d0ead090bb16c88ac3caa0eca33adf731", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495414, "uuid": "a02da698-fb72-4353-ad42-884bf841c2b1", "comment": "Malware payload", "value": "2b170a77e3a4927a9180e8fb1b12af0c7cbec50f", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495414, "uuid": "f41ba8b9-3887-4051-ad7c-50dd189b73a0", "comment": "Malware payload", "value": "a38ab6a5f0194ec19451db9740db48774f04976933fc9d5389f90061f4803ae6d9ae243c90cba3b327aaf830527f7538", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495414, "uuid": "c7aadd82-db7a-45de-9dad-30c32cd7a9a3", "value": "T121F62322758A8136F6BE82356A2AFB76E5F53BE407B140FB63D059CE19735C09361E03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495414, "uuid": "754964b3-1f95-4008-b2c9-1779e64addd3", "value": "393216:6hpKA95QS3UF688FWyhj9nEs0sCIeRREFjasK:yApFX80yhj9Es0sYEFS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684495414, "uuid": "844497fa-91f9-4ee2-93fa-15f3e2e88284", "value": 16434176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684495414, "uuid": "e2b84404-0634-4752-b054-e0abfa5005e9", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495414, "uuid": "3745ad14-a168-4e28-bd92-6034536b0094", "value": "JULRDDYJVXCWSI.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5b94659-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684488995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488995, "uuid": "f33ae397-2c7d-4700-b324-688a269505d0", "comment": "Malware payload (Formbook)", "value": "cc9da457b3759124ae37ab6ed050bddf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488995, "uuid": "b7349382-b1b7-450d-b814-8e6b3f77976e", "comment": "Malware payload (Formbook)", "value": "02b060c393fbc76a082ef0411f28e2be60bce1af80ea2df91f003e9b8a762b88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488995, "uuid": "4ef0e703-7174-4d0d-8f85-c87540290151", "comment": "Malware payload (Formbook)", "value": "134c076acb349bc827c28e486cc7835cdbb5c3de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488995, "uuid": "15e87756-2a5d-449b-aaa4-f18a4ca37979", "comment": "Malware payload (Formbook)", "value": "037343e2d856de0fa8553bb4f9d3f7615465c9066d7bd795906cd2b3558fe162bfb720b6a4db91896941b79195547991", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488995, "uuid": "f5d14aae-3191-43d8-9f42-fcb656e8b5f8", "value": "T1DFE4F13466D5870BD26E827980D0C3F057768C92F9AAC7938FD9FC5BB18F6F62212056", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488995, "uuid": "5797ffdc-0ad3-4ea6-81e4-dace468aa4c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488995, "uuid": "7456cd17-1069-4398-8862-0a00c536afa8", "value": "12288:Y1o0b1mpSNDKdUv67i5hlWA8U+FgJECQqO9mom:0rNvD5hMABMC3O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488995, "uuid": "5da11d7f-b6e7-431b-a3e5-365e83e74635", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488995, "uuid": "bb1521cf-b7d7-453d-a013-9cf12c3deef2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488995, "uuid": "a86ac924-0a14-4fbf-89f7-5a97f2e48f9e", "value": "revised order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30901737-f5e7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460881, "uuid": "91f1434f-f62d-4e4a-9af6-8b8b60db3de2", "comment": "Malware payload (Gozi)", "value": "98ee3c498fa4ef69a09b7f84f092cbdd", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460881, "uuid": "fc60052b-0705-49ea-9552-4e6d3dbb12fb", "comment": "Malware payload (Gozi)", "value": "02cd4ea997bbaad37b7aa99971c2b623a1ff9ee615c47b35ecd641ae950c1988", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460881, "uuid": "15a69a7e-dadd-4714-903d-744da2259979", "comment": "Malware payload (Gozi)", "value": "99e1e21ba11f4223f507b3be1bfcb3c32cb9ce5c", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460881, "uuid": "20a14ab7-40b9-4270-b3c4-fe551a2c143f", "comment": "Malware payload (Gozi)", "value": "578b9b20a4e333a53602df08b25996183f388b0ad3fb9c823df12d98dd9ac196c4a6224573ebdd73c36cc6980b35ba57", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460881, "uuid": "809ecf1e-0082-4bb9-9ce4-8e3462f6d304", "value": "T164A263E192D93C7D587762F4092841E1D5A68876BA5E1CE4F02DB05CF70CB24D2BACAF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460881, "uuid": "b1913660-c54d-419a-83fd-17498aea7a38", "value": "384:j03wqvR/MfljeBiMBC7b+jH0U3puaL02kECO:jOwqvR/yjQii+KH0U3plL4ECO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460881, "uuid": "44511441-0ee1-4162-a4dc-4643d654534f", "value": 21577, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460881, "uuid": "426c5da3-ea47-413b-9b8f-3e26bca61d2e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460881, "uuid": "df90e0a1-d059-464b-91c6-037bc9b60b3e", "value": "susp.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88a20fec-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497536, "uuid": "eb25e92a-3925-4c85-a706-7c76f57ce18d", "comment": "Malware payload (RedLineStealer)", "value": "a67628dfaddb6f82c11ef891becf8df9", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497536, "uuid": "45d4f6ff-ba31-403c-a88f-170fa50236bb", "comment": "Malware payload (RedLineStealer)", "value": "036cb1e7c1d7d7392853aa59d9b37cef44e35f7da06b3200617633ab15554dea", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497536, "uuid": "7fe8cb88-6509-43d6-ab8e-a9c2d2e21a42", "comment": "Malware payload (RedLineStealer)", "value": "06a4f0c43b7aec4ed338d7b3bce8d9957a075c20", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497536, "uuid": "f957cc60-fbb0-4baa-8c5d-8c3ebba890ef", "comment": "Malware payload (RedLineStealer)", "value": "ae183594c0bc1b04f38a435a50572781721045f8c649bca2f1d1422ee9af91c6c25f88c57f7dc38350610b542d2708b0", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497536, "uuid": "e5253ed6-59df-432c-a367-b854dc2fef9e", "value": "T178252303B6E49272D4B52B308CF707472B37BD916B78976B3B865A4B0D73684643272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497536, "uuid": "3f148c32-356e-48ef-904f-232e45aed993", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497536, "uuid": "917f4a73-ad56-4636-9d6f-9b377ba1bb82", "value": "24576:dyJIgrhVQrA6w5dCj14j78AVdGxg0LGXtsSvQqABpf:41rhVQrMQj14j7PV8TGtsSVA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497536, "uuid": "311d9555-1f95-4d2b-8ce5-57c601d97414", "value": 1044480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497536, "uuid": "3c012585-4c0a-4e82-9531-d6c7e766b41e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497536, "uuid": "4fcd709b-c038-44b2-b383-86df0a099dcb", "value": "catalog.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cd4d86e-f639-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684496148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496148, "uuid": "9d68aa62-2daf-46ad-a31d-a19224829a3f", "comment": "Malware payload (zgRAT)", "value": "fe12152d68a6e077f6882393535a1fee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496148, "uuid": "bcf7b6a1-d6fa-4092-8f67-ad562b2fd5a1", "comment": "Malware payload (zgRAT)", "value": "038724bef00d7175d07cfce55c48c470f7286cd9ad0cb81b2b508bd63a47dab0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496148, "uuid": "49ca344e-f832-43de-8c45-49400ceb9f59", "comment": "Malware payload (zgRAT)", "value": "6070bfd891c4e9d3b678dd2d3c6c3de980341f58", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496148, "uuid": "04d42e86-5b3d-4013-a446-b19fe982bf4c", "comment": "Malware payload (zgRAT)", "value": "1e207c6e0c1aaaa15e1a0eab8962bd0641c3f736a74390c8dd754843d8f09d748983c545d2f123a33eb69dd24cc651d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496148, "uuid": "9a830483-fe25-40ad-a2fe-9da357107b8a", "value": "T19674F1563AC05A06C94D24B4C0E3153213F3F5C3BEB2E7893A4846E92F827E9DD9679D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496148, "uuid": "0573f3e7-cfc1-4048-adf9-c119df25c080", "value": "6144:mafIvZe5ijc4ZA9LLINyWViQ8vjAuOieCgsjqdKXKn3efWEldhOtKZSrMl5o2gHw:xwR0ifZAlIwKiQ8zOieCWdKXK3xedIKH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496148, "uuid": "6b9478c6-ebe2-4d7d-a345-e407e7590906", "value": 354368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496148, "uuid": "df4291fc-99ac-4a01-95a1-e6d12fb5c445", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496148, "uuid": "9c11cfa9-05bd-445b-9274-572cf508d926", "value": "rKomatsuCota____o-RB01070-03RB01071-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f941724-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524445, "uuid": "79ed7e63-4772-4fdf-88db-a0ece8e75ee3", "comment": "Malware payload (RedLineStealer)", "value": "360d3b9932519696b953b53d0ba112f4", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524445, "uuid": "0700503a-bf92-4fcb-a52b-2f5de7b3ee92", "comment": "Malware payload (RedLineStealer)", "value": "0399314e439a67e303fa6a4490752339417577fbb30515879ce19e9efe7b92ca", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524445, "uuid": "b5f6eb69-f9cb-4d77-835f-b699da462a74", "comment": "Malware payload (RedLineStealer)", "value": "da8f264ec77c6fbdae360842296cfd70acb14189", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524445, "uuid": "d8b8a031-a81a-4e27-ac53-f572464aee53", "comment": "Malware payload (RedLineStealer)", "value": "01472a0acbbad958e69048cf5f058c4da0f018ee63e71170a498989ccac76bc0c6f8c7eaf2ef0f3b15faef660c577ec1", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524445, "uuid": "ba93dfdf-6696-4b3c-afa0-5beb6c525043", "value": "T145E3D424279F8934D6BB4E3D6CB19CC076BCEC12A542D74A4ECDF15A3A33B809B116B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524445, "uuid": "ad83b96f-c066-408a-9dd8-59795b4e54fd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524445, "uuid": "742a3fa2-8237-4f47-b548-55fe205e3c4a", "value": "3072:FV+m5c/QmRSNAwMqLza9nDEFth2ZG8e8hR:Fj2FD0IQth2c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524445, "uuid": "df626061-6f2c-4eea-bf5b-9a87f9acf227", "value": 149060, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524445, "uuid": "966417b2-797d-4475-ba48-c1fd03c85b2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524445, "uuid": "883bb80d-ff49-4253-a8c3-1a537b2aa233", "value": "pdf-reader-pdf.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92fb0f9e-f611-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684479085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479085, "uuid": "68149a51-e469-4d61-a3c5-fc5d58f3b0a7", "comment": "Malware payload (AgentTesla)", "value": "d6bea8682c5b227b8ce39955d781f6cf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479085, "uuid": "d39914dd-20ab-4442-8f60-203f9ddf8b97", "comment": "Malware payload (AgentTesla)", "value": "03c383e84c13c58beb33eb08eeb9a9fd5a5958d784b4057c215e45fdef18f905", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479085, "uuid": "a8e4a92b-49a6-44e3-b69a-5108f6aae0f2", "comment": "Malware payload (AgentTesla)", "value": "64fe8172299b86d7898cdc73269a706d167ba2af", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479085, "uuid": "3a1ddc29-f15f-4d3b-9cc2-c39e76da2df2", "comment": "Malware payload (AgentTesla)", "value": "0e19bf05863200947a06fcb4593ab1281a020ead84f2084a2eb0cfa311a8c88ca39ad7f8aed6cbc6f3891fe06b35c684", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479085, "uuid": "0bd4558d-ae8b-418f-86ef-0f17c1421ec8", "value": "T182B423AB2DDE9311DABE0428C61C42675FB66E7E585F345EBA09BB58C04048FD2F9F10", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479085, "uuid": "235ea25b-d2f6-45a2-878b-37c56d21cbf9", "value": "12288:rmxQ1inC9DxEYsL5F8rDVE3Da83WewDaKkDpAwvzB4GgBvB:rP1DvEjNF8rpE3Dj3WtmTqzZB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479085, "uuid": "ddb50589-0de6-403e-b119-48ec913a46ff", "value": 522071, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479085, "uuid": "3817d1dd-6170-459f-92d1-39577a99281a", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479085, "uuid": "ffe24736-2f50-494f-b4a7-adb0b300ee8a", "value": "PO_UxKQ7Trv3GMRFQ0077062001767.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c55198f-f5d9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1684454996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454996, "uuid": "8441424c-fd7a-46d8-8673-c7eed65708bb", "comment": "Malware payload (CoinMiner)", "value": "6efa2cd0f1f512cddfad2faa457eddcb", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454996, "uuid": "066a37e9-13fb-4579-a04d-f772ff4cd2df", "comment": "Malware payload (CoinMiner)", "value": "03fcf785b17d2ef8014c2bc90129da267f899218312c789ce94ee24e9a97c105", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454996, "uuid": "bd9a8221-0ef5-4e5f-9e10-14fe24fc9647", "comment": "Malware payload (CoinMiner)", "value": "5ba6af2698c3a3a86d1132239c0033284762f755", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454996, "uuid": "72ac13a2-5354-4856-a663-7274284474c4", "comment": "Malware payload (CoinMiner)", "value": "18248458af8e5afa7bd4117f8f0ba2ce015d97f4bac249433d19b63079f71a09adc4b22f2120343b74a8630c9f581d43", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454996, "uuid": "521a5cc0-7c77-4145-a682-0f449b9a2622", "value": "T1D8E423A0B2879F36D5CC6DB784450D7B28AAC77CB30CFD9E089A3750AD66A014E457F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454996, "uuid": "0da45180-dfb6-4a7e-b459-815d0b57c574", "value": "12288:VkQDvtTSFQ/Lumd4Sx0ROtr3L+IbX8Y+D92ulpCqb5kQXn9L79f7D8C:VDlTSFQ/CvSR9b+E8Y+R2uLCqb55tL7O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684454996, "uuid": "b3574992-ab61-4d3f-8132-bb4f36d3d916", "value": 679424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684454996, "uuid": "c44b2b16-bc0f-4105-b59d-bd9ca4c837c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454996, "uuid": "c846f918-8c40-4451-9cfb-dc4b5b39f44d", "value": "Qaxxckf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf634649-f5e8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684461577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461577, "uuid": "cd8efc5c-9c38-4f73-b372-d4b5af659160", "comment": "Malware payload (Gozi)", "value": "2cd0c7369e5f933954ec6347d3960ca8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461577, "uuid": "07f3ba1e-d94d-4cc6-9092-df02ecffaed6", "comment": "Malware payload (Gozi)", "value": "0423fd21a639d16d71c50b15fdf96b7e19690583b2aee6f25443329d0e8ea0eb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461577, "uuid": "f9c3a0a4-be23-4de7-a46a-e89a8997f5e1", "comment": "Malware payload (Gozi)", "value": "c64e1e3b115c4353b6d7a0f7e37eaa136fca81ec", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461577, "uuid": "54689254-09ea-4d6c-8959-2cf138152d75", "comment": "Malware payload (Gozi)", "value": "eaa9036192ab23ea3dd6f019b8b69c11a020fddd489bfe79fce4bdbc7391011b17a34dde60382925bebd7c19f5208f9b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461577, "uuid": "41075932-4593-4eab-8294-ea2f439cd56c", "value": "T122448D41B581843DCCAE10303BAF86B6467F79F14B90D9CBB398EDD989E06C24A3575B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461577, "uuid": "c594e50c-6abc-43b7-b67d-4dd183b38034", "value": "96588d02a1b8c6a68c44fca3864a97ae", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461577, "uuid": "a10cc8d2-ae6a-4a94-bd0e-6924a257e6cf", "value": "6144:solShcC99jZEHTpe6w46DlUZA+8hiYQE:/SR99j84lYYd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684461577, "uuid": "9afe0cf2-d28b-4678-96eb-653524d841e7", "value": 274432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684461577, "uuid": "ad934411-0644-4745-bcb8-2c079cf15b3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461577, "uuid": "1a8c44b5-c1ee-4599-a68a-c01b74c30636", "value": "6466d7bc3ca81.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b6fdbaf-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497514, "uuid": "f218d8b2-e05a-4361-9bef-bb473c8fa8ac", "comment": "Malware payload (Amadey)", "value": "029a0dad2fd508964665d87b5455d4ca", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497514, "uuid": "e05d5301-a66b-4140-9d89-9961103b41fc", "comment": "Malware payload (Amadey)", "value": "04557805538f183cc5d0fd9a97f926215e66fb16fa465ff31d4b3fb60a34b02f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497514, "uuid": "c89134b7-4426-4de8-bee4-004d488f853c", "comment": "Malware payload (Amadey)", "value": "48cd0266ff01bbbe6578cd6f2d917cc620973ad1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497514, "uuid": "49febaaa-3e10-4077-8aed-e961deaeebbf", "comment": "Malware payload (Amadey)", "value": "83405f89ba91d93df15728bc07a49c2aac5acc25b61fcb8201956135319b7be8785fa1c57832b5711ead14130be25f83", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497514, "uuid": "5b2f3bc7-a68b-4940-91b1-d110ffe1d27f", "value": "T138252313B9D48023DAE117B09CF503D317317CA14DAAA2EF27495CA608B3AD0EA76777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497514, "uuid": "f345e0df-fc53-45e4-a0f5-f4815f1bb930", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497514, "uuid": "02b728f9-55f5-4b7c-af00-b99816a7e75c", "value": "24576:pyWRRYBdsQG6FS7YbXtlWah/T4Gcs89dDrtuN:cWRTjMz7WBGcs8HDrtu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497514, "uuid": "76721d24-0b10-4e6f-8581-903fb95d7fbd", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497514, "uuid": "d42b3c64-e8ff-48a1-a33b-ed722cac1015", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497514, "uuid": "3c22ba91-ea06-4e43-b447-68b954c1d7c0", "value": "backup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "932dd36c-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516022, "uuid": "eaae2724-5665-4a7f-bcac-c5b1e7f78fde", "comment": "Malware payload (Amadey)", "value": "00e740955a7259c205ca21ee00e26cb8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516022, "uuid": "359f6430-32c6-4378-ba12-4ac4903334bd", "comment": "Malware payload (Amadey)", "value": "0468b2eddec82ab2848e290766750dcd662d338e10c2c0a6071133f30fdcf480", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516022, "uuid": "ea788d47-f035-4635-a99c-772cf0d1b561", "comment": "Malware payload (Amadey)", "value": "18f0f73873a127a75a4e7b5b03ee4d24ebf55311", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516022, "uuid": "e296e4ef-629f-4ab8-b385-e1ee8d918e06", "comment": "Malware payload (Amadey)", "value": "af28c011e54a96539656477865cd670878e8d6c9236762e07016af1e323832377fa453d43766da3091c0da11825c8b8b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516022, "uuid": "aa35f181-1f08-4627-aa5c-d18caebf44cd", "value": "T1BC252303B9ED8072E8F5577028FB23431B39BC81D965867E2392D9969C73780A672377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516022, "uuid": "a951f57d-a731-47c3-b5e2-8e808de846ba", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516022, "uuid": "52dc2cc2-df45-4b3d-a66a-fb4a0dbc3720", "value": "12288:KMrHy90ialmSS8+Fhb0F5b6LBj92lzWpNHtqd6MPB64qsiwIn2acsIs1pV48eBnh:9ycdAh7SzWpty55xSYlYVGnUef", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516022, "uuid": "8a459509-ad2b-4364-81fc-310ac1d17579", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516022, "uuid": "1d187cac-c9bd-4b48-8e50-fceca6395c67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516022, "uuid": "3bf9ef16-dd5b-4115-8c31-7c989b8051c3", "value": "Launcher.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "743b32bc-f639-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684496214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496214, "uuid": "39d346fb-373a-4608-a210-ca7bda234239", "comment": "Malware payload (Formbook)", "value": "784b7d12402a2b9900c3b0228312b5ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496214, "uuid": "e43169e6-e04e-4059-ba78-e79cae1ba093", "comment": "Malware payload (Formbook)", "value": "04a56a61c1ee4f2b5710672cc9d7564086746e99d1e1ea32baf845c5be3758ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496214, "uuid": "187f2cb5-7c53-48d2-ab7c-85852e60331d", "comment": "Malware payload (Formbook)", "value": "d2380976badb2ad8cdd0b0b38aaa22d989a95bc0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496214, "uuid": "2bfda6d2-7d43-48b7-9d98-fc238fd0b2ac", "comment": "Malware payload (Formbook)", "value": "3c8ec37a8dc4914c2981e9ca7ff4b1360c55316a6fed3f73e9566557b10038950425a413fb982fd23d45484fc1c2fa3f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496214, "uuid": "d0299724-3b5f-444a-b925-29bad09389af", "value": "T18B15F1D119A44810E2ABAFB50AB2F23893B56D91EB63D30924F02C977D37D877A057D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496214, "uuid": "5fc7a929-48ef-40a6-8173-822e7ec614d9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496214, "uuid": "dddcad6f-6fb6-4699-8597-99645ed77741", "value": "12288:DrLpNaPn0YPX/N94+OCreCEl1aa8UJlUTcRssz573VP+cZegdgmCn7ravxhXaFXE:CP0tZCEln/JNlZdgN7rE0X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496214, "uuid": "4ef95294-0026-4d15-ae3c-552b4a6d802e", "value": 929792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496214, "uuid": "39d86d85-6f06-4837-99b1-2d97677c8ce6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496214, "uuid": "789bbb37-3898-41ac-b5ed-48041b2c8fba", "value": "Quotaion-pdf-.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "070eaec1-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524377, "uuid": "38f5a769-f71e-43a2-8508-2850f7516245", "comment": "Malware payload (Amadey)", "value": "d5aaf2c39eec4116d98a65b19df82b9f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524377, "uuid": "edcefedb-1acc-4428-b8e9-07cc8b781204", "comment": "Malware payload (Amadey)", "value": "04d2e42ea815bea1a5f853ece211991058cc124c2bc60f2789be5191b642bee5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524377, "uuid": "414e5d8e-e4df-4027-8fcf-bcff6d6e7e3d", "comment": "Malware payload (Amadey)", "value": "45a7e35e14533e3eed82c28f1ed97982e5f3fbc3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524377, "uuid": "56e21b5b-c2c4-4b6e-9482-14c021e67371", "comment": "Malware payload (Amadey)", "value": "9c6e44e9063ce1559c9ba2731f60e1d1cbb21d75b2fcf7ea4078946ced3a8eab4dd348411994d34a15266d5660cab738", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524377, "uuid": "4efce700-0e24-44af-b6f0-6a838d605a13", "value": "T177252243A7C81136D8BA1BB418F717972B36FDE19AB4832BB389958F48F2594583035F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524377, "uuid": "a9886cfc-0730-43ff-af2a-28da0746940b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524377, "uuid": "90ab0315-494b-4b4e-8965-a7da55e70695", "value": "24576:CyLzggweRSKxlhhqdExwSiz+n6zZtx0SnQ1FM/1M:pLsTKxl/qYXwzZ/0SQbM/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524377, "uuid": "80acda2f-821d-404a-a9e4-24a0112b773a", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524377, "uuid": "31a31bed-2b2f-4240-9208-076b82de9d01", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524377, "uuid": "213da9c8-ac9e-4269-9290-3112ea7a3a1c", "value": "engine.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df69e69d-f65b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684510996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510996, "uuid": "61b663cb-9ca9-4101-8e57-2de1153ecb2e", "comment": "Malware payload (Formbook)", "value": "99a12ce4a1c70ef4268d828b018bcbf6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510996, "uuid": "0db21d81-cb2d-4fc9-97a5-26e49af1be56", "comment": "Malware payload (Formbook)", "value": "04e338b306c1f8ae3c2025bfa779a5926f0432270792db5acb944e486c7893a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510996, "uuid": "7f77cb7d-444b-4c82-afdc-6ef01139d958", "comment": "Malware payload (Formbook)", "value": "31eade1627cd235f7790806ac56d8da1dcb788a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510996, "uuid": "0277814f-d6a3-4d2a-8081-9b5ca11acb38", "comment": "Malware payload (Formbook)", "value": "3b57c7d56b19b4ce618fe36328f2ca1579ac87ad896c9167e60647462366d90c5bbcc1ca84b9b45f9fa2efadd33883d4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510996, "uuid": "cfb79f24-f236-4305-a628-a9e1ec8660f7", "value": "T11315E05126B88F55E176ABF92672E13443B52C10F727D3194CE02CDB3DB6F862A11BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510996, "uuid": "39cf17c9-aa02-45ef-ad47-d907bc409683", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510996, "uuid": "32640470-7032-40c7-8e0f-43f323463efd", "value": "12288:80VJLpNaPn0YPX/NWGhy4R2Q4yD2bX4auXoG46IxMPOEkWYiHkbjAsC50pB52I01:9V8P0N+9462TuXrbIyPO94HkwlY2X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684510996, "uuid": "040b4c43-83f1-42ab-b884-ead21ca30ab8", "value": 961536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684510996, "uuid": "dd489db3-30aa-4791-aada-a462d0aba3bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510996, "uuid": "61af6ed7-f972-4a4f-8613-ab3f0627a6fe", "value": "Product List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7753d5a4-f5e7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684461000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461000, "uuid": "f12cb838-d243-469a-96ed-a6250ac5f564", "comment": "Malware payload (Gozi)", "value": "bebcca0ce031750da6dc20f25b754b02", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461000, "uuid": "88ed91f2-d6dd-41ad-9e3a-b582cd08952e", "comment": "Malware payload (Gozi)", "value": "0574dc031a8b425a537f6a9f85ebeeb637fb3fb5d4e16e31fe93b189fe3f6054", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461000, "uuid": "b33fd019-b991-48a8-bc51-0bd95648153c", "comment": "Malware payload (Gozi)", "value": "af6f344caaaf4afda08691322e96f39526c12831", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461000, "uuid": "b972226f-0410-477a-b614-c0628efcb427", "comment": "Malware payload (Gozi)", "value": "268f241d04600706e370179a8121f7bde1e8a02317234f49a4e388569fc01b9ec2c0d531f6c3b34e23b048a4cb2e2b5d", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461000, "uuid": "42086eb4-496b-413a-aba8-1acdec35279f", "value": "T195D3020A34B1750A9DB6DBEBD1BA3B5CF638585BD4468C3CD82135E74B112FE1290A8F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461000, "uuid": "32f2f024-4bad-4b41-88e8-35e003973322", "value": "3072:T3VcwBRb8fyzHQP4BcXm7gXwTXX9NwpsyESVDJJJ4:WwB58fyjQwyXm7DzwppNw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684461000, "uuid": "a33a3da8-b72d-4002-a1bc-e45d0da37433", "value": 130980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684461000, "uuid": "07971624-0190-4623-bd38-d1d74f56d895", "value": "image/png", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461000, "uuid": "dd26a680-e1aa-4b8b-bdfc-71a8e68232ad", "value": "1 Total New Invoices - Wednesday May 17 2023.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b444890-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684500091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500091, "uuid": "5d7a90a3-3f5c-4e62-a559-5a52241ccad3", "comment": "Malware payload (RemcosRAT)", "value": "50c75bd6b68636218c3e8029b3fdf184", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500091, "uuid": "7d6f119c-14da-4016-9cb7-f48ff73d8053", "comment": "Malware payload (RemcosRAT)", "value": "066b046245de0ef6b1f19c24a924cbf696e734b359725308c838ce6a0deabe57", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500091, "uuid": "ee5438b0-c610-4645-b3d9-999f9a4e67f3", "comment": "Malware payload (RemcosRAT)", "value": "ab9f90f58b71ee0040d50014a74aea9789054846", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500091, "uuid": "960f8862-845c-4140-8bcc-b2a026bcaa64", "comment": "Malware payload (RemcosRAT)", "value": "d62cac833ca82a323ef0935452b4e9bed8fca5437e335c6a61f703cf3e1cc8241b956a74b7955af006b5d20c7fb22619", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500091, "uuid": "d2490a71-b895-436d-b6ec-cf7ac3769546", "value": "T14B646B6A1314C07FD9EB9E32545E50F85B528CE889D9C0CEADF4BF0F94B68B1C60B589", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500091, "uuid": "74ae7ad2-f032-4480-9acb-9b95a011e49a", "value": "b40f29cd171eb54c01b1dd2683c9c26b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500091, "uuid": "eafafe30-253d-4e47-b61c-1272f10ed2b9", "value": "6144:8oShfJd2UuXgf4w49Cu0KV6/BmEtpPIFfNnKQ:lqJd2UuXgfu9zeHtpAFfl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500091, "uuid": "2d19dff9-7eb1-4e51-8741-d94718ac6980", "value": 315544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500091, "uuid": "ab012d66-a96c-4026-ab4d-ee8bf7c9828e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500091, "uuid": "e68a50b4-7654-471c-b601-da0f346ebfdd", "value": "publisher.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e7a1850-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524390, "uuid": "fbe1814b-48d8-42d4-8487-c3c00017970f", "comment": "Malware payload (RedLineStealer)", "value": "9efb5819958e8cc5066723213426e050", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524390, "uuid": "953bb524-9cb5-452b-b3ac-1878e637b967", "comment": "Malware payload (RedLineStealer)", "value": "069386e12353e2fce19f715f8aba3f09e336831a8787e50f1a3ceeeaa0a49528", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524390, "uuid": "36f0fda1-732b-4cdf-a74f-8deb6ba0d50c", "comment": "Malware payload (RedLineStealer)", "value": "95b0044a09da745dcaae87cf9d32613a62f0f09b", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524390, "uuid": "c06a3704-a59c-4e37-b12d-578d2e06831c", "comment": "Malware payload (RedLineStealer)", "value": "38c20f3515f53751d47f5858b2697bb04e9f7d54ec6b947c588304c219a3804566f4c9b417a61043a0fe6579df79bb16", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524390, "uuid": "66f90dc0-a4b2-4dca-b28b-4fb9ac252276", "value": "T165252213ABDC9433F5B12BB05DF642930B24BDE11D7C876B6781AD9A0C72640A472BB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524390, "uuid": "b44c2366-3746-4653-932c-bc2a903d3fee", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524390, "uuid": "311305b4-2ad1-483f-8da3-601e187dcb8b", "value": "12288:XMrZy90mUyuGdBTlqjMSxqmZAKXfE0zWNwpbT1/U3pKZGUQTvsFNjCnDpyelw6Rm:iyZBsjPdAKcQMwBxwVUo+jOlFRjK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524390, "uuid": "d9f974c8-5529-453c-bef7-529683a286d3", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524390, "uuid": "9b5dce88-400c-4c3c-8580-00f3f09dd2b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524390, "uuid": "07bd26ec-ad5f-4749-be70-57d50ac0c233", "value": "filter.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcdc142d-f62d-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684491182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491182, "uuid": "fda52ea5-3c0a-4d63-93e4-ed8cbef16454", "comment": "Malware payload", "value": "da751a8b4dc5051e9497ec72bd1940e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491182, "uuid": "baa48c30-9239-4e8d-a8d8-93d0d6b667ac", "comment": "Malware payload", "value": "06c2bee008c0ff46893c0ac7d8384e368afd9fe5b9a2b6c29e6c53ec11ee2979", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491182, "uuid": "ad795964-5978-44c9-bba3-2367ef2ce48b", "comment": "Malware payload", "value": "4eb2e9d51de676af8b037555a1c0cade772d06c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491182, "uuid": "ca5ef647-343e-4900-b6d5-8c860785a257", "comment": "Malware payload", "value": "282bab5c681b947f168fda2eeabbc6e7e2fe2bb8cdaaf989abea375f16b628596cb6e9146072c04cf3f39bd9497cd794", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491182, "uuid": "aa885e01-8dbe-4a41-ad8a-0769221e3140", "value": "T1B6123C83FB544A72DF6D4BB42033837AC67AB6621B25B3133BBB5458CB72590E81605F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491182, "uuid": "4e6367e3-971b-4b87-95a4-6f4e1b097914", "value": "8381ed08224171d59d76e843964bfda4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491182, "uuid": "c41b68d6-dd35-4dba-8943-cd4428c5ddac", "value": "192:gukjvnebghZWJrvjONEYXa1f0qtxEkNJ5pz6fM8:Xgveb/JLjVH1f0WOkN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491182, "uuid": "88ff1e00-afa7-49ee-bbe4-960237dd5c8c", "value": 9728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491182, "uuid": "318aed73-88cb-4f52-a570-388dc13ba46a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491182, "uuid": "2f5a23e8-a5ca-4280-a398-28ee44cabc2b", "value": "06c2bee008c0ff46893c0ac7d8384e368afd9fe5b9a2b6c29e6c53ec11ee2979", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca7eb931-f639-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684496358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496358, "uuid": "d311178c-940c-4208-a2bb-300e5ff451b1", "comment": "Malware payload", "value": "1ad55ec825984289cff9c48ddc7ac3bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496358, "uuid": "33d0ac0e-db62-48da-a1fd-f5e1beb4efc7", "comment": "Malware payload", "value": "06d9be14b9e7d80d36eb61e217940d6c2960aacd7290dde7b53a4bafe056d331", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496358, "uuid": "951b7df0-666d-4a14-9cb2-3fcddfaba324", "comment": "Malware payload", "value": "7306189152b101ae9f2c41ef579e9a04d567a8be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496358, "uuid": "6c399305-6f40-4347-a292-132b6c1cea19", "comment": "Malware payload", "value": "0ef438800c164568a5c9aec6789bb49b34ef5d0c3e29de25b8aa429556ee433614c7087dcb10e0522a67afc5e4b415b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496358, "uuid": "77d346a0-c2fe-4fc3-8444-3862e31e0ef5", "value": "T190172AA523A521C7FA72E1B48D069B21DEE0B19F27286653349CC7D03F46DE22BFD584", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496358, "uuid": "bde9a88e-eff1-4b54-884a-69dc38c93aad", "value": "42373151be0f02dd9c1b6e07f0600dee", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496358, "uuid": "847158f4-a7e5-4994-9e7b-624297ef1f0b", "value": "196608:vbH5bEHGyKIS1w/sjHOmCO8TI9BqwZjx:zHaHawkjuG4I9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496358, "uuid": "8dbe9d69-a048-4b74-99a5-71be08056370", "value": 19737088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496358, "uuid": "57747cac-b3db-4694-b8e8-b4b0325ca90a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496358, "uuid": "6d12dbb4-b15b-4662-a068-29fae6b2f56b", "value": "WDCloud.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6be5bbbd-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513809, "uuid": "74c4a8b5-48f6-47af-870a-a19ec90506b2", "comment": "Malware payload (Mirai)", "value": "2f3c795df57abd76ac6e08d413e11faa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513809, "uuid": "6c0ef9dc-5b27-436e-aa9b-05d92d2496a5", "comment": "Malware payload (Mirai)", "value": "071cb22e4393577c1e4059d730d2b29dc3b442beaddcfc87116ab55ddeaea50f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513809, "uuid": "40bc2f11-6cd3-439f-97a0-18f238357f3e", "comment": "Malware payload (Mirai)", "value": "669e6d137d6c73a53de2cb225ba488152dfd9d23", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513809, "uuid": "646d989a-efd7-4593-a5d1-6166473ae7b3", "comment": "Malware payload (Mirai)", "value": "5f932adb1682dc2ba5dd162594ebb72dd411c132c5e8d28e0afdf53cf9f8e42840cc4e0305d12789b44c59771d94f549", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513809, "uuid": "b82fbc1f-59f3-4aa9-8549-f5da496911cd", "value": "T157D33B46EB418B13C0D61779B6EF4246332397A493D773069928BFF43F867AA0E63905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513809, "uuid": "277a71fe-11c0-4917-9df5-ce0e5de8032f", "value": "3072:TNyTMSxpFrm5JaOvJJpDYrcn8zlp2ipQgGH4s5KM/9aWY+744b:TNyTMepFQJaOvJJpcIn8iaQgGH4IKM/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513809, "uuid": "d52900eb-de74-4325-94cc-234576ba0882", "value": 139944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513809, "uuid": "1ee8d74a-da55-4141-9962-8177b866e000", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513809, "uuid": "ef96697a-3d58-40d1-8d12-a50de672124a", "value": "2f3c795df57abd76ac6e08d413e11faa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba210cda-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531120, "uuid": "b040bb28-895a-4013-bfaf-4f2a513f832a", "comment": "Malware payload (Mirai)", "value": "f859a896a86e561d740e1c463470addc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531120, "uuid": "749c9df7-df86-483e-a9ef-0f4ac55b31e2", "comment": "Malware payload (Mirai)", "value": "07670e5c498d54dca94d6f5b293583e99e564f52d60934f6c42066ff4b300f13", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531120, "uuid": "213bbdab-21e4-4c31-ac26-96fda441f85f", "comment": "Malware payload (Mirai)", "value": "0b97860dffaaea57ec337342c3e206c03c613589", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531120, "uuid": "ef59ab59-7b60-40f1-a12d-2a4bacd5ae71", "comment": "Malware payload (Mirai)", "value": "192cd45a8f717b6e62c4106e4ae4050784ad23b0c51f248f0aa7c240c7577329884e64fda9119a81434cd86e581f9e81", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531120, "uuid": "dd60f00d-a554-4a83-a7b4-dd7f400f85d3", "value": "T13F632902B3080D03D1A71EB0263F1BD1B7AAD9C122E4F685795FAB96C675E334585EE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531120, "uuid": "79fa4c8a-317b-4194-b1fe-ec551625c139", "value": "1536:PTY+q6nlwBMhUZRSmDi94NbgOLjjRwbZnlhn:Xq6oMh6Zi94NbgUjRwbZnlt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531120, "uuid": "e638e675-e87f-4e68-8653-1438a5064297", "value": 66972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531120, "uuid": "9ed3654b-dca7-42bd-a594-4ef9ce008362", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531120, "uuid": "7c2b28f1-850d-4769-8d2b-faee05574652", "value": "f859a896a86e561d740e1c463470addc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ca035a6-f5db-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684455882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455882, "uuid": "00f07af9-051d-4183-940c-b1b12a8a3294", "comment": "Malware payload (AgentTesla)", "value": "63217b32331319ef2582dbd8d0566bc8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455882, "uuid": "054069d3-f7ba-4540-8217-c5efcac16459", "comment": "Malware payload (AgentTesla)", "value": "07f01993306030d708dc2b5b42d4a6aef41c0c2f597aca066138689a6722a25d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455882, "uuid": "393ab9ae-3591-4f1f-a2a7-2f805eaced3d", "comment": "Malware payload (AgentTesla)", "value": "070d8f2134391a7fe6f80bb44f7a4ff023f7268d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455882, "uuid": "44514578-1414-4a76-8e60-68313a3c4718", "comment": "Malware payload (AgentTesla)", "value": "cea32664e2453af5aa5fdc0e1d03db44f31dfcbd755e798c8b4ed97c8d6509e55720f58e41ca205692916932e79378cb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455882, "uuid": "c571688b-7f01-4fb2-8c0b-cf1243dee041", "value": "T1DBF452394AB589EBC1BBD374A7CC499BFA73D817F15C9BA904D6034262436CEA0C21DD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455882, "uuid": "5bece581-3f53-4e55-bfc6-4fad64c396d2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455882, "uuid": "905acb0f-587c-4f71-8434-9c9c048f95ba", "value": "6144:y6RNJOSSTczS4N5I/jSq4IdGDhQb83aZZKHgjmQClPUiZTv/Jy2xMNrKcXsD8n6x:nXM9czSljS8u33A3vGJpGNrKccon6x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455882, "uuid": "75802eb4-0de0-4cd2-a4be-ed0c9adcf16a", "value": 762880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455882, "uuid": "03a0adce-dfb7-4748-bcab-db89b33419f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455882, "uuid": "72db7c1e-3213-4cda-94a8-8955dcc1315b", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bba8419-f5e0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684457840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457840, "uuid": "b2fa1260-e72a-49f1-8319-aed5d23bf8dc", "comment": "Malware payload (AgentTesla)", "value": "7134f542c59de916f00d9c57ff819851", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457840, "uuid": "1a7647af-9176-4ed7-acd7-61fffaa457fc", "comment": "Malware payload (AgentTesla)", "value": "08039866a2ef35ccfcaa62c6bb85a765d1bb557269bd2a076f469dd3073f43e0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457840, "uuid": "a95f1487-fb05-459e-985c-974928fb1b01", "comment": "Malware payload (AgentTesla)", "value": "5a99081e0ea718cc97180fa1d0905117eaadc766", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457840, "uuid": "24f05b85-27cb-4abb-acc6-d4c782a08ebc", "comment": "Malware payload (AgentTesla)", "value": "5f6c30e2dd712dd3b656c4f5bfcf9dcb1d05bcf2c39dd5f4a98941df5df3bf2cd69c552b2290b9973031863bbe32a117", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457840, "uuid": "b4e7f038-f77a-4ef7-a518-5a56d82776f3", "value": "T1F105743D4AA6C9EBD07BC3B49BCC4917FABCD833B454DA2B19C60742224175EA5C219F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457840, "uuid": "c5e83625-fead-42a5-86c0-34a9e373ebd3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457840, "uuid": "383bfebc-58b0-44bb-ba61-f037d9dd750b", "value": "12288:DJUzBvHJX7rHYSljSDPWxPjfGhw8wfuV9nkMt23kxjC4:DJUd1HGWxLfKwfcxrtFC4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684457840, "uuid": "05134544-05d6-4b1e-8530-40f31dc8858f", "value": 873984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684457840, "uuid": "0c6a70e6-350f-4163-b482-ca8e7eb84655", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457840, "uuid": "0e5ba47a-55ab-4f8c-918d-dbe2c9fd70c9", "value": "QUOTATION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22b05e97-f60e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (EternityStealer)", "timestamp": 1684477609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477609, "uuid": "19b0355d-77ea-45f9-893c-fc76b9a08e60", "comment": "Malware payload (EternityStealer)", "value": "405f5eb6453f66e478a5f4c168616bfe", "object_relation": "md5", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477609, "uuid": "6d143eed-6762-4631-9889-0cad2e94942a", "comment": "Malware payload (EternityStealer)", "value": "084e0cc2f7f21c82d8591bff89bf0d19e54fa3a6f9d8f4c78e2ff0cdc14ce4eb", "object_relation": "sha256", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477609, "uuid": "4af231a5-f281-4699-863e-2f87229dde05", "comment": "Malware payload (EternityStealer)", "value": "c7f6f50f4d2a7fb6c4e07cad0781607ef45acb78", "object_relation": "sha1", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477609, "uuid": "7fa6c632-a793-4110-98e0-ce83cea1011a", "comment": "Malware payload (EternityStealer)", "value": "86fc0b49e0b37ce33e89b887a43b2e0467fbf323e183a88dbc4b04f9a38015e1255f844bbee9d9e6d7860e0088898473", "object_relation": "sha3-384", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477609, "uuid": "ea96dc05-7718-4ad5-9789-72b9533b3e52", "value": "T1AC5523187B358E39E2E4213D45774334C3B016266F13B78AAB1571A13E62DAE4F436EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477609, "uuid": "4fc4e2b3-2032-43f4-9e35-2511b9c49aee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477609, "uuid": "c0a20b57-0fe2-4fe6-8d15-d61fa38e49dd", "value": "24576:zOAkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxY:atHZ5MMpoJOp+MIVai7Tq24GjdGS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477609, "uuid": "927c75a9-0818-43ed-b23a-fe1873c8cd4f", "value": 1355776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477609, "uuid": "8ff9947d-8afd-42ab-b334-3966868fc7d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477609, "uuid": "eaf2b25c-f8c1-4161-87ef-ff9b6e167407", "value": "405f5eb6453f66e478a5f4c168616bfe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fcf3c8d-f5da-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1684455377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455377, "uuid": "6a3be329-eeef-4a11-9728-3a2ef2dea7c1", "comment": "Malware payload (ModiLoader)", "value": "2a461d6f6b3f039cae610963c02e9a4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455377, "uuid": "62b8d2a5-7952-41f1-bb91-7356afb4caf5", "comment": "Malware payload (ModiLoader)", "value": "087b184c6b83b47fff70ce538cd46c2e0b1873682f27be9c8c022ba4d881814c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455377, "uuid": "1de72d29-05b4-445e-a94b-357365a3db03", "comment": "Malware payload (ModiLoader)", "value": "e9668215998f40302ee4ff478a55e0978bf55c71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455377, "uuid": "040d6c99-9af3-4a2b-8ea2-88c73404b986", "comment": "Malware payload (ModiLoader)", "value": "9eaebd4f3cec47f4ccfb379edffcd3a0b2e181a30855a8fbcec02cece2b60d0cf3b74e6dfd631b74ea44c8b0ee71821c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455377, "uuid": "63353cb1-0f0a-4854-b326-89630c6fc26b", "value": "T1C3E48CE5B6D14437C2252077CC169FA768397F911EA93252FAE5398D4F3E1C1382E3A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455377, "uuid": "1dc143be-dcbe-4d57-92ca-0ccdd23753d4", "value": "cb2246b23cab56592059eefe05ce4d95", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455377, "uuid": "57c92626-445d-488b-8534-af312a6be113", "value": "12288:kwU+YPHr4rE/NZYAVM6Gw3F7NeiugicyPjDjPVRnR/1qb:klB/YNpw17NNugihDDPR9qb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455377, "uuid": "56b225db-1643-4d34-959d-6fb49022a656", "value": 708096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455377, "uuid": "31c7e7e7-00f9-475d-8d11-eee88e9fabb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455377, "uuid": "4366cc47-9e4b-4e87-8f11-5cefa10af63f", "value": "Invoice 0097477.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b74a0f45-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516083, "uuid": "b75905e5-0368-4f8d-ae22-cfd8b8e83b51", "comment": "Malware payload (Amadey)", "value": "44a2745f5433f5fa4e1cd6d29593fc62", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516083, "uuid": "c43cfd78-7446-4799-9a10-26e7088535d8", "comment": "Malware payload (Amadey)", "value": "089e8391db736fb70571f908a3252660ac22f9247087fa6b5ad647a0661ea4b1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516083, "uuid": "ef24665e-7ce3-4364-ba1d-e55d2117bbc8", "comment": "Malware payload (Amadey)", "value": "e8641d6dd95f8e2feb6995c4466b65d6dd1efe7f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516083, "uuid": "b521008d-bbc7-4a15-b66e-22755a2fb681", "comment": "Malware payload (Amadey)", "value": "2cfb32fa221d3267c33fabf1f1e78a5ef0bd7bedf73dae1127d74047178237b3547615f6939ad2fe49ea6d7dec91fdb4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516083, "uuid": "d520083f-54c5-4fff-aedc-ca2fabbe8004", "value": "T1B0252343AAD85473DCB96BB464F706830B3A3CE009F493DF6A5995884CB2D40B6317AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516083, "uuid": "05d487a9-60b1-49a6-9d33-fa9f74759936", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516083, "uuid": "356e74a0-b417-4b78-b496-43ffdc7ec816", "value": "24576:CyUtTZRCVIA9VK3AYMppu6wsdnm4h0/+CpssnRA54hNzGissTwkC3UiDqe:pUZXCKAyAvpespmg0/+URRdNssTwkCkt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516083, "uuid": "89c472ca-75ab-40b3-9ca7-9f30cf458926", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516083, "uuid": "1b96441b-7131-4ee5-8b8d-d99b8769eb3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516083, "uuid": "b4dceae6-a0e8-421e-be7d-4db4c0cc68a1", "value": "gameplay.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcd6a300-f61e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684484739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484739, "uuid": "16abb8f5-6058-4867-bfe1-e4f2eadc68a7", "comment": "Malware payload (Formbook)", "value": "a3f0a6f1fa1cbc9bf1a657aa6d38a8d7", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r11", "colour": "#29469C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484739, "uuid": "467e252b-e72f-4a2e-a9c3-26f3d0a6bf47", "comment": "Malware payload (Formbook)", "value": "08d938e8c57e7cacb29570facb91b726740a519840acad4872eee4a1af4ce8f3", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r11", "colour": "#29469C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484739, "uuid": "7fc4c62e-50e2-4d6c-94f0-59fa6b237bfc", "comment": "Malware payload (Formbook)", "value": "d50100f1de701bbe797571433bab157392977278", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r11", "colour": "#29469C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484739, "uuid": "b5aeb7fe-8fea-4cb1-af06-940e9190f1e6", "comment": "Malware payload (Formbook)", "value": "7c59640018980d1c1b011b73d431d0b8b6bc3209dfc05911ad02e8e13ab2b8570be1063ea693b1ec37287a62057ffb5e", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r11", "colour": "#29469C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484739, "uuid": "e2b03818-8bcd-4ea6-aee3-d880341662b7", "value": "T1E3F4235B69B3DF57AA3B099A168138754EE31860314D80CDDF984B63F097CA77F91B80", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484739, "uuid": "dfd9c6ec-0adf-4923-884e-1f5becc9d10b", "value": "12288:H0qMJr6AwhWUHcdMjbbPUb6nTlUjvQgfkr6kZ8P4Y3Ll0ss9Wp0GMqccn:UxJ65wUHljPPUb6nTl0fkB8P4Y7WsQab", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684484739, "uuid": "5b49c676-8f27-4039-9b4b-c7b01426ae41", "value": 753259, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684484739, "uuid": "9f5167e9-1d7c-498b-b6ef-08f84c252f13", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484739, "uuid": "15850e82-3a27-4630-a258-24ceff65a2d9", "value": "New P-Order-19.05.23.r11", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44f6bb3d-f673-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521045, "uuid": "2e5effe7-a55c-44f9-a91a-36463228df48", "comment": "Malware payload (RedLineStealer)", "value": "0e750d08e29789974dd0c9bb12cf2176", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521045, "uuid": "80450cf4-4301-4b35-8726-97044c3c1710", "comment": "Malware payload (RedLineStealer)", "value": "0902b58935bc7d7a3bf47620ff8015458fe8f20b3704a702e17ad3d8ef33b3b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521045, "uuid": "2e0c0cbb-e682-4ece-ab0a-8ee5b40d07ea", "comment": "Malware payload (RedLineStealer)", "value": "3428083f2a1bc5c4bf04884a63cbf2b5cae56e70", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521045, "uuid": "6d8d9d5e-9ce4-40b3-b6dd-b424c2865dfa", "comment": "Malware payload (RedLineStealer)", "value": "a7d381a714b407517b16140cb8373398412489f98afcaf8ab1d576ad6d84e6e8d417ea8d5c7ae238bfbb35d75c8ed473", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521045, "uuid": "e61809bd-f1f6-49d2-85d5-be626d7d9cfe", "value": "T128252302B6E85433E9F017706DF513930B38BC825EB8D2AB2B93E45B4D716E5B472366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521045, "uuid": "8f503dad-b3f0-4e62-b71d-d1872417b307", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521045, "uuid": "c536b350-b7d2-4ac6-95f7-f7f58e81704c", "value": "24576:nyioLpuJqywIE6HjG4RmGkrY4M5m5g/EoZnF:yioLHyK6HjGDGkk48/tn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521045, "uuid": "6b17465a-d746-47f5-acda-3bd9d632176d", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521045, "uuid": "1af3265a-5e47-42db-85d2-808184d0ccf2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521045, "uuid": "e3958db6-aa53-4a60-ac05-69d992c89e13", "value": "0e750d08e29789974dd0c9bb12cf2176.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "206bea82-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (WSHRAT)", "timestamp": 1684478464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478464, "uuid": "82863b14-5d5f-4d4d-a68d-fec0972d4bc8", "comment": "Malware payload (WSHRAT)", "value": "261c683cdd89ac3ca4bbbd2fd7293c7f", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478464, "uuid": "837a24e6-1253-4337-ad21-67ebce7c1e70", "comment": "Malware payload (WSHRAT)", "value": "0953de8a253fe24fc1a889c903f246a455daf9d5f608931fecbf07bc6f9690cc", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478464, "uuid": "38cb3f9e-01d8-40dc-bf0f-21c104a2ab56", "comment": "Malware payload (WSHRAT)", "value": "9bf5f09bfb3260d4fea80896c3bb1b3354cb714f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478464, "uuid": "862d1cec-c0a9-449d-8f9e-e9622356af4d", "comment": "Malware payload (WSHRAT)", "value": "914ce40343c72e61a195089e812fee54d937be17d93d1da5a5f3c6c78395d74c0a80cf6575edb2942eec926984ed0fdf", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478464, "uuid": "eae520d1-7855-46cc-aa62-b03622c29098", "value": "T19125D3C3355DABB6B7F3E684C25157132A34C2A7191B2011BAC23E4CDF5E9842AF89DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478464, "uuid": "41cac550-1297-4984-ad6a-3cf91ff5abe9", "value": "3072:y87FJ6J9iYlueZkFrOdvQzU6FOoctj06BTZf4pcLYnGMhfWVbCh3:y87FJ6J9iYlueZkFrq06ff4pH0gh3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478464, "uuid": "6b8c4f61-e764-4321-a1f9-c509a50dac2c", "value": 1016016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478464, "uuid": "3f478432-95dd-4cb2-b9a8-dd71e2ca726e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478464, "uuid": "d1eb8cd3-05b7-464b-a877-a64828f18168", "value": "05162023.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bba450b-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524466, "uuid": "4112319b-ecf5-4b49-be2c-79ae3f852c2d", "comment": "Malware payload (RedLineStealer)", "value": "078ea532e5ac78cb560af52ef5980240", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524466, "uuid": "bcdf5c2d-0150-4aed-89e1-77364cd08077", "comment": "Malware payload (RedLineStealer)", "value": "098e8739cdd06c812f30419c61d292531df3ccf3f1661f1a5cebbb30e782b88e", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524466, "uuid": "09dfaf2e-4bdd-4f65-b8ef-3dd4cd98b746", "comment": "Malware payload (RedLineStealer)", "value": "d8ce4f6d8cb0ae1817b35c294d1cb24b4cfa77cc", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524466, "uuid": "4e98e9f0-cf5b-490b-a3fe-923530396111", "comment": "Malware payload (RedLineStealer)", "value": "6146c3e8fbceaad889a5b64a188c9ee33bc03b9e7cbe5ff2b216281dd19a5ca903f0adc18ae11ba788ffb6a71dacb153", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524466, "uuid": "ff91878f-79bd-42d4-9501-d98a14f61a7a", "value": "T148252312E6D840B3D8FA1BF119F71A87093BBD518934436F2A4A966B8DB51C1E130F77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524466, "uuid": "49a6667a-2323-4413-91b2-848bf5bd0d08", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524466, "uuid": "1568913c-d3c8-4c80-bfa6-c52a67371a51", "value": "24576:TylscxEhsTLUUxNmiWikm7YJV3j3oGDpI:mlscxwsTLvxwiQmAV3P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524466, "uuid": "983d56d3-593d-4bcc-98cb-0a6432d71f03", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524466, "uuid": "a6728fe1-c28a-4326-803f-de436da2e4af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524466, "uuid": "79ce5cbd-6929-4c96-bbdd-5057ec3c5ca8", "value": "reader.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7cded40-f69d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539330, "uuid": "c38dd50d-78ee-4d60-94a9-bb2bc6cb50f5", "comment": "Malware payload (Gafgyt)", "value": "dcb22cb4a701a995ab37735c33afb84c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539330, "uuid": "6ee37303-f480-4f30-83fc-91b02e1da330", "comment": "Malware payload (Gafgyt)", "value": "0aae0f26c28575f7249f3184a35af014fbc538fd403a5bfeba14ca084cc538f5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539330, "uuid": "17b922ee-7bbb-442a-a8ae-944ba50564c3", "comment": "Malware payload (Gafgyt)", "value": "759e4e826a005c8acd364be43a320adf96b1241c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539330, "uuid": "1179968b-b6d3-435f-8f1e-b09111cd3c77", "comment": "Malware payload (Gafgyt)", "value": "2cc3b16f203bc476d280ebc082a964e413b404a5c9da0184d5f75ddb7cb3c30c2ea2d6d5f20fd80f1cc3a9cc6d118447", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539330, "uuid": "9343c788-4fef-451e-9189-2bd04b34aaf9", "value": "T117C30904F901875BC3E227BAE78E438C77355E6457DB33156A38BDB42BE1B982D29270", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539330, "uuid": "0c0b8bf5-53d0-4eec-becc-3e3b6c55b1d6", "value": "3072:TGGhNnu3jGOEHgsRq753bhISOMmyVUQuiXfQd6W:/ruxEAcq753pmyVUQuiXfQd6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539330, "uuid": "0e8c998d-5728-4e47-bfb3-bd3d1c7729db", "value": 127723, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539330, "uuid": "9234ff3b-341d-4403-b86b-4f04d6dbd192", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539330, "uuid": "1de69ec5-4753-4341-a198-9437f13cca52", "value": "dcb22cb4a701a995ab37735c33afb84c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ff9c1e8-f5db-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684455700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455700, "uuid": "7a314e51-0163-4b1d-891a-0e371ddad62b", "comment": "Malware payload (GuLoader)", "value": "a181890ed3921d788821c0a60a209238", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455700, "uuid": "8f861c7d-9a42-4bc5-aad2-2169b0144e3c", "comment": "Malware payload (GuLoader)", "value": "0ab6668c4bc57f654f1b09af524dd2313ecf7900f347e0c0b2d5b9f8e07eb6d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455700, "uuid": "5d315f55-1636-4384-92b8-0cf6115fd872", "comment": "Malware payload (GuLoader)", "value": "a1bc539d996f64dc79cb8f72e4a1f0cc201b986e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455700, "uuid": "8ee202fe-51cf-4ed1-b918-3b3ed34e7ef8", "comment": "Malware payload (GuLoader)", "value": "e6b0ee064cddcd5c17be769ef6653ed2414031a7c5a75d046ee4d8c5154f7e501ae896399816e8c3f32627711d938301", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455700, "uuid": "6af6a095-0cfa-42d5-adbd-b62651223aa2", "value": "T1F384120877A1D0A7E26646B1897FE397FA35FD090E60520F23203E9F7C723919D5A369", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455700, "uuid": "767301dc-e063-4f15-8c18-02ecd0bce783", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455700, "uuid": "d8b96020-9cbf-4fdd-beec-0b099b16dfcb", "value": "6144:y4t6LsKwbbbbPbbbbVbbb7bbH+bobRe0bHjkF4qHVMe2SuoWtfYfR1jlKM96fvXd:ykKwbbbbPbbbbVbbb7bbebobRe0bHjku", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455700, "uuid": "8118ecca-6706-44ca-865c-fe07c8869e43", "value": 381152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455700, "uuid": "439bab0f-c740-43dc-b57d-72b5bddd483f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455700, "uuid": "89ab6ceb-4dc5-4e3c-8671-379b6024be86", "value": "RFQ-945730101-B0000005023019.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02f39b40-f62d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vidar)", "timestamp": 1684490870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490870, "uuid": "ed1395ff-4e81-40e5-a08c-20d75b395ca3", "comment": "Malware payload (Vidar)", "value": "9d01a39ac6f97e8d6b0ebceb2c76e931", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490870, "uuid": "f01513c8-0ffc-461e-b3a4-809134f0cae6", "comment": "Malware payload (Vidar)", "value": "0ac69869d49dd9bcbf25346a6887ad5a510079a9e12ecae1e67af361127e44e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490870, "uuid": "43515bfa-f1de-4636-9e04-ec2d68eeae59", "comment": "Malware payload (Vidar)", "value": "730640fdf1a2d4705da7f4f9375f5a96ad2543e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490870, "uuid": "06196a74-6d01-4a52-afdb-38ac44d11f5a", "comment": "Malware payload (Vidar)", "value": "d4e56ff4d3c5a7d43d4b1a90bad8e1bfe517087a7c675e6b5bebe011634d5e5c060e07b8fe2b57b3b4c2ac2ebadecbcf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490870, "uuid": "01843540-b9bc-4db0-ad6f-58b66c86b930", "value": "T1C21622B372E50084E1E9DE39857BBDE431F62297CA429C7959DBB9C137028E4D323A53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490870, "uuid": "814dfe68-6767-4fc8-b01c-88e1a34d47e6", "value": "a2f5171a69aa0c364fdec613d51f1b5b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490870, "uuid": "abab1a01-55d3-44da-b04e-0d1ce5242a6c", "value": "49152:gDOWkK1DejuIIojMjEa8+jLsoJEsmVesn9KenJVI2B9KU0hCRDPPp8PPaaymgq2h:gpQfyE/KLs3Ve4JVfO3hMjxkPV9yHqd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684490870, "uuid": "d48b7ece-a9d6-4d6a-a4af-c06f17472a4f", "value": 4078448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684490870, "uuid": "f316bd7d-b9d2-41aa-889f-30164125d413", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490870, "uuid": "51f72ca5-4999-4c55-980b-e3e98a40ae6b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbd51329-f643-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684500656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500656, "uuid": "f1671e06-6273-4e5b-985a-f0a39cc0b53f", "comment": "Malware payload (RedLineStealer)", "value": "9371abde35861993bc930824182d5620", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500656, "uuid": "47a221ec-445d-41fa-9bdc-5e78bc27ca52", "comment": "Malware payload (RedLineStealer)", "value": "0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500656, "uuid": "1fbe8402-c86b-40eb-b468-baee6d9bdc8d", "comment": "Malware payload (RedLineStealer)", "value": "27773d260e12fc5880cd15f0ed23d33a14c2a6a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500656, "uuid": "81893b75-61de-4ea9-9199-2bcd4a45ee64", "comment": "Malware payload (RedLineStealer)", "value": "1eddad8591cc3d4956bb81327e80caf435623e37943bfc5f07c5f9dfaf610e6d4908f46b16be3d2103d13372f73ed29d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500656, "uuid": "fd59d185-6a10-4e45-835b-543de9d433b3", "value": "T184948D03D2D1BC63EB2546728EAEC6E8765DF9508F0937D722186A1B18701F2C97E736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500656, "uuid": "915139b5-2113-48ae-a0d7-230317b3c0a0", "value": "33ad97a6371f251a2ce2085c8f9feaea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500656, "uuid": "084d8cca-5480-421f-9737-9694670e4837", "value": "6144:+J47ueRHzsRuKxdy9yi9QsaRUQKA5iUTZPPYHf9W3Mtw+JkDdKS93Tu:1uepEul9v9taRh5ioZPPUYz+SR1Du", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500656, "uuid": "d7713c6b-d31a-45cd-bed5-90368266c493", "value": 427008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500656, "uuid": "1af529ef-c56f-4128-b0f4-745a2d11bfaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500656, "uuid": "0ba1a988-9fcb-48b7-9d41-835d4a3995c3", "value": "9371abde35861993bc930824182d5620.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26896259-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684532161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532161, "uuid": "5a6d704d-d7fd-40b8-86f8-4d75d5af257d", "comment": "Malware payload (Amadey)", "value": "ac1ecb71f66ef003a97a18f83fedc5cd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532161, "uuid": "0630919b-4b30-4096-8433-099231cd8617", "comment": "Malware payload (Amadey)", "value": "0aec6fcbacc14e81abd25738d889245a1c91e48e5a074ae9d6233d175a68669d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532161, "uuid": "6aa047c6-1cbe-4513-90e3-23b1450b94e2", "comment": "Malware payload (Amadey)", "value": "a69c739675ee0352bc58224063124da17cfdd10e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532161, "uuid": "7bd0c4b1-a9b7-48d1-8649-f5a5725e633d", "comment": "Malware payload (Amadey)", "value": "5c34f5320864b8b6bac4b399182a2e56f94c9020339c240dfa3a86c7482a2e5f3d238dd6f2a32352e7138ba272e58b1e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532161, "uuid": "b583b660-c0c6-4c49-9e54-10781a84ab2a", "value": "T155252343BAD090A7D4B663709CF611D32B3BBCA19A74932B3681AD4B1CB3584E57173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532161, "uuid": "801c734b-8a58-4954-a881-11768c55e1cc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532161, "uuid": "f0ceaebe-bac2-4362-99e5-efc12c57ecc8", "value": "24576:gyeoJL9ZiWM2w6UWFGPH5YRnIocd+pRw:neoJHiWM2wpvPqRIocQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532161, "uuid": "9e85b3f7-ab15-421c-94bd-02e8d7c5fafd", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532161, "uuid": "74807c45-9192-4ea2-aa66-1cbba987928c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532161, "uuid": "7d5e2fcc-2690-4c5b-b97b-d117781f89f2", "value": "ac1ecb71f66ef003a97a18f83fedc5cd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "086d29de-f63e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684498180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498180, "uuid": "93cd373d-ddb2-4733-a053-bd4cd98d948d", "comment": "Malware payload (zgRAT)", "value": "ed4449466330f454a610a146c51bcd99", "object_relation": "md5", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498180, "uuid": "879f4b32-958c-4fa7-95ac-38683237f80e", "comment": "Malware payload (zgRAT)", "value": "0c0931a4cd15ff3eac97647cc00d2872fa4898858c0319b0897fa5bf3776cf9a", "object_relation": "sha256", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498180, "uuid": "cb51e121-f5e9-46df-8622-18dcd8e4b473", "comment": "Malware payload (zgRAT)", "value": "1f7d9622b64cd75ea442bbc47157ab2afe31c709", "object_relation": "sha1", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498180, "uuid": "aa8ef75c-4fdd-428a-a011-40db61a42645", "comment": "Malware payload (zgRAT)", "value": "f3539f360536adaed055866626c9f8367138416a34724649f034864653a8d515699aa46a24344f2d5212eaea5925d15c", "object_relation": "sha3-384", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498180, "uuid": "ed40dcf1-b1bc-4cf8-9d66-7768c55fcb4e", "value": "T1E714138ACCA02485263E0997BBC979C944F18B4FBE8DF8E075C4ED316919F1B8D954A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498180, "uuid": "cbe34e70-30fe-4a13-939d-0aad71474e2d", "value": "3072:ctuSD/pKLSKGXIRCoB3EvqPhJIB9Dz/2IxLvEID+rcwufK6+5JLQ5H1JCQjjFkOw:Vp263EiPhqB9f2Ix7M0SJM5H1YQCOetp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498180, "uuid": "60f4081d-2b58-45e9-9fac-11464e63c734", "value": 199568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498180, "uuid": "3196b590-4d1c-418e-a42f-694fdbb4e5f9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498180, "uuid": "b685513d-a43d-4396-8bd0-e5acbf77cfd8", "value": "245245254.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7949474-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531653, "uuid": "cd04ed5e-435c-4eb9-b722-3de9798382b0", "comment": "Malware payload (Mirai)", "value": "f238ae5011e38d49aabb041f0cca5801", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531653, "uuid": "95cac4e4-9d7b-453b-af8f-a595ff71be52", "comment": "Malware payload (Mirai)", "value": "0c14db41e6be5bf177e33a14636896518b73d0472c62050475a386b04f41e0a1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531653, "uuid": "212bb4cd-1ab4-43ee-b386-6849f658e236", "comment": "Malware payload (Mirai)", "value": "eb684f0c1b46b587b9cff991cc2af60659385cd4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531653, "uuid": "6c42451a-2316-49dd-87f5-60faff4e3cf8", "comment": "Malware payload (Mirai)", "value": "7152ae427818e47d51df8279014bdea466f09f70e28c512a84ad243f3c4b75e5a7aea85641eb5bbb084bffe2fc739d13", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531653, "uuid": "dd55c4ea-c907-43eb-a084-9ebf8e67ffa3", "value": "T156131956F8924E26C2D4137BB67E5A8C3370A3E8C3DFB217DD506B61B98640F0D96E90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531653, "uuid": "aa141e57-5bd5-4767-9aed-a10f852d5184", "value": "768:8gkzU2FvG5lMFj/7mMPaNzAT89OLJimtf/+PYvotbVMP/OXRfzLcwewbZn:fd2tG5yN7mM0zZMtfWPYoV8/OXt9ewb1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531653, "uuid": "23e88849-2797-435d-9a59-45af2dbdf7d4", "value": 44616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531653, "uuid": "7c9a92b7-3e79-4665-b965-241b28262b5b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531653, "uuid": "f123c3a7-380c-45d5-9d8d-da45798600a7", "value": "f238ae5011e38d49aabb041f0cca5801", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad493bff-f676-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684522509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522509, "uuid": "86e1e34e-f493-4c83-8358-10ef59a3e1fd", "comment": "Malware payload (Mirai)", "value": "a51b8b6661b6ea7d339a66c1100e6bdd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522509, "uuid": "a7fece07-34d2-4a32-9da2-3ce4b4dea0a9", "comment": "Malware payload (Mirai)", "value": "0c66077d1f6f335b3e928f0506ab8f068de1987a292dbd2d5495cfb46de44a36", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522509, "uuid": "c5f2ce35-d92a-466d-ac8d-e4f27a855ad5", "comment": "Malware payload (Mirai)", "value": "956730e264347a610f969e81836322426c8ccf4b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522509, "uuid": "7e536d51-ca1c-4abe-b273-69604870cff1", "comment": "Malware payload (Mirai)", "value": "96125af35c3988993c4d44454741b30703628eef258609445352bb24ad6253d4cdd2ab6c3123b41fc41bcca4b5f8e86d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522509, "uuid": "8c137592-50bd-4586-a9c6-600f5aea2e40", "value": "T141D2D07E690000B5E95FE07C7FF603676B340FA5BD1A994F13ACF28BA91106D38669D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522509, "uuid": "e6024cf0-b877-41b8-9f23-bddf930b4be0", "value": "768:G8bEL70kbgfQkRI7fBCwi8YGikJgGlzDpbuR1Jt:GN70kbmQ/fB24lVJuT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522509, "uuid": "d6f83a18-09e0-44d2-b0d3-843d5ae0261a", "value": 28380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522509, "uuid": "0ebacd70-0c9c-4d12-85ba-6b02bf6d128d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522509, "uuid": "96738827-5c7d-4cff-abfb-1242098e5213", "value": "a51b8b6661b6ea7d339a66c1100e6bdd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a44993fc-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475678, "uuid": "cccd7b11-d054-4698-887f-2dc607d5146d", "comment": "Malware payload (AgentTesla)", "value": "c4643726009547b6b69eb11112d8e1fa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475678, "uuid": "7ed90931-d37e-4213-b901-a798a17ebfb6", "comment": "Malware payload (AgentTesla)", "value": "0cd219bcf6e303161859a84613942125211d25671ae158f5bd0cc63da22c5b55", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475678, "uuid": "66e3da65-8ded-49a9-876d-baeffe7d8237", "comment": "Malware payload (AgentTesla)", "value": "239ea04e6c143e1b705457c957fbc2987061f546", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475678, "uuid": "1ae9170e-4fd2-4b16-9aab-84962bcbc10a", "comment": "Malware payload (AgentTesla)", "value": "a373dd1d909f2f57267c42543343a4a99616d9f4cfd5354d89e29be13fda14d63005c9ee2e7c42af32c4307e12dc836e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475678, "uuid": "eb9b1a40-2e5d-4376-9cc2-4ee909c69f3a", "value": "T118D4026BA0A88F12C9BF57FB68F7720523B2351BB531D2DD0DCA10D91625BB84612EC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475678, "uuid": "aaabb298-6d6b-4a5e-8a87-dfb28dd23b50", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475678, "uuid": "d984e573-4c94-4cce-bfc4-091f8693867a", "value": "12288:bff2iNKeOGgJTPkB/SHUPUyUuOWke6RLe0IHg4jc2633h+MSlfzKP:Lf16J7kBJguO3e6RZIHg4w267yfO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475678, "uuid": "afe3caa8-ecfd-4c2f-9607-e8f61ad14fec", "value": 614912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475678, "uuid": "841a210a-e31d-4313-9b1c-e15756abb349", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475678, "uuid": "d319c9bc-6a0c-4cdd-84c9-005b0d326744", "value": "nuevo pedido OC00011636.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a549defa-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684531085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531085, "uuid": "4bf8a252-ba96-4590-9b97-5f57d3ea83cf", "comment": "Malware payload", "value": "0c1995be4772deea5dc9fc968da0715b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531085, "uuid": "24249b73-b77e-4fa9-86d9-9144be71f1fc", "comment": "Malware payload", "value": "0d5ea91be1ea39813dec02ad09a01324d9750d977c4f2dee20dd1d40731efa02", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531085, "uuid": "e729a87e-b53d-499a-973e-34840c6cd24b", "comment": "Malware payload", "value": "f5293fee5d7d3b053c5d40b79545c6c790afe93a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531085, "uuid": "5952b6f6-1289-42b4-aad0-d208aa282be7", "comment": "Malware payload", "value": "ba2dce0f87337f4196e4257d32b648be57461e5ad154b2becf132709fb624de47eb15257aecf772c9cad3ab5cfd7ac02", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531085, "uuid": "4467e256-0640-4152-b50e-96a40853df7c", "value": "T157634A96F801ED7EFC0BD37B44470909B570E3E156A20B3767A7BDA3EC721A56816E80", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531085, "uuid": "e5f7af67-e97a-4802-8547-2c513fc8eba8", "value": "1536:eT4Oo6lZdls90R5J8Te03+ecDx4BTzbotduQJeTBnb+y:eT4Oo6lZHi0R5rGcDGxzQJeTBnb+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531085, "uuid": "b65ef012-7c2d-4d39-885c-4a7d239e80ac", "value": 71784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531085, "uuid": "24f48c06-2a18-45a9-a4b9-d127e05b15c2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531085, "uuid": "61f1c0b3-e7d5-49dd-b34c-956497dbacab", "value": "0c1995be4772deea5dc9fc968da0715b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "264c04e0-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524430, "uuid": "6f74ba12-9828-4d04-9877-6fe926cfaac9", "comment": "Malware payload (Amadey)", "value": "824f5684df9a7cb508f307092b86d88f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524430, "uuid": "38f26a59-09c7-4135-803c-2854bebe0766", "comment": "Malware payload (Amadey)", "value": "0d6d95ccd4d94d220c4e0c4ee4838f7cd7f24d086e8f9d4749f33268617fa666", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524430, "uuid": "f4dd679b-06eb-4ff2-be44-f78b25541fd6", "comment": "Malware payload (Amadey)", "value": "5d0b8e080e457fa82d493a2b4f2a700900fdc67a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524430, "uuid": "8476407b-9169-4300-bb13-55cf7ee62e17", "comment": "Malware payload (Amadey)", "value": "cdd2368d3a6d112f73a2715618c15d16b97804e5d5cfeddf0735d8ece493b17dc2b874ac6aa1b9cc54ed0efb76dee6e0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524430, "uuid": "a1689892-e1e1-48a1-bef9-1eb2e729df52", "value": "T13825235377D080B3E9B20BB098FB269716347DD19E78C34B62C9195E9DB32806A743B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524430, "uuid": "4c45c27e-c227-476f-93db-82bdb12e4b05", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524430, "uuid": "da99f90b-e83d-46be-951f-c49f20f8bc76", "value": "24576:ByoTzYBOiKnKnn2CbuZGVB4Kas7Rzq/fTeTfCsY:0oTzAO3Knn2CbuZoB5lzCqTf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524430, "uuid": "cf134255-356c-40f4-ac71-a69f5b964b42", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524430, "uuid": "32a97a17-94af-4e9e-95f9-0d98f171e2a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524430, "uuid": "249d5353-24e1-48f7-ad18-9432a067f9ad", "value": "launcher.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1157ce6d-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497336, "uuid": "39e3ec8b-61a6-4e4b-be58-65c326c6a4e9", "comment": "Malware payload (Amadey)", "value": "d97567a9cd5ea38b4fdf006177d35336", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497336, "uuid": "86b6f382-0163-4fdd-bd09-f1e165a92546", "comment": "Malware payload (Amadey)", "value": "0e4d52bde59d9ff0bc96b2e4073dc054fcf58a7ec13a4750f778e894792c9c44", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497336, "uuid": "a895d214-639e-4ef4-bca0-d6b4c42bfbe2", "comment": "Malware payload (Amadey)", "value": "804438e7b075d0070bfc7fe7a534f4dfe76e55fc", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497336, "uuid": "eaf4c610-cae4-48ee-8242-35e075caff0a", "comment": "Malware payload (Amadey)", "value": "2ccfaf4ffbb04cc4d32f5c213eb0c44267f82e13cada35094edd461fd26f066742780e68876711facaa9a99763cd640e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497336, "uuid": "2065ce2e-fbe1-48fd-8d11-59d6afe5fef5", "value": "T1302523039BDC8432D5B93B70A9F323831F397DB1DDB4C2AA1742AA4B5D72A44563136B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497336, "uuid": "70e95df0-af8d-40c2-94c2-464ddd5d3e71", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497336, "uuid": "5c40b5a2-1942-4341-8d15-3dd41c01b408", "value": "24576:iyYFlZyrPvWR8l2ftg/zwEar5Qo+ylyZoHXGqeS5IZHuPKcn:J6onWR88fu0Eqpl3HXGDhuPZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497336, "uuid": "23c13553-02c4-49a5-aee7-0d8400f02c32", "value": 1045504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497336, "uuid": "dae09c8c-7af7-49ee-b984-a8f8e9e74419", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497336, "uuid": "f3fd1704-6261-429c-86b0-6550c5d62721", "value": "d97567a9cd5ea38b4fdf006177d35336.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "625fff22-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684499620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499620, "uuid": "db5462c6-af14-499d-8dcb-a58a773af113", "comment": "Malware payload (AgentTesla)", "value": "caecd32bcc0b7e065924dbf4c37a01e4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499620, "uuid": "e678c35b-bb76-415e-98d8-2bc9b9167151", "comment": "Malware payload (AgentTesla)", "value": "0e77fc7adca97943ad5bca6f1cd20d05e80bcdda01b29087bf1d6fccd4379063", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499620, "uuid": "c718e5bb-f719-4e1a-8f43-225881e9a777", "comment": "Malware payload (AgentTesla)", "value": "eb5e5e14b83ff5259f5908de1179cba4f41fe3df", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499620, "uuid": "91cfea57-cb80-4397-bcc5-2334703585e6", "comment": "Malware payload (AgentTesla)", "value": "09252030c51bff5ea205fc5480d70da1a5fd4316412a8672e3f2e086c3396c13134fcc29fb9807d42dacd6534db0d1cf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499620, "uuid": "ea2b6e87-1f71-4467-a2c5-0bc53fee581c", "value": "T1DFE4D01423A58B4AE5BA47F54DE0D1F01BB6AD9EB435C21B0ED5FCCB327AB920711A13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499620, "uuid": "1eab5353-ae5b-491f-bb1c-e68ece1cd6a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499620, "uuid": "48572944-3d2e-4140-abe1-d95a87a5c6be", "value": "12288:zMqBG/uEspgx3NJx+FrfMzRWMZMYvXFt7F2yaKnS42klrcg:4qUEmdx+J4MuVtsqnxz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499620, "uuid": "054d724c-5dc4-4846-898e-ee5d18fd86ee", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499620, "uuid": "4c563b21-d4e1-42dc-9b63-0acd44a0d78a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499620, "uuid": "b1284707-d452-4310-9681-87a2d0a39b59", "value": "New order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87d9a3a0-f608-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684475201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475201, "uuid": "e8178b04-788e-4000-97bf-06b1181f6522", "comment": "Malware payload (Loki)", "value": "f599d1548ca2d276023f8b6c868dec5c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475201, "uuid": "cacf5abb-1059-441c-ada7-09f650b981ae", "comment": "Malware payload (Loki)", "value": "0ef06a3a72f386e4e45322d50c656c356672dbfd0bdf2a9332c8705c47c8bf1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475201, "uuid": "a046453b-b6bf-48ae-84b4-494e73d2c422", "comment": "Malware payload (Loki)", "value": "4ac6d7edbec9f62154b38e7b3a365c8570f95bc2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475201, "uuid": "fd3e8092-f532-4290-89b2-eae6289f3736", "comment": "Malware payload (Loki)", "value": "79679617bcf68004ea34da1ad799e31fb7f644a53d01a3cf13a052df81fdf1a372100cbdc27884ef2dd32e4b591333d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475201, "uuid": "66a3ff28-2a91-45df-8df1-ab641871380f", "value": "T15505E19165945D11E2AB9FB54AB3F23853792D91E723930964F02C9B3D3BA827F027C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475201, "uuid": "0950e046-8384-4a64-93f4-b4cb4abacc75", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475201, "uuid": "1ca6f247-c4ed-4406-a741-8db9ed180443", "value": "12288:I1LpNaPn0YPX/N94+OCJO5pUCKthNekT1dkxzpF3nJd0FkB7UBFZdGMsu55qqq:bP0tB5pVge0QJqYIBPvbHqq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475201, "uuid": "7cda4d04-c979-45e6-932f-68d3a04c7038", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475201, "uuid": "04f3e81e-0ca1-458b-81e6-1c51ae70a961", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475201, "uuid": "9ae6c2b8-d122-488b-b980-ecd8a95f0e5b", "value": "gunzipped.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12786ea9-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497768, "uuid": "dd5375b2-0b82-4bf5-a37f-ea0559b52092", "comment": "Malware payload (RedLineStealer)", "value": "9c4eed56f3d5a883a60b60c38c176636", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497768, "uuid": "80c36d9f-2c6c-4e75-8beb-0cdaf9fc3e27", "comment": "Malware payload (RedLineStealer)", "value": "0efe5e600b961b1a53bb94cd5c026bb6f72dadfc97b4020e401413c7f9315b8d", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497768, "uuid": "1a9607f6-9476-4973-9b7d-5f807b14842d", "comment": "Malware payload (RedLineStealer)", "value": "4af406e8ab7d4a0c9ba269c9e1dd16504819672e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497768, "uuid": "26021748-4e0b-4344-9403-c8c184e63f1d", "comment": "Malware payload (RedLineStealer)", "value": "0bf271a2e6537857f057aeeb384aff5e6be0c66a4e1f782be2e7327abde808a32301deb9ea620ba88ce2460f7da40092", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497768, "uuid": "b71b58a9-2993-4439-be48-a7941ae335b3", "value": "T19225232697C56473E8B46B70A4F217931B72BCA2CDBC4777B726654A1CB3A40A13133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497768, "uuid": "1ca87132-12c3-4fec-a097-3d8d51712f68", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497768, "uuid": "9262921c-5ed6-45fd-946c-c5261406bdb5", "value": "24576:+yFftlmEOFRTilEETNoITQ9fCKrx8UERl7BeqkwpjiTQlOxixVS:NF1lKFtilVKZrxhk7BeqAT2OxixV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497768, "uuid": "23d49300-3b61-484d-a708-6d43169b2d15", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497768, "uuid": "fbec8313-a4d3-4ed9-b837-3fbbcd97cd08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497768, "uuid": "73e09676-0046-45a9-9971-90050c1fc2e5", "value": "invonce.py.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f14a714-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466865, "uuid": "782e2e62-a6fc-45d5-9478-50cf7faf47ba", "comment": "Malware payload", "value": "2171ebb5d5735717b285e8ef6f88794e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466865, "uuid": "d5c870c4-3f42-4673-b7f2-4de7aba4e246", "comment": "Malware payload", "value": "0f3476eaebfc4fd91d529dd3665a7b57e3b795da68aeea586698efb60d89babc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466865, "uuid": "8243ba39-5aa5-4122-8030-a1634501fcf5", "comment": "Malware payload", "value": "6a6204d0c7faa4dd10b906b84bf735a6a16771ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466865, "uuid": "a67c21dc-badf-4ef7-b0d0-b55c54bc2bc9", "comment": "Malware payload", "value": "d270032a118bf905348bdeada070cf8122f0af372328567c91c6daeffccd5f6d88c055945e9ae1eb2985cf4c725a4ba5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466865, "uuid": "275cf0f0-8d51-4c77-ae64-f793bd86dc9d", "value": "T1F5E2E1B56E6BAD1AC8F352B2831E549D9C505E3058F969ACBDE4094E90A32BD21F3133", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466865, "uuid": "b2201011-e358-4c60-9710-126375e6fd59", "value": "1ed69e09eba16f3116c67126bdfce053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466865, "uuid": "67e64356-353d-4b14-8f1c-46a7f0d1e427", "value": "768:NlrDb6vRO+ijv0ecwDG+hWXut79BJYWKOL:zrIx2setD9hWX29DV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466865, "uuid": "fabeb648-9fa3-456c-95ea-726cfe776765", "value": 31232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466865, "uuid": "fa8f094e-f7f4-402e-ba80-ba14d88d2fcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466865, "uuid": "f7a0ad36-05dd-4c79-9460-29a9317858ed", "value": "SecuriteInfo.com.W32.Generic.AC.2087AA.tr.13700.1068", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "462390cf-f673-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521047, "uuid": "8e837f8d-a51b-4b89-b7f5-0823cb2b75ff", "comment": "Malware payload (RedLineStealer)", "value": "20d57b36ff20f39ae4350b262c4d0e4d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521047, "uuid": "e125669a-90f9-4266-b16f-34e4d4b12345", "comment": "Malware payload (RedLineStealer)", "value": "0f55f07211351f835d1c41a671cb73cdafc9cc8827ca9d89fe1a65432ff2bd4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521047, "uuid": "901c0b39-0c24-427e-af38-0cc4b62f3558", "comment": "Malware payload (RedLineStealer)", "value": "f5b5e53a3395ca651822ab7fb9d0587a30c2bfda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521047, "uuid": "5b2c2984-32b9-411c-94d6-40ff21254d4d", "comment": "Malware payload (RedLineStealer)", "value": "4707ddb28171cb02ef99bae683a926a4b4c83e91906ba85349e4ae7abbb480e6ac533fb02f6466849878aaf8513f3c9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521047, "uuid": "6ca2d0cc-4149-493d-8cd8-94f6c47d0faf", "value": "T1BD252313A6D88432CCAA4BB019F356C70B357CD596F9C67A138585DA8D73BC0A13A37B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521047, "uuid": "2cb5c8a4-8823-444f-85e2-66a3c8e64b6c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521047, "uuid": "9873ece7-2ed5-4460-8c3e-d5d0a39a3038", "value": "12288:tMrxy90+740B+LN3Mb7BgSJ+7YFPBcrvXRnVThPvqtRLPs/XwHP9M5DGx:EyAHZ3Mb7Bp8YFUvRnXvOwXAFgw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521047, "uuid": "6f542057-1ea9-4bdd-b26d-e96efe5c21dd", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521047, "uuid": "2cbe4da6-d383-42fe-a73d-024c705af5b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521047, "uuid": "6d7df53c-2555-4b69-b79a-72c49ef4f2b4", "value": "20d57b36ff20f39ae4350b262c4d0e4d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a41f33e-f62a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1684489674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489674, "uuid": "2433e64f-8f98-4457-9a73-8448143c8c71", "comment": "Malware payload (AveMariaRAT)", "value": "cdd14fcb97ae9c526f928c04a2788bc3", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489674, "uuid": "1a48de4b-f109-4a8a-a916-bb157b4fde01", "comment": "Malware payload (AveMariaRAT)", "value": "0f6d6875d6ca1793369166534b041daec3f946d83df7c788ad913999ffd81eeb", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489674, "uuid": "4840e41f-aada-4b6c-be9b-c5edf9c412cf", "comment": "Malware payload (AveMariaRAT)", "value": "8bf454f69de14b94b8ae949ac577171340aef967", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489674, "uuid": "4246debe-7ee9-434f-92a8-d2d3055c5729", "comment": "Malware payload (AveMariaRAT)", "value": "5c93394b263aa21aef5658105550582054d7a1f8f400a7ce5a83967f93937f70e2f96858b6aa636a46cea35a7ad02b7a", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489674, "uuid": "6a392964-7ab4-4d87-869e-efbf18148361", "value": "T1DD53C7045AF88A6BDA3646B8DC90560C72F67A167FD1F7179DDAE38E04F2B8C4C0315A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489674, "uuid": "fea760af-7055-47d1-af3b-8812142fdf14", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489674, "uuid": "43cab7cf-ac60-4f13-aa2a-14f852554e1c", "value": "768:cjhCjc09zEjrOdItaFjMecyBGsO0PPPPPXPPPPPXPPPPPXPPPPPXPPPPPXPPPPPh:cCWmcJ9LXY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489674, "uuid": "baf73994-25e9-41f2-94f5-ae8d2c40fa44", "value": 64750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489674, "uuid": "42d8e597-ecaf-4bdb-bbd9-bf9333361a3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489674, "uuid": "83c2a207-172f-40e6-a768-09c8ba9b7dc0", "value": "installer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a489873a-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476967, "uuid": "c8b62cf1-05fb-477c-b30e-e8a91caf13e3", "comment": "Malware payload (SnakeKeylogger)", "value": "b738ea048deaa090c4d39c208b857ace", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476967, "uuid": "28fd19d2-f58c-4dac-9699-a90b750ae90d", "comment": "Malware payload (SnakeKeylogger)", "value": "0f79d5a95f0a777647c8f37dac2111cc426b2a3da30d7edaced49e980e0910a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476967, "uuid": "17bf3c13-4298-421a-a5ee-e4e559ca3b2c", "comment": "Malware payload (SnakeKeylogger)", "value": "b609424ed95bdb7514e479438c57b20725c4b461", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476967, "uuid": "f3a2098a-dd3b-4a3b-8755-9630bf380039", "comment": "Malware payload (SnakeKeylogger)", "value": "c9cf2ce3ae3e255447a88d07c54b40956a4c3ba993297e9d609efb21a11bc3d73e8f35516556d454b5eb797426df0420", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476967, "uuid": "a9263b1c-d4e8-463e-a499-ca2c5ff1fe27", "value": "T188E4DF1063A4DB0AD5BA87F15CE0E2F017B99D99B439C30B4ED2FCCB72A9B545710A93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476967, "uuid": "0f352b3e-4e9c-4d4c-8818-f312afccc6e1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476967, "uuid": "8e269d4b-c428-4e6a-963e-90d38f699663", "value": "12288:ZqBokq6Yhn4hrhTyLU9x7ExpFORkyspPWmk3aTa1XdU:Zqtq6q4hrtXxwvFORkXVk3aT4tU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476967, "uuid": "f91c7c60-3837-4260-9b86-759ca224214d", "value": 679424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476967, "uuid": "84e8e66d-f2ec-4064-a54a-ac0d55aba576", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476967, "uuid": "a192f0e6-f600-4053-af15-562cd558e468", "value": "9sswk46HPbdVEnu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7614948a-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497935, "uuid": "200ff5b6-0677-434c-86e9-673ec5f2dbe5", "comment": "Malware payload (Amadey)", "value": "622e652463bbc74fd92480e0479c26e5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497935, "uuid": "4b9403fc-e2c0-40b9-92cc-d66c833ffbd8", "comment": "Malware payload (Amadey)", "value": "0fb50b506321d91e2f4ee8781405d5de78d95787916b39dd9df3fc240eb7526f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497935, "uuid": "5104dc98-0f45-44ba-8ff7-3aa7fed4624b", "comment": "Malware payload (Amadey)", "value": "0089db7033c50d887596c50ad0e4880d7a5e5133", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497935, "uuid": "21b88a41-5328-4757-8d5f-9891ed116159", "comment": "Malware payload (Amadey)", "value": "df6560ec9193c60a19b19fca47136f7a07f47af8c0969e7e06736eadf70df10b2f2bef6613d539deb714e664c621d9e7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497935, "uuid": "d24675a2-2d43-4163-b339-f25734568f30", "value": "T1E9252302B7E88871C8F62B7108F603D31675FC925D6C936F2345999E0E732C4E971BAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497935, "uuid": "62e1bed3-5afe-469b-9cc7-aea8d58b122a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497935, "uuid": "60da5733-17f2-4912-bfa0-ce865e91b143", "value": "24576:vyOR7ciYXIfOBlLaal6KiozXKuQd5u9rvD+RGTnOpmL:64ciYYU0Y7iGajd09rvD+RGTnO4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497935, "uuid": "e6f80903-62f3-480b-bdbf-5004dbb89c5a", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497935, "uuid": "41beaadf-2bac-48c6-bfce-ce5642f9eec2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497935, "uuid": "1ec2dd04-bfbb-4999-ab32-e43226a6fe7b", "value": "starter.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edd55159-f620-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684485680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485680, "uuid": "2e839c23-699d-4708-9eb2-cdc6ade3544f", "comment": "Malware payload (AgentTesla)", "value": "b2ef5fcc34a31e142e389a30bb679158", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485680, "uuid": "3423e125-25cf-4640-9a02-5109b9da7894", "comment": "Malware payload (AgentTesla)", "value": "0fd5e881a9ed54f69c35f9db17c4ea12fc7c10500b339a7fa11a695b4019954c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485680, "uuid": "986a4990-d8ef-4eca-8f74-2ab3baf3ee0f", "comment": "Malware payload (AgentTesla)", "value": "213617681f4ef7678e0380d521ac2fa685ca5538", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485680, "uuid": "bf6896d2-8c8c-4e76-a61a-0b64a2c609cc", "comment": "Malware payload (AgentTesla)", "value": "6e75012229c1e134a5b184735dbff0205aeca5a5af5b452a6224c417c6f87f36304cca31f922ad5f5c2d2ab0437b99c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485680, "uuid": "d2f89d91-0f3b-47ae-8e33-a8e0947a654f", "value": "T12E24C301F755D57BF6484B39AA9282A71225BC73B91AC94721C3730F2B33FA19D32D22", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485680, "uuid": "50b7b7cb-5a19-433e-b6e7-bf5350a1614f", "value": "6144:GVZ+RwPONXoRjDhIcp0fDlavx+W26nAhV0o5rd0:BGo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684485680, "uuid": "fc4b9196-c94d-4f20-ac73-94bac93143fd", "value": 214528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684485680, "uuid": "36034743-dc49-4652-8126-cf640e9a4238", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485680, "uuid": "713039d8-3522-426c-9eb6-f25bf0be03c0", "value": "performance.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "388c68a3-f654-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684507710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684507710, "uuid": "a4a9936a-435c-408c-9558-7b1ced0d0574", "comment": "Malware payload (AgentTesla)", "value": "e0a2e9c502749ad84a8894822d55d075", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684507710, "uuid": "eeedf062-b859-49f8-a730-b6a9c19735cd", "comment": "Malware payload (AgentTesla)", "value": "1160e9c27f4550464b8426b3490c6735c53be0f3a5a56b4daf1ca13ade039edb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684507710, "uuid": "cac9fe96-b9c0-4215-95e1-918f3365310b", "comment": "Malware payload (AgentTesla)", "value": "51172730f7c3261f9fc921a261834f9eeb712a5d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684507710, "uuid": "b035c927-e8b8-4a3e-985a-076f40dd2a41", "comment": "Malware payload (AgentTesla)", "value": "ea3339e6b8744f0dc9e31f5e06ad8424e47a4c6a2b21a00f5a36e213f3c892c5bc15a26b88d18ac639e558828cd4d672", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684507710, "uuid": "6253aa14-b4af-4997-8180-fde76e73ebff", "value": "T14615C060DAF9DBDDD4240BF0A1D3D0F407265C28E5E9DA560EDB2CCB31BAA84715263B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684507710, "uuid": "d2c50188-c0ab-41de-86e0-88d583f85be8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684507710, "uuid": "b4c314cd-1456-400a-a30b-d7b647f5dbcc", "value": "12288:q2iNfUFotEvZ41sMnwN9A3sI44ru9DXkGgJRKGFWfBmao:q1Bs0qZ46MnwN9jIXru9AGgJRZF4mao", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684507710, "uuid": "4e1ce9d1-8960-45ff-9de4-3963db9b0f3d", "value": 894464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684507710, "uuid": "84c9fc63-ebcf-44af-a975-71e0f94626bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684507710, "uuid": "3c65c71f-a8cb-4349-ab07-ccd41270e24b", "value": "Urgent Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd457301-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684531662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531662, "uuid": "b452c716-ec72-453d-9272-c1a6bd654ae5", "comment": "Malware payload (BumbleBee)", "value": "9f76b32f0d0f1fd463e327a3c679c728", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531662, "uuid": "caeb5f55-1ae3-491e-9298-b4edade96591", "comment": "Malware payload (BumbleBee)", "value": "1204e4696d0d772fa1427b09cc9aa9220da5cde89ebd6bf8fb0ba91153a042f3", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531662, "uuid": "0fe658c7-aa55-4f55-ac1e-9fe0d3f0433d", "comment": "Malware payload (BumbleBee)", "value": "4e3caa670c3dfd69f94bbd0f257cde9a6399dd49", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531662, "uuid": "6a4ef120-8404-46c4-ac80-5bec67070b02", "comment": "Malware payload (BumbleBee)", "value": "38857d428deea7ce02a175a1c63107344c068dbc53fd7a3fbbe3e2f3bbd7502bebc29590f01798d99fc8837a0e15c2fe", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531662, "uuid": "f37cfd51-4d29-4212-8786-7138fd845a99", "value": "T14145E011E6921FF4D4B292B681AB252AB7347E1C4325D3B7ABC0D2373D837E05F16A64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531662, "uuid": "f71ebcad-9004-4583-a466-4a972c50a018", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531662, "uuid": "292beee4-35c6-4c39-b9ba-862f823cd437", "value": "24576:2l70x0gt0nxZLHfHulAR02Sq2lr5ljm/91JGvd+mmiSyZHpVMXD+mwCyWJDG:J/I/OlARNSq2ShiVH7oZlJDG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531662, "uuid": "c012f107-f1de-4319-b187-b995a12825c5", "value": 1223689, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531662, "uuid": "a8f0a24b-864b-450c-97b7-872b0ffea117", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531662, "uuid": "0437e5cb-c4d5-4a3d-9440-b4539337ff15", "value": "SecuriteInfo.com.Win64.DropperX-gen.20871.25501", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab7ae258-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516063, "uuid": "5f82c15f-e486-4fc3-bf5f-ee3552731a97", "comment": "Malware payload (RedLineStealer)", "value": "a8b9af70dfcb756f1149ee8a64b42315", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516063, "uuid": "68b41f8a-6583-4ae0-b85e-f9a94b41f591", "comment": "Malware payload (RedLineStealer)", "value": "12457e9468eeb7686ec4e451c3c3255ddbdaaab0012cb4a7a76e4b59d749dc1e", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516063, "uuid": "4d7d0665-6068-4e5a-9e90-cb4e3ae1e8f8", "comment": "Malware payload (RedLineStealer)", "value": "8a44af83c8a4503061c529e88df2de0198248861", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516063, "uuid": "f368da11-2bf8-4b09-99ef-833d2cc342d7", "comment": "Malware payload (RedLineStealer)", "value": "c5a1bbda6b9382c7702b7d907638e5583e433f8223d0c64fc1f1d25f83fb201575f01e77258c662b81e5dd0dc996799a", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516063, "uuid": "0d7e1aeb-c4cf-4780-bdbf-fc1917721c05", "value": "T149E3C524279F8934D67B4E3DACB19CC076BCEC12A542D74A4ECCF1593A73B809B116B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516063, "uuid": "68ade9f4-3a38-410d-bf3a-b42fbf04e0da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516063, "uuid": "a18c6872-8879-4a39-b6bc-588f99ace975", "value": "3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516063, "uuid": "25759746-0bce-4151-84c3-6cab73786b65", "value": 148752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516063, "uuid": "3573bc98-5752-4544-85cf-1b5a2f11105e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516063, "uuid": "9e7a4355-e6eb-45d7-8dd6-e1e88e99528f", "value": "controls.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fd08d15-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684486784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486784, "uuid": "360dcd72-3400-4d82-98cc-18ca32e1a3a0", "comment": "Malware payload (SnakeKeylogger)", "value": "334b6c8736a64754cc8fac4bf6fc5668", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486784, "uuid": "5a30769e-73d3-4412-ba8c-7f1f5bb4ffc0", "comment": "Malware payload (SnakeKeylogger)", "value": "1250f968f4c4db1b73b64223fcb95958b3c324afb330daf88d9379d2cdaeb2ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486784, "uuid": "129737a3-40b8-4cad-927d-c5113abb56ea", "comment": "Malware payload (SnakeKeylogger)", "value": "8b9de6b5adcb1848186c206ae4f472052c0b111b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486784, "uuid": "971979f8-0c7d-4326-a42c-6643f96cfca7", "comment": "Malware payload (SnakeKeylogger)", "value": "5c372788c974b41e275a95f0a07e9b57a036503345a06d48a553ead5b68d3f9b599cc8e52019c8fbd586cda221c425d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486784, "uuid": "d315e6cc-efd8-4153-b07d-874f6b170d2a", "value": "T17C05F1D126A45C21E2AAAF7946B3F23843746C51EB56D34D28E02C977D27E937B027C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486784, "uuid": "eed4a844-5ea2-4340-b7c8-7a4deac79ac1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486784, "uuid": "d4b203ec-d437-46cd-8261-0f03b0a7442b", "value": "24576:JP0tf+eQDaWt+nfrdbzxz5By76fqJLlEM:JP0MeyInfp3xzCKqJLlE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486784, "uuid": "09a71167-41da-4c69-8957-5b5c7814f609", "value": 872448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486784, "uuid": "f12d7b76-2560-40ac-a4b0-27bb54fc58a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486784, "uuid": "d00be87c-987b-4669-93aa-58a81deaadb1", "value": "ekstre.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49e4af01-f65c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684511175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511175, "uuid": "ffa57220-cada-4eda-b00a-a277969edb78", "comment": "Malware payload (NetSupport)", "value": "f3df9c96c3f90fb7bf5ffb9320820582", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511175, "uuid": "6eacdf02-adfe-4af6-8327-0f380314acc9", "comment": "Malware payload (NetSupport)", "value": "13b0a2053f919fed877fb4ecb4cae691265456d59d2b871350512378fc847eb1", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511175, "uuid": "269606df-70a6-4757-abd1-b8a4c5849a98", "comment": "Malware payload (NetSupport)", "value": "0b7df9e161f222d97ea3f1d883905b9e7a9cdb8a", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511175, "uuid": "b8ae406c-9bc4-41be-8cca-c8fe7fd4be7b", "comment": "Malware payload (NetSupport)", "value": "8ff95713a07c4a911c6dc669a96765affe0066bc820cb6b14260cf228aa17039187b1ca7074c4327f192c7ce2d1d554d", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511175, "uuid": "86dae963-02a6-415a-bec5-f3f3a5c731ff", "value": "T192E2D9D427C3A052965BF03A775E8CC1E6AD59121BC5690FB81D7238FF86C3CCAA4768", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511175, "uuid": "1a4ff861-bdbb-40c3-a952-586781da2840", "value": "384:cEuWtagf971+6eCbrsBc3hlK5M1j2JBvlg/UjubUYDFQJ9W6qBwkosZjN:cCNA6etc3kGClWpbpx4W6Mwkh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684511175, "uuid": "5ada29d3-6fc3-4c06-878d-2d86567ce703", "value": 32272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684511175, "uuid": "7aa3390c-dbd1-44bf-be57-8e5f6b9834cc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511175, "uuid": "ffd1189a-20a5-47bf-acfc-106b0d3885b7", "value": "13b0a2053f919fed877fb4ecb4cae691265456d59d2b871350512378fc847eb1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41efe6fd-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524476, "uuid": "67e012d2-2741-4687-9bff-42c8aba7bf11", "comment": "Malware payload (RedLineStealer)", "value": "42e183f392e2e9bb76bf8313f3d55fea", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524476, "uuid": "3e33868a-854e-4e44-b084-a745757ece2c", "comment": "Malware payload (RedLineStealer)", "value": "13c2c3037f04ff364b053793b6fbf2bc21e07e764e517e317c3eb9c6ce8f4990", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524476, "uuid": "260bdd94-4f26-48d1-827f-c79df7acfc0f", "comment": "Malware payload (RedLineStealer)", "value": "44d8a868bd86efc1cc9992bc8ae0c52b1e80840a", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524476, "uuid": "31a100f5-ddd3-402e-9a7d-887fe3dff66a", "comment": "Malware payload (RedLineStealer)", "value": "b0e45e988fc51867fb54e6c19d6676910884b0a6797f2ae353c54e603925085ed6e6ba65b8c82a2199b2bc013d87ed4a", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524476, "uuid": "288e8c5e-54af-4737-b2e0-94eeaccf8f36", "value": "T1AB252357A3E25073E8B56BB428F713930632FC918978E39B63819A4B0CF25857879737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524476, "uuid": "e77515e2-a7dc-435b-9d6d-820564a653d1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524476, "uuid": "717850d6-1c99-4d7d-a2d1-69024e09d78b", "value": "24576:wyF4uYZUrQv8n2tWTg+ogbPrJwYU/kYh0m5DlbaoV9:3mZEQ02tmgzWjuYU2MP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524476, "uuid": "83c2eca9-8c81-4854-89b9-d48c0c9318fb", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524476, "uuid": "015d9d1f-1732-409f-ad44-07ed17968194", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524476, "uuid": "2d065050-34b8-4391-b99c-b34ab8bb2c13", "value": "renderer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eebb5441-f631-11ed-b3cf-42010a9c0076", "comment": "Malware payload (LgoogLoader)", "timestamp": 1684492983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492983, "uuid": "d0b34f71-4269-450c-8d5a-92a875f3481f", "comment": "Malware payload (LgoogLoader)", "value": "6dffe1bdc54e9cc7ab9ff34cf275f27c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492983, "uuid": "ca71c14f-e625-4992-b54a-91deea3777ce", "comment": "Malware payload (LgoogLoader)", "value": "13faea00b67809575d9244072a01e7bcb7e8f7ccaedb44f7b2040484c0314fe3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492983, "uuid": "9c50c941-e244-4926-bf1f-b46934ab52ee", "comment": "Malware payload (LgoogLoader)", "value": "eb322857b4d5d5209e7ff0292eb1e1d7b4bd3a3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492983, "uuid": "ec2b819c-2063-4a23-903f-1b41a0e8ec98", "comment": "Malware payload (LgoogLoader)", "value": "1ec093166d64702418198d8e9dfc11bb6b11f5b351c4e8263e3922e40cf780a9629dffe367bcbd6b408dbcab2d52030e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492983, "uuid": "8d3e0de2-db1a-4c9a-8075-0b74904324e8", "value": "T12F55283439EA501AB173EEAA5BE475EBDA2FF7733B03685D105103864623982DEC153D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492983, "uuid": "c0e479cb-58df-4cd7-afd8-eb45913c7f73", "value": "12288:oEWwe1pG1/1TTtfY0kUfQJnwQHTQkV1a65f4kD7n7sZcUGVVVpPs9QZZsiz3I+7q:onYVgdVTanaTVz3aOFHBtfpNR+RGEAe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492983, "uuid": "d6c8951c-c5e8-471f-91cb-5bc4fa826b5f", "value": 1299832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492983, "uuid": "f132765b-0d17-46e8-a928-abc8ccfd8629", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492983, "uuid": "0bb33482-b294-47a7-822b-a7b176850271", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8687cc8-f673-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521346, "uuid": "2763e0b5-fbc2-492d-b817-aa660019d540", "comment": "Malware payload (RedLineStealer)", "value": "190235fc65b6fb535eb3fca7129170e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521346, "uuid": "37653688-6900-44f4-ab14-4742c05a2568", "comment": "Malware payload (RedLineStealer)", "value": "14aec420601a21a0d669747a456f8f2469e9bfa49c661ce3d14010b38820a35d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521346, "uuid": "bf5f5879-a621-42ec-bc74-cf6d6e0a6646", "comment": "Malware payload (RedLineStealer)", "value": "95700cc5ab28b2f27d11d65b6217ea9a23ab7e46", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521346, "uuid": "245def2f-2091-4e41-a3a9-0688eb76fbad", "comment": "Malware payload (RedLineStealer)", "value": "f16279400e3759f94310494c3461a9419de96e6ea74544c141670f366aaea535938686aa7f54c1049376c38227558bcb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521346, "uuid": "b0ade1f4-997d-499d-904e-0157742acc0d", "value": "T1A025231AB6DD5432ECF257F098FA13830F3ABCD2782591A72289585F0D729D4B03676A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521346, "uuid": "3586bc56-e277-4765-bfc7-41d47a88498f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521346, "uuid": "b198b286-5835-499b-bc0d-32075ad05286", "value": "24576:VyCIpx3jwhnpkMTH/e/VakQnkONQjqz9k:wCIf3WnyMe/V8zKs9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521346, "uuid": "14e6ec09-4395-4ad9-9bc3-4f1283c9e0aa", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521346, "uuid": "3c8fff9d-abcd-40a7-aade-83a5daa7ab47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521346, "uuid": "ec063b8d-91d3-4eb3-b8a7-b0bbb8e663a1", "value": "190235fc65b6fb535eb3fca7129170e6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ecb70b5-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497547, "uuid": "fcaac33f-3f6a-44c4-9e80-775644c12cdd", "comment": "Malware payload (RedLineStealer)", "value": "aa6984c9586149618b5e3aaba584cde2", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497547, "uuid": "32088078-647e-405c-81a5-4c28bbbf916d", "comment": "Malware payload (RedLineStealer)", "value": "1532304445c8dd9b53f1c76e7536aecb6f87996b5fde5c1d571056c23180c32a", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497547, "uuid": "990a48d8-ec62-4540-84e1-aab39ac843d0", "comment": "Malware payload (RedLineStealer)", "value": "38e63b6cb9f3d4463fc0ea84ee57e4a70d4082a4", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497547, "uuid": "742961c8-a0df-464d-bb49-278a91c6b4e1", "comment": "Malware payload (RedLineStealer)", "value": "3c8e0a614c4d7309a1b9c138dc1bc75fce84204c4c38d32c9697cc890dac97f3afcadf4ed571c9b792e3d0680e3d91ed", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497547, "uuid": "ec004355-a8a3-4ec8-b012-47a815f60b36", "value": "T145252353E7DC4572E970AB700CF653831D377CE05C7A962B2286998D0DB2AC8E0753BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497547, "uuid": "e865581e-4574-4030-bb97-8285cadfd97e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497547, "uuid": "8ae51628-e745-4e95-9d26-ea52bf0289e2", "value": "24576:yyaLCK7hwWTMqMucajlMbuGqlQMBY9m9qDPL3Tuqw8lSd7:ZaLjFwWT1MfdidrEgwLaqwU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497547, "uuid": "484cbdc3-0fd9-4abb-91ba-90e2ae0eaebb", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497547, "uuid": "8ee95b90-d24e-4f7f-966a-d60d2f79fb02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497547, "uuid": "462f010e-d9a3-4147-b205-5ec63cce40b6", "value": "client.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94630cec-f656-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684508723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508723, "uuid": "f75d09f9-b239-4866-b176-c9cd41877124", "comment": "Malware payload (AgentTesla)", "value": "cc65f1e151649a5422650c1c0ddaac07", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508723, "uuid": "7c91369a-d6e5-423b-baf6-f8a3983cec1a", "comment": "Malware payload (AgentTesla)", "value": "158cbef4f70229168226f02e594ab1d0b01967018df0243bd6468000dad5a546", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508723, "uuid": "d2b5472a-6c7b-4657-894b-5f1054b76dea", "comment": "Malware payload (AgentTesla)", "value": "85ee79c65a09d8ea19254b53dee25d38a691e159", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508723, "uuid": "b631040b-aaa6-4b8d-a6b5-305896b2221f", "comment": "Malware payload (AgentTesla)", "value": "ff90338e5756985abfa831f6ba01bb479826721afde86a5dc136e5f310f013dafb46bd5d254b53f30f5cc14cde2a4a02", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508723, "uuid": "f43f98a4-1574-47d4-9e7a-434c4201f9f9", "value": "T19394230487D922F8BE772A55D33714A1F8E92C8ADC9CE20A06B01F8E2ECCD5D9325DD5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508723, "uuid": "962339bd-5716-464a-8d7c-88b4abc73966", "value": "12288:xKieO48spJZULOFpcslwm7cDsG2wRewwuqk:xKi7aJZuOgSwe7GFRGuqk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684508723, "uuid": "b200834e-2ef5-4b57-85e4-6d8097ee69e7", "value": 436868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684508723, "uuid": "635d227d-9d9c-49a2-86f2-7e2115cad778", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508723, "uuid": "c0a890d5-6df0-4b55-b74b-35227d910574", "value": "Shipping doc.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa979f5d-f5dc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684456362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684456362, "uuid": "669f659a-9a46-4ba0-bf3a-d7db8e9b4027", "comment": "Malware payload (AgentTesla)", "value": "7077a99ef8c2d32734e88604c1ccf6ac", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684456362, "uuid": "0d0be6fb-ce39-4582-bfd7-cb5561284234", "comment": "Malware payload (AgentTesla)", "value": "158d9c5a8c7290c638708e4843cb732e395c1ef4d782e1425220cb54467f27dd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684456362, "uuid": "4a4265f9-4bcf-4e82-ad67-5491e0263866", "comment": "Malware payload (AgentTesla)", "value": "f4b92e88154a758b0dd706f9156ad90f5edf02d0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684456362, "uuid": "343aa982-02bd-4353-b8c3-c73e1e60f603", "comment": "Malware payload (AgentTesla)", "value": "cf1dd581476306f672640a39e8657b8a31f45f9abb9a1e7895c278e1184d887577f45bdfbd0f6024680bafc576281ffa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684456362, "uuid": "90befff3-3824-4a12-877a-751505168ea8", "value": "T1B915833D49A689EBD07BC3F49BCC4957FABCD833B454DA2B19D60782224174EA1C21DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684456362, "uuid": "3c17bb6b-2beb-45ff-af3f-dbe1d9d3290c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684456362, "uuid": "8848dfa0-0b64-40e9-9ddf-6e4ac0224b96", "value": "12288:8lE6hnWFfnVZPdABfs+k4JSljSzpsha8rBSeLt4mtnmJrwP:LAUDpS8rzLimtm6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684456362, "uuid": "4a2a3991-168a-4dcd-9cc9-e8cb37ff3040", "value": 877568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684456362, "uuid": "bed6a5c6-bde1-49fb-9c04-3ced3735320e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684456362, "uuid": "2b339aaa-155a-4f40-bfbd-6c0c7740da5e", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "080aca29-f69e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684539411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539411, "uuid": "30ae63db-f126-4a50-a6e1-f50fae89adf7", "comment": "Malware payload (BumbleBee)", "value": "79df6763452a868b0811165c398da22a", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539411, "uuid": "213e60b8-ef4c-4eb1-bf81-74dafd029c71", "comment": "Malware payload (BumbleBee)", "value": "15b54ec76f69f3a5260e7ea1be48135828082d59e88edad043434af3f5f65ca0", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539411, "uuid": "7b821a6c-1a4e-44ea-a565-ae5ff1609ad8", "comment": "Malware payload (BumbleBee)", "value": "f54664e115f0409b0e87a9e9a45cac33b8d9bab6", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539411, "uuid": "7043ff6f-89a3-4ed0-8c4b-937d367e3e62", "comment": "Malware payload (BumbleBee)", "value": "d35d834ee9d08d69bfa744d2cac302aa8328e1b7b0f96eb377f10efffc48486442a3a6f038e5f531ea031176263676bc", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539411, "uuid": "51d60783-e2ab-4a89-9e53-4bfeee74f16d", "value": "T1D445F012E2921FE4D4B691B7806B262BB7703E580315D37BEBC0C2377D927E45B1AB60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539411, "uuid": "78f61c46-9a21-42b8-970c-e53302eefe98", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539411, "uuid": "8df1de5a-fdfc-4a80-8b58-60dee8e72244", "value": "24576:BJfz/STTtVoiytjbo49BKCfv3MryTP+ParA+cwMmPTjWw7cGvgcQ:je7AnoqBfiglXW2Ir", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539411, "uuid": "fff711ce-824a-4499-bb6c-aa334080642f", "value": 1223185, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539411, "uuid": "d5e8ac30-d186-4693-b7d1-d8346bfc6cb4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539411, "uuid": "1d315730-13d5-435e-8031-909cdf2de28d", "value": "SecuriteInfo.com.Win64.DropperX-gen.31091.25587", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "330accb4-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684487944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487944, "uuid": "71db63ee-592d-47dc-b2a3-0d15e844d5f9", "comment": "Malware payload (Mirai)", "value": "ea5e40ec58ecd2ff5f960440e7d633e8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487944, "uuid": "e178b032-8e35-4738-88be-50079d3c3d30", "comment": "Malware payload (Mirai)", "value": "15c8654d39557e2400de66226bd747d917390b1c3dd93d7ad8496fb4adac58c0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487944, "uuid": "344a375c-6699-419f-9659-562fd2ee2a0f", "comment": "Malware payload (Mirai)", "value": "f6e87a155b7ff2bbf6bc0d3f9172087dcdd5b30c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487944, "uuid": "41fd29ee-655a-46e5-aec0-e2cb64b07f2d", "comment": "Malware payload (Mirai)", "value": "a4f4dae715412ba21f26136d9a2641e0fd7b5fbf4a7e95f19b8246e4af8244a3b9abdb4f49d2ad34009181692aa8ee53", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487944, "uuid": "404896d8-80ca-4de7-affe-ed32141f4df1", "value": "T1F02302369F512C14D295373C407A17A67EE2BFC4CAE50DC540CE9B78DA9129D8CAE91C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487944, "uuid": "bbb80e07-cd26-4029-90cb-3d081ba25a68", "value": "768:OOxplUvyhGbFbs+aKp/FZIppPQBqbl/oFpsTfYXxx4rd3r2x5sk0WK/U9rT0l5KR:OODlUvVGJ00pPSqbTTfYXxkd3C5MkPo2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487944, "uuid": "7d437994-19cb-42fa-ab72-530f6d1d6688", "value": 46592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487944, "uuid": "8908b461-bcbd-4b93-82e9-a1c3de2c5197", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487944, "uuid": "a8336595-40d0-4b20-b9db-b87cffb04562", "value": "ea5e40ec58ecd2ff5f960440e7d633e8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e29d17b0-f618-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684482225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482225, "uuid": "aace647b-fd47-403c-a5fa-5fd255567ff1", "comment": "Malware payload (AgentTesla)", "value": "6ec5cd02f7b307493403d6e48f8fad3f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482225, "uuid": "a53006a6-7949-4a0e-b66d-bcc637f18d0a", "comment": "Malware payload (AgentTesla)", "value": "1680422c807dbbb8686d36461be752fbb2ad0d75d48711de16f85eb72d977203", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482225, "uuid": "a5ea2a3e-029c-4d6d-8a24-21ec22c0f3ff", "comment": "Malware payload (AgentTesla)", "value": "7cbbe5fc072abaa844a7fa2ea5506c6378386da4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482225, "uuid": "1b1d638e-8474-4988-b17d-b05f9d1947b9", "comment": "Malware payload (AgentTesla)", "value": "bc95e20d4c7bdea25459300ec77179a11738a9592f72eeab55b25413e4f5e680eddb44b2d85c75fb4c8e7adbbcff8f6f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482225, "uuid": "0597c34d-a79b-4eae-b77e-89c9502d6434", "value": "T12715F19119A44821F2AB9FB856F3F23843755C91E723D30964F02C9B7D7BE867A02787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482225, "uuid": "d8406284-c773-4ba3-963c-486a8be50c9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482225, "uuid": "9a3a7d84-ba66-442d-aff3-fdade9ebe028", "value": "24576:JP0tL+CK1fxfaRWKEKl4MgbU5TCeNkB9k10:JP00CKbfg7E3MgbMTbE9S0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482225, "uuid": "31675e39-f177-4dbc-9b0a-3ce737a322a4", "value": 905216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482225, "uuid": "f16aa879-2642-4580-b33f-091aabd2db8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482225, "uuid": "e0ad32c4-1507-410b-bb0b-5d73204ed4d4", "value": "PO#88224.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "131cc8e8-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684512801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512801, "uuid": "8d941bda-68ce-42b3-9fe2-75310900aa5f", "comment": "Malware payload (AgentTesla)", "value": "611598bbc65ab909914bd9638563289c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512801, "uuid": "107e1ba9-773d-4746-b8c0-932202a95fd0", "comment": "Malware payload (AgentTesla)", "value": "168a35684463330d195c42fa3a922b6f5f76c1482859249ddedd5db5298a4db8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512801, "uuid": "2be4ca5a-0e14-45ae-9ccc-10ff4f25dc2f", "comment": "Malware payload (AgentTesla)", "value": "113e4cba629581a01f93fc7892d2ffb01cf273ae", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512801, "uuid": "5227951f-bd07-40e0-b6b5-e4263257ae49", "comment": "Malware payload (AgentTesla)", "value": "36f6af6f3abae9b32f44a9119d1ff7951ee2bed289af4b250acc89518d188b2360ea381b8918cb225bd29aebb27d8b16", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512801, "uuid": "d68baed9-01cd-42fa-8674-7c67e29d6181", "value": "T136D47011E1CAA494F3FB7F0053AC72D73B2BB7BD6A30985D1349866D21DA8408DA477B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512801, "uuid": "74fb854e-d83b-4716-906c-fabc0b373432", "value": "1536:9Hmd+CKN/SoY+oYFt6C2yadzJCPKFLhO2DzPbb0D0JkZrIWWCFBs2:9Hmxw/kYFqdzJoKFT/PP0D0J2vH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512801, "uuid": "6f09b7a9-a107-4f3f-9837-51065e8aef06", "value": 601120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512801, "uuid": "e4277744-7206-4b08-81c1-241ee4b3a3a2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512801, "uuid": "a9004954-170f-4324-9a77-ec77ae595597", "value": "nuevo pedido 008794897.xlsx.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "348043c4-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525313, "uuid": "e0e9e61c-57bb-45ab-a77a-4df22470e330", "comment": "Malware payload (Mirai)", "value": "64ef48275491c67135023bd12a7b4fb5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525313, "uuid": "092dd0c2-a512-4a5d-91e1-a5c03ad7a690", "comment": "Malware payload (Mirai)", "value": "177190aa4f73e0b52fa5efff0955ad28df2e5e6c601188552d9553461c1fa3ee", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525313, "uuid": "8893010d-c7fe-4cfb-8025-2faaa8a055fd", "comment": "Malware payload (Mirai)", "value": "ec8bacf59964b69be184ae488d0d9f8750912460", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525313, "uuid": "bab3ed23-31b4-49d2-92b0-8342a02899b4", "comment": "Malware payload (Mirai)", "value": "71657eb6db784b90a4a3e07b26253ed8693a29d6daba43bc27a74a1f62b56d4798f2940f5e2a6742d77412ed7776ff9d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525313, "uuid": "31815822-eebb-40a2-a98c-b21a7e48f5e9", "value": "T1C5C2D118F34099E5DB20183DDF3F874796701A3165EA366F2410583497CB319BBE6E4B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525313, "uuid": "d51b6203-6068-4c1e-a3cb-8c52ae3e2b67", "value": "768:FH7EL9ygYyFq6cO64Ri6khCu56FweEAEOGGF/5IbdiQls3Uozb:FU9ygYyFbcDc3w4cOGwgdczb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525313, "uuid": "de403e4b-f33c-4cc0-9ecc-f2e3fa0a485b", "value": 27616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525313, "uuid": "4c80ce25-b2fd-4ff1-a6f6-77379e2e50e0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525313, "uuid": "bb270687-8cb0-4aed-a447-b7c1a8891243", "value": "64ef48275491c67135023bd12a7b4fb5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b634ad4f-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1684498042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498042, "uuid": "611d0d75-013b-4cc5-a495-423d07a06ca1", "comment": "Malware payload (Smoke Loader)", "value": "9650b88c56c7ff333d355425c00aee80", "object_relation": "md5", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498042, "uuid": "0ea495e2-4c5e-4972-963a-2ff8ecaad53e", "comment": "Malware payload (Smoke Loader)", "value": "187fd12e1b050f811cc55afd3fc5da5db51167ad17fdcef058f59891b962c5c4", "object_relation": "sha256", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498042, "uuid": "94605a65-4e76-44e0-bfd5-611f531ce568", "comment": "Malware payload (Smoke Loader)", "value": "9766123fe1bf90295d9c1e3fad4c8b611797ea4c", "object_relation": "sha1", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498042, "uuid": "35472884-e9af-4ebf-9385-84fb6c614501", "comment": "Malware payload (Smoke Loader)", "value": "a6134079f5c8eaf76c2efa23a3cd8bd72b9e932ea2b592acaf9175a129755f10bfa67d05344b5015d10104abf682ebc9", "object_relation": "sha3-384", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498042, "uuid": "e270889a-7331-4b58-bd2f-0d493e2fefcc", "value": "T12B644A035291BF62E5124F729E1EC2F8E2EEB9519F4927E762166F2B54702F2C573301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498042, "uuid": "7cd54359-9602-42c5-8d62-c198627d2e01", "value": "52052f823a75c3e49d6f33c06369892a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498042, "uuid": "966a3cee-c754-4ba5-96b1-47f0d5214a6c", "value": "6144:jZQnbyrmGS3Yb86VdSd2STEpTwB7omT0GGl5HOTUt1:j8yrjS+86V0d2SC4ERTWUt1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498042, "uuid": "074eeead-f860-4d1c-a34f-5783630ac98e", "value": 333312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498042, "uuid": "6c3cd48d-ee10-46e5-a205-7f94a6c79d62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498042, "uuid": "619aafd2-9c2b-4383-a5c4-d55ce23e4ad4", "value": "parser.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddf597a8-f61e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684484795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484795, "uuid": "0257af99-df46-42cf-ba78-e3d7725de6f0", "comment": "Malware payload (Formbook)", "value": "7ace042e43a67d49d5513edc718e6c49", "object_relation": "md5", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484795, "uuid": "85addb8f-d167-4e8e-9a4b-5782f662cc9d", "comment": "Malware payload (Formbook)", "value": "18f9ca56c276a3166e91d0301bdc737a11291caa51a0c66a65e2090348de156b", "object_relation": "sha256", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484795, "uuid": "dbdda68c-8ba9-415f-bcf2-e3156a14f511", "comment": "Malware payload (Formbook)", "value": "78ef687cc2202d66c0030d4e28a44bb497f5e789", "object_relation": "sha1", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484795, "uuid": "d6095ac7-219b-4d83-888f-3201b5e023da", "comment": "Malware payload (Formbook)", "value": "84e12b2de59293329af0fe0e3fd7ca1c103cd6a703c1836b5c11e9fa2334a6fba8d68f37b68bd80f03ad75bd373fa64d", "object_relation": "sha3-384", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484795, "uuid": "9e3ff30e-68cd-48c2-ab8d-13c25b48f7b2", "value": "T1F4F4235B69B3DF57AA3B099A1A8138754EE31860314D80CDDF984B63F097CA77F91B80", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484795, "uuid": "22a1dbef-f7bc-45de-9e44-8014664e9099", "value": "12288:c0qMJr6AwhWUHcdMjbbPUb6nTlUjvQgfkr6kZ8P4Y3Ll0ss9Wp0GMqccp:/xJ65wUHljPPUb6nTl0fkB8P4Y7WsQad", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684484795, "uuid": "10cb532d-38d5-4c1c-97ec-ab94b30e370f", "value": 753261, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684484795, "uuid": "ac824482-e5ec-44fe-854f-b655d9182aa2", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484795, "uuid": "c27d36b2-a125-4e46-abf4-382fe74838c9", "value": "sales contract-876-23.arj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ece5b63-f614-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684480179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480179, "uuid": "73238c1f-e771-463d-9fe7-e88fde9f18a6", "comment": "Malware payload (Formbook)", "value": "da3970f95716efa57f80ce202111c26d", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480179, "uuid": "25086169-d3ca-4a6e-be3a-b5fa8b499729", "comment": "Malware payload (Formbook)", "value": "19212e9ee735e4b773671add4df8b9ac059ce9d59011238044b17643ad8e14fe", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480179, "uuid": "cb0d6934-08ed-4aca-9348-bb2f572e0ddb", "comment": "Malware payload (Formbook)", "value": "a551f2ff2a0fef51362df45251f81539981ce9f8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480179, "uuid": "cd1600db-8c70-48ad-a203-d178bff8a134", "comment": "Malware payload (Formbook)", "value": "166b4544377161ec1a1448f9042800f763d387fc55a6cb6bf29219a073bf4286095f7e5b86321acaa8afa2b46ae208b8", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480179, "uuid": "0a27394f-54b7-4942-bbc1-311b374c9989", "value": "T185B4235335D75AFB36523A1F03524E30F919392957B2B439EA24A872B03D361F9F16C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480179, "uuid": "369a8d32-127a-4866-9dda-5dc8af1d4a19", "value": "12288:puH6DlJ0p+PVRx9cX3Ygvx8HEc2tLpFHaWSkAGkYnth2OH:MH6DlJ/NR+33c2tL2kAIh2OH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684480179, "uuid": "a6585209-761f-413a-9323-ca4ed8f7de42", "value": 539176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684480179, "uuid": "b5a27f40-2ece-4114-aa10-98b102fe2cea", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480179, "uuid": "f69fcda4-a7d5-4bbc-9ffa-e2f8ade26b17", "value": "Inv_7623980.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c549b05-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684478001, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478001, "uuid": "1297efc9-f387-43e5-9f66-891316984713", "comment": "Malware payload", "value": "b2c756499037d7ba2a95c386df693da5", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478001, "uuid": "0733fa12-8042-4eba-b06d-993a466bcbf4", "comment": "Malware payload", "value": "1934bc7e9faa5f4152b6b5248bfcbb27d3a3b804dbd22284f7d9860c4919362e", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478001, "uuid": "6376ffbe-22de-404c-916f-c14daf13b8c0", "comment": "Malware payload", "value": "92782bd34f584dec90e7d0f664f03969bb7caca0", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478001, "uuid": "a1dbe521-196b-4c18-a58e-3bf3acdb5092", "comment": "Malware payload", "value": "74ae7e425f592b25c523ae26e57bf37056e02d1a9cc7f6d03eedb759c324f2d0e409ee5e0cf523d248e2ab6244eec7f9", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478001, "uuid": "ae83999d-b45c-4cd1-8e20-ecb2876ddac6", "value": "T16844BE176548EE8BD20483F43F8BBD4A370ABE65A8C536D6325DF74F1B3412A988711E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478001, "uuid": "e3c5e785-3d8e-400c-9878-1747f1f36c3c", "value": "6144:e+aFJkKXiDU7w5ahT/qGmq//NxFSeSbfpkEuC5d3qiw+:e+aFiKXK85/2q/dmbRxNH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478001, "uuid": "38ac7202-f120-4fc9-a6ed-9b4e40ec6990", "value": 277504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478001, "uuid": "4e40e631-13c4-4f03-a73c-26c3c4742b95", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478001, "uuid": "d94ae7d0-a207-414a-9ec4-d9b203ad1bfe", "value": "Product list.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff1baff9-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684531665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531665, "uuid": "dbc1c0c1-c2e4-45c1-9ce7-da5292f37b83", "comment": "Malware payload", "value": "72d200608509dd56db0f84fcc0de978e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531665, "uuid": "049d5f83-7c1d-4f4e-8013-64d0fdc7b729", "comment": "Malware payload", "value": "199de09b54c6ab5671b4bf24a50f98302d39230dbd8724f69401b4916519220c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531665, "uuid": "3c726aa7-5da0-461e-9f3b-36d9ed59d659", "comment": "Malware payload", "value": "eaaaf1326b7824b511b85d36cea9b329d6092b94", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531665, "uuid": "1f3d1bc1-0e2b-4fa4-a745-ab9e8407dd42", "comment": "Malware payload", "value": "6845c0cb4ec676db49b7a8dece36eed9000fb3a87874bf1ca0fe51e51941c68b32f60c3bbdb435131d25cc215056cc63", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531665, "uuid": "3c39fdfb-aa41-45a6-a6b7-e0adb572a55c", "value": "T1B045E011E2921FF9D46652B680AB352FBB703E1C4311D367EBC0D2377D927A46B1AB60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531665, "uuid": "a2c3089b-a76c-4c32-8303-3ba5ecc78001", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531665, "uuid": "b75f9547-f787-4f45-a527-52bc4e17c0d4", "value": "24576:d8fDeHYNQfUz6ZFmAltEqaWeqI3gibYWeJVrE6xkY9+N1GFUo:b2guzPHgrrwYtz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531665, "uuid": "8a69fa43-4aa8-4e5c-9872-d3353874c447", "value": 1222667, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531665, "uuid": "08867b79-7653-4c86-9ff5-82168febdd13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531665, "uuid": "478a553c-0334-480e-b1a0-310e11031596", "value": "SecuriteInfo.com.Win64.DropperX-gen.1451.23005", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3c15c39-f62f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vidar)", "timestamp": 1684492106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492106, "uuid": "1c5dabd9-154c-47d3-b860-185c4bff6e21", "comment": "Malware payload (Vidar)", "value": "dc9e7af38966a331ed872c56bcb5bd79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492106, "uuid": "95437f8c-0e9d-4dad-89c1-e6dffce2edf0", "comment": "Malware payload (Vidar)", "value": "19a6f2fae52e59717123a328cf4331c1859c6b5d6838cb20e9962800ebeb7228", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492106, "uuid": "625c69ef-9e19-4fd7-a3b8-4279ad9479d7", "comment": "Malware payload (Vidar)", "value": "969dd4ab6006f0470fab17b2803912082fa49283", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492106, "uuid": "b9144e34-013f-46bd-898d-6be330b16db5", "comment": "Malware payload (Vidar)", "value": "1f8a8e8a54e65235447946f25eb1239580e14f181a6e651a5216ebf2fca0bca726d6491523c6b3c241bfa2d9d99dd2d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492106, "uuid": "04838a12-a85e-4053-b743-cb14f4df0bfc", "value": "T1C915A43D0AA58AEFC0BBD364A7CC4997FA739817F15C9BA944C6035272436CE60C61DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492106, "uuid": "0f4506f5-ec08-4133-84cf-0ef3aae7dbe5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492106, "uuid": "f4e477c4-cf88-4b33-97d8-0aedfe117107", "value": "24576:DtZzl//mVsahD3lmgMD8j2EhYf4Fp7pb6zY:5ZzBahD3M98j2EMOp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492106, "uuid": "e90ef0ea-69e5-46ab-9460-441d50d42111", "value": 923648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492106, "uuid": "2f88552e-ac54-4568-8514-9a64e1d223d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492106, "uuid": "480535ae-0c63-4500-b1ca-1f568212f57e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56a66fac-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684499600, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499600, "uuid": "12a57e3b-552f-4297-b71e-c0b79fbc0952", "comment": "Malware payload (GuLoader)", "value": "d47524c42f80ff6446431203bc65a2d1", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499600, "uuid": "3b2d1ace-e5da-4934-b577-581e1c2c6303", "comment": "Malware payload (GuLoader)", "value": "19da002d25a5f31e6dd059898f699a9a6056a287aa1f7b185bad5ca3ecdcd304", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499600, "uuid": "bf8db7de-fbdc-4ac8-a26c-d1fc21632b45", "comment": "Malware payload (GuLoader)", "value": "ba392d2623729a1753bedb53cae80b922d4b4972", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499600, "uuid": "57832811-05cc-4eb5-8f83-66783bc79177", "comment": "Malware payload (GuLoader)", "value": "e4571700ed6ed8c44d68477824dec791f484764e092aee59594fc2942c5359c3a617ee70c4ccb51f76ed12b6c3a82e80", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499600, "uuid": "3a78df59-2ad7-4f5d-be00-db0cad246a49", "value": "T10B742398231C14C129EE1B8CDCF1DB3E1A0C4DE6534267B49BEC10A9E5B19FB7B60CA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499600, "uuid": "bba4b98d-c20a-4576-9a35-6388307494d8", "value": "6144:S6YVA9/BAiIPPpCX3H5sOCyCC0LejJIqr0HwDvnlCcg13kL/n4klR3oYmbAL:xYVGBAZXQH5sJyCCO2JIGawDvla2T7oM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499600, "uuid": "9f7f300d-7591-45cd-be9a-07cc17adfd36", "value": 347568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499600, "uuid": "43f2adbe-11c7-42c2-81a3-1b5b64de12a4", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499600, "uuid": "01e6e36f-8345-4956-b324-79a31eb47df6", "value": "20231905230113871607_1.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "526a138f-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DarkComet)", "timestamp": 1684499593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499593, "uuid": "d39c6429-2a5f-4e38-87f3-d5b4ba13b44c", "comment": "Malware payload (DarkComet)", "value": "3a94a458ab6aa725826bb99bbb60f198", "object_relation": "md5", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499593, "uuid": "16f28cc1-f8f2-42ab-b596-e9b62b2a25dd", "comment": "Malware payload (DarkComet)", "value": "19ed2682196c62c35dfae288464bc621e251a6a3237216916479a8fcd06efa19", "object_relation": "sha256", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499593, "uuid": "70ea8d98-5c92-4781-8cf6-b51d9fcbfdc3", "comment": "Malware payload (DarkComet)", "value": "aa761d0d9095449da2cf01dc535f44ab4b32f03b", "object_relation": "sha1", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499593, "uuid": "b4660f77-8a3e-4cf8-88e5-3a4a8120a8ec", "comment": "Malware payload (DarkComet)", "value": "0b73f4506782edfb5608e3e19893a593e619fcb9f56a30fe666add83b75ff6d141fbf857888e33d5325e7b21fb747fb0", "object_relation": "sha3-384", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499593, "uuid": "9c8eb980-e344-4271-993c-4cff9eea83c7", "value": "T10C75129018A48821E2EB9FB446B3F23893756D92D763834914E02CA77D77ED73E06787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499593, "uuid": "69ff8504-675f-43b7-8697-64fb410b67ac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499593, "uuid": "d6d8593c-e25b-4c19-a0ae-ffcd150e3d9a", "value": "49152:7P0wUfbkbga0csbL0rqkkhM18j2FLlxyWFW:wwUZr0rqkkq9W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499593, "uuid": "a8012cfa-28fe-4728-975b-1af8247c1798", "value": 1609728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499593, "uuid": "fe201e8e-6841-49bd-b845-4f1f17453e0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499593, "uuid": "5460548a-78f4-4794-8a85-67f00fd95c18", "value": "Request for Quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0a9fd08-f633-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684493845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493845, "uuid": "1a280754-2cff-4889-85fe-546e023bc16b", "comment": "Malware payload (RedLineStealer)", "value": "77fd8c8d5749cdf5102c7c0e07050866", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493845, "uuid": "86aecaf7-443c-47d6-8bc8-4214d6730c5a", "comment": "Malware payload (RedLineStealer)", "value": "1a881d1ca4dbaa243bcdcb319448a8d9e73de89d8c872313e4b47251af40eef2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493845, "uuid": "e749e2ca-6f78-43dd-85a6-a4f2f79cc4f5", "comment": "Malware payload (RedLineStealer)", "value": "1e78e13e7cb23f9c277965d2ccab94e626ddb826", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493845, "uuid": "14496666-05ce-48d8-a745-3e047f0ced38", "comment": "Malware payload (RedLineStealer)", "value": "bfd40b6256b8ff6f2a1b85f4ae19157f3bfcbfc01b8e11578479046ed8d5e00a161a5873e4b022b8b165b39c1d4fa625", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493845, "uuid": "3ef3ee63-7f44-45c8-beab-f7691e12b599", "value": "T1B2252342A7E49532E0B95B7074F707C31E32BC229D7893273B469E0D4CB3A94A97176E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493845, "uuid": "cb1c5010-ca89-44db-ad91-26a326657824", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493845, "uuid": "05a6b79d-43f6-4510-b963-81789c6dcc2f", "value": "24576:iyuIommvlounuEcVLr1erCGmYqiLnBhuWj/38Wx9T:JuIoFvltuEmg5mYqi9hT/Me", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684493845, "uuid": "d587b772-eff9-48ca-a45b-bcf6778f3989", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684493845, "uuid": "4121e35a-2145-4b5c-b5b5-a4144e725dd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493845, "uuid": "fc087ee6-541c-445e-960e-e775d226c196", "value": "77fd8c8d5749cdf5102c7c0e07050866", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ede95454-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684500283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500283, "uuid": "80af9091-293c-4dbb-a006-583f7654b2f3", "comment": "Malware payload (AgentTesla)", "value": "a47faf7cb38ad735b20e84eba0891316", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500283, "uuid": "961b9945-53c5-467e-8f7b-37be03d3112f", "comment": "Malware payload (AgentTesla)", "value": "1a90138e87d6691efc22705cfd6b4003a434a5b55125b0c6663ef39206a501f1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500283, "uuid": "3153a568-0a47-4902-81d0-60c5b699252e", "comment": "Malware payload (AgentTesla)", "value": "b6d73ed96014c971309d3a287a2626f332a7cd59", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500283, "uuid": "39a658ae-faf1-48de-a5ca-aed5b972e9c6", "comment": "Malware payload (AgentTesla)", "value": "c5d9e23e3ae8132600da7742febc4489be998b5d4f061ec51e46985aed7d13584c2aefe816969e8735ede1e78e67aead", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500283, "uuid": "ce32dfbb-b09e-49f5-b111-a517df7259f8", "value": "T131159F801258ABD6D1771BF01C76EAB0077AAEED2124C2092EC77ED7B173F562256C4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500283, "uuid": "d6333805-6bcf-4075-aca2-d7f3f7dd7761", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500283, "uuid": "14229245-215c-4e31-9f0d-5c8dc79d373a", "value": "12288:FqBnLZvNKl1/tvMh1H2VvMYiC1FAwRpl/m8+GmGa:Fq93KlZtEhVy1Tl/sG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500283, "uuid": "8a8cb878-e199-41fe-bc4f-2357c16b70f0", "value": 937472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500283, "uuid": "19a70410-e01f-44fa-aa94-7a56e398eafd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500283, "uuid": "298a5a44-25a9-4270-869a-934865f9d776", "value": "Inquiry for products.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d1b0d79-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684499638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499638, "uuid": "7ee19df2-4744-4f4c-ab2c-f968153e9e91", "comment": "Malware payload (NetSupport)", "value": "ce1e7b3d978c78c930951a0cf447b68e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499638, "uuid": "f83b44cc-92ef-419e-82ae-2fc871e0a64a", "comment": "Malware payload (NetSupport)", "value": "1a9b3968a2f3a4ae0c9c51e6fc41a48829ac4a0fa118a7530c36715638ef0209", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499638, "uuid": "3bd707a4-eabd-42b1-b638-48cae7f7b526", "comment": "Malware payload (NetSupport)", "value": "3fb5daa6223b457f0a09c6796471661a0aeacc43", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499638, "uuid": "85d30344-4cd8-47e3-b9a2-1c3c2e23bc80", "comment": "Malware payload (NetSupport)", "value": "7f1e4c9cd04fbd19baec0971774b10cd4d0e9359f453987603a18007f053f8083360582824104883a9dd059250e3f8a5", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499638, "uuid": "5d87e7a7-dce6-44a1-bc8b-0e86ca698034", "value": "T18A0366C237E3F962064743753BA717A5E63CDC909986888CF0847898F5ADF3DF668489", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499638, "uuid": "6256db38-1cec-4f83-a3cf-a3e82aea28a6", "value": "768:S4JoaqEwcYFSWKf2evS5+/7f2DZl62ax92hDXOuqgeyI4I:SdaqEHWfevS5+LkZrax0hDXdqg5I4I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499638, "uuid": "6ace6c40-afe0-44d0-aaa5-371be1e020f6", "value": 38619, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499638, "uuid": "88067003-839f-4984-a7af-3a4a6c1b94d1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499638, "uuid": "2fbde1e0-7937-441e-b175-45afa77678f5", "value": "rechnung_3210.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "786bf16a-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513830, "uuid": "d72156be-1b94-476f-b3ca-2067f6a7dfe8", "comment": "Malware payload (Mirai)", "value": "f98e26cd5fef3984780a61f11d3e9298", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513830, "uuid": "05c5bb50-bf17-44b3-a614-ad8cbbb6e9ce", "comment": "Malware payload (Mirai)", "value": "1b3bce41f78bf98dde7032f282d7dd86a9bb3a09bc11fc0ca0e6928e1e162603", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513830, "uuid": "e85adec5-62b9-4967-ada4-7f080a80d7ea", "comment": "Malware payload (Mirai)", "value": "4f7bc7eb6b229d366504927f98f2d08c0387cac6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513830, "uuid": "42dbffef-3777-43d1-b808-e3706554898e", "comment": "Malware payload (Mirai)", "value": "e748088990675eb916361a9e137ca060d5c4196ffc95c829c0a18818de1d590bd02068b11a5037a59741e3d0efafccb1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513830, "uuid": "7af2ffd9-c325-4980-8a75-62bb494a11a2", "value": "T18B532A9AF801CD7DF81BD77B44570909B671B3D152835B3623A7BAA3BC731A81D22E81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513830, "uuid": "61f0ad66-9b5a-4eab-b414-6264fac02d78", "value": "1536:oh9h2SYOCRcih88HEb8++sRU7DHzEpoakjAC+:oh9hNYduihBQ+CUfk4AC+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513830, "uuid": "664416fa-5f6e-490b-88aa-a20c43cd4794", "value": 61276, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513830, "uuid": "3bfab64b-9664-4a50-ad9e-229bd50fa5bf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513830, "uuid": "65dbb9b8-ad97-48be-9868-3b3cdaa4e491", "value": "f98e26cd5fef3984780a61f11d3e9298", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57fcf42e-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497455, "uuid": "bc8e7224-91c2-43b1-87d6-bc603f2de218", "comment": "Malware payload (RedLineStealer)", "value": "e906a0f5e9fb93e4aaef52d8e2350e76", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497455, "uuid": "c1dc7341-74a2-4af0-92ca-212045997c72", "comment": "Malware payload (RedLineStealer)", "value": "1c0ec970743bf71ca929e8664836e86f480bcbfd68b50d47291661afb2d4b12b", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497455, "uuid": "735444e0-5295-4023-9008-e944e550f074", "comment": "Malware payload (RedLineStealer)", "value": "232d484c67dfdd114cc652fb50ad3a1564a2334f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497455, "uuid": "4c4197c7-2dfe-4b1e-b83d-84d9fcddadae", "comment": "Malware payload (RedLineStealer)", "value": "21683ffcc48e9d2f371154cd41d94681b4403a097c674d0e1ba47b9ff363651f43decb2652173db1f36741583ad2e3c5", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497455, "uuid": "a6cbbab2-1fe6-4ac5-b817-8df14c2138c2", "value": "T17E252313A7E88066E87407B04DF616D3037A7DA2AD74536B2B67246E1E733D0A13636F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497455, "uuid": "8a4ce5de-1040-48f0-926e-af54b742def1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497455, "uuid": "da49c160-3924-4d6d-b79b-c10520d08a3d", "value": "24576:Oynt55Qn3ME4PrHINtXFv3cYL2CGP7qQbZ3gu:d35Q3MFjHEJFvcuSzqkZw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497455, "uuid": "59c6de9f-ce2d-4624-9ab8-dd508f2a3f42", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497455, "uuid": "176d2b26-8204-457c-8b19-6192842613a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497455, "uuid": "b8c2771a-e326-4706-a3e0-e5551230f87a", "value": "35677.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c56250b6-f625-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Bancos)", "timestamp": 1684487760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487760, "uuid": "5b9da5e5-af37-4172-8a9d-7ddd4b0c9a81", "comment": "Malware payload (Bancos)", "value": "9a96657aeb42839919a39f9f780e1715", "object_relation": "md5", "Tag": [ { "name": "Bancos", "colour": "#836D4C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487760, "uuid": "9fd13b3d-5ed8-4c97-8603-4cd7e2bbe90b", "comment": "Malware payload (Bancos)", "value": "1c74dd43b3f3f5411711b781c09861abe488b192326969163453a257518c718a", "object_relation": "sha256", "Tag": [ { "name": "Bancos", "colour": "#836D4C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487760, "uuid": "4a597251-fa8d-4011-968c-60636b97828b", "comment": "Malware payload (Bancos)", "value": "b8dc019983dd697b4bdfe718043799e2ca291075", "object_relation": "sha1", "Tag": [ { "name": "Bancos", "colour": "#836D4C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487760, "uuid": "02c464ea-b0bd-4da1-9fa6-bf1d76a085ae", "comment": "Malware payload (Bancos)", "value": "8c9176e28b05f615505c659c9777f601f880113e6ee2a512a530823be2a7b9336b39c1255a979dc6ac3383f5e3c6b4b9", "object_relation": "sha3-384", "Tag": [ { "name": "Bancos", "colour": "#836D4C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487760, "uuid": "f6652122-490c-44da-b01d-38522ea924f6", "value": "T144D3C5137ADCBCE5D53556317777CBD0C72EED240AA0C95F22C4162A4A7C183B922BEA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487760, "uuid": "5a8ee916-7cdf-407a-bb42-52a6ed48cf64", "value": "29cae66b6fc85ea136b9cfa7c8e22452", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487760, "uuid": "91256e90-e85d-4df5-9333-7a31b8187bbf", "value": "3072:BwrUP/UX6DrhrvOGDdle9vXTbc+nR8OgrF:BhUMhrQDR8OgrF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487760, "uuid": "3fad811d-f27c-401c-8169-fdd5688e9287", "value": 132608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487760, "uuid": "11769d75-74d2-4a87-95de-0aa3eba96e8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487760, "uuid": "cee666ff-ab71-4606-9fd8-b0b79edea7b8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "650ceb0a-f62b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684490175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490175, "uuid": "61254fdc-e256-4dc2-b266-6a9d199d4d5d", "comment": "Malware payload", "value": "99d584088d1c742f855f1345dcf541d0", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490175, "uuid": "c0459523-3ec7-49fc-81f4-ca632ce864bc", "comment": "Malware payload", "value": "1cea0c4b1af9170b9ed2927f3b100d202bebd1b8e69ba1527336aaa6b2c0bffc", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490175, "uuid": "e0a3d66e-f946-411f-99fd-79daecee49d2", "comment": "Malware payload", "value": "2165512054a2d6d2bf77a4d04b04083a96d1d088", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490175, "uuid": "acdd3c7c-414e-408a-bd3b-6160521daa6c", "comment": "Malware payload", "value": "c08b60dda1dbe053d1925322567c029e5f72c986618b939719b2129a38d80b7fe2fa2a26ede06274d7caf302b7e49e36", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490175, "uuid": "89c90a30-1b71-4988-a32a-26f19de252c3", "value": "T1E93443D08B5528774B4B7E2A7738A4A5DBBD0EA182C8558BF54F3260F6CF68CD8D0721", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490175, "uuid": "c483676d-29e5-49d2-b58c-cede257bfe5c", "value": "3072:6CTJOlrO0OWTGhiY+oJZZ/kaI16SFpb1O3cg/leJ1ZKUiP/o/foUqhdIu91tu:6CTolrOHOGhiYF/6T1OV/9vu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684490175, "uuid": "e1345ed1-7222-4055-a496-532615049df6", "value": 235170, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684490175, "uuid": "b6852710-3ff4-45e2-96d9-d180b2457521", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490175, "uuid": "2bcb067c-aa08-4839-978d-38daea67fddd", "value": "Spspjzwm.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad182f50-f661-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513489, "uuid": "898b7789-174b-41dd-b611-0760d4b437c0", "comment": "Malware payload (Mirai)", "value": "d2d27a3861871df71df40309be063840", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513489, "uuid": "b283b63d-cdf7-4687-a1d0-cd54f251ffc1", "comment": "Malware payload (Mirai)", "value": "1cf86c8cbc9e8a8a0e8d8fa851b25922f9499a8af819fefd9db061aff17e7e92", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513489, "uuid": "ff5b01f1-51d1-4fe8-95fd-efecce164abf", "comment": "Malware payload (Mirai)", "value": "b017e0d23580fd8964b2befde395706b2f6870b7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513489, "uuid": "8d74f478-1ce8-47df-b627-d8de7df66dfb", "comment": "Malware payload (Mirai)", "value": "3eea3f847e24c1b5e4e662ea3368516a7cd58701e2a4d49ca90f37344873e1b801c7a161d7798daf1dcb77751c7cec28", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513489, "uuid": "8482691d-dd5f-46f0-a3d2-1043ad337b46", "value": "T1A963A51A6E628FEDF659833447B78E21AB5823D527D1D681E26CD6002F7034E641FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513489, "uuid": "a696689b-d161-4042-a4e2-196d7180e508", "value": "768:YaDrpAYA0od2i+mbXFd0gPG4Xom7QaQ2t4HtJWsbrH7IX1y/uFe3fCdwQAIG1:Y/GGpNPQDNHtVbPgVevCWQAd1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513489, "uuid": "45e49456-0194-46b8-b652-7ae752a9f62e", "value": 72284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513489, "uuid": "83f99c56-694a-4132-bb80-959e93edb69e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513489, "uuid": "96d6270e-d2bf-44d7-8cc7-e3ee4faa4e9a", "value": "d2d27a3861871df71df40309be063840", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c4d6376-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684515984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515984, "uuid": "fb80f8db-e964-49a6-bdcf-cf02dc757290", "comment": "Malware payload (Amadey)", "value": "25c99a585b4785e8af3a9ed927e0980d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515984, "uuid": "0a608799-b72e-46b7-9601-f7355fd3fff1", "comment": "Malware payload (Amadey)", "value": "1e089a52ab1ad4af6315f76cf999231e5e66f17a0d7db0a4f77f111af8b7b1a6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515984, "uuid": "6fda9ccd-0172-4d7a-9c63-ea873aeeb1f8", "comment": "Malware payload (Amadey)", "value": "512bc7ea4c5207fe8fe811f20621e73e64ebb324", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515984, "uuid": "82ef4850-6548-42f3-852b-f733e5e77111", "comment": "Malware payload (Amadey)", "value": "9709098af829401873f56dc8b3c86aad65e8eb6604bec812fa46185d359678b42e75a7dacb92bf1a1452f85e0ef7dceb", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515984, "uuid": "c3f3f7b2-688a-4279-ac00-bc607908ab1d", "value": "T107252363BBD841A6E9E91B705CF642870F367CB19D34C71B5BCAD80A18F264469313BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515984, "uuid": "ccd2fbed-8c4d-450f-8f1a-2e6f609fcf6c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515984, "uuid": "dc03f944-4be5-4dd5-bebf-c40877682958", "value": "24576:IyefXJvibhwdJnb4kNSnihevj3Q29tHIEBRu/OKTqu:PoXZ8wdJnb4mgcSjQSyOq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515984, "uuid": "762e9e0c-d5fb-4992-a151-cc90d07650ef", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515984, "uuid": "562bd98f-f38e-4f7f-a60d-3fb989ce757d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515984, "uuid": "00833493-d4f0-4890-af17-5ac8835e69fe", "value": "66234.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "083496b1-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1684473699, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473699, "uuid": "ad3b9308-d1c9-40b9-b61b-9249eba74d28", "comment": "Malware payload (njrat)", "value": "bacc4221cd4d6009fbabd8a7194bb07c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473699, "uuid": "8f094992-682a-48e5-a023-26fafe1cd476", "comment": "Malware payload (njrat)", "value": "1e39fa1f931865fbce1da5c91b4223683333335426733ad41c1bf050a82b44fe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473699, "uuid": "9305cf92-5743-4bcb-8bdf-86a2762a3385", "comment": "Malware payload (njrat)", "value": "feb85c565496e6e33ac90352816d35241aa689ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473699, "uuid": "2caeb6a1-4880-499e-81cc-c884e47766c8", "comment": "Malware payload (njrat)", "value": "32e5d8d0281e61b4e166720d944f0cbf71c1107bb03f439ca94fcbee916e5358bbfe7d9083a0e031276d9824054de818", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473699, "uuid": "72f9b8f4-9487-44c7-b703-9fb9b46c7d8d", "value": "T14413F84DB694E174D5FF8BF1B4A1B2890B71A017A806930F99F114D94FB3AC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473699, "uuid": "047c60fa-b5a8-49c5-9753-d56a2ef81cb2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473699, "uuid": "860a0181-e59d-4d2e-9762-ea2f6929ba6f", "value": "384:lZyuAFkV6Lk8y85LPjn1m0O6EES+0JKVHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnC2:vHAFksY5ebjn1m0Z2JK2uXQ/ojt2+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473699, "uuid": "d223f01b-5a96-4351-8392-f8f85173af7e", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473699, "uuid": "e1cd63c9-c0df-42eb-8c85-ee2721a421c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473699, "uuid": "8528543d-a604-4ae2-b1a2-12f50dd61849", "value": "bacc4221cd4d6009fbabd8a7194bb07c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cac1d67f-f643-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684500654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500654, "uuid": "7f088518-bac2-469d-8d7a-b86266e90762", "comment": "Malware payload (RedLineStealer)", "value": "42399e7d713c51791ad3834e729fbff3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500654, "uuid": "edf64e0a-bfa4-435b-b30e-22e5e4a8e61c", "comment": "Malware payload (RedLineStealer)", "value": "1e6feb0749b0cfffd2e085d364667c6040cf008a59b0831a74c82db2256055b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500654, "uuid": "ce072009-4cd5-4b1e-a2c7-c7c0fc492589", "comment": "Malware payload (RedLineStealer)", "value": "2fef7ef8f90c03e2605d68be8a0e3f2321cb4686", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500654, "uuid": "cab78fb5-d2a8-4e10-8a4a-6c01c2f02a35", "comment": "Malware payload (RedLineStealer)", "value": "c65cf66fd6273fa79b3ecb1889cafdbed648c561579a564ea6a680945ac3822bdbcf013d601dee3cc31ef4b1777a1a43", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500654, "uuid": "502370a5-fef2-4371-87f1-ff3f012c6634", "value": "T14F948D0393D1BD63EB1506728E2EC6E8765DF9518F0937D722186F5B18702E2CA7A372", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500654, "uuid": "8732b6df-9017-4983-b026-4c17870e8d29", "value": "33ad97a6371f251a2ce2085c8f9feaea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500654, "uuid": "e512a14c-e2dd-4e91-b4ad-3510909a03d3", "value": "6144:metbDi5WyruJ+pIylO1RBk3CzWR2NFrLNrkGwRtYR93Tu:BD03uCbO1RaCz1huRSDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500654, "uuid": "a3a4db81-c6b4-4939-a975-ffa555498c98", "value": 427520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500654, "uuid": "25fa093b-d115-4879-a41c-41a0ac00b074", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500654, "uuid": "5285e552-dbcb-40dc-a53d-8b950ae3fd9a", "value": "42399e7d713c51791ad3834e729fbff3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bd35735-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684499609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499609, "uuid": "09c533e9-aa92-4e48-a4ef-9324e150104b", "comment": "Malware payload (zgRAT)", "value": "8137783850b6ffb2cdffdf67c84b52a0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499609, "uuid": "f7f8be51-1fb9-471f-a036-df0504d31bb9", "comment": "Malware payload (zgRAT)", "value": "1e877c00c6dbfbbc1b6dbeb56e75831e3c323df57a5ce07288cb4ac52a613a93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499609, "uuid": "31e39246-cfa0-446c-9338-cf772c0dc3cd", "comment": "Malware payload (zgRAT)", "value": "5b4a109558c970e3de4d34f50d4b96241d708221", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499609, "uuid": "f69faecf-0c02-46a6-ad03-61927d8d06dc", "comment": "Malware payload (zgRAT)", "value": "e90cf6b98d2995b2b583f2bd4cfbaa85d43c98e3f5a308ad7e6b90e0f6b57ce3443bcf6fd2655b467df78c0e6f60cdf1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499609, "uuid": "bc8da0cc-fea0-48e8-8ca1-11a85ce92db9", "value": "T10874F14677E85B56D9894AB8C0E3063653F7A1CB3632F7853B4442C51E427E0CE9EB8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499609, "uuid": "6e0b6a0f-f317-43b9-84eb-d0d08e6c95e3", "value": "6144:/2Z/IGbqsXysEWgYF/FAOXJSQoaZcsojxy9AWmvHs3+Gwa8Fro16DcUz6vj5:u1L2sisPgYFWSSdVTw9nm03+G9cO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499609, "uuid": "bbebc88a-2b24-442c-b4cc-73209134eeff", "value": 354368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499609, "uuid": "c963913b-38a7-459d-abf3-603de9c0824d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499609, "uuid": "91865441-8471-40f2-b3b1-877e1f1df452", "value": "6th Order inquiry from Moshkfam-iran-83784839233440-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e3f985a-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1684516041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516041, "uuid": "8acb62b3-0854-4dbb-bb82-5e5cb2a17f04", "comment": "Malware payload (njrat)", "value": "d6b907a131586513531e26f54e424ef1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516041, "uuid": "6886715e-f872-4184-b2a5-ee7716cdf8a2", "comment": "Malware payload (njrat)", "value": "1edd9675ca9e84553106201aae3a98bdb2fd2ff8e6039af4478fe5af4fbfd995", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516041, "uuid": "fd02a5d1-82b7-49da-aafe-97d74de1c05a", "comment": "Malware payload (njrat)", "value": "dbd94a49ebcf17acf7aa27b0e7e37db8161d3fae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516041, "uuid": "d7877ddd-214f-4697-a239-1f562d439bc6", "comment": "Malware payload (njrat)", "value": "beea7782d9672b9cf19fb9257c98d1a036dd9ec71b67011c7a458f0f71a3e44c46a1923c02cbb0f7dc5ff40993c311e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516041, "uuid": "695dfdb2-88f2-4629-a933-151c63b28a47", "value": "T18B733A4877F54612D1BF0DB5897292220B36FC036926F76D09D174AA5FB36C08A09FB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516041, "uuid": "f6bc06c2-22cd-4418-9de2-3bdb97d62a4a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516041, "uuid": "f5bf0469-0b3a-4908-85ab-fe7b243410fe", "value": "1536:h5B+r0dODplS5wpOk3JCK6pFoO/d6fOpd/9nEh9TG6JgR:YQwpOk5CK6gO/9ES6Jg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516041, "uuid": "794fa17c-e8d9-486f-a4dd-9edecce724a0", "value": 79872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516041, "uuid": "fb31be3d-1bd0-42e0-87eb-16a0b562734a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516041, "uuid": "0423821f-ec32-448c-8bc8-f0bdd221d4fb", "value": "bMJj.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "552d53c0-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539970, "uuid": "fe3b5656-3bc8-4087-80e5-e7cddd96ef03", "comment": "Malware payload (Gafgyt)", "value": "c867d22f4bf99ceeb9ebf3c153c88416", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539970, "uuid": "e3f8eead-852a-4127-8d36-192aca7f9f3f", "comment": "Malware payload (Gafgyt)", "value": "1ef307fe40af8f9c2d9eac963e4310b04c1cf687fb051a919bee84340b149da4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539970, "uuid": "8411d610-386e-4c8f-a2df-676ac77d3f7c", "comment": "Malware payload (Gafgyt)", "value": "e7dc3baf115dc70766cd14de1242394d81a90981", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539970, "uuid": "bcda599c-5da7-4f79-aeaa-b398dea3dcb8", "comment": "Malware payload (Gafgyt)", "value": "2765a8ecf22c5ab6c41f27a5bcd33bb8ac56e26aa264f77be18ec6fdf0d6864aa7fc41bbd4e6f3b1f25c15c1db776503", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539970, "uuid": "7c5468ec-269c-4314-9859-a40d6dd95892", "value": "T1D7C3F945F845475BC2D327BAE74E438C37355E6897D73311AA38BDB42BF2B982D29120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539970, "uuid": "bab3ee12-afb6-4948-8122-40132422fbc7", "value": "3072:FDrS5Njub7G5Q3On0Ms3wZRmBoHQuQekQnYW:xSnu6Q+0Ms3KmBoHQuQekQnYW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539970, "uuid": "2a7bb990-6266-4846-9df4-b0ddd22145c3", "value": 120177, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539970, "uuid": "50edf4ee-b256-4fc6-b947-2bf15806f56f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539970, "uuid": "8b456863-c109-4863-a52a-a719b37c397d", "value": "c867d22f4bf99ceeb9ebf3c153c88416", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fcc36aa-f648-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684502488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502488, "uuid": "3c1ce7b2-f6f9-4fb7-a6f8-626129b72363", "comment": "Malware payload (NetSupport)", "value": "5618fad2dd16924e681e15c089f59d1c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502488, "uuid": "72bf7c22-ca80-4040-8907-30cbb76b7036", "comment": "Malware payload (NetSupport)", "value": "1fb5b7043cdc3f8a5344b172ffa0398df3c295b5c490c6da0b43bf200522cd0d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502488, "uuid": "7fdf1e9c-8b63-40df-86a5-56ebc7e3c91e", "comment": "Malware payload (NetSupport)", "value": "d8ac2ec10f7caadc706763c98d19953f3f17e6d8", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502488, "uuid": "99b23dda-a2d3-418e-9afa-68ae94569e97", "comment": "Malware payload (NetSupport)", "value": "d2d08f7c7bfb7f4fe4a28e45de4569d1caebec8bc388e8414b7fe713bbaa95ac8cfd8e9aa2737cfb43eb90761525ab76", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502488, "uuid": "3657c118-b766-4759-95ba-92177e34d51f", "value": "T13F2340C53AE2FC55595713B23B5769FAE739AD809189D8CCF0007C98F6AC93CB6E9084", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502488, "uuid": "63400f35-a348-4e2d-9dd8-8706085a0345", "value": "768:dhsmqfMvHGpK5Lqm4L/f/O8VFwL7f6/MVRPXD+rDpozmCRQtRjRWm0u:dhx5fGpKgmC/+8MWsR7+rjCR6lWm0u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684502488, "uuid": "8fa0ded6-ed53-41e8-acb6-29fa76f4a68b", "value": 49668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684502488, "uuid": "def4e941-9a99-4b1d-ad0a-58a94f9c5349", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502488, "uuid": "ac8940dd-c1c3-44db-9d23-ef518e962da7", "value": "rechn5130415.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cf42128-f69a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684537863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537863, "uuid": "4d2ebb07-fa20-4198-84a7-0ec197420ff9", "comment": "Malware payload (RedLineStealer)", "value": "f0ea1be1fe1a399b1329ba9e8ade826e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537863, "uuid": "b0cb48d1-3d8e-49e0-be0b-6c1c3b317346", "comment": "Malware payload (RedLineStealer)", "value": "1fd69f09311ce43388620c19162acd54b86701eea3112da066e3d905205ab223", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537863, "uuid": "60733ab4-d9de-46b0-a496-bfbb3ef51c22", "comment": "Malware payload (RedLineStealer)", "value": "c4edd74743b0760b97dd6b48cfce667ea420d0fd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537863, "uuid": "e2ff7443-d6dc-468c-a5a7-d26e47a2a9b1", "comment": "Malware payload (RedLineStealer)", "value": "7bd7ade6492d267fefd91ba0232d5c00a3bdef2a5c497a1a69a214119af6da20839c8e0ab1a48f4f12708b4ba7938699", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537863, "uuid": "a0fa12e0-141a-4089-bcd9-1a016ef3dbb8", "value": "T18B949E039291BC60E5225A718E6EC6F8761EF9508F9937DB2218AFEF14711F2E173316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537863, "uuid": "265d762d-1004-4c1f-b596-f01febe546cc", "value": "d3185d759d0419b7cf5b47864af3fc7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537863, "uuid": "82076206-4cb8-4b50-bae8-9a47bbb30ee5", "value": "6144:vDAxN3HMZd2LSaB/djkyIZIyjj1/DGocNOMuq1XEFqTd8:iHMZdQSe5IZ1Cnuq1XE6d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684537863, "uuid": "3880faa7-6392-4ec0-87a4-cef2d534d0c4", "value": 431616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684537863, "uuid": "833d896d-f39a-4226-8d18-21a554f8e593", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537863, "uuid": "41c7d233-a7b7-4406-ac34-0ac901740e74", "value": "f0ea1be1fe1a399b1329ba9e8ade826e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecc88c6c-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684512737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512737, "uuid": "232d8657-0942-4358-a6f6-122dcd2d5fc3", "comment": "Malware payload (Formbook)", "value": "e9d47eebafccb6fb20a3aebba95f663f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512737, "uuid": "3a444945-699f-4553-a72a-850c5e310b17", "comment": "Malware payload (Formbook)", "value": "1fe93bcce0611f7025ad13add45a4f37516a1e9b3f348e553fa27d184bf441c7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512737, "uuid": "bcb8f42b-1507-4dc3-8386-53e8e221300c", "comment": "Malware payload (Formbook)", "value": "26da35cd58eaa58a826c62e1d5148ba0141b14ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512737, "uuid": "a9c0314c-7822-4ce3-9182-94cf4a2c6130", "comment": "Malware payload (Formbook)", "value": "40b8829848870f013036696503ce14e6dab2f42d9cf19332f093e864535d99ce9fe128f949140b9b63e60374c8409f69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512737, "uuid": "f2021246-afd3-448f-bb8d-8ee4039b839d", "value": "T17405CFB062A5CB85E87A47F448A1D9B01777AD5DB434D28F0DDEBCDB32B7792012290B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512737, "uuid": "2de130a4-44d2-49e7-978d-9175ff334ac9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512737, "uuid": "898cfb69-1b5b-4d04-9940-e434e1789f2b", "value": "12288:kqBxfzjiQLz7/nYanj7nHa+Go2RiBhweZxp1JMuPRCYw5cCmMVen+D:kqnJzbYOj7n6+0Gjp1i2QYwNWE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512737, "uuid": "7b203133-101c-4853-8d64-a355c7b7b683", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512737, "uuid": "686f39f5-885c-48de-b9ae-68699040c3fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512737, "uuid": "77fef131-1d4b-44a5-8dae-7cb81f2e9a31", "value": "Hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "349c5202-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684473773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473773, "uuid": "df76bf01-0b87-447f-841a-f77715264f5b", "comment": "Malware payload (Loki)", "value": "0105e9d8f3750d37f4d39c7242e97128", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473773, "uuid": "9e7c14c5-6af8-4aa3-b4dc-471036934654", "comment": "Malware payload (Loki)", "value": "2075360d183bc285b081e1602bef5395973930a99383d06c74ffc6bf8e9665f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473773, "uuid": "94452570-1194-41cf-8865-2375a652a4a4", "comment": "Malware payload (Loki)", "value": "1e8a43bead76f283ea6d551818722b640122ccdb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473773, "uuid": "952dcf1c-1076-4844-9c4a-8118dbe1f8e0", "comment": "Malware payload (Loki)", "value": "8887ad98eedf3d661c73528731d87aae5fb7595cc4a6dbe7be4425979f2d888cad7e9ffb8f7f90a8b03ebafc67ab16ab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473773, "uuid": "26726e4a-b748-4d83-8a31-aa971a8a63cd", "value": "T15AB4D07451DE4694E00FCBB165BCFDB5427230E3AED9C9750725A284CE2BF642E88A4F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473773, "uuid": "bc7fde71-8907-4179-ae85-fb2529fe095e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473773, "uuid": "fbe64cc6-c4f7-4a89-94aa-6a89e965258b", "value": "12288:t3Dngv5btf/9OQsIk7j5XK+kDXxhSCAIkcVpkroci5:ZjcP3YQsDj5XKRzpJ+i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473773, "uuid": "2858c646-162d-40ef-8f73-6323def8ac11", "value": 534016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473773, "uuid": "09c221bf-7d2c-4f4a-ad3f-bd999542f9f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473773, "uuid": "cf5e2513-bb76-464e-80e0-bfb24020aae0", "value": "Awb# 8457108962.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "208bb534-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466868, "uuid": "7f277b08-70dd-464c-b120-9adde3dd1ef3", "comment": "Malware payload", "value": "9d3743388fa4dc406fb2044698358624", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466868, "uuid": "7ea1519e-8fe4-46da-8eea-3b6520cf706b", "comment": "Malware payload", "value": "207c16c800d0fc56be57b5490287331fbfd0796cb8a91d93b8831002eb8bae6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466868, "uuid": "19410230-e412-4535-ab20-a6b9868e9f0e", "comment": "Malware payload", "value": "c8be4cbb7abbd132bae7b6456aab4edcfd1f0968", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466868, "uuid": "ddfcf669-1c2c-4066-9845-ce4a65f34b92", "comment": "Malware payload", "value": "83e0a0b2125796c158b0703a378c89a2f04dfffc1f24a7a93e8c192414d1526c99b4f24e28562c36cf1e75ccc4241d03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466868, "uuid": "06bff0ae-5ade-4311-b5af-cfb57f937ef2", "value": "T1FD546B0376D5C832DBA4537609870F729579BD081E228A87BF18FEA9DD73321AE25347", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466868, "uuid": "39e766ac-ce23-42cc-b042-e757b06aca0c", "value": "53678c677de39d9c2180ada46d649f46", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466868, "uuid": "badae5d0-b967-47b5-bdf7-ddbd65b7319d", "value": "3072:7GpLRF0cZ/pngYKsj8GW42Rfi4BgST4IEsYuCTL9g1/SriBV5f+1ZpkPW9FV5q/j:7GniU/pnyxSF9hriBV52Kurezx88mj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466868, "uuid": "17664d4a-4839-44d3-83cb-0b0cea388bc1", "value": 294915, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466868, "uuid": "b6207c59-d1a6-4cda-9ac6-86c9e38f428e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466868, "uuid": "eb8367f2-ce52-421e-a878-5364c66360d7", "value": "SecuriteInfo.com.Win32.Malware.2101.19779", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b902b721-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684473995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473995, "uuid": "4153e8d1-1edd-4336-94f2-2b6dd198343b", "comment": "Malware payload (RedLineStealer)", "value": "680ebb6db8bcc784bd4d549a1efb6b22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473995, "uuid": "9f4ff86d-fd11-4a86-b319-4615f9c58d53", "comment": "Malware payload (RedLineStealer)", "value": "20c4d7a2370fa52189596321cccce902ebf0e2026b696b2346c5e0ca3bb04ce0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473995, "uuid": "3981050d-9602-4580-a505-ad24fc748ddd", "comment": "Malware payload (RedLineStealer)", "value": "9ffd5ff63ed88354ca73505409937608fe284f3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473995, "uuid": "111c37a6-1896-4fb9-8581-97407c677fe7", "comment": "Malware payload (RedLineStealer)", "value": "775e26ddfa6f9f23c35f587981c6b19ae1525970df9e0beb99a1585e68ffd3f6e990d0ea3ff6bcbd34f4450da5ae94f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473995, "uuid": "b0960be2-0991-4581-81bc-9e520485515a", "value": "T11F252313E9E59873D9B9277028FF06832B39FDE21E3CD2AB1145595B0D76284B43139B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473995, "uuid": "8ce90c25-c8b7-415c-ba3c-0aa6017b6852", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473995, "uuid": "b164be93-b979-43e1-9280-8e573c86fb75", "value": "24576:ZyohPiEC+r4/xHzC+VEvAh+T3r7RiiYMaCJz/Tx9C2g/:MIBkHzJVEvA6b7R1Jz/Tx9C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473995, "uuid": "5c8b6655-961b-4334-b464-7d27a1111170", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473995, "uuid": "13bea99c-e629-4233-8677-490f17d19aef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473995, "uuid": "cb676feb-367e-4a71-9ef5-eef191e0e258", "value": "680ebb6db8bcc784bd4d549a1efb6b22.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8333680-f5d9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684455150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455150, "uuid": "d2b91273-aca1-4d05-bc79-3059a8a86191", "comment": "Malware payload (RedLineStealer)", "value": "41c5a1325e6b1153979284219ca9cfb9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455150, "uuid": "e42d288a-900e-408e-b6a0-bf51423c325e", "comment": "Malware payload (RedLineStealer)", "value": "20f955288109b97cb28ba1126018206da55981bcf2fb7f8c3d0618a9c1a65fdc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455150, "uuid": "8ed0b517-c7ef-410a-b010-eec2a9fe926e", "comment": "Malware payload (RedLineStealer)", "value": "89f5dc5e6c39aa467e467580dd0804c40bf07430", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455150, "uuid": "915385d6-a389-4306-a5d3-d6d851553f93", "comment": "Malware payload (RedLineStealer)", "value": "8bcf4a11b5ec167bef13c05724721445025a3b36ccbf92516329d734f721839ef043a8de08f71844fab0a64af9fd795b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455150, "uuid": "0770af22-5466-4ab1-b7f0-3ba71c911574", "value": "T164643C0392F1BF62E5164F729D2EC2F8B7EEB9518F4927D762166A2B04712B2C573301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455150, "uuid": "14ef7381-30ce-4d86-8113-dfb0ea44aab3", "value": "c3945e210b1009128598ead2a7524d0f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455150, "uuid": "0d8a8923-1a9c-4019-88f9-20cde8376dea", "value": "3072:hLPslmahykpD1kL0rvh5nzMPijB3/MVgbwbHkXAEEKZtJCSdX8qT7IFB:5KmohD1kLMh5n46jBvMVgLEBWX8qTUF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455150, "uuid": "4c5f03f4-7721-481c-a1db-c91366d8e204", "value": 330752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455150, "uuid": "10ddbef2-f439-40ae-8424-7c14777a7684", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455150, "uuid": "d00a6f3a-9e23-404a-b0af-5999e3b9702e", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9375851-f65b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684510932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510932, "uuid": "692a811d-0f02-4f09-ac47-395991765e63", "comment": "Malware payload", "value": "4be08c29f3c6f427e507f77b1ddc7b4a", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510932, "uuid": "d1fc3715-6a84-452e-85b8-c96fde7d3a77", "comment": "Malware payload", "value": "210ce8755663f59b293a710b3c3c99e67764ff17abf9fc2106d93b8bb374a54a", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510932, "uuid": "89d52abf-89d9-47c4-882b-25f427dfcb13", "comment": "Malware payload", "value": "0eaf92b5b6eab958cee73c474a9051354950f82f", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510932, "uuid": "6ee10a2a-d844-414e-8922-356e60f25729", "comment": "Malware payload", "value": "94b2da88cd017de44895d21717e7ccd6b9f6acdca0a908cd3ea2c14fdd7e3eabadef534885164667b2e849eae99063d2", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510932, "uuid": "8b57cf98-0244-4603-a6b3-da8fcf31b504", "value": "T15663A8F75766B848CEEFF00675438E29B35730D79B5252DA171E0DC84B2988E79083BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510932, "uuid": "a0c28f72-b5e7-47ef-9099-7be60ca29947", "value": "1536:oJTM+tjo9T3ldPSQoeDkRON09WgiVyZXRjVgP1rDWtq:ozjo95hSQl/+Wgw5rD7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684510932, "uuid": "7ae56a4c-4105-48d1-96c6-d9024963cc7c", "value": 72820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684510932, "uuid": "c089a7b3-3a15-4e09-b404-a872c53bd056", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510932, "uuid": "cbed65d7-d6b2-4c3f-bd9b-38f60596833a", "value": "rech27dyzo.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af4f82e4-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516070, "uuid": "7fb5187c-6b0b-4aff-883b-611989d5d8ba", "comment": "Malware payload (RedLineStealer)", "value": "f889e3f9074c4c1b8631c49e226455bd", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516070, "uuid": "7f4574c2-0d3e-4a37-8d8e-4111a1910150", "comment": "Malware payload (RedLineStealer)", "value": "2114192d7bb5090716f59843f6fdb3602b7f1c5c01d8389d4066705fc77aae2f", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516070, "uuid": "16ef1199-dcb8-4ca9-8777-ff94263afa09", "comment": "Malware payload (RedLineStealer)", "value": "6bf4d2d572b77a9f3a3400f217ecd04e42cc4d8b", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516070, "uuid": "7c9f5ad2-5777-4177-95fe-4f219056f7b4", "comment": "Malware payload (RedLineStealer)", "value": "c799522b0310c5bd916dcad0f5c84d8467996119b2d5bdbd44504b0774166df1ea57fdf18031ea3d716d67ff32e2d833", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516070, "uuid": "254370cb-4092-4716-9e7d-1ccbf6b82e55", "value": "T1AAE3C524279F8934D67B4E3DACB19CC076BCEC12A542D74A4ECCF1593A73B809B116B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516070, "uuid": "db8107bd-492c-4e3f-a327-d011210edf92", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516070, "uuid": "65748045-8654-4472-b742-41a274dfddb7", "value": "3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516070, "uuid": "a8e769e8-acd3-418c-b4e0-10bd34f59832", "value": 148748, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516070, "uuid": "d88b0f2a-ae69-4602-adc5-535302f6ce0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516070, "uuid": "ad3ce766-da00-432b-8404-5a2ba6cf0c44", "value": "driver.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f710d1e-f676-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684522485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522485, "uuid": "188002ee-2860-4815-aca8-efd5ca480027", "comment": "Malware payload (BumbleBee)", "value": "04b1a150ab7c62f05f9ca4f51ed35dfa", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522485, "uuid": "30870df5-6ca7-4cec-bb7f-2418b6096c44", "comment": "Malware payload (BumbleBee)", "value": "219a7f3e1916e74de7c3a9467041f60cf9b0c6a44d25cf056d97c6e2a69f8da5", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522485, "uuid": "a492634d-cc82-42c0-ab20-10b0819db182", "comment": "Malware payload (BumbleBee)", "value": "e8dbe54b7b013b081a866fd315a5e21960177586", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522485, "uuid": "7595f4db-ebe3-4906-9db2-2622e21ecd78", "comment": "Malware payload (BumbleBee)", "value": "3dcdcb864c61c8579cb715972b7aef40d9d28fa8fa678291df6f381716ef763dad113b4edf271a25a9f6c3de555fa5c1", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522485, "uuid": "519286ec-0636-4dd4-bc8f-65116df380e8", "value": "T1CD45E011E6920FE4C47651B681AB263FBB347E194328D377ABC0D2377D927E05F1AA60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522485, "uuid": "82a43fa8-8303-46a1-8366-6d563d2e4ea4", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522485, "uuid": "369a2d42-e781-41b4-820e-6fd897ebaedf", "value": "24576:G2+iTnzomLqXkjqxUuSgX9ZpzVgAf7UC0xscSAmK+Cw9Cj:/nHPI48uH+CwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522485, "uuid": "8dfd129d-4c9d-46a2-8a17-236fb4502d26", "value": 1223180, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522485, "uuid": "69f224e7-226c-4be8-a055-bc41ef1ea5ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522485, "uuid": "ac793246-e6ca-4d2a-aa41-1cf46b6e871e", "value": "04b1a150ab7c62f05f9ca4f51ed35dfa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03976a8a-f68c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531673, "uuid": "36b215c3-9e49-401e-b5ad-9781fac5e67d", "comment": "Malware payload (Mirai)", "value": "23e790be554c3ef2e8d94ef92699416d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531673, "uuid": "1f925bf4-1a2c-4b63-b1e8-8076cc320d0f", "comment": "Malware payload (Mirai)", "value": "21a683b445ee3093e2ac59fa117eec12fb86082a9707524bc7c0e7ff16d281ea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531673, "uuid": "f3c96499-e1c5-43b9-a44c-042e2cc81906", "comment": "Malware payload (Mirai)", "value": "3c5ae624c9636d9014f52a63ba4b0237777dc1ae", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531673, "uuid": "c0c070db-224f-44fd-a21e-44d592b27d1d", "comment": "Malware payload (Mirai)", "value": "506beefb89a8412c3f3d7741c40833812c382197a32a554525a107723b057e622f9475b347c3e3e9d98431b0040df7fa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531673, "uuid": "c8298502-9d72-4d68-92b5-f70c888868ba", "value": "T13FB36B63DC216E28C624D4B4B0718F792B9352A581871FBE56B7C2748483C8EF616FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531673, "uuid": "d3949e25-d6ee-49ef-8872-fcc3c445a383", "value": "1536:hLeuWTN9THeC0NKgBZS7CRD3ioUGDTWxPKRYL/rr5hRGKs5:hauWTN9T+FUguK3iovTWVKW/rr5h+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531673, "uuid": "21fc8b68-182d-4443-9d63-f056c857bf75", "value": 117404, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531673, "uuid": "cf8e54f4-125f-4a58-bab5-ee5d66403cbc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531673, "uuid": "38e3b9d2-f463-4e7f-a4f4-a9e07d76947c", "value": "23e790be554c3ef2e8d94ef92699416d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2289410-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684489553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489553, "uuid": "808b30f6-1e3a-4bcb-b3d6-903107da01f9", "comment": "Malware payload (Gozi)", "value": "f4756e8439833f67c6d62cb06b7817fe", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489553, "uuid": "5a867d73-25bc-4f58-9f3f-8d3daf215c86", "comment": "Malware payload (Gozi)", "value": "21c2aa44f853b35566bb5fbe52a38d921a8f30a6a23f3eab118e8707ebb46d97", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489553, "uuid": "776859f8-83b8-42f1-81e8-b87fc35a278f", "comment": "Malware payload (Gozi)", "value": "033c98dcb61078d2f90a30f99270ec68ee2db4b7", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489553, "uuid": "cc3a047a-2325-4e0d-b063-c8fc9cffc530", "comment": "Malware payload (Gozi)", "value": "c2c648f6df92efdf82c1d981be8a8a7d209045cd01d63a8ccf2b214e0354221cf54a0491ca326191dcf7f638f3c2b6be", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489553, "uuid": "4964c2b2-d092-403f-8f21-8bccbbf54b30", "value": "T17D7368C41A666494A733A1BAB665DCA0E7661E3783C41E8BFD7C7418FFF550CC9A0832", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489553, "uuid": "284fc2eb-6e36-48dd-b677-c2776822c3dd", "value": "1536:CVcbnCM4RftXJucI9+XD27vEAOmLK8X8+CtiB:t54VtXME9GBmiB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489553, "uuid": "8a1b933b-c89c-4120-99e0-d1e82bacdacc", "value": 76863, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489553, "uuid": "086b9d40-528f-4fe2-853d-78f19b8b5906", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489553, "uuid": "84c553ed-0213-44a1-8b0f-a91fe6070902", "value": "1 Total New Invoices - Wednesday May 17 2023_1066.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b088c9d9-f619-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684482571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482571, "uuid": "31a15d7b-1715-4e44-9650-e7adb1963c8b", "comment": "Malware payload (RedLineStealer)", "value": "bd5a9f307662a0cf1d3eaa419cd26852", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482571, "uuid": "40692d2c-56fb-4371-8d8d-0cb87583ad5a", "comment": "Malware payload (RedLineStealer)", "value": "21dbf6bf5538fa5b4eee4eefc8f612261ae0591eeacfd3aad25a2771bf1717e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482571, "uuid": "acc301a6-098f-4fbe-8dd1-44e83db143b5", "comment": "Malware payload (RedLineStealer)", "value": "7fea1bdf6a058b1fcccd4a815542ca9d7c040a3d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482571, "uuid": "181e54d2-929f-45e1-a31e-f4a091c10af8", "comment": "Malware payload (RedLineStealer)", "value": "baee45f656cccebf61c4969dc88de3ee992a21ace4677a46b6599ac5aa7b16905b379710023e531a56cedc4bce07053f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482571, "uuid": "6aee44cb-40f1-4fc8-af8a-034aa09fd554", "value": "T14E64F112FBD98072E8F11BB058FB12830F357CA16DB8836B2789A95A5C735D0A57173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482571, "uuid": "7c6d47ca-6fbb-4745-a5e7-c05d5b5a1334", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482571, "uuid": "9f99f03f-f21e-4f23-bc69-3059389d6089", "value": "6144:KAy+bnr+pp0yN90QEQS/DXfmp3udzQTBmLqtMqFYwtWphwJQ:IMrNy90DbXfBWTRDC/phcQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482571, "uuid": "d287bf5f-1b2a-4c9d-b5a3-9fdb04024f43", "value": 312832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482571, "uuid": "1ba69f1a-ca44-42f1-9cdf-e54b2d013d36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482571, "uuid": "997c5901-5338-415d-b096-46f77bb5db4b", "value": "bd5a9f307662a0cf1d3eaa419cd26852", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2985470-f676-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684522518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522518, "uuid": "fa9db904-f418-468d-89ea-541bf326000d", "comment": "Malware payload (BumbleBee)", "value": "7d8d9b5bb5050b09cfaed29bd22e5294", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522518, "uuid": "890edf31-dc2b-4b6b-97cc-7d9677e25ba4", "comment": "Malware payload (BumbleBee)", "value": "22660e6687461301bbf29d313ecc4d4bc926651698cc0b145d7844e3115900b4", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522518, "uuid": "9b925a41-69d2-4261-8f8f-cb133ed5a854", "comment": "Malware payload (BumbleBee)", "value": "d15e9bdb472e7ce7465e7558c4cbb86472ff5b00", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522518, "uuid": "b858496a-4c14-4934-8f66-24272d0c3d75", "comment": "Malware payload (BumbleBee)", "value": "ce4780c7ce6ea709485bdabbf46e3a7ed43bb45e6af89f6dd8346dc95a5991256354019641839dc7727299afc1a74d93", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522518, "uuid": "dde67000-49d8-4d58-a36c-460f844abd89", "value": "T1FC45F121E2A25FF8D476517680AB252FBB303E6D0724D377ABC0C2377D927E45B166A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522518, "uuid": "0ceb1562-2e4f-433b-84b8-9fa7cfd2e659", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522518, "uuid": "a67a8aa1-9bf9-4c10-9dbd-d6f31005602b", "value": "24576:N+mCtzPnhINJR1anNEDf4iKOosHu5Yl1qaZ+f7avUp0oq:mmrdT4iKn5YnZA0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522518, "uuid": "c08eaa59-0dac-46d8-9e9d-a2818a917b04", "value": 1223698, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522518, "uuid": "7894049d-9c1c-4789-a6d6-164d26103f5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522518, "uuid": "00169462-79ff-4013-ac16-61b92d4a9ee4", "value": "7d8d9b5bb5050b09cfaed29bd22e5294", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c9bcdbd-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524440, "uuid": "a6f77b97-7f82-45d9-b066-2bce6342722b", "comment": "Malware payload (Amadey)", "value": "9f35e4a8c5e39f5d6216a24e4651ad48", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524440, "uuid": "043d2061-9474-4f49-ae77-cb78dc866368", "comment": "Malware payload (Amadey)", "value": "22c5d55c7f96265947557cbba4e85692b3a6f89e60e6aae051af5aa473cedc89", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524440, "uuid": "882d3ce3-002d-4036-9425-43c1534c41de", "comment": "Malware payload (Amadey)", "value": "3a4cafd13170b27cfaaf0bc811b915dfc190371d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524440, "uuid": "337cf59b-e6eb-4b96-aaeb-fba6952f479c", "comment": "Malware payload (Amadey)", "value": "ff7275b2ce6870654a254c74efc1ccf4220320b300972a56a48716ae1be1a5fc3c77d30f0fa7c10694385be132460371", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524440, "uuid": "d6767755-7a8a-4509-a42b-bd6579c1fd6e", "value": "T1922523526BE85026C9B66BB11CFA17C30E3C3C716D7846FB2A41AD9E0D73A8071B2757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524440, "uuid": "3f7acf1a-46ae-47b2-a417-5dcd802bb1b4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524440, "uuid": "3c64ba72-0281-4dd6-a866-ac3c7d425ed1", "value": "12288:ZMrpy90e2i7edRpENLz/fXAWfkPLN2tjMPUSG0uWH20kMugicc8nu+bIMY/OFSLm:UyEONLronM1F0W0zdiYu+bIMEO8Lm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524440, "uuid": "9c198d2b-d934-4a9f-b7b8-713f2be5c9cf", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524440, "uuid": "022bf395-14ef-4abc-9213-3d46854360e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524440, "uuid": "2611a6bb-0042-40ab-86ec-c61346bdc0f3", "value": "payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad2a918f-f674-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521650, "uuid": "2b20bd18-b786-49cb-8614-e3354d2d4b0e", "comment": "Malware payload (RedLineStealer)", "value": "d925e7c3d862bd903616413b0f0cfaa0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521650, "uuid": "fb1a1683-c5f3-422c-81ed-0152d81913b7", "comment": "Malware payload (RedLineStealer)", "value": "24fff181a2a9cb8796b581db6cca66f1945eda1f8e1c835a53719ec6bc4714d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521650, "uuid": "46e22694-c664-4f2b-9adf-4b66ad92a7b0", "comment": "Malware payload (RedLineStealer)", "value": "5a7f7c9800e2415bd374e99b988faed66cb14cc3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521650, "uuid": "1aae5483-59c7-4cd6-89c7-65c3e17c5f96", "comment": "Malware payload (RedLineStealer)", "value": "69bbef3695c5d426ac1af012a5bc1b87fe6ee946efcc098fd5ccb511f21f141629adbd57d161f57060e6f4522ce241e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521650, "uuid": "2cc14b9d-a6f5-402c-b129-dda4e867c3ee", "value": "T1E02523166BC9C8B1DD722B305CF22783097ABC51E97182676745E95A0EB3B80AC3537F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521650, "uuid": "13eae2c4-a45c-44b4-8641-12f085574481", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521650, "uuid": "99008d7a-8b94-495e-b936-97d8d6155770", "value": "24576:zyNjpM28OHHjyWeIuOY5TwvMKr98qV+JRG+zejSnQAtIozNW:GNpYOHDwIDYcdy3PejTAtIoz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521650, "uuid": "f5976b3b-fb40-475a-898b-dceea52630dd", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521650, "uuid": "d2ab98c5-dd02-4df4-81dd-304d41e8f1fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521650, "uuid": "47b85a87-b6f8-4b26-b926-0c8ce3ac4802", "value": "d925e7c3d862bd903616413b0f0cfaa0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c522a43e-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531139, "uuid": "867f897f-b095-42aa-9784-76d1547a81ed", "comment": "Malware payload (Mirai)", "value": "e97f9b96dc43a04aeb9345c4fd87d55e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531139, "uuid": "44b67ce6-f570-4d58-b220-01e5bbcd0140", "comment": "Malware payload (Mirai)", "value": "255856e8579a84e58878b2001e0173fc6b2117fc55feaff78bcc92eba76839b1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531139, "uuid": "e1dd9df3-e634-4432-81f2-3eb9ced1371d", "comment": "Malware payload (Mirai)", "value": "b2cc2238b05362153a34aafba42780164ab9490e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531139, "uuid": "dbf4843f-a3cb-4f28-a58c-941b78042d96", "comment": "Malware payload (Mirai)", "value": "30af3b42acfc32a63583c2758fb61ba757ef81d62d311c0708af5b2787660a5d3f136ed5be4dcff6579c4dcc69b22f51", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531139, "uuid": "5f31bd4e-cc7e-4868-b2ec-8d0b65f09135", "value": "T1D2438D33DA0A2D14C14A867030788E757B13E1C842E67EBA59E5C2BAD443A9DF949FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531139, "uuid": "4d01d146-3872-49c9-b82a-70cce2f29559", "value": "1536:MjatoKHoQ1h3xgFYaT0KNT5KBz747vsIlsCk7wbZnNK:8moKIQ1UFYg7Ncz74Psx7wbZnNK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531139, "uuid": "2f5abe7f-6dfc-4900-b3b6-d14e13933a4e", "value": 60324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531139, "uuid": "cfe2bad2-3c58-487a-979d-0bd31d5ab3d0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531139, "uuid": "49e9da31-3573-4c6c-8b41-bde5b757eaf7", "value": "e97f9b96dc43a04aeb9345c4fd87d55e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a0edca8-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684533965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533965, "uuid": "56994f96-6cd5-495a-a71b-a64905facdba", "comment": "Malware payload", "value": "a6832b07116f3615db1f9ed98ec11702", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533965, "uuid": "b84b9bdc-d8a1-4a3b-a86d-bc76927dd66a", "comment": "Malware payload", "value": "256a27a4d6c511d18dde57ccc8d1db4db17dceeeb368f04f73de79a0b472f346", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533965, "uuid": "019ba3c1-b511-439c-a78a-3ea9b4216c7a", "comment": "Malware payload", "value": "9a150f30fdf88454238b78bd9339a0d4a3e2b2d1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533965, "uuid": "51e70e96-fbf2-4db6-96da-6a9955345bb4", "comment": "Malware payload", "value": "5eca1eb7db89ff30ca3490cd0a854adb026bf8071ae1a93b47b0db994386a90c229fc320d46995b50933c8c360625c75", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533965, "uuid": "61c74976-a625-499a-992a-939a9def8d8b", "value": "T12A562913BE18D71EC62522345EB2CEA4672A1C8A86D6A517B345F309B8F10BC5D6FCF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533965, "uuid": "86dca640-6c59-483e-ba34-00862d152105", "value": "49152:vj2ikDKMeT6zKjTmB+dGpawj/mNGZWtaan757Hhu/BQ37A78dWLilulp73RbGogV:LuLiWQPf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533965, "uuid": "e2dbfc9d-3e3f-4e02-80fc-a5e02aac4620", "value": 5898240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533965, "uuid": "8f236dd9-63d3-4d05-8c70-9a5a4fd03043", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533965, "uuid": "a0cb80f4-363f-4d0b-9ba7-f6129f021caf", "value": "a6832b07116f3615db1f9ed98ec11702", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6556b7a-f63f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1684498928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498928, "uuid": "acf39030-61c6-4dac-9a30-3f82ad257584", "comment": "Malware payload (ArkeiStealer)", "value": "c5ff3598d1fed69ca0a888c916508929", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "c5ff3598d1fed69ca0a888c916508929", "colour": "#7FA93C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498928, "uuid": "ffa2937c-0636-4f94-b860-194a9cb3f833", "comment": "Malware payload (ArkeiStealer)", "value": "26d83413c54af6d99ff06a2cc8a2d2c3f3c4bd1833263705511ec2ac3341b960", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "c5ff3598d1fed69ca0a888c916508929", "colour": "#7FA93C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498928, "uuid": "8ca3f687-bad1-469c-9639-40934c8f044c", "comment": "Malware payload (ArkeiStealer)", "value": "6e33e20da73eb1abf70faa75221964bf7271531b", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "c5ff3598d1fed69ca0a888c916508929", "colour": "#7FA93C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498928, "uuid": "282497c0-bcf6-41e6-9b3b-9abd4a02a24e", "comment": "Malware payload (ArkeiStealer)", "value": "ce45d9531d17c3f21e93c6d5f27b186346a197b150a85e6f30ac9db92758dfbc0798b6e003ff70bac6180e3d98f85716", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "c5ff3598d1fed69ca0a888c916508929", "colour": "#7FA93C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498928, "uuid": "0e03179b-be43-4f8f-a4db-9257aa0201d9", "value": "T1B8947D0392E1BC53EB5586729E1EC6F8769EF9504F0937D722146E6B18702A2C97E332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498928, "uuid": "30df2ed5-305a-417b-86c2-82be7dd510d4", "value": "52052f823a75c3e49d6f33c06369892a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498928, "uuid": "fa30e08d-d2aa-4bca-91a1-5ff3ce347933", "value": "6144:2XJislWexm1e2+USsC6QTFT3KxIlb0D3UrQhhvkETo3tpTSQP893Tu:fs4T1H+UI6ABKKlAD3Urghnk9pTZ0Du", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498928, "uuid": "a81d0203-a46f-4116-a3f1-d204b6ff1b4a", "value": 445952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498928, "uuid": "917622eb-4c53-4d94-a949-b06e79d47867", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498928, "uuid": "6500c482-1616-476f-baa7-b554bb358cee", "value": "c5ff3598d1fed69ca0a888c916508929", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf59e81c-f62a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1684489924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489924, "uuid": "2c0ac2f1-9b8a-4d77-b2a8-8926faec255b", "comment": "Malware payload (GCleaner)", "value": "21321336c670d1b96295499d7697c105", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489924, "uuid": "42d6b40d-f7b8-422a-8e4b-7cd3a3cf4650", "comment": "Malware payload (GCleaner)", "value": "28298b9302a467ad92b509e1a961e5d98a5179f9cec7cebd1cfe50e844506a77", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489924, "uuid": "eb1d622e-df5a-4e91-a39b-28a5c98cd105", "comment": "Malware payload (GCleaner)", "value": "9ceaf33034147557c938e4f658ee2a054260c507", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489924, "uuid": "cbac3000-1bf6-4170-b1a0-cd13972bb167", "comment": "Malware payload (GCleaner)", "value": "e1c6d12133d140efbceb9cf1fecd5ab197af4a9b219ce8326b332aabaa3f52972e6da5672fe063711c35ebb85e487bf6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489924, "uuid": "ad7dc46e-359b-4f25-b352-19f0d559aa86", "value": "T16B953318A4968175E1738BB4BF3891A7D5313BE2815A4A1C760B4D5B4FBF640AC8F32F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489924, "uuid": "eabfa662-3e6b-4fdf-9ff9-6a3ad05e5513", "value": "e92b45c54aa05ec107d5ef90662e6b33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489924, "uuid": "4276b02f-8a57-436f-bae1-9a31e1aad563", "value": "49152:KiJ6hloLsJLD7cAKYQ0E7OtjjgfKs8wuV:KiQhyLsJn79vAOtjGFI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489924, "uuid": "ec940033-d69e-40c2-bf13-7065e89d5349", "value": 2026537, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489924, "uuid": "9272fb58-5edb-4552-9e15-c23e4ee4e45c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489924, "uuid": "ae447145-3d9a-46f1-acc6-2b2d5c7612a3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13c22f34-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525687, "uuid": "91335492-48ed-4061-ab8d-5fd841b56e02", "comment": "Malware payload (Mirai)", "value": "7e0d201116e6493e479f0fc03151e8d3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525687, "uuid": "1280f64a-178b-405c-acc0-31512602e02f", "comment": "Malware payload (Mirai)", "value": "2848a2f1f1bf225423d059cd42da8ec2a197f14c890f5b38e232c307385f8deb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525687, "uuid": "d6d9f7f1-008e-42c3-a0ca-7d024c1b2996", "comment": "Malware payload (Mirai)", "value": "5418a3c78831e7679b3aeadbc75986ee9926a3fc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525687, "uuid": "3b67fb02-7061-411e-b85e-97352621239d", "comment": "Malware payload (Mirai)", "value": "c1ceefff9d22e785c6f97742f8ca4355911bdb6d579519cea440c1083a8496650383909da13ba6e460b5243e22e6c538", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525687, "uuid": "8c6d9f4c-9f1f-4b1e-8307-5dd8d679fbe5", "value": "T19AB2D011D5E85D92E6BB7EF05F51F3C872E2AFC63616C8704187BA532706439A209AE2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525687, "uuid": "66975715-3bb7-4301-a468-5c8c983130ea", "value": "768:l59etzhcQYRzMn461aZTnByvzcz1kPA4uVcqgw09f:39Oz6vRzMnV1aZozczKY4u+qgw09f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525687, "uuid": "54f4831c-642f-4b01-aeb5-9b9feca0c5fd", "value": 25684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525687, "uuid": "3437ed93-7c73-4c0a-9af3-68e8f0c8b4f9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525687, "uuid": "0d536235-f9c2-46e6-a45c-38293c68e0b7", "value": "7e0d201116e6493e479f0fc03151e8d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07138001-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684487870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487870, "uuid": "36af1e03-2db5-4368-88df-d13736b0524d", "comment": "Malware payload", "value": "a35c4b4d5131700109a8bed5fc99f4cf", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487870, "uuid": "c1440e04-d97b-4f33-8b93-f0ac52d7066a", "comment": "Malware payload", "value": "2875b9f0a86fef0c523c249447532a8324f028dcdbb10f5762a2ce16456e6cb1", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487870, "uuid": "9b1b4ed5-af45-4cad-a9e2-6a7ab5b8207f", "comment": "Malware payload", "value": "c445726dd962f9eb2771041db5c2f10f65fc3cc3", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487870, "uuid": "70815794-77cd-435a-a17e-bbf17203eb19", "comment": "Malware payload", "value": "0eeac481879d1947c1426ec1f6f753cbf2118e3ca4bdf1e0f189cda97f48ac07b425054a07774be4f2446d1fa9cdd842", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487870, "uuid": "ae163b3c-5e9f-45df-9c68-aa81b93461ac", "value": "T121939DE02B4CA8F1D68E9BB39119598C02393577BE8625CC704EB7D53B7F25D8E0C8A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487870, "uuid": "29fdd361-6793-45e5-8d28-b697bf30148a", "value": "1536:Y84AZPfIRqUeS9tjpa7cN7T243Yrk5LA6PT2LA6rO2LcxV4SVT:08PQ9tm4xsc9T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487870, "uuid": "3908c3c1-0ac9-402d-ba52-549e67f22935", "value": 93474, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487870, "uuid": "2200eed2-5d52-4eca-a418-a714087a36db", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487870, "uuid": "ad61e723-29b7-40d3-909a-5a586cbb6949", "value": "Order N\ufffd TM23-5-18.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2987c6a3-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684532166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532166, "uuid": "8bfb3c8a-a29b-4b8d-8c1b-ed18723e3b2a", "comment": "Malware payload (RedLineStealer)", "value": "70e7d83cc1d771db9299070e1fdc7e1b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532166, "uuid": "1859a91e-f92b-4173-8d55-c1bab05be3c5", "comment": "Malware payload (RedLineStealer)", "value": "28da267cd03efdfd51d9580f406b4e79549b535747817b1d285a549a247258b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532166, "uuid": "4621dd13-42d4-4c57-8477-68ff5be12e8c", "comment": "Malware payload (RedLineStealer)", "value": "a734f5ebb21613c238a6221a58f2f41d10df6b2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532166, "uuid": "f6ab1ffe-f052-41f4-b4ec-bdfddc32da01", "comment": "Malware payload (RedLineStealer)", "value": "bcf15f5b342fbcf4f9ebeaa72eff6d3c3dd7cb21a9a9513f19ccfef63568740daa91b4e81e3e8fabd731ccc23ae7095a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532166, "uuid": "d1492865-b4ab-403e-a987-9daab0048c2a", "value": "T14A948D039291FC61E629567A8E2ECAF8761DF4518F0937DB2218AEEF14711E2C57331E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532166, "uuid": "705ceee7-5c4c-4041-812c-cee62a2b8cb8", "value": "d3185d759d0419b7cf5b47864af3fc7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532166, "uuid": "7c22c943-f14e-4df6-a0f7-71944da0c1bb", "value": "6144:dEgxNX8Mjcgu1NSGWl+g3Us6CxN0Kh3T4DDp2/fqT+8:J8MjcyGFg3UEOKyXi6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532166, "uuid": "7abefcee-b054-430d-bf6b-1449a8c95a1b", "value": 431616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532166, "uuid": "05b37b94-7a9d-470b-ad23-5354d97ce6b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532166, "uuid": "13cb1703-c4a3-4073-bb3b-62aff619cebb", "value": "70e7d83cc1d771db9299070e1fdc7e1b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec2c9dd5-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684489113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489113, "uuid": "2ed63c23-f1c5-4d98-8521-25d68d08c9a8", "comment": "Malware payload (AgentTesla)", "value": "88c5435dbc3e3595772e1ffa0d395a8c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489113, "uuid": "45c37f45-83eb-49b3-a1c3-f0522d0d4cdf", "comment": "Malware payload (AgentTesla)", "value": "28ea321d0766b761cc437255126669b48379616da7b524d35d6c944868fd3268", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489113, "uuid": "a5482968-5212-4432-8f69-16bfdfee7f71", "comment": "Malware payload (AgentTesla)", "value": "017400d36bd0e1c3968dc58388b59b9ab2a9ed08", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489113, "uuid": "5583bf8e-ae46-4a1f-8449-4b2ea2325ac2", "comment": "Malware payload (AgentTesla)", "value": "cca89ede906599e5a9e281daa08ba42a3e2bfaf29734a6fbb610d4070c2d431a5715b065dd0933ee5b928c852d231f81", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489113, "uuid": "413560dc-6c88-4bb4-ba00-a182bb1848cc", "value": "T138735CF9278C4D3EFAF91AB6E87540808BFABD599862FF0F444938562F33B4105621D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489113, "uuid": "a6b3fcfd-dbea-4139-8d44-c49f2e9d6441", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489113, "uuid": "9fdec775-31d0-4cd7-993d-45031876a0bf", "value": "1536:l1tSBPzt+BX2pkFMDsOWImRgQ23Vhqt14:kPzYADsimu3zy14", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489113, "uuid": "9203d2fc-4f0a-4bdc-8daf-83ad919a6211", "value": 79360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489113, "uuid": "ec5220c4-fdbd-4b09-84ea-05831a9c87f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489113, "uuid": "4d947d5f-8d47-479c-98dc-630a025a5282", "value": "New Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5570ff5-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684488162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488162, "uuid": "c9477bef-03e2-45d9-ba92-778ebda141d8", "comment": "Malware payload (Loki)", "value": "5961d3cee6c41e9d47473fe8864cf78e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488162, "uuid": "be8b3bb3-f329-4794-9d82-573aea6942d7", "comment": "Malware payload (Loki)", "value": "2ae16be9833721ae5c76d38dbf997659543545512f4c9cb6bd37a9350c106227", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488162, "uuid": "e4d2edef-0e90-473f-be50-5fca7e849d88", "comment": "Malware payload (Loki)", "value": "098805ce5c191bd5219c502626a693363aa73833", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488162, "uuid": "5f616eba-ddcc-4be3-bb3d-5b73cca15bf9", "comment": "Malware payload (Loki)", "value": "2d45a87ebb7bd205e3a084abdb2785bde9d8cac1e726663f883ec162562aa200d046b6d99846a9c9ff2bb4f91acf56a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488162, "uuid": "4f22a577-6d99-4663-9981-e6935f19d27e", "value": "T175D4CF2023B59B46D5BA83F05CE0E2F01BBA9D9A7439C35B4ED2FCDB72A9B510750613", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488162, "uuid": "28d2dd54-4792-49fc-bb48-63350c2fd82d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488162, "uuid": "9da352fa-6de4-4f93-9c4e-9ea9b412fff1", "value": "6144:Is33DnNq8DwEtTagR8cgDSAO1NOJ+TuoU4AycyPlBN8klyFrWaFzc84Ue1txd7di:RqBgR8lPJSpSytTxaFzIldS0sygb1lT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488162, "uuid": "32034c77-153c-4c01-90da-590bf319c29b", "value": 631296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488162, "uuid": "f28e7bbf-9e3c-41ed-95c6-d17d41b41c25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488162, "uuid": "186479ed-1ad7-45a3-a7c1-cd77fbd1e990", "value": "RFQ_JPEG IMAGE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59e32293-f62d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684491016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491016, "uuid": "0d4e01c5-d7e9-457f-8c9a-b5bcd6ed2d54", "comment": "Malware payload (Amadey)", "value": "f624ba98cca630b6efc13c5dd8fac72c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491016, "uuid": "97c77afe-5a9f-4912-9f08-02f12340fd35", "comment": "Malware payload (Amadey)", "value": "2ae6eafdf1b8530e525550ebd31903c62561f21347b34ce4817e25d668851d6d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491016, "uuid": "25aa6c45-62d5-4a5a-8077-7808afd05152", "comment": "Malware payload (Amadey)", "value": "f20b1a3036632eaab22dcc8baaf0bb946a393cbf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491016, "uuid": "0190a733-3f33-4038-b1b7-9f106331b818", "comment": "Malware payload (Amadey)", "value": "85680cf972292d37f2f3bd3a12f34505981459d3ccc049031915fc8981a8ae15b2e8e01d6e1577b5f0164b9c03734a59", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491016, "uuid": "1d7e6f2a-546f-4b98-b79b-2608f51e0338", "value": "T113252393B5E9C132E8B4A7B094FB13C706347CA29C7C63576749A40B1CB2BC96175B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491016, "uuid": "78fe114d-4f2c-43f6-a1cf-5dbd9b367748", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491016, "uuid": "f6590719-6ecb-48d0-bf40-f5591da4daab", "value": "24576:NyUTJLtI8r8NpD+KIJmDvFtZZiHjVCPqx//TTdoik:o+LtI5Nx+KI2FkVCPGTTv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491016, "uuid": "2f0f1bba-f3c3-4d77-ac05-c0276d64f368", "value": 1056256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491016, "uuid": "a07c7e68-eb3f-4162-a150-0eb3be022af5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491016, "uuid": "c0d8acdc-9e81-4fc6-a1fc-5961df9e4dc7", "value": "f624ba98cca630b6efc13c5dd8fac72c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "172c3bd7-f608-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684475012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475012, "uuid": "763bbf58-d9c4-4740-9174-74b8078062b9", "comment": "Malware payload (Formbook)", "value": "854e22aa8f838bc5638f401e1d6faaf0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475012, "uuid": "c7887179-2a45-4dbc-aaa6-2c9358c80e93", "comment": "Malware payload (Formbook)", "value": "2bfe16100af653d012b5b833cf2ed6431ae1ca9660fab081679f92da34fb5f57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475012, "uuid": "cc0a79ad-0c2e-460e-99b6-1440afe6e707", "comment": "Malware payload (Formbook)", "value": "95792a0d5c497777fe283f5b9eb74f14e2e407ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475012, "uuid": "fb404f43-042e-4be8-ab56-06b720edc379", "comment": "Malware payload (Formbook)", "value": "bdf58acae8321a842302a63946dabe0f5693476b56fd2afbecf33302f570e80f937129dfab2fba337312b0b9ec7d0f6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475012, "uuid": "953646ac-af35-4fa8-91d1-19947d7a4134", "value": "T15AD4E07461DE4A84E41F8BB161B8FC72437234E3ADD5CA350B29A284CF66F146E88D5E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475012, "uuid": "9baddbb0-579f-4b92-8f94-6a26feda890c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475012, "uuid": "8cab4062-d618-4836-bab4-5c589efd3eda", "value": "12288:eopnFv5yczago+/3FIqbipq/HQzIbPKgObpb5LYU/gD+jU/ecZBAYq4:ZVV1o+/e4jHQzQlObpFLYV+jJWBf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475012, "uuid": "4878bd5f-380e-48db-95f1-997bfd8683d7", "value": 632320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475012, "uuid": "95286eb6-4d5d-48c5-bc9e-f0e1988b5ac2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475012, "uuid": "2bb57575-7a28-46d8-a976-f4e4c5654bc7", "value": "4th Hire Soa Remittance.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73e95c4d-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684513823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513823, "uuid": "5f9ef752-a570-4861-bfc6-e9c5a2216aed", "comment": "Malware payload", "value": "a00f85c82bc3886877691b55f3758996", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513823, "uuid": "9d2039e5-0439-4bf0-bdc5-e4f2c8fce7da", "comment": "Malware payload", "value": "2c0dbd8c7efcd24f75f61f2d3af07b390b05cce2601a9a04e137e64867df3991", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513823, "uuid": "f50bd4f4-45a3-48cc-ad0a-d6b96da08ad8", "comment": "Malware payload", "value": "8ad24448801493c46d8dfd06c9fb89ba1049814d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513823, "uuid": "7f9d8130-b733-4441-83f1-f41e9b63f37c", "comment": "Malware payload", "value": "7cd2a5bbb20f585e2671aa7fcdd0d8ec63dc4a39ada75e07491bcf72c91a1cdb3265bbab77be940f35dea430212b2f5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513823, "uuid": "31c3e6a0-b3af-4687-af37-6dff6451dbc1", "value": "T1A1654927BAC5D03EC46245358DC7B6F89C25BE103E289B4777F92D0D5EB924238E7292", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513823, "uuid": "88a266a6-850d-4f19-97ed-e0c5fa13809d", "value": "12288:nG7+IpPSriDRQFHK2jAHjIA7hhnNd+WHxvSr7jMSwitzAwiOwAeb9Q1a:n6+q0K2UHjIkhhnP+WlSr7jjtzAFnCa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513823, "uuid": "9422f96d-b5c5-432d-86ae-4feecb97d66a", "value": 1418240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513823, "uuid": "707b5f2f-46f8-4ee0-9d57-4d96af9c4c63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513823, "uuid": "0db6caa5-0314-4ee1-80c2-6506bf092716", "value": "SecuriteInfo.com.W32.A-62389890.Eldorado.28991.3440", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ebde43e-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497466, "uuid": "de0a220e-6706-4649-8e85-efd6329618a7", "comment": "Malware payload (Amadey)", "value": "8c9950bbe9272ba179d36eaa91ede0ba", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497466, "uuid": "34c0d766-2b30-4058-aca8-e5665b5682b9", "comment": "Malware payload (Amadey)", "value": "2c25aa78251ac997d9f88f449a2b7915a2b052b95e425f61834523b9e4f4c0d1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497466, "uuid": "2fb796bd-d5d2-4333-b7ea-89b89dd55d13", "comment": "Malware payload (Amadey)", "value": "b999e88d7640bfdd27dc666ec6f2e5ae1fbefbd4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497466, "uuid": "6f253ca8-f89a-435a-86c0-9ab43e3ad9b8", "comment": "Malware payload (Amadey)", "value": "40ab9b76f23a9595fe5862e5779fe27ba218d3d01d1578d685f497a8122701af820dddc8f8bf70e2c979598c074aa3ee", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497466, "uuid": "c60246b9-1c94-433d-bdde-97f045160960", "value": "T1F125238270DD8033ECF6277058F307D70B257C429A75976BBB8298595CB26C0B1B67AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497466, "uuid": "2d2112a1-31f1-42a6-a1d9-5597e5a1d6ce", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497466, "uuid": "efd68424-78a2-468f-8b3a-cd3abb4b61b1", "value": "24576:Xyh4Xb5I8RespVzf61sT5Pkb0R1VLj6B1Ris/G4x:ihiI8jpdi1stPkAR15cZ/x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497466, "uuid": "bac727de-e4f6-4d3b-a2e7-8afc12be1a5c", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497466, "uuid": "aa921aca-c8ff-4fad-9d3b-bcefdf03cc87", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497466, "uuid": "fb4173f1-a453-4a6d-8244-a04310fed1ee", "value": "999.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7ea6b80-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Nitol)", "timestamp": 1684478691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478691, "uuid": "04e78378-c7b2-4aab-a5bc-68540e49515d", "comment": "Malware payload (Nitol)", "value": "9159b1caffb60b67e3ca0e9d30b2dfb2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478691, "uuid": "f951e9db-4095-4368-ab88-5919a11ebff8", "comment": "Malware payload (Nitol)", "value": "2ca7ee8a683a5506547320b23f4ba37ff6f91a907c9c9e06c5b68376d3711d4f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478691, "uuid": "3b11e1fd-c6ea-4d50-aead-3f5521563966", "comment": "Malware payload (Nitol)", "value": "ae4449ae8f24d2de121bbb3939fc5d4d43ed1e4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478691, "uuid": "1bce67cf-46a7-49c8-af72-d5a10ab2b525", "comment": "Malware payload (Nitol)", "value": "e46a965077f5c86f3068dcf18419da6a52bd9edd9a6d79a328945f912ad69dd36601ee7f3b11e46a1f3435f3932db654", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478691, "uuid": "7a4d7e8c-513e-427d-a7cb-eab8a34abef7", "value": "T18F74AEE2BDD1C839D6DAD0348D621B6897ED3D656396719E5FCCA9B21CF0700BE089C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478691, "uuid": "5aa1bf63-1b34-49a0-a48a-7a1d9d9871ac", "value": "b1b0e62d3ddafa526052777d5f7706b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478691, "uuid": "eedda1d1-b8af-4df8-8b06-5e38dd9c9180", "value": "3072:fAAdrtCSXB538PKKQplrPxqlXsPygMPG1C68x7E:VUPKKWlbo0MPKC68x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478691, "uuid": "dea33d4b-7c01-49e7-acd5-c76e3a8a7503", "value": 360448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478691, "uuid": "1c3643ef-060b-4cf3-b427-9f5f9b8c91b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478691, "uuid": "3675c944-a24a-4eff-ac96-19115f141aef", "value": "9159b1caffb60b67e3ca0e9d30b2dfb2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a73f78c3-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476972, "uuid": "a60ad4c1-42da-46b6-8cfd-f462f0145e06", "comment": "Malware payload (SnakeKeylogger)", "value": "1fe85386aefe4cb2a58ade96e0f7925d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476972, "uuid": "a66a6cb5-5bb4-49de-bb6e-1d55f2faf9c3", "comment": "Malware payload (SnakeKeylogger)", "value": "2cc05a83d9bae4890c799ba335dc05f97cae4eae5e4ca3a544db39bf12c66b04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476972, "uuid": "1150f9a8-f076-437a-9d48-161b8fd5f992", "comment": "Malware payload (SnakeKeylogger)", "value": "4c362fe107749f059b16c67f70032261f3445914", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476972, "uuid": "6af4b983-8144-4120-8a8f-8afc453e7b08", "comment": "Malware payload (SnakeKeylogger)", "value": "07f5f4f6f31f77e438c0586b8030f50422d52851043577fd5fea5c1bbbe4417b21d1581584489869e3b862cc5e172599", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476972, "uuid": "456af357-7e40-4ea9-b1b2-1d355220da83", "value": "T16405E7E221F983AAF02D8AB686307453EF22657B565ED444BC8F13F98F55F90190BE13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476972, "uuid": "91383ec7-e570-4e64-8e48-72a8e27eddef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476972, "uuid": "4f466220-c5cc-4510-96e3-e17f5626b12d", "value": "12288:AZPjocEILpX/dycnILpX/6zMu1yjguV+ATXmjJQBXEp:ckcEILpX/dycnILpX/6zMu1yj5mjs0p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476972, "uuid": "1061a7a2-522a-4aa3-bd88-6d5868edf0cf", "value": 795648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476972, "uuid": "4b6c0dc2-cfcc-4604-93b4-4848925623da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476972, "uuid": "3b45a0dc-36ff-454f-9e10-a14361644bb8", "value": "te357890987654.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bee2732-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466860, "uuid": "41c32472-2a02-4abd-8268-1d9a1696ec0a", "comment": "Malware payload", "value": "0bd8b5124ef8f9fd0f1a3fdf84ad7c37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466860, "uuid": "fde382a3-83e7-4052-bee4-005e8e06b4dd", "comment": "Malware payload", "value": "2cc83522fabd28cb697d28d1e3480d5be84f66f2f71774b76bbfdbe16122660c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466860, "uuid": "00df28fb-0a72-4480-9da1-2272a6906592", "comment": "Malware payload", "value": "b97bac472d4db793a968a7a9ef61cec4ca441275", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466860, "uuid": "d8cd3905-6aed-4b54-9739-48468152c83f", "comment": "Malware payload", "value": "463f765a4b30ab245f9bb1ffda8b84e17cdfdba28fdeea20f93e481e5a96a9e837160a0c11360beeb6715d9df55932ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466860, "uuid": "e52c2a0e-a5eb-4f16-aea3-f236e9a0dd20", "value": "T146238E737CA0C223D69E90B169F44B063B3FB4B203A561C7FA645598BD215D08E6F772", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466860, "uuid": "05f75a8a-e81f-4b89-a2c8-641f00adaa13", "value": "384:wrKR4PfTYMBPxRJKkdmlSgD+4GP9rXggJKvyBR4vzmWW1dhFhJCFOB4psDG1MUd:yKuPLYGxXn4GPpX8v4myJDCFO6YG1M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466860, "uuid": "a41987f2-582f-433d-b8eb-95502840f1ab", "value": 49152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466860, "uuid": "8300ce60-2a6b-4be5-92e9-6b55da38f397", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466860, "uuid": "8c1b966c-e4e7-41a6-9843-7feec5002045", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen8.9833.7763", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1b8e496-f61e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684484747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484747, "uuid": "7b10e71a-e94f-4a43-aae7-d977b27d8a9f", "comment": "Malware payload (Formbook)", "value": "18eaf595b5c647f5676daf3aadbca720", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484747, "uuid": "7eee9af6-e2bd-4d76-875c-6a654497bfca", "comment": "Malware payload (Formbook)", "value": "2d2e43cbbe4c81767774ac3eea5e5f199b1ad6233e4670f3c250ccb6cb7817cd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484747, "uuid": "e35053eb-1bb1-449a-a86d-c1c63eb9ce87", "comment": "Malware payload (Formbook)", "value": "9ac1652a53cbb0966e1e98a7392d312e9025e9a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484747, "uuid": "4086d251-f5bc-4443-a4e1-b0cd295cdc8c", "comment": "Malware payload (Formbook)", "value": "6ff4daffc3d52f12111200046804792fa0e4d2231abf7c94db72745d9959e011296a266f2051e6c32c15331f1583d7b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484747, "uuid": "0b1e73ef-da81-48d3-9655-a270317b8f8d", "value": "T17215F19129A89C21F1A6AFB546B3F23453796C51DB23834D64E02CA77D3BE837A057C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484747, "uuid": "f45dea0d-90d2-430c-8082-4ed958d9cfc2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484747, "uuid": "05a9beaa-0646-4249-83de-d203377e6c7a", "value": "12288:vRLpNaPn0YPX/N94+OCYMMY9hLV8bTJ2laXGxD8T8b/YvhLxJYzOhHu9mIUm3fmi:cP0tZqhB8bm4+D8Q0NJCO9u9mIUeohW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684484747, "uuid": "73630ae6-71b4-44f4-95b3-2ce5e088717c", "value": 917504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684484747, "uuid": "a69859fa-23b0-4824-9697-aabc14d83fb6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484747, "uuid": "84429b1c-c489-4c90-a306-b1a32023828b", "value": "New P-Order-19.05.23.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36fe66e6-f614-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684480220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480220, "uuid": "e0c4a420-7c63-49fb-8549-9f78d49f41a6", "comment": "Malware payload (RedLineStealer)", "value": "c725804be4d040c9addbecd7c11e1d60", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480220, "uuid": "3251a396-b8a7-45ac-959a-08a561f48588", "comment": "Malware payload (RedLineStealer)", "value": "2ddb3e23adfb6586cf05324f0f7581481f03b498aea85862639f351b8d78e464", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480220, "uuid": "7efbddee-0109-429b-a94f-68244fbeefc2", "comment": "Malware payload (RedLineStealer)", "value": "f7985e84a2df6a3a45738bc2594c5c457f4c7d8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480220, "uuid": "e560b61a-60f6-46b6-9ac9-db45f2a2f0cf", "comment": "Malware payload (RedLineStealer)", "value": "1d6eab97e06320e4444085049940e70a47f9d4ca06c9218c30651b00f5c9c7fa8be571c627c12ff74cf27ea99f0ac2dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480220, "uuid": "f1a0585c-b331-483a-a12b-1638053d5519", "value": "T1E6252255AEE84033ECE517B0A8F716570B3DBD216A78022B73C54E5B5CF2281E876B36", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480220, "uuid": "ee07cd80-e3cf-491b-878c-fb332e667409", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480220, "uuid": "879d96a0-90a0-44ba-9512-a46837d74a4f", "value": "24576:9yAQqgRnzjx4//7QAqV/TQFfHWAQ8CyB092HIWSg/:YxzjxWDQlxMFfHWAhC52HIxg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684480220, "uuid": "56713d37-282d-4780-b1b8-a17c1134121e", "value": 1046528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684480220, "uuid": "5ea7d3d6-4837-4220-afbb-c745ce60aa99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480220, "uuid": "dd9a4224-dbca-4676-b3d3-4210a3418f92", "value": "c725804be4d040c9addbecd7c11e1d60.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0832629f-f666-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Phonk)", "timestamp": 1684515360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515360, "uuid": "b96ba27a-4503-40cf-8c93-eac8f13b18ed", "comment": "Malware payload (Phonk)", "value": "5ac677396cd0c5598b77ec9ac27f4ec8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515360, "uuid": "576ea2da-0602-484b-963f-788a3110a1a7", "comment": "Malware payload (Phonk)", "value": "2e05c81bf12009af85cef075a3bae9e250f1db691251a5c394cb6ea3adeb2987", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515360, "uuid": "feb9fab0-69af-416f-a62e-068edf80a7a1", "comment": "Malware payload (Phonk)", "value": "cf5f5d544cd9f6a66738b0a2dfbeeb92b700cace", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515360, "uuid": "38b2442c-def7-4ecf-af93-7c9c152dd27b", "comment": "Malware payload (Phonk)", "value": "87a578d7a0a1a0ad2d5a4d2e1279da8cb875ebf89a4bc6bb3cd4289de97b9c672316e8d439714c9b6af8e2cd396543a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515360, "uuid": "ccccfcd5-31b6-47f3-a0e0-dc930bfc372a", "value": "T14385C60B3F254966EC1A19FAB0E727344B60DE829B29D24732C637D943FEDC3A84D159", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515360, "uuid": "55beb028-3bd8-42eb-9937-2eade3e18bff", "value": "49152:Z9eNtiWdjtVZ43lS5bT0sGlShKpK1XqVU:t14SU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515360, "uuid": "308bacec-7333-472d-9ea8-7d23c68d229e", "value": 1781368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515360, "uuid": "3b168477-1dbe-417a-a4b8-d89bd404d6e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515360, "uuid": "e0a8f779-08d8-4b01-9bd0-8434a9655af5", "value": "5ac677396cd0c5598b77ec9ac27f4ec8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "959ac789-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497558, "uuid": "7e75afa7-a787-4e92-9e5a-563c9ad243fc", "comment": "Malware payload (RedLineStealer)", "value": "24f5266a9afa9c3188d109cc93bb6f42", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497558, "uuid": "23a9b237-9fad-4ad6-86d1-6d78bf65db04", "comment": "Malware payload (RedLineStealer)", "value": "2e3056602ec703a2559d508cbb5ea7877f9bdf9e38c584695d54f74de943503c", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497558, "uuid": "26b1cd8a-216e-4e77-a209-c700a70d0e6a", "comment": "Malware payload (RedLineStealer)", "value": "b5d9c4334baded469daad2233cb18327f6fdd498", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497558, "uuid": "488cffa0-1567-478b-83e9-978a4b4bfcd6", "comment": "Malware payload (RedLineStealer)", "value": "05dab95fa3ae53e3ce4b766c2c9a5f3bd9ec1ea4bcd8af3776dc462e68b1c15fe949779aa2184dbc02fd7fbbee57e74e", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497558, "uuid": "8a87408c-234b-4a65-b828-e42d662c1e65", "value": "T14F25235277C95433EDF52BB589F221C3063BBD827D78836F2A87265F08B26A44039767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497558, "uuid": "4f5741f3-5b93-4b3b-8696-46f6a6d79a0e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497558, "uuid": "81dd9bbf-3b3f-4b7e-a22e-e2c699982050", "value": "24576:BycaY3ThNefSVKZDly+7NSsDyg5oWJ5qHPyAyeN:0hY39NefHZDl/NSsGzWJGyr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497558, "uuid": "f2613aea-0434-46bd-a6aa-0c6e4b8bb137", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497558, "uuid": "cf03ea37-8b79-48f5-9d72-94d8eb7a809f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497558, "uuid": "0d81c08c-35ee-4ec2-a7b1-e9ea678d47e9", "value": "client.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fd7cbc5-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684499615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499615, "uuid": "6f87fa4d-ca17-4195-8f5f-420850717b80", "comment": "Malware payload (AgentTesla)", "value": "b8b4d97f8f291a30d44ba156a4d4cbd1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499615, "uuid": "e9e257fc-45c9-4d94-85c0-c577819502a8", "comment": "Malware payload (AgentTesla)", "value": "2e5e690fe5a9607c51574cd1e8444591a9dd524fafc78911ff9f09ee5242bff1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499615, "uuid": "2331d7f6-7a2f-4c18-974c-df08af47adc7", "comment": "Malware payload (AgentTesla)", "value": "2f545aad0c50c37754d9716bee7b9a37d5289910", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499615, "uuid": "75746fb1-3280-4891-a321-5777c823a28f", "comment": "Malware payload (AgentTesla)", "value": "75c7a61d36181a45ddec73abea1fe2d3f181b719fcecb025548ba29e3c17d23255ba2a7edee202378cbe283b69d59db7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499615, "uuid": "90c1139d-d912-45af-bb58-31d525f23522", "value": "T1A5540141225E1793CD349BFB29B055E00FB8755AAE75D20E8EDF70D27AA2F450A82F13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499615, "uuid": "9f6d006c-419f-43ce-849b-4a97a706a46e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499615, "uuid": "babed6d3-9f0e-45e2-9eb0-2f244b32bfcb", "value": "6144:6UFxbIBMP6HyvbefvpM9mkT7XmHlPF/6IC17Cjj1VA:VbgIuO9mQmHZFSRC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499615, "uuid": "a559fcf8-cf26-4763-aa3e-520948bd3439", "value": 305152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499615, "uuid": "30db96de-8793-4e35-9d70-f33444377251", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499615, "uuid": "7087154c-dabf-4876-9f30-70b65e4fd805", "value": "AWB-18052023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "792e3115-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Guildma)", "timestamp": 1684478183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478183, "uuid": "435c5d28-d3ae-49a9-a3cf-b4821e780a08", "comment": "Malware payload (Guildma)", "value": "1edc1e81063ad19fb4410cd7746220a1", "object_relation": "md5", "Tag": [ { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478183, "uuid": "75d8dfc6-ce25-4809-a846-1fa0f0e37443", "comment": "Malware payload (Guildma)", "value": "2e9c2aa671c01abea2167dd53bc2babb4180c882bfe2981ed802d3cd37e1d659", "object_relation": "sha256", "Tag": [ { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478183, "uuid": "4e58e11d-34fd-4ccb-8afc-548973a01897", "comment": "Malware payload (Guildma)", "value": "4672e8b06ac3581f9dedbf5c709fd6368a9ea9b6", "object_relation": "sha1", "Tag": [ { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478183, "uuid": "091fe9b2-4416-4d4d-bf5b-b6b724434e0f", "comment": "Malware payload (Guildma)", "value": "18217fafe753334a09a9816dfc86e00cff65543f2f64179a49fc258bebe0b636abc3f3f55a812e64429ed3e35d248d6d", "object_relation": "sha3-384", "Tag": [ { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478183, "uuid": "2b6cd554-007d-4254-a966-5c1c1283f1ae", "value": "T1E51105A993651E7FD4B317B6CC34AD0C59FADC760B4EE0AEDA633084C5206D41F81608", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478183, "uuid": "a10dd072-c7dd-4277-b33c-3a22afcc9697", "value": "12:8D28OBE6ZGEgkDa/mFeaTASxVIkVUaVuR6VIz87KZIxGVxUxaDadOdsaUOpHqQAv:8loGEFWOfTf0Ha8X40uGuaEssf0KTB1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478183, "uuid": "69498708-51ba-4e02-951c-9ef84752c8bf", "value": 981, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478183, "uuid": "417829b1-26bd-4a94-a4a9-966fba5b928c", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478183, "uuid": "3b452d8a-e604-45ea-8a63-a6491bd1280b", "value": "Docx_88635641837.200855.20104.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5db7b9b-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684499787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499787, "uuid": "9b5bceb8-6284-4c45-8ddc-47ec33c3ba23", "comment": "Malware payload (Stop)", "value": "b53dff0ae4f30bea726afceb4a563489", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499787, "uuid": "bd7ed955-3502-431e-807d-b8c7f5e3d957", "comment": "Malware payload (Stop)", "value": "2ee97fca2aaaec7f5232546878134f3ae58ee53997338abf3f119f1b1051eeca", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499787, "uuid": "897559db-1df8-41ba-af02-b86f8e493c4a", "comment": "Malware payload (Stop)", "value": "499b74c6c5510583c31106b76a6dea52af8d9ae1", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499787, "uuid": "580ee1f0-5579-4e91-b5a2-ca833a8bb6eb", "comment": "Malware payload (Stop)", "value": "66a56fdbf1fece7037c8af3d850c75e2c58f2769d4d059e6894c590ce79864ef911aa4f43f193ff4324398b7adbb6d90", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499787, "uuid": "798d53c7-ae44-422a-8cbd-1c6493cfb3ad", "value": "T18805E00392D1BD73E7154A728D2DC2F8719EB9614F493BD732186B2F18701A2D9BE632", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499787, "uuid": "d1f02ad2-001e-48d4-abde-1d8d1abb51ba", "value": "a5b920833de11e763698004374a64e2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499787, "uuid": "9a75e520-9da5-4cd6-972c-008c6eb88b4c", "value": "12288:sdbuyX2A/1QGC13N6Nv6niLMkoAYDbXXgrV+4QdHkyDROMDu4:sQyXXyGuA6QoAnwkyDZD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499787, "uuid": "dcd8b4d1-56e5-4cda-82b8-dc492741a258", "value": 843776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499787, "uuid": "9d19d24d-f7a8-4d23-a2f1-a398a6668dd4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499787, "uuid": "3d9055b0-c3ea-4518-814e-05bf3112afdf", "value": "game.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86d27903-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684476918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476918, "uuid": "9c1aa8b4-ad1b-4746-868f-38702c88d68e", "comment": "Malware payload (AgentTesla)", "value": "830ac5c63fbccdaa1990da8b110a87c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476918, "uuid": "3f94b54d-2a91-4be8-9228-4b79a7da9155", "comment": "Malware payload (AgentTesla)", "value": "2f2b7ed57f696d5d8b30547c87569e4edf5a9c24a4156722adaa18dc8af77aef", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476918, "uuid": "d3debe48-b670-445d-96c2-feee190db64f", "comment": "Malware payload (AgentTesla)", "value": "6c591862b6871715d6c12ce8589b074b6699947b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476918, "uuid": "828f617a-78df-4762-802a-a25db7538358", "comment": "Malware payload (AgentTesla)", "value": "e76ef168593a00230e801142eacbad5b145f82d648b6d867dbc8545bff5d65a1702f4819cd010ea0539f8f66df3c972c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476918, "uuid": "e269e8ca-7bfc-49d1-af8d-e899bf76d89a", "value": "T182C4231367E1BC92A0F4955350C1AC82484E089B957A3FEBE57C8F0E6DE68E5503ECF6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476918, "uuid": "df290097-520e-42c4-84b5-0c72bc463db8", "value": "12288:b4FXmcvsCoSrkQ6EsOTFXkXsovBiLcP38j69IqiA3dYiMyJp2:b4FXmcvDox+rrK38W9I5A2iRJp2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476918, "uuid": "930deaa8-8dec-4a92-a633-16a37a94a2c1", "value": 552441, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476918, "uuid": "bd735bc8-8e2e-46e7-847b-87ab112a3aed", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476918, "uuid": "aeae3fcc-e174-4dfd-96c6-a250af049700", "value": "REMITTANCE DETAILS.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23caf156-f614-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684480187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480187, "uuid": "175da076-7430-4862-91c1-ac65303f212f", "comment": "Malware payload (Formbook)", "value": "9fefd93d8530102d9b1689d0aa233e51", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480187, "uuid": "aff7d146-064e-4aa1-9cc0-00d4dcfb9dba", "comment": "Malware payload (Formbook)", "value": "3017b026d0925919ad8085d523f83235fa84ead58d1399576e60e6183003820e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480187, "uuid": "5f4cd4a6-03c0-4717-87bd-87dcfb00706c", "comment": "Malware payload (Formbook)", "value": "6c3f12a9fa864ac8c783da3f2a5b75254a692f85", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480187, "uuid": "9858b26c-a806-45f7-bbd7-6eda18cbb069", "comment": "Malware payload (Formbook)", "value": "53e6527dc60a05a458919e8f846491bd0b8331e20f899572a519a21b1a0c5d5fea4104430ecdeb67fb50c06f3fb7603b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480187, "uuid": "4b71e57f-9a50-4ebb-8d5d-1f57540b96f1", "value": "T137F4E12022E59B4AD2BA83F45DE0D2F017B55D9DB03AC34B4EE6FCDB726AB510750A13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480187, "uuid": "1f1e58ca-2127-4714-b122-f3bb5504e29d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480187, "uuid": "3b49f5d9-1681-475b-b2d5-c175ba266143", "value": "12288:4MqBGppnzSOTzo6rv625OPX4EaxKqHcTZK9Mlr:9q0pBSOTc6Dn5MX4uq8Zz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684480187, "uuid": "63487c56-43f0-44b8-b38a-1cbb7927dc3a", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684480187, "uuid": "0ed31600-2032-4c96-bf0c-ff6bcb4110c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480187, "uuid": "2dcdd651-9600-46a0-830d-e7c22b98efd4", "value": "Inv_7623980.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "babf66bd-f676-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684522531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522531, "uuid": "eca3f829-5456-4d70-b29e-95e18bc569b4", "comment": "Malware payload (Mirai)", "value": "6bea1fbe87bc7f74b61c18e0a8426288", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522531, "uuid": "73155521-4847-4984-b40f-6f987c8c89d0", "comment": "Malware payload (Mirai)", "value": "304ec0fbfc3ce04e0b06d0507e5dfd7f315499690825fffee922210a2adfa833", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522531, "uuid": "9de98f37-dc8c-4289-a730-1e7305e7de98", "comment": "Malware payload (Mirai)", "value": "c1a097d8f021bf801510a259ca4e137568b7c6d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522531, "uuid": "5052df88-6363-48a0-a43d-1070dd5a841b", "comment": "Malware payload (Mirai)", "value": "d70b8c4fd59f293fc9e4971023200208fb5b04512f3babbf323189a7cf7650a5a2534cc2b4ef3ec32f1ada164244b5d4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522531, "uuid": "d0b8e180-dde4-4a30-a096-090b71b680db", "value": "T1F4E2E0CC05262C71C2702C32F8BC9B49A71A2B39E3FD75735B5A46BD2DC744A166E207", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522531, "uuid": "f102f8e4-23b1-4837-ac3e-c51c8cdbc2c1", "value": "768:4WAp3TBDhskPxjU0tv3yrhs0hN1x3oMnaXifuvYfd9q3UELC1:4WApjQept+hs01x3oMaXi2pLs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522531, "uuid": "96ecc6d3-7ad2-4184-8037-03db1be3ab2e", "value": 33024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522531, "uuid": "f6987182-76a6-41a3-b1c2-d3ac2c9664de", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522531, "uuid": "d19407cd-4e0c-4e85-a3ae-89da4b9877b4", "value": "6bea1fbe87bc7f74b61c18e0a8426288", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b767c478-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684528109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528109, "uuid": "7c3dacba-7ecb-4da5-ac9a-ca6950fdf6ba", "comment": "Malware payload", "value": "c20b8787acfcb547098e844b866de597", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528109, "uuid": "aa4dc072-87d0-4d7f-8944-d09b4d73f368", "comment": "Malware payload", "value": "30d520fbc40d492128375455e5074762d7f6ef77171dba8dc0e830b6ad96e6a3", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528109, "uuid": "8197ea87-9aaa-4bf6-b14c-6b4c9642ee5d", "comment": "Malware payload", "value": "14479e073c3ece5bc13e2fb4803332848de6c678", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528109, "uuid": "fb9c4946-7041-4836-b005-a6510c187988", "comment": "Malware payload", "value": "36b9df678099b0e480db4c8c694ec5ce56843a920bf7455be26dae0f10b8978b2aea7a9c6ec78183bdc4915954cbe9f9", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528109, "uuid": "d3a6a501-91ae-4d00-a453-c1a40f918a3f", "value": "T13045E021E6921FF4D472927281AB252BB6703E1D4325D37BEBC0D2377D937E09B19A60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528109, "uuid": "6e519ce6-a414-4016-a3f1-d986ab384489", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528109, "uuid": "d697edd1-ea5b-46ab-8b05-7cc9e3f104a8", "value": "24576:Offra4gKTihdT0HEi7M56wH3bL71O0a8Qz6bs/T75BV6ekyXBTpBqK9PaPT:mqxNi7MIwXbhyXwQM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528109, "uuid": "ddca1197-b3b5-4dac-9010-2a7661d1ff47", "value": 1223179, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528109, "uuid": "35447b1d-2534-4f5d-a338-35eae80278db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528109, "uuid": "b65de31b-0b9f-43c4-9b28-17551a1e85f1", "value": "c20b8787acfcb547098e844b866de597", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fa5ad49-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466893, "uuid": "0f30df83-6e46-470d-abc1-37a088113330", "comment": "Malware payload", "value": "f2385d4c30c83983f02b33d622fae97e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466893, "uuid": "0aeac1ad-1104-4dca-b475-b0173e27a28c", "comment": "Malware payload", "value": "312a38d0b36fd01406310c93c7a31eee8482492526822eabdc513524acce9315", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466893, "uuid": "b3f865f0-24ec-4645-88b8-d54713cac11c", "comment": "Malware payload", "value": "313845953fab18b39c6ece4fccf3a725e6a78eb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466893, "uuid": "7f39840b-dde6-4807-b459-224330a1db51", "comment": "Malware payload", "value": "bccdc2209b026e2eecdec41bf2062af562f2eb80f187105dd32793ac7309cb4a22829dbfd01575b89b715d447c4a5a6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466893, "uuid": "4d1347ef-63a2-43ae-ace8-c77805060461", "value": "T167B57C9171967CA6E7076630047AF731A23CDDE80F224A9B2E85FD2C19348417DBBE5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466893, "uuid": "a72c31e0-8603-4390-b9a1-adb51ca762a2", "value": "24576:o7o5RG0SqkkUJ+9tYcoun4OYU8yNN/JPq0:vg1y6cou4Y8y7/B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466893, "uuid": "22393823-5c06-46a4-b61b-00396dbfae12", "value": 2429952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466893, "uuid": "540b2fe5-91d6-4d66-a85b-095801be176a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466893, "uuid": "512000a6-fd4a-40f7-b588-a60e32fbbce9", "value": "SecuriteInfo.com.W32.A-62389890.Eldorado.29889.16346", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ab69b24-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466858, "uuid": "fd80c697-df39-45cc-9a8c-72f702d67cfa", "comment": "Malware payload", "value": "752ae40411c659569e2686660ae0558f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466858, "uuid": "526edbc6-6e81-46ce-9f7f-734e5c1df809", "comment": "Malware payload", "value": "31b015884b50ed2a1235fd35189c5b365e22e8e79bf471f5cf88c1a23c4a67f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466858, "uuid": "c33caaff-d2b5-4067-ad8f-99fe4db21c5c", "comment": "Malware payload", "value": "a1528d69514edb396f0b994f009e5ad8059ed1db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466858, "uuid": "2646bae3-6f61-43c0-a0b8-6dbe34f663d6", "comment": "Malware payload", "value": "f4deb46a489eb595b141b6b3a0f0c9e994e095a6b1a3db4a76d45b9646bf0916bbc47a34b9ac2e17f1e532c9cd008f1a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466858, "uuid": "ad5ab868-db91-4812-b8f0-48243fe49cc8", "value": "T185357B027199873AF17216703F7917589937BC3D4530854BA7B83B4B9EB2DF2AE22352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466858, "uuid": "db6f9108-4736-4c57-8f65-6306db460bb5", "value": "af2d926755c0ee1745be089ccb037a67", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466858, "uuid": "9f6021d9-5ad4-4095-90cd-22d6a40a255a", "value": "12288:nLLHerEWoz52CImJUUNy5WY9ElgBv/DGDp1teC2uN8qIRZS9VC+rc:n3qEWI5Nc5WY9bv/DGDfN8qIRYrc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466858, "uuid": "98fc731a-9c8d-47f7-b097-0529b20de37b", "value": 1060864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466858, "uuid": "3b9323a1-3e61-4849-b751-7c432dab56e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466858, "uuid": "7cf568a1-f95c-4661-ae9c-c4741c9ea491", "value": "SecuriteInfo.com.BScope.Trojan.Wacatac.27014.31798", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91ed48b1-f606-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684474359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474359, "uuid": "ce264da0-2ee9-4fbe-a773-84fdcd6951fb", "comment": "Malware payload (RemcosRAT)", "value": "22c972b106049b16f51115ed8f9003b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474359, "uuid": "4f071f61-6e02-4387-a7ce-231869bc0be5", "comment": "Malware payload (RemcosRAT)", "value": "31e9c3dbce6c176a295a462780bd6711a4bf5b1e87e55b7b64f7399e30677481", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474359, "uuid": "e74b56ca-9ec6-4f22-9f3b-b20aeddc5170", "comment": "Malware payload (RemcosRAT)", "value": "09d1b2645304086074eae79e8e0e005065eee7ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474359, "uuid": "e16c14bd-7391-496e-87ba-361ed36d758d", "comment": "Malware payload (RemcosRAT)", "value": "7d07acb8af93d9cec73039922c78e6a5d50104e93222c106569340d0e3c477af9ee159b1fbf5a38e88fd02f2691622a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474359, "uuid": "1dc42bf9-aeee-408b-bb6b-3f6dc81a2182", "value": "T13105122A619E5AE6CBBA07F9451A905103B305267B31EFA2FDC131CD744AFDCC4A1A73", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474359, "uuid": "9365a5c9-e439-4721-8cd8-85168777645f", "value": "12288:++fhrdEAvRRNQX1f2SIIJH0PndFDHAhfo/96le+cSzq6mJWaHpbt:dNdHRXQUSIGUPPHAhfo/f+cSzqXWatt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684474359, "uuid": "a9fe59f1-5bd8-4a5f-a4b4-43b5575b35bb", "value": 823808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684474359, "uuid": "b691bc12-630e-4e9a-ad01-3b14685ffeea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474359, "uuid": "018b58e8-5123-46f8-96f0-f7909118b336", "value": "SKMBT_66122012816310TD01_20220128_163956 Doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a01e136-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476950, "uuid": "9add9343-e5be-40b5-bd4e-5db8522c935b", "comment": "Malware payload (SnakeKeylogger)", "value": "10788bb73c7e617a45a0539683e13850", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476950, "uuid": "aa7ac562-1a34-4eab-a7f4-4da20f2ab90f", "comment": "Malware payload (SnakeKeylogger)", "value": "320162d192855bee3af4a0cf9d60f203f64593083db9a8f250c738993c232819", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476950, "uuid": "6a631bcf-47a9-4557-9f4f-87110573cfb6", "comment": "Malware payload (SnakeKeylogger)", "value": "f3e8b526f43dee4be9b4acc04515615794798704", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476950, "uuid": "2fc0bac5-9bfd-4f0b-9a98-8b3a9ac9d3ef", "comment": "Malware payload (SnakeKeylogger)", "value": "73a4d91473182a4ca9fe417c1e440983d7ae92754cd1955a980bf8d3e552afe682f365c8c28b74ac2ce0a6437dfc86b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476950, "uuid": "49bf1424-952d-431c-bd7f-4416be902e86", "value": "T1B2043BC2FA409351EC364F30647BEC1147663C26BDF5290E7AD8BA6D16F3092A62764F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476950, "uuid": "837afc45-57fb-4af4-b7f2-4e703a4c5ccd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476950, "uuid": "c4ed6635-0c49-42a5-9bd8-2e63e45f06d9", "value": "3072:X0lcLPCESgo38tJIksBMBH/wakVp71GJ9OVLS4p:838tJIr2wakVppWA0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476950, "uuid": "6027eb42-1fe2-4b83-ba76-c59b539268c1", "value": 175104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476950, "uuid": "cbe253ff-6986-44aa-941a-d7bc012d7060", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476950, "uuid": "b89fe7cc-fc12-477c-8368-4df32006497d", "value": "Fmumgl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f75dc71-f675-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684522002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522002, "uuid": "a126db26-1267-4ead-8e64-ac6a34614d9b", "comment": "Malware payload (Mirai)", "value": "2c4c788094bfdc3efb87b1d89d0bffe7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522002, "uuid": "b9e67c9f-596f-4ca5-a979-afd008793df0", "comment": "Malware payload (Mirai)", "value": "3254024f614dbf40358f6e8d3c83ec3316aa6fb419a62db0c9e9fb533862aa14", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522002, "uuid": "365ffd6f-351e-4fa6-a5c7-384d9805421b", "comment": "Malware payload (Mirai)", "value": "92a54d1211617f4c06c51ed20f3c139c6212bfc0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522002, "uuid": "bb12eb33-7e5a-4919-825c-50d5d4038ae6", "comment": "Malware payload (Mirai)", "value": "ea416ad0b0223fbef9b26770e4ef47fe26dbc57ccdd1694e74f1b2ee7b41533d342f84099ec58190e195e29f6d952e8a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522002, "uuid": "c962ec37-4eab-4edf-b1ca-f45a6068df15", "value": "T1F4432BD5A4026D6CE88FEABE80A14E09F821325160F31F27BB7BFD836D72065EC56D45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522002, "uuid": "791ed439-aa66-4b11-9f1f-f5b4e1a5d9c8", "value": "1536:KkGHy8bUTJK5YSxZfnj7p7BJ9Gg1pWvJJKhRdv78Q:KMS7/37/ps6dP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522002, "uuid": "746bae8a-304a-47e6-8144-0ad29bf8a177", "value": 58532, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522002, "uuid": "bf74164e-3b03-4ef1-82b6-96ab7aaca2df", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522002, "uuid": "87718646-b26b-47d5-ba5d-d969078f8bb9", "value": "2c4c788094bfdc3efb87b1d89d0bffe7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bcfa020-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539981, "uuid": "1f6e6065-fede-4125-aafa-897ae1803f26", "comment": "Malware payload (Gafgyt)", "value": "b98ed8cb59f123a89089a55cefd02386", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539981, "uuid": "888a40d0-6fa1-4935-9269-d686a7d57e02", "comment": "Malware payload (Gafgyt)", "value": "325baf2fed6bb1f87bf1d5210f6ed1b35fc3cdf85d5ee0b16abab3b64dc07e33", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539981, "uuid": "fcaf4376-4ab8-4142-abb2-0b54c30a41e6", "comment": "Malware payload (Gafgyt)", "value": "585723ac950051f8ef3462efe5cab32cbedfc4fc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539981, "uuid": "f856d814-aa74-47de-ba04-e8047d0a8257", "comment": "Malware payload (Gafgyt)", "value": "92b0fe7080a539dd21a4bc32a30cf113cbc52f77365bddee1027cbf348642d6da06c41f57f9e2dda1cd5c3efbd6ef36a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539981, "uuid": "e289f515-fa1f-41eb-a529-78ad35d8057a", "value": "T1F6E39366BB619EB7D80FCE7309AA4501118CDD4642D93FAFB2A0E51CE76B84F08E3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539981, "uuid": "b1fa49e2-87b7-4cb3-8443-1be261d39853", "value": "1536:LVeTVe4SsruJwYx0O9vPBysZgvsgxqAz/0ufMytVVpLfaMLAImlP+s4zWfOodW:LHYuJRBx+sK/PflTSImlWs4zWfOodW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539981, "uuid": "a944035e-23b3-43e3-b410-dbd2d5b25d87", "value": 152201, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539981, "uuid": "6b271275-ca8c-4833-add4-9f06c8954e35", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539981, "uuid": "48c487a5-2166-49b1-97e8-491ac6d2f30b", "value": "b98ed8cb59f123a89089a55cefd02386", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0024a78-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497629, "uuid": "6c759611-aca2-4c4a-ae18-aa70c38ec282", "comment": "Malware payload (RedLineStealer)", "value": "c54bdb5835b6a13bc52d46140bfda27f", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497629, "uuid": "a3466588-137e-4d73-a7a6-26c212198efb", "comment": "Malware payload (RedLineStealer)", "value": "3277a2171c76347dafb908416520bba5c52c41cb92c1b034efb11bad91b55d1b", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497629, "uuid": "d5763f21-e46e-4ada-80ef-4825f59a9224", "comment": "Malware payload (RedLineStealer)", "value": "3abdd9caab922091fbd1f4dd50b93b840e9569d4", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497629, "uuid": "cc223cdc-a9e4-4160-b8a2-a84e3d94f6d0", "comment": "Malware payload (RedLineStealer)", "value": "193f2dd0037f8e2bd9e63a5d4e06eda1ae8dc990a7e6fdb9377e1dc39995d482022faa5e9091f429eb378788c544bf8f", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497629, "uuid": "42837712-7d29-469e-af0f-f199defd3b6b", "value": "T1F6252343AED85873E87517708CFB16831F38FC929D749B432783A94B5872A90AE3175B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497629, "uuid": "7f7dfe5b-38f7-4bcd-aaf1-91f7021e28db", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497629, "uuid": "73557ea0-df29-40cb-b5ba-c05be0c61f6c", "value": "24576:nyWBocz/mLQFjvmFzCjDhqnedepTRfiZ0V:yWBocmLPzEDhaTRfiZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497629, "uuid": "f8c3b3dd-98c1-4d75-9d51-9e0ef557298e", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497629, "uuid": "07532972-2302-448c-ac5d-6e7441f51396", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497629, "uuid": "2ce4999b-dd51-404a-8acc-8e1e20ae55fd", "value": "debugger.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2edc4787-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466892, "uuid": "bbbbf5da-3310-494b-964f-ab7af2070aa2", "comment": "Malware payload", "value": "7ffa3c4e967ef6362757d47bd7858aa7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466892, "uuid": "3ac942ae-9dda-409c-a274-38db1304e756", "comment": "Malware payload", "value": "3280ab29db01526c7f884f195e27a7a63166091dd32bc26da862dee9f481e4dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466892, "uuid": "1c9d3d35-08f5-43d4-86ed-9afa39e247d8", "comment": "Malware payload", "value": "1d2d28abe1e1b7f57bbec8688e77d8a0fb707c52", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466892, "uuid": "b8ae834c-a00f-4820-9683-d8bf4408dbf3", "comment": "Malware payload", "value": "242e9fd2f1303c221ee755fa0cc87a50c6812458e5cfadf135969b7f36041b0b931f6162591168d4f3c11db837ecbabd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466892, "uuid": "1f629a01-a3c3-45de-af38-485cbd7760c4", "value": "T1AC74C7927CCACF76F39AA1300531C6AD27AA64F4D6E566076230452D2C2B771B73E393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466892, "uuid": "d8cbbc8e-0a31-4a50-8ed7-e3e22be03c12", "value": "09d1e0bc6392066011d13862d036db50", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466892, "uuid": "a4978e5b-448b-4bcd-b0ec-b3a832e2713c", "value": "3072:Tfat8cHwrVxDWFgFeHQxNhmzStGL8tDWcmdzz5x+ru49lSuPZ:La68wRR8ZCGcm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466892, "uuid": "c0040265-5711-46c2-b301-fe1124f6b092", "value": 344064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466892, "uuid": "c7f8b0d2-187a-4820-9873-b8f78d1b8f40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466892, "uuid": "fef78ab9-a680-4332-b108-913ddb81815d", "value": "SecuriteInfo.com.AdWare.Win32.MasterKeystrokeLogger.31982.18882", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35d77301-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497827, "uuid": "bc64b3d4-49d8-43af-9dd5-30aec270bd22", "comment": "Malware payload (RedLineStealer)", "value": "12734bb078d09f4bb9143321a5740860", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497827, "uuid": "2ff59c80-aa1a-4615-89b3-87f92024f13c", "comment": "Malware payload (RedLineStealer)", "value": "32bbc6e0b11a392f9fee9775515c07f865795120a2578eb516657ad121020984", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497827, "uuid": "a33d5053-6251-40ed-b23a-983a19fbca3b", "comment": "Malware payload (RedLineStealer)", "value": "05d83d8729e7b778d493f3cae5365b223d44035d", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497827, "uuid": "4276dd6c-7754-4c92-a124-a3415e0e7951", "comment": "Malware payload (RedLineStealer)", "value": "893538fc4d03ccd9dd40bdc5089827cd988e367477a5dce30067ef9233013efe98cc615643b03717c75e4105f0ca5af9", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497827, "uuid": "54e83ac7-4929-4d38-a3b8-55ed9498854b", "value": "T146252343BFED4033ED65677058F2238706397DC38968E3AB2F85959A6C32550B2363A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497827, "uuid": "149111e0-40d6-4b3d-b398-8ceae6b333b6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497827, "uuid": "474d49a7-8f30-496d-ad62-562bd4780adf", "value": "24576:myCpnDAH+ZvCLDzda8kTfzxhOIk3LoApDf:1CpnDay6LDzdi/xhVAl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497827, "uuid": "c5faa3ab-dc15-406b-96c1-8bd6eceebfd1", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497827, "uuid": "2b33761a-3b1f-49b2-bc7c-33865b1c16aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497827, "uuid": "0000eab6-0326-45b4-b743-a41bba438796", "value": "processor.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f12569a0-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684488263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488263, "uuid": "042853ec-5d61-4278-9331-70136f3e3339", "comment": "Malware payload (GuLoader)", "value": "9c42048cb20fd91f33fa0a5f711efb78", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488263, "uuid": "d9453ec5-6e6d-4ca7-a6cb-67d1cf92800c", "comment": "Malware payload (GuLoader)", "value": "32d8eaffe1a88f4c6faf6ea66535e4197438be45e04a54ab60b922177a1b8c01", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488263, "uuid": "a5fe5948-0829-438e-9141-8e0b966dd2be", "comment": "Malware payload (GuLoader)", "value": "4359b095256c48b130011b64f60d5c3d487c2f8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488263, "uuid": "2e3d8065-5a72-4944-b230-0af9a8c1e601", "comment": "Malware payload (GuLoader)", "value": "202f972dc5d41198478937b774187d9082ba1106040ab139df8f5980d638e3f6fe265ddd64d9d2a40e29161340a1dc03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488263, "uuid": "572d10b7-b9e5-40d1-8216-82a0c0ad7309", "value": "T155E412527F9CCC33E393C83715A2C6648676ACC52E535317E3A87A6C79BA6957C0F202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488263, "uuid": "f2ee31f6-764a-45f1-a4d6-b16b9881a9ec", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488263, "uuid": "e96af884-2a37-4e96-8bdd-f46af837facf", "value": "12288:phrO+yeDSp3VuRN0w7rPRZ8+7waffLSF6UWQE/onCO6h:ptx5A3Vufh7rZh7waHiWQE/3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488263, "uuid": "296d4242-7de0-4afa-a55f-9ebb4107c873", "value": 677027, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488263, "uuid": "ffe8cfc7-27ed-4ea1-9b24-fd321aa15339", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488263, "uuid": "c18b3a4e-1fc8-4ea8-bd9a-302c1e91949a", "value": "pedido EC0000191000164 18.05.2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7c1117b-f676-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684522499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522499, "uuid": "7a503da4-dd4b-427f-beb1-b5fcffbc15f2", "comment": "Malware payload (BumbleBee)", "value": "3ba4cdeea1161da20217aa250b41ac43", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522499, "uuid": "81b30b84-f613-4cdc-a3d2-fe928a2c0354", "comment": "Malware payload (BumbleBee)", "value": "32fb748a0edff589f8dd92fe17ee7bd3a29a6d874846e83c0101cbac86ce548f", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522499, "uuid": "d6228954-3770-4b46-a7ee-fe80abd4cf22", "comment": "Malware payload (BumbleBee)", "value": "c4345761b8a2497b3d2eb71ca20e620fce92c51c", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522499, "uuid": "594c6393-29ab-4ac0-b36b-1b2fd17edbb5", "comment": "Malware payload (BumbleBee)", "value": "477717d1873afb2220105e40526763827050ae8e32bc50ade257c52134827c558b96fc022323d74f3a0e9f7638621543", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522499, "uuid": "b80c78fd-d8fa-44af-95a7-4e4067c90515", "value": "T17745E011E6A30FF8D4B6917681AB262FBB303E194315D3BBABC0D2377C927A45B15760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522499, "uuid": "230c0fc7-4a28-4754-bda6-69e4c613a42c", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522499, "uuid": "d4b31466-e6d3-4b7f-ae69-620779768288", "value": "24576:TNdLuApxCWGo/CdRop1TgXzDYaG0CSAZT/3w7uYoomVM41qPxHLzq7Zy:zXoevT8P7K2rk7c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522499, "uuid": "8c308c26-2b65-41d7-bc33-2828544fd3c4", "value": 1222157, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522499, "uuid": "89c447ab-2b37-4180-a35f-50def65375b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522499, "uuid": "e15891e8-a55f-4674-8853-eee5e8ea1d8a", "value": "3ba4cdeea1161da20217aa250b41ac43", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2957eec4-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466882, "uuid": "ad341a96-bdb1-426a-bfe6-673001ee397f", "comment": "Malware payload", "value": "2be30982d262cbc357180b0f28a91359", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466882, "uuid": "f80d5fa3-3efa-481b-bb57-7dc7fb22283c", "comment": "Malware payload", "value": "32fd849a17b7be0e07eb6861c291cd6835723b59e15df6031555f719da2e4d64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466882, "uuid": "54ca669e-882f-44f1-849b-e04571eb2095", "comment": "Malware payload", "value": "1816d9543305a819bfd09bf167e79b17b3ad9347", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466882, "uuid": "a49ecd84-fdae-4736-b95f-caaece368a12", "comment": "Malware payload", "value": "c524c04e11252d85f1b2504c7ab5305b4d5052874609c8a181982fa0c0b102532e8d87939f27b2dc175dd76cb856c684", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466882, "uuid": "1b07ac86-43c4-4988-bf69-7a84c093b8da", "value": "T1D963B590B72CD561D5C40AB2CA5344C80B292C52E895CFE79886FEEEEDF11C379191EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466882, "uuid": "572b961f-24bc-4bd6-a5db-4e223301b32b", "value": "dde6bf17a0debedf9a9d7a1d47ff069c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466882, "uuid": "2967fce7-df39-4a73-b11a-60413fcf081a", "value": "768:mjSLP/kSLR9Bgq98D8vPncKq98JR9B7kSpfSL:sM/kCngOznlOan7k8f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466882, "uuid": "e32f3cbb-04e2-4287-8811-8b9652d65ab0", "value": 69632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466882, "uuid": "757939ea-cd54-4098-a1ad-92583b51116b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466882, "uuid": "ee1917f4-a050-497f-a77a-e5185176a955", "value": "SecuriteInfo.com.Variant.Jaik.39057.11951.21767", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cbd3637-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466888, "uuid": "5fa280c2-29b0-430f-a8ce-7ec323803bfc", "comment": "Malware payload", "value": "5f977aa7737045c1020e50128c85b82e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466888, "uuid": "bffd693e-9149-4752-9275-8d8027efb917", "comment": "Malware payload", "value": "3312709c6aa44e1afad5684bd01bf8b8263643665aa6ce45f273b9961394710d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466888, "uuid": "b5ab313e-3262-4ee1-bef7-043a944fff6f", "comment": "Malware payload", "value": "e227dd82e5487f6b591820964be32f5e3d72efd2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466888, "uuid": "aed0bf5d-8c85-460d-9a58-ea10ec5ed5d1", "comment": "Malware payload", "value": "d6e98c9afd72a08cb468df6e7d75ef256f0e3907c986e1776a49df45b4e7bd47d4114b5b42902811ff088d1a48c380b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466888, "uuid": "d310f445-74e1-4bce-9779-aa082c7c53ff", "value": "T1A7C35A02D7C781B2CC82C770547CE6BAE73FFE866B34A69BCB490DA52560C10A546E79", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466888, "uuid": "3f7b89e1-1eb4-463e-a376-dd5a087c364c", "value": "1536:BgcrkO7Y4NjNNwHCe0bzifqD8N1Hq9RIJ73GqE2TL3xOa3RM:B97xNjNNwie0bzifqKlmIJBE2/xOa3m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466888, "uuid": "b3902631-85a9-4338-9294-ade3cfae4333", "value": 126976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466888, "uuid": "eba9a8eb-1868-43e3-9a7a-626cd4fd5854", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466888, "uuid": "1946ac4c-0a84-4703-8ce3-ee9b3993f1d7", "value": "SecuriteInfo.com.W32.Risk.PIUH-0871.21076.31589", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2abd7de0-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466885, "uuid": "036b9b44-3065-4a32-8e14-a43b921a3212", "comment": "Malware payload", "value": "5d82437910365455b420423437f5927f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466885, "uuid": "b8e02acd-c5e0-4c91-9806-46baa35c322a", "comment": "Malware payload", "value": "33743b12c0c876b0f38d3eb2635a272ea6078f1521c096e5beed39bb494cc89b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466885, "uuid": "370e5c51-6b1d-4c4c-b3f4-1a39c5f1a0d4", "comment": "Malware payload", "value": "55ed9838b55fb9cd14b814b8d2e26e53e45ab35a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466885, "uuid": "0340107a-039e-4264-bdcc-4fda2b3635c9", "comment": "Malware payload", "value": "2194f4394571c22bf85c72c023d0550270cc08860bb1bdf9fe34804e154aef3a32ad9942b770316294c73008d903fd3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466885, "uuid": "701a6670-142f-452d-819c-d819940b8814", "value": "T1B165F103B261A290D4CDCE31AC958D0447097F422F56E1EF6E7DBA42B3766D3AD2279C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466885, "uuid": "a4b997b7-b127-4191-a04d-b47ac7e8bccb", "value": "3679fa21b16bad5c13986fe59109e2dd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466885, "uuid": "f29f9cc5-e121-44d5-a9d3-81809cccacfa", "value": "24576:TWar3nPugR7gWfBtxt3a7yFO/qi/NXNfGCjSLmwsNPd3RgpJBV1Ls2wBPU:a4uNWfxt3+yFO/jNd+CjS7sNlKpJBV1Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466885, "uuid": "f7a0f6ad-2ffa-40ca-b371-9fb9e708b022", "value": 1437184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466885, "uuid": "ca9f2a14-16d1-446e-9b4c-64c4faa84b28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466885, "uuid": "257074ad-9241-4af0-8c9b-d4a212798628", "value": "SecuriteInfo.com.Win32.Riskware.GameHack.E.6283.22785", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35ebdb7d-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524456, "uuid": "689a8f8a-452e-4b38-96ab-260e5e5e1b3c", "comment": "Malware payload (RedLineStealer)", "value": "e5b679b7f32acf48869399b36e68eedf", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524456, "uuid": "e0370472-20dc-49f2-8c08-2ca4f637ffaf", "comment": "Malware payload (RedLineStealer)", "value": "33b4257f2a96aa95906441606641ffc101a7a4059a20ac73b5d283e977dfeeb4", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524456, "uuid": "4144f876-6714-4851-abab-4e782c62cb9e", "comment": "Malware payload (RedLineStealer)", "value": "7241959e83cfc8cf4f57e55d90b5ed5b5ff62685", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524456, "uuid": "81c0a651-d420-4c9d-afdd-1dcd4f726817", "comment": "Malware payload (RedLineStealer)", "value": "70dd7c36f1dafddf788b8ea10bd907c5d47910c907424459de25430fbe9bc7742ebfe4df37b0afdc06b7bb77eefe5dc7", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524456, "uuid": "48b6e66a-4b43-40ae-98b0-40f05bd3839e", "value": "T170252356FAE08872E8F9137078F647C30B36BC519E5493973B0A6D1A0DA36C0A677727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524456, "uuid": "12dd12e2-86f6-46ae-9931-1112b72d2e14", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524456, "uuid": "0e95de81-5093-4e22-81b3-6e5a39b982e8", "value": "12288:bMr7y902B+VyntFm+ZNLUUJcNyvDrWv6VKY89EIkBlcktvA0gSCHl5e19qUm8Ma:Ayd4yntEaLUIcgGPd9cy0vAmCF5b1a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524456, "uuid": "e61b6a2d-38bc-40f8-8b7c-36f920cbcbde", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524456, "uuid": "148a6709-7a51-411b-ab59-7330522f8c93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524456, "uuid": "6e28b461-d0ee-40de-9c1c-0ef14f014f82", "value": "pdf-reader-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fce87653-f5e7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684461224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461224, "uuid": "4f952335-cd28-412c-9cf7-27e2e8de95b8", "comment": "Malware payload (Gozi)", "value": "5f4a334c1520dd88aa22bf53780b5bdd", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461224, "uuid": "c8f2dd78-04a3-4c7b-817f-bae28cdda5cb", "comment": "Malware payload (Gozi)", "value": "33bf6f57bccf554dbf106edec96b6a3c7061620925733f80436f7d0ccfa5ff1a", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461224, "uuid": "4f12c2c5-7410-420f-b6fd-1f5dd5a62def", "comment": "Malware payload (Gozi)", "value": "44bfa942396336c5f4d385b9771ea2790985949a", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461224, "uuid": "a7c228bf-2df7-4136-b69a-b2f33745718c", "comment": "Malware payload (Gozi)", "value": "435da89ca840767e87e1989925f7b1fcb573b8bd201ccab06e4efaeeb076e918e89e0e4c8b44a338e2edbed3903da786", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461224, "uuid": "513f8655-6a78-47d7-bdf3-094b0cebe9a4", "value": "T1C8A274E192C93C7D187361F5182941E1D9B58865BA5F6C94F02DB01CF71CF24E2BACAB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461224, "uuid": "cae7a73b-7f7a-4b10-baf7-16c9ed9dc42a", "value": "384:p3wqvR/MfljejcITZESJ+D4c3J7x2tioVr:JwqvR/yjTSJPcZ7gtiUr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684461224, "uuid": "a4f9cab3-11ac-4cd5-ba43-92991e3a30f3", "value": 21701, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684461224, "uuid": "9869090f-4963-46ad-afd4-fb4f1d2b6994", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461224, "uuid": "0d534af9-6eec-45b6-ac32-f38e06c154f4", "value": "1 Total New Invoices - Wednesday May 17 2023 - 10529.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b64ef6c-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497407, "uuid": "719e1471-5cfd-4a5f-86b6-40548c92a3f3", "comment": "Malware payload (RedLineStealer)", "value": "be1b6634671f840817e22610ce6a60c4", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497407, "uuid": "72695069-606d-46e6-861c-1a0b3dbea1da", "comment": "Malware payload (RedLineStealer)", "value": "33d6e19656ef8c7008b7e9be0175d0d45665f666926c0cc06cfd055c39a1122d", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497407, "uuid": "4ddcee23-1b4b-40df-a0a8-7782ddc4a7ec", "comment": "Malware payload (RedLineStealer)", "value": "218d3fb62a933edcbb5ba2122280ecf271888a69", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497407, "uuid": "b7664502-daf2-441d-9b7b-dde5a6b851fc", "comment": "Malware payload (RedLineStealer)", "value": "f624e47b73e940dccc7e9bf7787fd2ed7fa833116c99745174d5ce8a6314c755815d730c8ab8bc6a1ba738351aec5d91", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497407, "uuid": "8b6cc008-01f5-4bd0-9f15-d92cbf39bbc8", "value": "T106252322B6EA8473E5753B7118F602C30F75BCD04DB8917B3A81C94A9CB36D4E53972A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497407, "uuid": "3e7539d5-091f-48c7-8cfc-2e7450f208df", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497407, "uuid": "f54d2628-6c50-45d1-8edb-860b5fd765e0", "value": "24576:ByCVJOIzgHoZ2/l1THDDt2YQCAXEvWWTumk3iI5:0CDO4gv/3Dx9QCgEBzkS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497407, "uuid": "495403a1-67b7-4f2c-8f84-beb1e91c8e37", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497407, "uuid": "cc43cf1c-38b0-4bdd-b625-14078f8a3c47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497407, "uuid": "a6ecda41-b886-43a0-9454-90df5e1a9502", "value": "26324.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64c374a5-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539996, "uuid": "4ccd9231-7600-47c0-9654-bd1bfa5428af", "comment": "Malware payload (Gafgyt)", "value": "28874764f40af2aaf43328fc71206886", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539996, "uuid": "17360e10-f10c-48ba-bf80-05505f500723", "comment": "Malware payload (Gafgyt)", "value": "33fe23382f3a58473be309f0db342febd6849d03b1d156fe769b239eb5aad229", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539996, "uuid": "1dcf210c-11e3-4a5b-b836-7f64facffc79", "comment": "Malware payload (Gafgyt)", "value": "d39ec298a1ce79c8c48e45cfcbeebfe1e3618884", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539996, "uuid": "5fab6218-528a-4207-9e25-ffc4b84deddf", "comment": "Malware payload (Gafgyt)", "value": "8a0a94a91d686a72ff3da397bcc0d4ea53c0d74e89aae56039cea43a9ad5d107f14854a60962993f9f35540054da5c57", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539996, "uuid": "3d54d3ea-cbf4-4f52-8349-5bfe7c955bdd", "value": "T1D1933B56A780D5B3D14305B316979B620033FE7B1A5EAE0AE35E7CF18F3A0987221B5D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539996, "uuid": "13186371-9d87-47c5-8957-e8e79d9b1232", "value": "1536:mgqm0Tbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2emgGMUNLe5um7WAgcVjmZIcBI:mgO2UVUtBUI8GwPfHkk8ryeLesmqAgcr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539996, "uuid": "1f745621-0cb5-49e7-aec0-daad037c73e3", "value": 96268, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539996, "uuid": "67b0840a-b177-411c-82dd-159ffee8202b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539996, "uuid": "ac863cae-63d4-4e11-8023-d87e7a502f9b", "value": "28874764f40af2aaf43328fc71206886", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43608656-f624-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684487112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487112, "uuid": "7d1831ff-2d72-43dd-8c7f-452bc2cdbf2d", "comment": "Malware payload (Gozi)", "value": "079dacd14f45e6d8f6d3784f181a952d", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487112, "uuid": "59e86ca2-bad0-4549-8eb0-acc5ad6e357f", "comment": "Malware payload (Gozi)", "value": "352d8ab5de8d9a1cc7d2b7257a8ab024d9df71426c498d489a0b1e23ec0c0ed0", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487112, "uuid": "7e17d2d4-96cc-4e8b-a8cd-c26e8b12fc50", "comment": "Malware payload (Gozi)", "value": "f0a4cbdcbce6d512b87359d24e4f1f9c1330dfaf", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487112, "uuid": "77790d10-c994-4e87-b54a-a38c74a23f9d", "comment": "Malware payload (Gozi)", "value": "016b07e33712f066aef4a8170f046cb180f9a640e14a5269e45b7f9c535a341fc1da6ed4d1f8995932b2c77d20ce2c66", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487112, "uuid": "0db99c26-237e-46dd-bccf-8175e2316eb1", "value": "T116A284E052C93CBD543771F1192941E1D9B68869BA5E2CA4F06DB01CF71CF24E2BAC6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487112, "uuid": "db4a2957-84b0-4f88-b41d-512871ebc5f8", "value": "384:j03wqvR/MfljerPlBfLo74jDROj68nx2tc:jOwqvR/yjyDfLQ4jAjZgtc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487112, "uuid": "13667d38-7c0e-4c16-80f7-be67f71d0085", "value": 22514, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487112, "uuid": "e4d96714-f309-44c4-a7ba-8d4a05a50dbb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487112, "uuid": "20b83f13-74c7-48e7-8c67-ac1f5fa580d7", "value": "1 Total New Invoices - Wednesday May 17 2023_1058.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad97cbe1-f60d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684477412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477412, "uuid": "73fda63d-b1c8-4a4d-8803-3c5ae9b61eb8", "comment": "Malware payload (AgentTesla)", "value": "f2e2c196b9d71eba63ec4a39ae97d7ff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477412, "uuid": "6378fc5f-8921-4843-8471-56df50e61175", "comment": "Malware payload (AgentTesla)", "value": "35576187047e4a4ee61c93c0c407bf31143f582df8085acabfa6998a9ce81f19", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477412, "uuid": "d544522e-f9e3-41c8-bf37-1d3621790311", "comment": "Malware payload (AgentTesla)", "value": "9c46c41b5803ba96e93119f0b87b1bc22452ba68", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477412, "uuid": "a904c125-e972-4907-b6be-57e9f4e1eca8", "comment": "Malware payload (AgentTesla)", "value": "c5eaa2e41726029953b12b61a53638887e7ee899a0ab9f95a0751d0285c9ae941d344400d60e7c033eb3ce9d8909f575", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477412, "uuid": "af715016-5aa9-4e2c-a401-e93cdedb20af", "value": "T1C0B4233C7CC6C898EAF6B544470234FBB486DEF4C1130AF5E1D07466A632A79DE649D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477412, "uuid": "4f951041-f1fa-4c2b-ada5-42acc941955c", "value": "12288:0ZVq5FSiSp9JAsfrCYLMUpH7+dLL80US8lg+jMMLHGW:Q+FST9rJYOwLpFQjwMz/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477412, "uuid": "cab7755a-4db2-4ceb-9d68-9495aedc6f58", "value": 512730, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477412, "uuid": "dfe90073-443e-4a84-8547-f311584b246e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477412, "uuid": "378e48e2-c3db-4403-ac8f-3ea06c47aee1", "value": "RFQ#ENQ-1885-23-TCR-Well Head.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24bb20e2-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497798, "uuid": "2603fad1-4d0a-4302-aa3a-80ba3c6751b5", "comment": "Malware payload (RedLineStealer)", "value": "4543af5988e7629c8474d11cc6166319", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497798, "uuid": "b9fd0fd6-f391-4731-be81-b063914e5d3a", "comment": "Malware payload (RedLineStealer)", "value": "358dca4746d5d54ad6c3123548f4feb92180490459cb3d05189018be1dc0e9f1", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497798, "uuid": "ad1f2d2d-4609-4d2f-9218-d75620d46526", "comment": "Malware payload (RedLineStealer)", "value": "2473050a23e7044c13a0ce873f68774a70588dbd", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497798, "uuid": "0fe688a2-4e46-4dbc-934c-82c97e001396", "comment": "Malware payload (RedLineStealer)", "value": "a115ef9c20619d93b42b4e0923282c8f1ba153938bbc7aec249245d5e72a2c5b91aeea030f743c8ee79c116b0d249010", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497798, "uuid": "0c44d106-139f-4ff6-8f81-d6c6650228ed", "value": "T16B2523037BE58076ECB61BF028F31B430735BDE11D7497971B66A11A0E736A4A436B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497798, "uuid": "9b0b422d-3339-4804-bade-c96df22d7c6f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497798, "uuid": "91539a48-f072-4636-8ac1-03cc0ab84192", "value": "24576:AyEi2QyeflleDGXGqTVbvtG4loZ4GXA4uV2IHn:HEibPmiXRtvM4loZRnug", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497798, "uuid": "0120b42d-3de2-486c-8a3c-d901257f265d", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497798, "uuid": "b4ec20c4-c568-4086-a6a2-e6350ce040fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497798, "uuid": "0734dfbd-5a6b-4741-96ba-c1c71c210a35", "value": "manager.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fd436a9-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524419, "uuid": "3c636ae8-af06-4b56-968b-fb3c15eb3443", "comment": "Malware payload (RedLineStealer)", "value": "0fa137857d3d63df430ec5a32d9989a9", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524419, "uuid": "e425d67d-2cf5-4ed8-bb61-6645241350de", "comment": "Malware payload (RedLineStealer)", "value": "3594bbc3300b00afe0bae13babddd64ad0ec560edc80dae9650d69387dba42f2", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524419, "uuid": "da721675-049c-4906-9fc9-fc536a4b5eac", "comment": "Malware payload (RedLineStealer)", "value": "9493ef4453fcf73c225f5c95634defd1ab8e3760", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524419, "uuid": "60d1a73a-ec07-462e-bb64-db145823b12d", "comment": "Malware payload (RedLineStealer)", "value": "e9de10ec19290991b2ad5d64b81c0b68c74fa62dc1ce8a1159e4da1c1a306002ec1bf5b0e82c8007e6be856108174494", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524419, "uuid": "c320c700-5031-404a-9d13-8c06abc21b98", "value": "T1F22523135FDD94A1F8B427F154FB52930F7239B29E7527BA3391A80B2CB2584983172B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524419, "uuid": "656fa069-97b8-4ab0-ae5f-05b206a9f2d1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524419, "uuid": "f4b51617-0646-4bf1-bdc5-4c6432657d07", "value": "24576:/y1OKAlJwjcBosQ7ZasYxNpDsnCZs77cf:K1lAlJBBlQFasANpInCa77", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524419, "uuid": "a28a3d75-e126-4537-8895-f5a6d3379a7c", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524419, "uuid": "5b035af0-4b51-4099-a834-b2ef10fced34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524419, "uuid": "1683226c-4a9c-4704-9f08-7ef40a4c6916", "value": "invonce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "821e978c-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497525, "uuid": "c24b7706-9921-42a0-abb0-6be25adba97f", "comment": "Malware payload (Amadey)", "value": "c35193a75c40a34cde3926a36a95c7c6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497525, "uuid": "092019d7-ecaa-4083-b92c-c86e58b17ac2", "comment": "Malware payload (Amadey)", "value": "35a2bc6d8d34b5eb0dd2f6aca06205b202cb057abdd0ab2d8b289896baa61a34", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497525, "uuid": "f496b95f-d6c6-4ce7-bd0b-1a8da691b627", "comment": "Malware payload (Amadey)", "value": "b2862e540f51f9c7ebfff41deae1ac49142b8d22", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497525, "uuid": "b2abcc6e-302b-410c-aaf5-71b29de87f9a", "comment": "Malware payload (Amadey)", "value": "99a5ffe67de9bf60c0aff644790562ead754d0b9f1dafa57f2ebc019d552f16fc950c751b193b597cbb4bda1cfaa3467", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497525, "uuid": "34d7859e-212d-4891-a34e-88c799ed94f3", "value": "T13C252313F6D880B3E9759BF04CFA03D70A35BC608EA9A3672284652B4CB31D5B935767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497525, "uuid": "aac12b34-a5c6-4ac3-9c59-cd30c2ec3774", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497525, "uuid": "8610df6a-aeec-4522-989d-dfc1b4e7d6a1", "value": "24576:SypVbxW8t+9f3UvnzzSDwGKuSJHuhXqXYl+:5pVo8t+9ayDwTNuBqm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497525, "uuid": "d14bc920-fc5a-4dc3-9b53-50ee5f4d0268", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497525, "uuid": "32a602d2-9b45-4077-8e2c-b73777dae5b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497525, "uuid": "c30c1274-b3ac-4f39-8646-1842f717527d", "value": "builder.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e91ae97-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524497, "uuid": "12e69885-4a19-423d-b6a4-6b299961a944", "comment": "Malware payload (Amadey)", "value": "8f874869a8373195612c21e881fe25e2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524497, "uuid": "d47a9169-7ff0-4b4a-a342-cc5d7930ae0d", "comment": "Malware payload (Amadey)", "value": "36ac07c67f9203462ae15d2f976607d96dc40d2773d0cbb93eb59d9299d1175c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524497, "uuid": "ccf73595-5280-4df2-afee-bdaf4d859428", "comment": "Malware payload (Amadey)", "value": "7e53f28f267983eb07917624479787783ea8f21d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524497, "uuid": "e2d2b531-f415-4736-b4e5-e38504fcc375", "comment": "Malware payload (Amadey)", "value": "769e9fcd669244e16567e8aa64dbcbd6bcb5802c07b2ea36964b6e71492028eed3b9a40c53b6d38fa4b6db523edd0d33", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524497, "uuid": "b5542d45-e95c-46f3-a7ce-c68120f8df98", "value": "T1DF252346FFC45475F8B16BB09CFB12831E31BD91AEE8933B1741990B48B2988D631B76", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524497, "uuid": "5fb6907b-1157-452b-a575-d9e4e9f9d76e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524497, "uuid": "292cbcae-2428-418e-a06d-4ae41802b773", "value": "24576:Vy2Dof1nT2uK17K3zNOnC7S0S2rVTvJtkdraMLog02TETRuYslr:w2DofxaG3zNZMLtTxYs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524497, "uuid": "e0b78f32-261c-41b8-8880-367a1ef9ae91", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524497, "uuid": "24664978-a333-4353-9c0c-ac7dac152e5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524497, "uuid": "3b3497c0-6b9e-4527-a49c-93975fecc881", "value": "scanner.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "662732c5-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497479, "uuid": "aba248c5-9918-469b-839c-6a22112c3e45", "comment": "Malware payload (RedLineStealer)", "value": "a9286710344cd80e612d3b2ca070905b", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497479, "uuid": "5251eab4-7e01-486f-b6e7-d36c0074acb0", "comment": "Malware payload (RedLineStealer)", "value": "36c3aa695013f41cd6788b895bbe5dad5e6a3e080ef22dbd6b422719df3112c1", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497479, "uuid": "bbedea26-35c4-436c-a55c-14571bd1fa7c", "comment": "Malware payload (RedLineStealer)", "value": "587c004a51ba3bf7393e529b868a08e79d8e567a", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497479, "uuid": "737b30e1-2a19-4008-b89c-40aaab23e8c0", "comment": "Malware payload (RedLineStealer)", "value": "45e0345cc6aa81052aec17ba26ae7d3f89615246d88d9d0e3914f9bb2c73ce69a37f2998a28ebe71a46c74c7c0ca233f", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497479, "uuid": "d697d2e3-a501-4324-85dd-3b7d1573a085", "value": "T1DB252353E6D85072E9BD27708CFA12A31B39FC605D7D534B32917A2E0CB26D1E57231A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497479, "uuid": "c2eb8cf3-7aaf-43f7-86b3-f0705150c9b2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497479, "uuid": "645d7672-e5dc-43ed-9fac-c08afd19da66", "value": "12288:HMrRy90KdhX4m+I7OzPyT4gxYGjSg2qage410JC0VEqpe7OEMTe21T20Q48ABy:yyQa7OC4MYz7qagehC0VuMXTgay", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497479, "uuid": "487a2f64-ce8c-4b1a-8253-5db6c3316941", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497479, "uuid": "c66db75e-f300-49a5-b883-3e4783e92ea2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497479, "uuid": "4c172261-ab9f-4c79-b1a0-f09685ebe16f", "value": "Launcher.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbe87538-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524305, "uuid": "c444e606-f897-404b-8c29-e5c6b2c79439", "comment": "Malware payload (RedLineStealer)", "value": "6c2cbb5874bc4e67e9adac77530830fc", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524305, "uuid": "9ef4d9b5-9905-4d32-8f34-70746720ab48", "comment": "Malware payload (RedLineStealer)", "value": "37bd80c2844e4c0c8409fb88e7b41eb3c4ce88ac947199a1e9418e78259d97ae", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524305, "uuid": "9ce83df7-bc60-4ee1-a47f-e9b9f5b3c60d", "comment": "Malware payload (RedLineStealer)", "value": "145130730a39ff41cdb2ecf5591eb7f312850950", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524305, "uuid": "3be1efd2-b77f-44e8-a556-a9c3d98083a2", "comment": "Malware payload (RedLineStealer)", "value": "1a496b03427e72399e4201713f4a596730430434bf3e93c62491ba15f750c434a2a545a422b0e2dab4b26932f910364c", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524305, "uuid": "e498985f-7b7f-4e57-8545-ac01c3069cee", "value": "T1D5252352B6D8C1B6DEB1277094F603471E397CA15D6053AF3B98AC6B08B35A6B17033B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524305, "uuid": "8260929e-b81b-4aae-b93a-b1cf2a5d3112", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524305, "uuid": "e7870ea6-3ef5-4761-acf2-12bdc79f9ade", "value": "24576:oyubyuT7kbuNsN3vg1S7SthGA/CyXCBWEiCJjJ2l:vubsuNcYo2tAUyBWEiqjJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524305, "uuid": "0c58f032-e96b-4888-ad1e-ed13b3d49ac4", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524305, "uuid": "605b75ce-7b68-4763-bb92-47f8ef7bb0c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524305, "uuid": "b0298cca-8d6d-409d-9801-bdf666d80b60", "value": "999.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c8284cf-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539956, "uuid": "b8748334-0944-458e-b5d7-77e27bd16ed5", "comment": "Malware payload (Gafgyt)", "value": "4351661dae2ba1469d11df63f337b672", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539956, "uuid": "6accf04a-fc79-4929-9f6b-d6c975f21a22", "comment": "Malware payload (Gafgyt)", "value": "37c177ffe57cb1f774ceac8e55063e7a2afd4cde43718c040a9992a0c5d489e5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539956, "uuid": "f120b4b1-0d5c-49d6-85f2-8cc65313f5d8", "comment": "Malware payload (Gafgyt)", "value": "0691712d07b3ccb92106ec49eef4e698c2493645", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539956, "uuid": "b947a0af-0660-40e9-a188-4cbf46f4930d", "comment": "Malware payload (Gafgyt)", "value": "c14e664779fd49b3158cf42d388a4cbf4ccc725ad536dcf7e6334615a09556c9e685066daa9d344f3b8ae8c4e8c79c4c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539956, "uuid": "1d5985c9-cff8-4477-8359-040247f23926", "value": "T130C3193B6B270E23C0C9507116E31332B9B9DE5938B943D7AAD07D9C6F3A58834167E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539956, "uuid": "5bfabea1-9a63-40a8-85e6-6a18f20d8129", "value": "1536:ivJm7TYtgc6RhSsN95fftvLItIlRdF/Mfm7ypwYujl3IdnuW:pNhSsNPqElMfm2pwYux3I5uW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539956, "uuid": "50c033c2-a9b3-4082-9fe7-d867e209ebbd", "value": 126438, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539956, "uuid": "14104af5-6b7a-4aaf-a914-dcd2672a2a8d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539956, "uuid": "08dbe137-c7da-4aa2-8b5e-6f41b7729fd3", "value": "4351661dae2ba1469d11df63f337b672", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad95233b-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476983, "uuid": "c4621090-08cd-46a5-9162-181b26add881", "comment": "Malware payload (SnakeKeylogger)", "value": "2c375a57ff8b262216aac5e1aa845705", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476983, "uuid": "d4e7585e-3520-4307-9f83-0e910b63568f", "comment": "Malware payload (SnakeKeylogger)", "value": "398c5e8474d46a3c0855c3ccaaa0dedaf04e5250aa39c7bf778e8d6dd90100c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476983, "uuid": "f2e32c87-350b-4644-90c1-da160a941ab9", "comment": "Malware payload (SnakeKeylogger)", "value": "ea296716ed99e8c17e921a40bf1f6b99b017b591", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476983, "uuid": "852e8987-1cdf-4120-8b93-fb38c46ad74d", "comment": "Malware payload (SnakeKeylogger)", "value": "6d4d401a428640f91a73f29413b20cf78581fcce5ecfd76f9adf224cf5da060c927e963af38b687eb15b8785be55ac43", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476983, "uuid": "7b673b33-e753-41fd-b7b4-d1f8ec1e3fb0", "value": "T163E4DF1063A5CB06D6BA83F15DE0E2F01BB99D99702AC30B4ED2FDDB31A9B654710A53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476983, "uuid": "a7a28ce4-36e6-477f-89ad-cbaf398098c3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476983, "uuid": "f45181a3-4b67-4e9e-a604-0d2a9d6e4d5e", "value": "12288:PqB0OGStEkiOj/tl5NZAiE+bMb7htWSvIGfJhAr:PqfGStl/r5zz+WYIGfJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476983, "uuid": "ae29b1b0-1afd-4b22-a125-deea46d38cd6", "value": 679424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476983, "uuid": "f2fe06df-340f-425f-a2d6-b4e706e543b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476983, "uuid": "656f6050-ed28-4cbd-a391-0187446def4e", "value": "P1a2BpFnWJNlKBI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83bb41c7-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475624, "uuid": "dfea6fd5-94b2-4556-820d-0cfa4eb9c882", "comment": "Malware payload (AgentTesla)", "value": "3461fd2c8482af651b818f61dd049e42", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475624, "uuid": "816a0573-2320-4871-ac77-e311c564aca0", "comment": "Malware payload (AgentTesla)", "value": "3a33384b0027c321a9643ba9428d7227aa6b4401e3882f91cc93539590500411", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475624, "uuid": "c6114549-42f4-4750-a3fd-9ea774ed87fd", "comment": "Malware payload (AgentTesla)", "value": "b4dc69de92f2cf210c615e6ec506d3a1d21aa777", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475624, "uuid": "c24bd5c5-418a-40b0-96ea-ecbdfa861268", "comment": "Malware payload (AgentTesla)", "value": "fa8e2738364f0d1499d9037a8bc58d85dd726fe33aea1674b04e7ee5e0a8ddffdd6f4c84b60187dedf3f72901e962cff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475624, "uuid": "6ad3e881-7804-4c03-951e-01bb7eff382f", "value": "T153D4123BA49D8F16C8AF0BFA68D23C0653B5595AB131C69D0DCF21EE2675BB40512EC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475624, "uuid": "5802836e-7397-4ff5-909c-b4a810ad0188", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475624, "uuid": "eca34727-9cb1-433f-bef6-0a57ef2b1050", "value": "12288:Cf2iNeUDMY+SnwYmTzsht19PL3MyE+q8IZroJWURe/hN2dVzXYt:Cf1AUDX+RFshbJ8yE+iFoJWEeZN2dxY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475624, "uuid": "b5de8bfe-171a-4018-b2b0-9e295b29fb46", "value": 606720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475624, "uuid": "1d10a3b8-0c6c-4665-a9f4-17573c2e4b8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475624, "uuid": "bf17725d-d941-44c2-a2a5-57eba4e1d08e", "value": "recibo de pago OC456337.jpg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f82fe132-f699-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684537667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537667, "uuid": "4afaf3a2-d992-41b5-a296-c84b5d283554", "comment": "Malware payload", "value": "868a41de02de9d48830bca584ddcad51", "object_relation": "md5", "Tag": [ { "name": "password-protected", "colour": "#3D71D4", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537667, "uuid": "5b7e4c26-f7a3-4394-a896-6fded6a4283c", "comment": "Malware payload", "value": "3a50fa3b66585d975d56070ce7cca996be6fb695a69eb03bfd09c2ce09ee95a1", "object_relation": "sha256", "Tag": [ { "name": "password-protected", "colour": "#3D71D4", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537667, "uuid": "a7c37254-9075-4bdf-b1ef-204a883ef907", "comment": "Malware payload", "value": "c08c7822fe591cc39e19dceddfe409f9352299df", "object_relation": "sha1", "Tag": [ { "name": "password-protected", "colour": "#3D71D4", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537667, "uuid": "d4411620-eb3b-4484-9f76-1862cfaf21ae", "comment": "Malware payload", "value": "530e37686c3614d0587320f62aeddd54f4bcc99a55a01548e8adbee572fad485b308be219abd47d134ee569eb0c7b756", "object_relation": "sha3-384", "Tag": [ { "name": "password-protected", "colour": "#3D71D4", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537667, "uuid": "3d841d27-d15b-4dec-adca-10fded0fa244", "value": "T12E763396D15654EB6EDAB0FB91221C16A2E6D3507FC00957DFBE20DD4F2A72B0C8A0D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537667, "uuid": "e4d25658-e918-4a41-8f2c-dfb84b01fd90", "value": "196608:sQu2aeYz9lgO/wXc43phRGVEdLRiWrkIyQ:xulgIY13pnGVEKWoIyQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684537667, "uuid": "08c1dedf-71bc-4551-b6e4-9eb41c7f1d56", "value": 7670798, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684537667, "uuid": "cba19a42-814d-4948-a7ce-3a90a8de9500", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537667, "uuid": "70481d31-2a55-4e91-96f5-08aa8d69bf03", "value": "Set-up.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a3a4736-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684487902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487902, "uuid": "0eece24f-5376-4e75-902f-8d0f834576d1", "comment": "Malware payload (Mirai)", "value": "5569d8b98531ec2c6f0bb0ef074ab6f3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487902, "uuid": "c0df1cc7-b80c-4c6c-934d-c20ea632b90b", "comment": "Malware payload (Mirai)", "value": "3aa4bef71b29b867fc1229cbdbb383e63427e1e8e0505b12acdabcbfbb78f01b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487902, "uuid": "1f848b8d-1b3e-44f9-bfbf-9758ea01d660", "comment": "Malware payload (Mirai)", "value": "ae8f67a3e9cf2d8e6f35ec81418afde0f4c685c6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487902, "uuid": "1ae9c911-a1a4-4035-89e2-12ed40c33242", "comment": "Malware payload (Mirai)", "value": "f6c47f72f2573a396e05d13cbf0300d546948a81c9d2a310c77ac5a6bee91f5262b52bf33b8603b263c9e2b800fdec82", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487902, "uuid": "152d8031-e023-4e50-b7fd-1c0f1fa13c2d", "value": "T1E5230208CF1E4D9AE346333F45360C7C778B387B5DA91B3A51D0E4AB360A50A6B19B93", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487902, "uuid": "e7988550-5bed-448e-b8c4-3f1602f178ff", "value": "768:0EbubfEratkyOEug9J3qv89iP8OdaTFvE8Gw2dmpqVYzQTKlnTtOPScXenIFMQzt:CbLkyOEN9J3q8FOdahF2mpopKlTJcXmE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487902, "uuid": "4edbb62e-8f6a-4c65-a4bb-af35e43b1a4d", "value": 47688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487902, "uuid": "be84b529-60ca-4098-adbe-ead27d8e9e91", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487902, "uuid": "fbfe67a2-4276-4d70-abc5-c2ae4b51d497", "value": "5569d8b98531ec2c6f0bb0ef074ab6f3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50984128-f663-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684514193, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514193, "uuid": "4537233d-1e07-4592-8366-bc0785adb23c", "comment": "Malware payload (Mirai)", "value": "98c44215e42f7b459562fb9477802ecf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514193, "uuid": "91bc0061-f0a1-48c0-b9c9-c7556bcfe610", "comment": "Malware payload (Mirai)", "value": "3b8d8b1fa1150d650c110cb807dc229de49a293fb3432a802e7aec59591b0842", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514193, "uuid": "a184c348-444d-4c22-8420-77f13c5fac6c", "comment": "Malware payload (Mirai)", "value": "84df4c18806993003d67d8bc8b1935d4ae723b99", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514193, "uuid": "2c33aeb7-3ff4-4611-be80-15f6339642c0", "comment": "Malware payload (Mirai)", "value": "ca8a3bfe97fe3be8152db328215d63fb13dc20bca8dcd2dea98b1ea4781b9d8251a2953c24b40c7d44bea1de63a07062", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514193, "uuid": "860d101f-145e-4c6d-8759-be7ab816dfea", "value": "T137338C77E46A5E94C08605B075649F705F23A0C493C31EBB29EAC2B56493DACF909FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514193, "uuid": "da2f1538-fc4a-4d0f-8e6b-90238a7924b3", "value": "768:I4aHfAe7YyVfMBNLr/yrS2DLCjG7K0et3yayouxo0jCi9C1sfnrdUwQ8I:na/Ai/BMBV2HnjK0et31Fu/jCinr7Q8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684514193, "uuid": "b564508b-a3bc-4045-823f-cc443ecb428a", "value": 50484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684514193, "uuid": "4f5114ba-0509-4ce9-836b-b297b7ff2548", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514193, "uuid": "144c1d6f-929f-4dee-b125-b08922d1984d", "value": "98c44215e42f7b459562fb9477802ecf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7c877da-f632-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684493374, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493374, "uuid": "083b3fcf-e438-4d33-8f2a-61638b3d823c", "comment": "Malware payload (RedLineStealer)", "value": "5fde97fe9b8efce42e27f7d6e32fb1f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493374, "uuid": "8c7db6da-bacf-4831-ac71-4488bf1579e3", "comment": "Malware payload (RedLineStealer)", "value": "3c27030979f42425f583bc6a2244c5a0a3ac3cfb987c84605871dd5c08c1ec37", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493374, "uuid": "359c3269-e8d2-4577-ad8c-839930235ead", "comment": "Malware payload (RedLineStealer)", "value": "f38caab0db03ebef1e2e99bd0b9c74af684e4890", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493374, "uuid": "1f9d9d66-b3e5-461d-809b-2515be421bf2", "comment": "Malware payload (RedLineStealer)", "value": "fd47dad99d84ad398216f43ee0a8dc33b2433abab2f18806c3f5ec328a7bd3e970b025849b71b84d77991a1c13d87a0f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493374, "uuid": "8936ae31-883d-4b97-8c77-18842df30bdd", "value": "T104252356A7D88532DDB21BB01DF202A7163AFD6148B8425F3A239C5C5CF3988E835B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493374, "uuid": "6f305d0c-7ed2-4aee-b783-84effcc1ef93", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493374, "uuid": "8984ea3b-b768-41ad-a108-6ef406a10a34", "value": "24576:ny+IQteFksxkDSL36OFSy+xs7W8iKmhUU6PfXn:y+3eF8DSL3rFSBs7W8iKmD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684493374, "uuid": "6ba5234f-8e33-4a47-998f-791dadff3e2e", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684493374, "uuid": "6e2e7f19-5713-4e12-a7ec-7e5eeb1b9d16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493374, "uuid": "6163cd5f-ac1f-4198-96b8-9f367805d788", "value": "5fde97fe9b8efce42e27f7d6e32fb1f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04a6a6e1-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684477988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477988, "uuid": "1e871144-9505-4cda-b146-fcf0ab48debf", "comment": "Malware payload (Loki)", "value": "ddbf84e4f4244ccfd26a3c91c40cacaa", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477988, "uuid": "c94e15eb-3ca0-4928-ab7b-e285db69b067", "comment": "Malware payload (Loki)", "value": "3c2d6d8c2d1b4a4c898941d5fc5459418ed6ca5a7a5fb986d536f553f8570b3c", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477988, "uuid": "16dd9e93-f4d5-4cb9-b8d7-83106b32b5d8", "comment": "Malware payload (Loki)", "value": "c3d604d64add792c69bd064abb54e1ff4cb0ee34", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477988, "uuid": "357de8f1-9f33-4400-9f30-e368352f8df0", "comment": "Malware payload (Loki)", "value": "47523a36aa4fce513cc5e421fe8d8ff0c0b7322e325cd0bd30a711f39685bb00923ae7b0ab4191f9dadde0a8899d9fe9", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477988, "uuid": "9c503784-02f0-4282-a992-fd5f052a124b", "value": "T1AF350113F540CE4AC9468FB1AFA3E994532A7E65BE89644722043B6F2EF71B07843D0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477988, "uuid": "88e20ff5-bd84-4c1a-a798-52a6c913f295", "value": "24576:WLKH+MXU1+MXUYyWWJCaJQ2uS2CCTCC6CC:WLKH+MX6+MXtyWe/Q2u7CCTCC6CC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477988, "uuid": "ca6ac3a2-8943-413c-97e8-14a1a079999f", "value": 1077248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477988, "uuid": "7bf7ae23-5fd4-4c2e-bdd6-0e203597c612", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477988, "uuid": "abc7dbe6-f56c-4cbf-8ce1-448b2ca79ef4", "value": "shipping documents.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a757de3-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684516330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516330, "uuid": "1604589d-d202-4011-85a7-2adf41184a2f", "comment": "Malware payload (Stop)", "value": "279f510581afc41980b14b02668c25f3", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516330, "uuid": "703f4e19-4de4-4fe9-8e0e-dea16951cb4d", "comment": "Malware payload (Stop)", "value": "3c3cee50db58610d6292c0f1c6ef8f40d519cf814a17ad7a6dada0194e0f3388", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516330, "uuid": "d7117d19-f793-4a58-bf3d-49061ef27213", "comment": "Malware payload (Stop)", "value": "965a4e52181f7b4e5175607a7eb2b5e1187dc3fa", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516330, "uuid": "d954a663-da8b-4c89-b347-aa7b3f62063f", "comment": "Malware payload (Stop)", "value": "0a5fcea150a4279535f1a3a16bf8a02ae0f03ff9ade6a2f3ee292b797eb678ab951e65fc81893abaa63286996c767ba5", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516330, "uuid": "2fccb43b-c554-46b7-a199-dc77af3653a9", "value": "T11705E103A291BC64EA2746768E2EC6EC761EF9514F057BFB22146BEF14701B3C672316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516330, "uuid": "50d12427-acfc-49c7-9383-41b14aed0593", "value": "b8e0cca9c8daf9ab8d5b3be250b7f319", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516330, "uuid": "49698bd6-2d84-417c-8073-387220c2ae03", "value": "24576:jbOCe0ohOkBJvkGvbwtP2TgcPc5O7G1ozGK2x:jbIbOkfkGyWgcPc8G1od", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516330, "uuid": "6acb4f29-f4b0-47ee-b4b7-c18bf867f8b9", "value": 848384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516330, "uuid": "eb6a3065-ec9c-4134-bf60-8e36eb22bd7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516330, "uuid": "b459e112-1951-4c56-be55-0e62ebccbb0b", "value": "parser.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edd5f246-f686-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684529489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684529489, "uuid": "d17027d9-724f-4867-afc7-af41da5e2a8f", "comment": "Malware payload (Mirai)", "value": "bd3d0711089e3a2268bdb0ebd78e1c15", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684529489, "uuid": "002111cb-07d6-4285-965f-c8ce0cc67a94", "comment": "Malware payload (Mirai)", "value": "3ca27e54289d904cc0cfc3d70e4c5b5d6fcaf02787e66630540b38fcef2c8e0b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684529489, "uuid": "3a35e7b6-f76b-4a6a-9c8e-5b6ce7559c05", "comment": "Malware payload (Mirai)", "value": "7d91d46bb88c557314ae6363097e77b95f13475c", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684529489, "uuid": "56dcc4d5-32ab-49f2-b8d9-a4bd9dfe974e", "comment": "Malware payload (Mirai)", "value": "382a77493a2ca62e9570c420a61578f4cdd4c1a1b71f0dcdbb8451fb80af85d23abb69a99455959c69bf4f6df937da02", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684529489, "uuid": "0113f890-ef39-47df-9f77-f2cfd6b562b1", "value": "T10713F124A2014D3BCA23E8B250EDBA641516FA25538F9F71762C10DE3C3216FC5F69CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684529489, "uuid": "620b13ac-4736-4de6-965e-f4315757bffa", "value": "768:vIpezCn5iPBrRS+d/Y3ayQO89jbPGYPgvCzDPBkhO8re+ppX:w8bPBrRldAKxO2jSY4vc+BrpppX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684529489, "uuid": "7c6aad86-16cb-4646-853d-47427e929a87", "value": 42940, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684529489, "uuid": "e097d159-fc05-4fe3-9b95-4d24c6527f4e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684529489, "uuid": "c234e31b-ec6d-47e0-949e-aa49983609df", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68bad2de-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684500060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500060, "uuid": "e38b5f9e-7640-4120-b00f-a4eec956beae", "comment": "Malware payload (GuLoader)", "value": "dcf6e00015a595a39bc0fee5255a4580", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500060, "uuid": "8029543c-70ec-4633-9c93-ed83957bccee", "comment": "Malware payload (GuLoader)", "value": "3cadb1a7243dc6e96d39e7c378eef84ba5ee71dadab048a7cef41e59dea34bcb", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500060, "uuid": "d9952e07-6aee-4db0-9708-8a4798d6369f", "comment": "Malware payload (GuLoader)", "value": "196030365c30b411d96633f6a4d311f16ba49b9f", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500060, "uuid": "16e1715f-8a21-4fca-a163-598d18470ceb", "comment": "Malware payload (GuLoader)", "value": "3b2acfe68c8f393fb1ae200c355c9d32b0bae8b4183945b39caa47d7fed83974254516b9b8e0140a04866fe4c8fc9d95", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500060, "uuid": "a6ce3869-047a-437d-9e46-3ff69ccebc5e", "value": "T1BDF42361A790C01BEE6E0571E93993F21B615E9AE201159FEBB0BFDD7C33240092F59B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500060, "uuid": "397871f7-754f-4aad-989f-8bb4ac39cb56", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500060, "uuid": "c26dca73-71b5-4fd3-b3e6-a0739127eb1c", "value": "12288:Vzt8QKGxDsZAp0INQBJprZ9kECh/7HkDK8izMPX59Ciui634JwT:VzKQRxAZAvKB3I/2KlMPX59CiTgaQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500060, "uuid": "0f082125-d8de-488d-a922-8e9e9fe0e24f", "value": 729312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500060, "uuid": "dc133a1a-df18-4358-8b1c-b349b307cff4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500060, "uuid": "42a86e46-c598-4785-bcd0-c1c13d52150b", "value": "bitcoin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "403caebf-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684478088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478088, "uuid": "c8fe7068-cc8f-48b3-824e-24ad2a729072", "comment": "Malware payload (Loki)", "value": "c89726d50de858de9d3080c730424f77", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478088, "uuid": "61304514-86c5-42ae-8e2b-a60b010e9a75", "comment": "Malware payload (Loki)", "value": "3dbcad78dc86a5b40d06ec65257a947ae2bd1203e4c042014fe2756cb42d5cfb", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478088, "uuid": "026b3a3c-87f5-438a-a8c5-1dcbb7afee8a", "comment": "Malware payload (Loki)", "value": "96d588b46296631c87d58c9db0908b8c14d5e7d8", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478088, "uuid": "aa685c6a-4c6f-44f9-945f-874e38c64fde", "comment": "Malware payload (Loki)", "value": "9d474bd60b3e58d09a747cca3c094dfd48dac2db5ec9e1e2458b4404dccf153af1e76cd6ed9bdc5fa35479018da9a880", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478088, "uuid": "379f4695-6287-4ed0-bced-3516758418c3", "value": "T163C4E02427D9C70ED56F427581E1D2F05376ED91B5B2C7930FD9FC8FB28A2A22321266", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478088, "uuid": "c65cc641-50e6-4de9-b351-0ef164b3fd71", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478088, "uuid": "59e043ac-dee0-492a-a906-b98897522331", "value": "12288:7Tg2Xf7fQo8/YcVOwvk3XwVvl61qn5yB64SS4C8gt:7TPzfQR/5OwvAavQrBzSbC8g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478088, "uuid": "3d4b22ad-a632-445a-aadb-a0e717902bcd", "value": 589824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478088, "uuid": "0be1ccc9-b348-4743-8e40-bbd17f626a2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478088, "uuid": "d3d793ff-208a-476c-9938-873845b73791", "value": "DHL Receipt_AWB#20458209812.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c840507-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684516280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516280, "uuid": "05d155e7-94ed-419b-9c84-12ac544d8cbf", "comment": "Malware payload (Stop)", "value": "ed2274a44fd363ad1895a60e0a0337a9", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516280, "uuid": "ce503fce-660d-4462-a43a-e6edf6baaf41", "comment": "Malware payload (Stop)", "value": "3e618b09bbab54dd0bd81e5ff61964768c527c998f5e9464a0239ca7ec23cadf", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516280, "uuid": "60a7e64d-1ce9-4397-b255-64e157f09ec8", "comment": "Malware payload (Stop)", "value": "eb1514ececfe175aaf95d6f53dc59b6832561ee5", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516280, "uuid": "5d34d3eb-ae41-4cd2-9b4d-d3e387fa442f", "comment": "Malware payload (Stop)", "value": "2a99c0ac92bed865623df446244baa949e4370aa7f1f24756ddaf4ca56f6e24713603b81a0d04a6874a6044837d86176", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516280, "uuid": "ed331aca-8494-4f1a-a932-cae39fda31a0", "value": "T1C705E00392D1ACA1E62156729E1EDAF8721EF9504F493BEB32186FEB14702F2C573716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516280, "uuid": "445fc93e-0640-484e-8628-86dd034395c6", "value": "b8e0cca9c8daf9ab8d5b3be250b7f319", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516280, "uuid": "1492d2fa-578d-47a9-9aa6-0dcaca4338f0", "value": "12288:BcCpSICkWREMtzJXsmgPBauPpOh5qvXs7KRMVtXckDjo1FmgEBcF923Td6+s:BppSzk2rtFXVO7PpKOCVmkXo1FpnST4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516280, "uuid": "1efaf28f-d578-47e4-abf3-d7ff0476a2e5", "value": 845312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516280, "uuid": "42944232-b868-4ff9-b409-a34fd122e022", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516280, "uuid": "59446e01-fb92-447b-9e80-3446ca81dc6b", "value": "32332.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7be52cd-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524325, "uuid": "e2d4dd32-78c7-4c9f-9a75-53e01f0627b5", "comment": "Malware payload (Amadey)", "value": "2755ef8b6d8631ea86b218719860e29b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524325, "uuid": "c1d3f0c4-4b29-4f3c-bc72-d28ecdec4a95", "comment": "Malware payload (Amadey)", "value": "3e6479c74ad0c9615983f1fd6e51a6efeb566277e11065c6dfac24579fefd80c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524325, "uuid": "52328691-4ce9-48f8-8e28-6bf1742e6ad6", "comment": "Malware payload (Amadey)", "value": "38e7bf4e848475b6c7542b01f29e2cd82ad6ae89", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524325, "uuid": "97d0a833-54a7-423a-8ecb-1603d368d5cd", "comment": "Malware payload (Amadey)", "value": "f58d6ace176e1d688d87e139e5afc2911ef59e72e21274cbc3b05f7349c9cc41504aa1ced60ffc5bc0ab285bb5548fc7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524325, "uuid": "45e07b77-f4dc-46ac-80bd-285152953115", "value": "T16A252307B7C44977EDB117301CFA1B830E31BD61ADB4825B6E4169AF98B3B94A1343A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524325, "uuid": "42e7c96c-7991-4d50-af3a-32f001052b57", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524325, "uuid": "acaf7b1e-7c9e-431e-ba9e-087e71acf60f", "value": "12288:+MrLy90j0CSp/Bhw1XsY2GUrLToxYFyRCD9qCM+jH1wVWB38iY+QQ2lod8HlY0Cy:VyBjg0G9+wCEIJ8ic1FqqIxSfj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524325, "uuid": "1ea77544-b154-4b73-9897-c1d0720b21e1", "value": 1045504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524325, "uuid": "8b0a7438-ab33-4d37-bad7-3fc04fb52e74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524325, "uuid": "163ed036-affd-43e6-9826-400e2f79c670", "value": "Doge.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67876c6e-f659-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684509936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509936, "uuid": "c8cb916c-0929-4886-8078-a836a890a563", "comment": "Malware payload (AgentTesla)", "value": "1d66a14f69d34cbada51c40be1b7edf5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509936, "uuid": "a849cb2d-189a-49d7-b12a-eaec7ab22ce0", "comment": "Malware payload (AgentTesla)", "value": "3e7d696358d037066e0e55120223afca0dc9b19e6150568e76246081ade284dd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509936, "uuid": "4c9fd75f-fe7d-4405-9211-f919e60b31b2", "comment": "Malware payload (AgentTesla)", "value": "ad17a835b3aed76c249e1ff50032992fa89f81eb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509936, "uuid": "4a4efd3e-ee10-4ae4-924b-eae3965ef240", "comment": "Malware payload (AgentTesla)", "value": "33ed3b7e5bab04bfd0f457cc0d02a58b86b5ab20500d8aea84f8d7bca1b4c6868856edd7203003fc84c466632543bfc3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509936, "uuid": "e0e73085-255f-4890-bb3a-5b7d12f83b66", "value": "T19B25D63D0AA58AEEC1BBD364A7CC599BFA73E857F15C9B6D4486034272436CE60C20DD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509936, "uuid": "e6e130ce-3c02-4ad1-aa83-66dea2d346c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509936, "uuid": "d1cedf2c-6381-4246-bd80-e57b92c83d9c", "value": "12288:qjgRjYxaNmfH+BGdYdELcMSacsMvV45eVTJGYSZmNx+Z1:tRjGqmGBGdYdE2IMnQUo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684509936, "uuid": "4bc13073-e93d-4b2c-90eb-694f8297ef66", "value": 1001472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684509936, "uuid": "df4cb286-05cc-4193-9488-1fca1a953161", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509936, "uuid": "0311cc90-412d-4150-9fe7-9f9f40be643d", "value": "Quote.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "448b94c1-f608-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475088, "uuid": "1ac59583-99dc-4228-83c1-cbabc1c010db", "comment": "Malware payload (AgentTesla)", "value": "0e13866b39b6fd4a431ee1f4ea5a8b0a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475088, "uuid": "92288009-ad3b-45ce-83bb-ded10e91e67e", "comment": "Malware payload (AgentTesla)", "value": "3eb07ee48b49f0682ff414b95869b2a13e0d9a34015df0c3b8a9b8c4c1f40542", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475088, "uuid": "95f8b19e-fe2a-425b-beb8-8e7b44cbd475", "comment": "Malware payload (AgentTesla)", "value": "a0e9dce2e4a0f82e2fd4eb30660ad86129d4d895", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475088, "uuid": "dd375d21-84ca-4c35-b973-c5bb05553a46", "comment": "Malware payload (AgentTesla)", "value": "d5b6daad16750a463c23a67e9cf11287c3fb514de8cbed44a0a0e2beccafeb9d49e9acfd2f31305dcddde8eaca47fd46", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475088, "uuid": "4081ed4d-f725-4fef-a41c-dcabf72ec250", "value": "T101F433781FEE608AD033A66C36F61D88932C5F559E60C572EE4DDA4037118BD22E7ED8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475088, "uuid": "9689df09-5d1a-473e-8ddd-4874ce2d4f5c", "value": "12288:tdDVKvBmeXXAI1BA/zrCFH6ZelPD9EOVHW927gmitBl0i3tZH/YAUn:tdDyB3g+2/zrqdlJEje3MB+i9FYA+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475088, "uuid": "4e110317-18ca-4726-984c-5e220cdcd6c6", "value": 755357, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475088, "uuid": "5c23876c-3789-494d-9107-d2db1396dfaf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475088, "uuid": "98d8c91e-2e1f-42af-9cfd-a2487bae847f", "value": "SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4e2a2de-f664-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684514844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514844, "uuid": "e3f2b007-6373-4bbc-96f2-adae39396903", "comment": "Malware payload (RedLineStealer)", "value": "8eac2855d5a48ec13d6d71a463f40e27", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514844, "uuid": "0fab90e8-5321-4b4a-8ccb-468c8cd00cec", "comment": "Malware payload (RedLineStealer)", "value": "3eb99ff875dd397b5beed12e3662984cc4afdea2ff6998155b9c74869050d93c", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514844, "uuid": "b8e31316-ee8d-4ca3-9bd9-75a4f822d078", "comment": "Malware payload (RedLineStealer)", "value": "bd62756f0c9a7b1351d95a4f89e4a2703fe3e8b1", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514844, "uuid": "9563f546-56c5-4448-9e21-4a4aa6f53b0f", "comment": "Malware payload (RedLineStealer)", "value": "53c0f6951dd6c426948a948582a5923252b29e1bb88d6535b0f1d3909bc0975f4ef47c185ae3f2f3c5a34cef138e3d0b", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514844, "uuid": "88ff876e-262f-41ef-8bfe-d348316a4eff", "value": "T1320412FDF3407BE80FD9CB5ED9102B4DC1D249A918E792B200D59A29F3AD2ADC6C4C46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514844, "uuid": "6b03223c-21f2-4847-9b94-157ee5b472ce", "value": "3072:ySP4raypoA8VXIUrjXqRWqdFzcvV55hXyivw80Bc+werehaGp2Okk61qFYLk:RPQ+hqseRWqdw5TV4xCtmelp2Okk61ql", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684514844, "uuid": "3a5db26a-394e-4b08-9c36-1c699e748158", "value": 182789, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684514844, "uuid": "f2ae18a5-890e-498e-8042-32e148c510c5", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514844, "uuid": "9634e671-008d-4226-8765-ffcac52407d5", "value": "Canva Setup 1.65.0.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d314d5d-f663-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684514187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514187, "uuid": "76ee0920-f36d-442a-a66f-7b941de8fb05", "comment": "Malware payload (Mirai)", "value": "27b570718ffd028d631e968aefe559a7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514187, "uuid": "bf938764-db95-4eb7-ab84-2a12d9d4ac68", "comment": "Malware payload (Mirai)", "value": "3fe55d845beb9b7451ce54bce8cb76dc4854db0f4d9298d0f8722a8c9e196ffe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514187, "uuid": "53942088-849d-406a-8c02-edcec835438c", "comment": "Malware payload (Mirai)", "value": "17255f69d3f5e652a76ee67b2b1d6e1bc1763cf7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514187, "uuid": "08929668-dad5-49fe-b3fd-2b3e067d6a92", "comment": "Malware payload (Mirai)", "value": "649ac3a8046e20237d6e7d2708e30f04a050f6651b34f22bd91bf8d9e16e03b0ec3a5781302d8b478dd075655c46ed45", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514187, "uuid": "c724ddcd-8bba-4c36-9cd5-a1044cbd5306", "value": "T121830691BD829A17C6C507BFFA5E42CD372A6398E3DE7113CD215F21378652F09AB212", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514187, "uuid": "cae30fe5-7483-43a1-8bbb-a32919e6e1af", "value": "1536:3moNX81nMI6gpI3mbU6MEUlnih70zVPJYYSlIHhWsv3:2oNs1f6gaFiCzVPJkG13", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684514187, "uuid": "4423aefc-7ae6-4f87-8aca-bf7715a2e8cc", "value": 83088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684514187, "uuid": "fe741f97-3290-41c2-ae7b-106b251c2841", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514187, "uuid": "1cca4f42-9010-4e88-b50d-1d7876db29df", "value": "27b570718ffd028d631e968aefe559a7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "698b2c82-f69a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684537857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537857, "uuid": "ffe1c425-a89d-4c3f-ae1c-6d3c4329a0e8", "comment": "Malware payload (Amadey)", "value": "dc2cb8468c32f9a3b8f1fae51dc6b006", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537857, "uuid": "aec0305b-5a38-4983-904b-6537906816d2", "comment": "Malware payload (Amadey)", "value": "40286bb7f1f53e0409a8fdf0b45729f4a42d89c38b9d837ecc4109fae060d63d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537857, "uuid": "38231cd3-cada-40af-b15f-6f02c86aba6d", "comment": "Malware payload (Amadey)", "value": "f52a2647df2c078764f92108cbe51e972d0e92da", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684537857, "uuid": "0e65226d-cb85-4fab-bb87-246e8edded83", "comment": "Malware payload (Amadey)", "value": "aca65964b5ee8aa6206654fe1c1fc638eba4e1b784c7a72d5a4fa63e7bf68150c979df5c328ced27b216f36991462774", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537857, "uuid": "d7a60fd7-a765-4059-ad58-510df4c11425", "value": "T12A25224576E58473CEB21BB198F227C70630B8911EBC56A717C59C5B0D63BA8A834B3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537857, "uuid": "a7cda981-f70a-4f2f-b858-a07170615c4e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537857, "uuid": "db38dedf-fb50-4042-9fbe-904b4d729226", "value": "24576:gryQxqCF0c1smAfV1JyrvrZFQpEBr2UZ+Q:geQkCFd1fAfgrTTAG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684537857, "uuid": "8b635f9d-5d16-4f31-8311-90534a08e16c", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684537857, "uuid": "882c07d7-0c75-4aea-b7ac-d29dbcc9da52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684537857, "uuid": "bd57da00-782a-468e-935b-e727eaa5fa80", "value": "dc2cb8468c32f9a3b8f1fae51dc6b006.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27526610-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466879, "uuid": "16af9480-0e0a-43d2-86d2-b7e5e9eeb8c9", "comment": "Malware payload", "value": "a124a6a59fd5008717353b8fc9da551d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466879, "uuid": "74ca8f68-452b-4d14-8a17-ca1d81ebbc64", "comment": "Malware payload", "value": "402ef2a5383608d5e18d1c1e6e0a7a32805aea470e57b571dcd82c18c7b0b867", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466879, "uuid": "dd312aff-15c0-4004-93c4-ab6e7f8b3c29", "comment": "Malware payload", "value": "96b0162779568c57841c326a66b17dd8599308ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466879, "uuid": "923d6433-9f79-4a86-a403-a917de926496", "comment": "Malware payload", "value": "1ce7c170fdafb5a7a5b9e8756e69caddb23403223405e3d4f8b3673cfeceb7bfd2777a8dd15ddeff28deb0cd180fae94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466879, "uuid": "8d762fbc-0f37-4406-8862-7f53021bf94c", "value": "T168057D41BAD240F6CA1525310CAE3776EA35AE460F25CFC79364DE6E9D32181ED3723A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466879, "uuid": "645d9cd5-bd2f-46c4-9c27-bbec2bee08a1", "value": "45381d16d9a6fe56adbb9f727ce010c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466879, "uuid": "36b9a091-4a98-43c9-923a-0dba2cf18c1e", "value": "6144:CpEyewbTnkPJg8ld4u8YIpJBu+QvYrnWW4RjMOiL9vzTXywqXC79ol6csK1zIbYA:CpEyDIz58YIp67a3vvXXqXOwEbbG3Vup", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466879, "uuid": "3b517fd1-7b64-45ce-8a0a-891aa406c091", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466879, "uuid": "b4541f1e-adcd-4a95-b9fd-8da95b6ab7b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466879, "uuid": "e94bcaa4-59ee-45ac-903f-490793ff9099", "value": "SecuriteInfo.com.FileRepMalware.27561.25670", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fedd338-f645-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684501387, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501387, "uuid": "ceb088a8-5848-49b7-9623-2fa87ae5d03e", "comment": "Malware payload (AgentTesla)", "value": "e1e674000c143160f0187188913dac27", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501387, "uuid": "e1de1a44-81c5-4ff1-97ff-4e63f1f026b0", "comment": "Malware payload (AgentTesla)", "value": "40990627a2c50a6dcaa85b143ac2da99a573be1a9f0172363ce73531c380b282", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501387, "uuid": "698e9c75-5a21-46a2-b22b-18d39f421225", "comment": "Malware payload (AgentTesla)", "value": "c9ca520dae910e2440eadcbd389af8e50c3b8f44", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501387, "uuid": "f222490d-6ddf-4395-a5d9-b756d70d9506", "comment": "Malware payload (AgentTesla)", "value": "6fab71c2a78ecc759426cb06bef65ec354b67243747b08d564328da58ca0b4ce2d374d4173b808dff700b2470a38013c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501387, "uuid": "f48c708e-a035-4ff4-8b37-d0b311948a6e", "value": "T1E8038F2EE78B12A48F4103B3671B0E8996BDB23DB35154B1386C933433E9C7D42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501387, "uuid": "d1bec97c-a3f1-4cf4-b515-161a57dbae4d", "value": "768:sFx0XaIsnPRIa4fwJMPWgE8o7OsBVOxruyW6YEAf5RWxUTU:sf0Xvx3EMPWgE8YBU0yWp97jQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684501387, "uuid": "3af4925e-cd58-4982-9cac-dc2d0b1e2861", "value": 39084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684501387, "uuid": "fc95bc0c-4b77-4158-a302-abaa6974292c", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501387, "uuid": "84f00d1a-f378-4091-b466-abc9fb274dfa", "value": "pay in slip.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2f34322-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524263, "uuid": "07549334-947b-446a-a0b9-a4384098eb10", "comment": "Malware payload (RedLineStealer)", "value": "726e739db77b7e939d5dfabd8b2b1852", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524263, "uuid": "cdd5ccf0-f4ab-4e92-9311-87bd97c8b9fb", "comment": "Malware payload (RedLineStealer)", "value": "40c2aa67eb13eb9eb0da7a046ae393d5d7326e642f190ef74c36ec0ea3078a1a", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524263, "uuid": "b0931aa7-6832-4b5f-9e2b-834f45293dd8", "comment": "Malware payload (RedLineStealer)", "value": "f2795f95ff1aa71b6721e62b435b2d91ae66ebee", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524263, "uuid": "0f5cbb13-34c1-4e5b-b4e3-274e692a1efb", "comment": "Malware payload (RedLineStealer)", "value": "d93eed56f18a308e6cb6c8c5a5eee7d96e537a0da27ddc37b50c4d3f5903120fe43d4dfe8a907ca12493c29e2ea16b0c", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524263, "uuid": "bc62601c-457b-4f05-bd09-e7a416c2b41a", "value": "T19F252302A3D44532E9B21BB19CF507831F32BEA259798367268936DF1CB65C8B53437B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524263, "uuid": "67884d32-3930-46a1-9872-84218fae26ce", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524263, "uuid": "bc333863-8ae0-4a90-8a48-e1c2a52ba8a6", "value": "24576:MywazitHAnyok7TXibW7kN5e4jjXO7VN5m8YXJw5:7wazitgnydii7kqMcFmr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524263, "uuid": "5a51db06-9600-4b4c-b318-e377e594921f", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524263, "uuid": "706dde96-7016-4fd3-aee5-3b71ef27f301", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524263, "uuid": "71ec6f0d-4a94-4cc7-9be3-0eab722ff0f8", "value": "24468.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e11e15c4-f5e6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460748, "uuid": "9ef5df69-d8fa-4d27-8d22-ab69bfbb7d34", "comment": "Malware payload (Gozi)", "value": "082f5b18364cd4fe229b19ee150cc3df", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460748, "uuid": "44439a84-85c4-490d-954d-3d0ca66434dd", "comment": "Malware payload (Gozi)", "value": "40c87c34863061570a4ca4a04779153e633d4af5ac831ffe18c1749bc9809114", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460748, "uuid": "359a9cf8-8868-4100-9510-8755c0680575", "comment": "Malware payload (Gozi)", "value": "e28e58970a06df04c276731abe053d6f1acd9a7b", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460748, "uuid": "a9fdc6e0-3d74-4a93-9769-cbc82672dbbe", "comment": "Malware payload (Gozi)", "value": "68408b794ffe0636dff0ca410b7c8d9ae11ae0020d4f10c66fa3a6f1d58ba8906356ac4a70ef00aa1b5797133440ad46", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460748, "uuid": "d48e0a32-faae-44c7-8382-33ac0916e5fb", "value": "T18B2412A3D9FEE85ED0F586B9D1667CD246FA7996ABD05801303C0D82A710E447F3706E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460748, "uuid": "d0e1d669-4f9b-48d6-831e-ea70f10e4375", "value": "6144:g8StVG7zVhQmhoq4wtHa1/zngHNeEIwpYw/Q:gkVhQ/q4wt6DOrY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460748, "uuid": "5be8c57d-95e4-4029-a568-5c73ee95bd79", "value": 218878, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460748, "uuid": "53f182de-1bd7-4656-9f6d-7d89c3c67428", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460748, "uuid": "30ca7816-9146-4618-ba0f-dcc527755e11", "value": "inv_825445_18052023.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2b3eb56-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684489447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489447, "uuid": "df6d6c69-2b0e-40ca-b11d-b1ee60cf22a8", "comment": "Malware payload (RedLineStealer)", "value": "2aca3c1314c2816301bb942c26501bd6", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489447, "uuid": "0f04191b-68fd-42ae-b533-dbdd201ddb2c", "comment": "Malware payload (RedLineStealer)", "value": "4135c200942d491f0d636b69c3f8f777e700d35b2875724434b0210c440c7353", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489447, "uuid": "074015a0-f5be-46ff-a979-5fa2bb535029", "comment": "Malware payload (RedLineStealer)", "value": "46cc7c74250439aa16a2f4c2f9b21927446d6b1e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489447, "uuid": "d1d37019-8f25-4d3b-a68a-84594e542fba", "comment": "Malware payload (RedLineStealer)", "value": "31b1464203fc80f7a5d092ae2b8d93c44356a17a7a092c63717bb6bd3ef819ed65803527fd862ea85f4d19003727c751", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489447, "uuid": "31ad2dae-5528-484a-8044-45560e0b81e9", "value": "T1B2549D107583C5B2C567143C4CE2CEE57A2D3C6107A996D3BECDB7697E322E0A2252F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489447, "uuid": "22458830-a524-4dbf-b26c-129d03ed7789", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489447, "uuid": "85caa1e7-8e53-4d6d-b1ee-7c84801fe244", "value": "6144:bDKW1Lgbdl0TBBvjc/XYrcjaYJ8CTzkLFEPrg7VuQJY2HK:vh1Lk70TnvjcvNJhUEGcOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489447, "uuid": "e9a0334b-07b9-4e54-84a0-3e46c474cb5f", "value": 291361, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489447, "uuid": "1fdfa08d-ae70-4f91-a9af-a1f015e9fa89", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489447, "uuid": "982035e4-5211-4c75-86f9-6bb68bdce796", "value": "startup.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f0c3bc5-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539933, "uuid": "a5f861ba-1f57-45c1-a20b-ea91c7506f6e", "comment": "Malware payload (Gafgyt)", "value": "7a7dc4c6204e9fe941de7e9c3ca16047", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539933, "uuid": "09ac091b-ac7e-4063-a876-26730697cc2d", "comment": "Malware payload (Gafgyt)", "value": "41408f712101e34d1fa4f9bf78f263a4efd94f938d10d449e5f6ba89042b9160", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539933, "uuid": "25af57d5-2a81-4710-8765-b3cfcf291e08", "comment": "Malware payload (Gafgyt)", "value": "9d6655365cf8e5c109cd74ad43fa3c8b2dd0422c", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539933, "uuid": "61146ab4-8803-4fdb-804e-59dd16463447", "comment": "Malware payload (Gafgyt)", "value": "f8c9d7b92a3fc5626215fbd0417b3a316109711750ed8feb8d197a76d1cc6a4823f1376ee2c01605b620be3b317491ed", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539933, "uuid": "f0c1bc5d-c3ed-46ac-9567-089368440a1e", "value": "T1DDB31813B7B1DABEC08252B12BDB92F19423FD7D0732622B33957DA51B388D96D59302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539933, "uuid": "dfc400d5-155a-4c9b-b9a3-a6a2e1e842f4", "value": "3072:Ud0w0SAewzi+Xn+8Uhw6W+aPtJmDk1c8xF6KjW:zfO8IBoJmDk1c8xF6KjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539933, "uuid": "34737e04-e69b-4811-844c-b8418f1ac6d8", "value": 114825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539933, "uuid": "887f350f-a370-492a-b469-d72b76610f2e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539933, "uuid": "c1a495f2-2dc1-415d-9b1e-7020f76ab423", "value": "7a7dc4c6204e9fe941de7e9c3ca16047", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cfcaec1-f624-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DarkCloud)", "timestamp": 1684487155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487155, "uuid": "38002bb2-e902-45d5-b84a-f916a34275a3", "comment": "Malware payload (DarkCloud)", "value": "2d778c50d2571b6f424333ab9fb6c17a", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487155, "uuid": "80373037-6d77-41b9-adf4-7472c13a96da", "comment": "Malware payload (DarkCloud)", "value": "4244b721b941a613b5d690a6b12b0f51806036758e69317145edbd8f5b8e3783", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487155, "uuid": "1a2ce48b-687b-45e0-9949-ee01abd8055c", "comment": "Malware payload (DarkCloud)", "value": "13c008942a9202945d57124273de2d50330e1baa", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487155, "uuid": "3735c296-b7e0-4855-bae9-0c3881721f3d", "comment": "Malware payload (DarkCloud)", "value": "b800832e1f159eabbe835cd420455c68a647c48148ec00bd491aeb7932790f969da94d0972a48f249c02e6eaf97c29c1", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487155, "uuid": "a2d263f6-ff9d-4034-a87d-0b3e6923bd1b", "value": "T1BE65123062D9E70AD52B47B989E0C3F067365C95E032C2474FDABDAF328E7F61621256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487155, "uuid": "c18dde12-894b-493a-a748-9b66074f813e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487155, "uuid": "cd0b9b40-9c39-48de-a1ce-dfd25d65f243", "value": "24576:KjXwdB+hcuSjkBgDTQ7i19nq0UshiR76ER2PslCF8ulU3xpbT5L:4w2hcHjRbvnm8iR7jgUlmTO3xRd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487155, "uuid": "8d31540c-a3ca-4489-b0fe-095c7a9fe552", "value": 1521664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487155, "uuid": "57f54fc8-daf6-4e9c-a029-78b2a405ae9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487155, "uuid": "a2857ca5-2c54-4879-9b26-e96ac18419dc", "value": "Order-688930021178.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b61ef4ba-f5fc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684470125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470125, "uuid": "a7e5f68c-bf69-4f7a-8506-42fd32d6e560", "comment": "Malware payload (RemcosRAT)", "value": "36ee72ff8d8aac8a11aaa445f2e65bb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470125, "uuid": "614ca65e-a800-4da5-923a-7a4c3873eb49", "comment": "Malware payload (RemcosRAT)", "value": "425b691d6e0640a649374a6b7d8970629c08c9783f8be5b1b2ad1a5cb33830a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470125, "uuid": "8f2810c8-9423-4066-9bc6-fbf735d29554", "comment": "Malware payload (RemcosRAT)", "value": "f764bec2577775a999cdaa775144484da05cfb1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470125, "uuid": "08d9250c-b6ae-44bd-b95f-1e04ffd46225", "comment": "Malware payload (RemcosRAT)", "value": "e09d6abe3c57bf11cddf0f0496d29d31af3f5d027c3233cf89dba1be30042c071536f10e3f6309836afd0947f38af0c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470125, "uuid": "c2822b09-ef35-410f-a954-f46b21df555a", "value": "T1A8B401A3E390C8E7C8364271092B9C913D57BD7E84B0571F25E77619EAB3323916B84B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470125, "uuid": "264c2e39-1289-4cac-9f5d-dce35365460c", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470125, "uuid": "62cc8e48-41e7-47e8-8d10-3719d1c61adc", "value": "12288:O4xz9HhdexS/UQ+wDfJEQvE/Xvi8t8w3ibXL:OERHGxgUCrWhvl3a7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684470125, "uuid": "65a50653-f204-491f-b0a3-c75a1e9526d5", "value": 521824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684470125, "uuid": "9f2c155e-0f57-4171-99cc-70f37a39e0c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470125, "uuid": "8bbbc103-7265-43e3-95cf-07ceb25ef9b2", "value": "cyber.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c8856d7-f677-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stealc)", "timestamp": 1684522856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522856, "uuid": "0d1ebb9a-460a-4871-91b5-16a6d6108971", "comment": "Malware payload (Stealc)", "value": "a887f70b40bd94352beb78abb738c443", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522856, "uuid": "dee939cf-6b19-4480-8c42-7fa0cf533804", "comment": "Malware payload (Stealc)", "value": "4281e56b011278622ceb1176ca5c6605cf8e963fce6af8f9040ad2bb318ce43a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522856, "uuid": "8a57fc8c-b44d-4add-bf2f-a0339cb77099", "comment": "Malware payload (Stealc)", "value": "eaa666811b478a069206468b374bcff244fc3c01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684522856, "uuid": "4afc9920-2337-4cce-874e-c37edb985a76", "comment": "Malware payload (Stealc)", "value": "e52c4a1ef3f213772b9e45d2d744c2bea374d142ba2514dc56c36c028662ac9f23edeac7bcc02a064052c9e8f366dbcb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522856, "uuid": "f6cb2825-b708-4f3d-99ce-761e1f6d601c", "value": "T153553801A7A15018F9F716FA89FF6068993DBEE01724D0CB51C53AEE9636BE07C31627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522856, "uuid": "20ec2d12-ea66-4222-8c2b-631ce649ab35", "value": "8e788e888d84d8d758ada8432f4134b1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522856, "uuid": "e9390d60-29c9-4c72-a540-ea19747b8b7f", "value": "12288:pY9r8uThIH/pU5ii5uuhhGFIvVSFGf3RVumpsRv+u4R8dXs9DQSNEAmD:Yr8uThIRUdhNvVSFGf3ruOwvtUQSN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684522856, "uuid": "3fed554c-afd2-4c58-8ac0-5a0d6b3d52ae", "value": 1353728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684522856, "uuid": "6179e2cb-2863-4416-a4cc-dec2ce9292d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684522856, "uuid": "8858f568-a205-457d-a874-963de6f5a8f9", "value": "a887f70b40bd94352beb78abb738c443.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f999e00-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684499642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499642, "uuid": "b390abf0-10d1-4865-87d0-c59d0f9450ad", "comment": "Malware payload (GuLoader)", "value": "bedd0cf058453f24b1518634a5c20c5e", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499642, "uuid": "c5b264c4-19e5-40a0-9cdc-d40f6fd023be", "comment": "Malware payload (GuLoader)", "value": "43c17d70a4168c9bc8f22eac8e9ba26a1b3d51a5bdc00e97ece865ca24ffffdd", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499642, "uuid": "0468751b-ba6b-4af2-8888-74dc53221a26", "comment": "Malware payload (GuLoader)", "value": "73666ea127f85e3a69516c8d8e16bc735e7c7fc4", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499642, "uuid": "7bdd4d3a-3476-491b-aead-88491922d7dc", "comment": "Malware payload (GuLoader)", "value": "b59f180c47cd49d465eff986c5c6b24899b3c5e646ffdfe430105266bb0672e0207d1177d2428f458874e46ae7c97458", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499642, "uuid": "90d37567-d2be-4623-a41c-6efab7a70800", "value": "T1D27423233BC2D29E084F020BF8594F4398A92CD7B546EB716E765CCF3286675423979B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499642, "uuid": "09b9ef61-8b89-47d7-82c0-ce1c88034b30", "value": "6144:6Hqrj3l2gsI+eICBLlx6p8maHRTd22BOx5lEFODCx7RqFQhbvnFe3y:6MwIbICtl4gRd2NcFoQhzngC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499642, "uuid": "1dd5c647-b677-4073-8614-27afec4d5abb", "value": 348373, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499642, "uuid": "5de3ff7b-bf05-4a57-b633-392cca017427", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499642, "uuid": "c97f1cf8-0933-49b6-8e27-28c11633f1e1", "value": "SPL9015280_1.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c566756-f62d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684491020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491020, "uuid": "227ed262-1cad-4f50-8091-ec2651ac2af2", "comment": "Malware payload (RedLineStealer)", "value": "9acb8f3a89cda98951fa0c4728ce9dbd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491020, "uuid": "d7e57f5b-38fd-4204-a561-05a69e920c4d", "comment": "Malware payload (RedLineStealer)", "value": "43e44333836aebc164e38f70f60ad75931c6547b4411a1607b06872ccff1b0d9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491020, "uuid": "b62375bc-52e0-45e3-9b7f-f49026e9a37a", "comment": "Malware payload (RedLineStealer)", "value": "171a94a7fba574abbce494dc1b57c1d494b5e75c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491020, "uuid": "90fe83d3-6365-41a6-baa9-279ad9bcb54b", "comment": "Malware payload (RedLineStealer)", "value": "834e8fb0e13c3a58a05ae9564758224d4a0c2c84e31c35146ae218097a9db44e8ce9dea1fad4109c683c6083f6830f3a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491020, "uuid": "6df6e6ac-3a09-4859-9b99-77bb5776d2b4", "value": "T1FB252303BBD8907BD4782B314CFA12831F3AFD966834936B6752C94B4C77598A27172B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491020, "uuid": "20bcfc72-9e13-45e9-bcc3-0c6838a70b49", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491020, "uuid": "f4775807-3f66-41aa-bf7f-d24ca86085db", "value": "24576:lyUw1F22b7kWMi+S/8eWIUARBPtP5MfdQOnrbG1RtN7:Az1Fhb7kWMiJ8eRxX1P8QOnrSt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491020, "uuid": "09eefaba-8fe3-46d6-9221-94c1f3bffd4f", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491020, "uuid": "844fbb9c-ce2e-454e-81bc-03f54be60909", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491020, "uuid": "4c13bdc9-3888-48a6-a788-3bb3bae0c72a", "value": "9acb8f3a89cda98951fa0c4728ce9dbd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62cc6740-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload (HawkEye)", "timestamp": 1684488883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488883, "uuid": "d77145d5-c188-47fe-9c14-fea05be35b33", "comment": "Malware payload (HawkEye)", "value": "eea1fbd22436e2b085fa5fcc55ea052e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488883, "uuid": "bec9b529-9713-418a-86b2-aea1a90ce97f", "comment": "Malware payload (HawkEye)", "value": "43e66c483be9cbb9f35ce7f57bf255925abd25a8fc40b80d79bf0cd2a3f54af9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488883, "uuid": "e7068aa4-2083-4772-8db1-68ffcf8822f7", "comment": "Malware payload (HawkEye)", "value": "76f7c18a39a48b86dda253eaa146fd6e1aa5df89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488883, "uuid": "c75d2a14-e907-49d0-a8ec-77d44218b81a", "comment": "Malware payload (HawkEye)", "value": "076d44b7fa64eeea05593a6d7d591ad267f999eb6b06e7aa602b50a087b5d39b1ed6eb969a311c12c074e513a9e7f445", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488883, "uuid": "825c4232-d87a-483e-801d-8f730aad613c", "value": "T17E5507794AA589EAC4BBC77196D84997F9339D1BF0589B6C10D6330272B36CF20C24DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488883, "uuid": "f3d7d621-a396-46d4-9e15-f8d750d9dd28", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488883, "uuid": "a3a8727e-2830-4aa6-a4ff-ef94d0df875f", "value": "24576:/j0pZcKDySR/Pxt8eD8dSevyifwZpNZ0C:L0zOu/JtR8HvyuSeC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488883, "uuid": "762c26f5-99ef-4da4-97a5-2232b6d30834", "value": 1310208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488883, "uuid": "bdcf9c7e-fedc-4c77-89ed-826f5027a7b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488883, "uuid": "4fed75d4-c042-4a3c-b1fe-0581895902a8", "value": "PO Lists --- pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2640ad52-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525718, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525718, "uuid": "0a139d62-9139-467c-96ec-39a6ee38b660", "comment": "Malware payload (Mirai)", "value": "d594110268d10e2132dc62aebeb30da7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525718, "uuid": "2cc9a811-33f4-4005-9ddb-0e6c44824b39", "comment": "Malware payload (Mirai)", "value": "445839aefa1051bea0ea450970e1764a80315c5e9be01875d9629e70dc7e841d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525718, "uuid": "93d34c45-d646-4d8e-8479-98a7edb6dced", "comment": "Malware payload (Mirai)", "value": "005ae99ab6fea731acdcc3da700b966a435db2f8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525718, "uuid": "66fad966-4ee5-4db5-ae2e-b62d2fdbc0b2", "comment": "Malware payload (Mirai)", "value": "10c65e538f365de8b938664b7496e9805af5097c8f155bb78a856cbe6db9338882fe8eaddf4cf3b1f90c0c0b87756432", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525718, "uuid": "4a33b020-60f0-41b1-b0d0-b450364f0a54", "value": "T1EBD2E10EC5547983EADD087A828D2BB0D674B1D3339F1BA6FB105C8EEA93E47740C855", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525718, "uuid": "290a1e6e-cc2e-4c1e-9b42-3d12587607ae", "value": "768:zy5RtZxop0GqSeXU9TBSfgz7yjY8zsgNcWL:u7ZxoCGHu+BSoKjZT5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525718, "uuid": "4801e9ed-f19c-433d-b478-a1b3fff35509", "value": 29488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525718, "uuid": "283b431c-1886-4c1c-abfa-b40fdf94ffcb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525718, "uuid": "f6cd6837-7ca8-436c-aa1c-f368433e2a66", "value": "d594110268d10e2132dc62aebeb30da7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50288527-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497442, "uuid": "2e4c08e6-696f-4f6f-a4db-9d85fa51f54f", "comment": "Malware payload (RedLineStealer)", "value": "3033cb862d1aac689d2012abf0e301d1", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497442, "uuid": "0a0a3461-774e-4655-ba2e-fc5df8b0ab95", "comment": "Malware payload (RedLineStealer)", "value": "461d979d955e56ffa65b3e51f46671a9af7639cf764469383d855f2b1c965804", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497442, "uuid": "e64bf154-fa86-4790-b562-2d548f03897e", "comment": "Malware payload (RedLineStealer)", "value": "dd3b8200cb8fb80420396ccab4b5337512f3ad35", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497442, "uuid": "faf4b73c-0d7f-4b99-9938-bf25c9fcfe2e", "comment": "Malware payload (RedLineStealer)", "value": "ffd627785e690041f7af24abd95b3110a2e87892d5a1267c1d35b0d9b3f5c7448a16e6443ba141a7300a5b1109e65196", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497442, "uuid": "e341dd70-202e-47fc-8a58-60d1e5407c80", "value": "T1E825232AA7DDA423FCF12B741CF242871A35BDD5A87C972B278538A35C316C5A53133A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497442, "uuid": "2374a9a0-68a9-410d-a845-d14b2519b289", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497442, "uuid": "06d3c09f-cdab-4285-82f0-d8dcc6d7397e", "value": "24576:Yylii5PS83bEQyf2hgEv3KfzzyMC86jPx:flJ6Cq2hgEvKf3B7kP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497442, "uuid": "2251182e-a172-41d2-b61f-2144da0288d3", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497442, "uuid": "1a35df50-af47-42fb-a7b0-7e30505eff90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497442, "uuid": "61f1a1fa-e6b6-44cf-9bb7-cbf2b5d9b760", "value": "35647.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65ff2501-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684499626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499626, "uuid": "76a48322-3d48-43bf-b8a4-1fdacbaeb5e5", "comment": "Malware payload (zgRAT)", "value": "97cac1bab502ab8c1a1039f940b2d503", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499626, "uuid": "b7cc43db-9a6a-4fb5-b2b1-c761384bb125", "comment": "Malware payload (zgRAT)", "value": "4691085f8c0dddb9077c2ccc6e42857908a18b95a1706f0b0353ba367a1960a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499626, "uuid": "6e690562-9b7d-4e34-a9c6-f5d1fadadd71", "comment": "Malware payload (zgRAT)", "value": "37c3a90a0d028e4e368f6b884a4c77b1fd7d9b5b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499626, "uuid": "176abdab-bc62-46fb-ba2a-9fa0b7852020", "comment": "Malware payload (zgRAT)", "value": "ee70b11c0da6febef2c82db34b194c4a6e1cb102ac88cc92e699e354d2c8414b0585207bda82abd8d8d8920075c15a5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499626, "uuid": "1b725d36-3143-4bb2-a1b3-fdb3bd16661c", "value": "T16C26E13302C7FCFB63E23D48C54A3A581FC468F3A32C5294BD790ABA76B44549A958F5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499626, "uuid": "fc0f9eee-7209-466a-a074-32c0b0a90fd2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499626, "uuid": "f5374d90-1166-4670-9d0c-c4458b2987cd", "value": "49152:wBu128cffWtLs6KxbzGAYgnNkBIgYF4DroV6XBHScw4MSD8QydW4HlBeZVu:", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499626, "uuid": "d3ff2495-9866-46ac-b502-6a664eefe2f3", "value": 4624384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499626, "uuid": "d38e131e-a6eb-44c8-ba01-59e05dd64325", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499626, "uuid": "ae659bac-b960-404d-952b-aec64c8f4b38", "value": "quotation 239865.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b82e9cb-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684525673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525673, "uuid": "544b0e0b-1565-449f-9f15-ece2b260726d", "comment": "Malware payload", "value": "eb0b72b307da8bcd60a8a1c529391bab", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525673, "uuid": "d036677c-b221-4657-8bf9-bb66fbfaab1d", "comment": "Malware payload", "value": "46c1c3da47bb0b983d64f6b194e90449704415b966e4b985f2a223ea91232650", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525673, "uuid": "7160167e-d585-4a33-81ba-c2777eb5d9f5", "comment": "Malware payload", "value": "dbc37f0d417733cc3acfac287c3ef7387521c49a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525673, "uuid": "726eb03d-6deb-40ee-88e0-42f546858072", "comment": "Malware payload", "value": "e118e8acd73e6123d0eec9ae8edd8bf2caabf84879b9207b73242351760b2f0eb4975fd6bfb1b37722a34e7624c72fc1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525673, "uuid": "ec5dd4c2-d502-4e86-bf43-bc1f739bd05a", "value": "T12AD2E08876D693FB8CCAD9BD360F402670AEB5A566A29373B30AC9520B75180F785C4D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525673, "uuid": "18dfb005-799e-4320-9809-9b8cfddce05f", "value": "768:7lxKd29WcxEns+V6IHE4RlY990Jgljnzk99:ed29tn+9HEw0aQzk99", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525673, "uuid": "e7c2b992-2d95-44e6-b5ab-c9ad35023990", "value": 29680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525673, "uuid": "d4494d73-b060-4ff6-a3d5-d7815568b725", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525673, "uuid": "25e0c47c-313e-45d4-be75-1fc436398ee2", "value": "eb0b72b307da8bcd60a8a1c529391bab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d273084c-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497660, "uuid": "3fed7ac4-db5e-4382-b3ba-e7fe9558a9c1", "comment": "Malware payload (Amadey)", "value": "9a642dd3ee4e9547f28956afe81584ed", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497660, "uuid": "4ca01f30-be32-4051-9a28-be177bf5185c", "comment": "Malware payload (Amadey)", "value": "46d36b84f0f8eb9da5b5a3247466f416885da77349f723cfbb7fb3a8031bda14", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497660, "uuid": "e6f7de7c-74db-4d3f-a86a-1771a7f1b6e3", "comment": "Malware payload (Amadey)", "value": "1cfcf880cdb9b877264701c89aa7b782007b06c4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497660, "uuid": "2206e35a-d26e-4c9c-9693-6106cf18a508", "comment": "Malware payload (Amadey)", "value": "ceb153a41b83313c123c40595eb8f38b746082e3ef174c27ab68431dab823508ca55b5b2c02dc8dd5d70bb3e5adcf423", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497660, "uuid": "d64f01de-c357-42b7-8452-f0971fb6b931", "value": "T161252343BAD95032E9766B702DFB07870E39FCA14D388759274A591B4CF26D279703A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497660, "uuid": "862256f5-cf4e-4647-9eed-a467772109a5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497660, "uuid": "e8083305-8b65-45bb-a736-efa1fe03a3eb", "value": "24576:3yupIF0+zjzVrMsIHYETbaGIJTUjnvp1iJyRKZ:Cup6zjzVrMJVn73icRK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497660, "uuid": "059932b9-33a7-445b-aea2-7f54cf481610", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497660, "uuid": "f56c735d-e25b-4f2e-9de1-5129f47ee37d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497660, "uuid": "721d75b2-19d3-4dfe-9709-a075582b81be", "value": "encoder.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75d02877-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684525422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525422, "uuid": "7eafbd7c-4d23-4ca7-9fa1-4ab3e8841442", "comment": "Malware payload (AgentTesla)", "value": "fb32fb95dad4c2574e77cf6f7fa33905", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525422, "uuid": "14b3e9a7-5c0d-43df-9097-a8e5f7feb8e5", "comment": "Malware payload (AgentTesla)", "value": "47438e1a176f18053c6a9de8c2834a3d5ffeb78bb7efa09c6dea99aa7da44991", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525422, "uuid": "0a6c280d-0814-410b-be51-2cc187332ab2", "comment": "Malware payload (AgentTesla)", "value": "f4ee238ef984fc7f9cd0cac1548aed1fe795d9a2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525422, "uuid": "15f1cfd2-9d93-40f8-8b24-f45b2fae78cf", "comment": "Malware payload (AgentTesla)", "value": "a5d307746319914acc756ab4d0e33f7a4b130825406ab053904e0fb58fb59c6f1d541e26ea718402ace9f210b2a06bb7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525422, "uuid": "3e587164-694a-4120-82ba-f20e68d865ba", "value": "T1C515F1D119A45C61E1AAAFB54AB3F23843756C91E763974924F02C9B7C37E837E02783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525422, "uuid": "761355d1-f8fa-410d-84e6-533a24a4d3f9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525422, "uuid": "18bf3903-a5f5-4df0-8b89-9f5dea3942d4", "value": "12288:CgLpNaPn0YPX/N94+OCgGRgpYcK0STdlZIILvGMwUwCeSJryStNjOcJF3iVm3G8q:OP0tQRgGOILvZ3ueryS2cJFtpLh4/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525422, "uuid": "157c3df8-035a-4137-9430-e9f233935471", "value": 913408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525422, "uuid": "9e9a27f5-76ea-4ba9-9d21-635c5b99628b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525422, "uuid": "dbd5025d-0de4-4527-82b0-956d79502d13", "value": "SWIFT COPY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e33e3e51-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684478361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478361, "uuid": "78b3b83d-bc46-4a10-9f72-656140ce55a8", "comment": "Malware payload (SnakeKeylogger)", "value": "15a4e03a54456320f692833e64c1ade7", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478361, "uuid": "ecb9dd16-334e-440b-b322-e37b325d9862", "comment": "Malware payload (SnakeKeylogger)", "value": "474c45afa2c364f046f6a2467023a0304c5bfaa2c96b4d40cd2537665f56312f", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478361, "uuid": "5066155a-41be-49e7-98bd-9633505a66ab", "comment": "Malware payload (SnakeKeylogger)", "value": "1241c76f38f2dc1f5a8e116d58facb5061de3ecb", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478361, "uuid": "c1c1e361-1dc7-4337-92db-998980122afd", "comment": "Malware payload (SnakeKeylogger)", "value": "60a044fa180050a38560028414b461ce16ed8f280f25588d11b9d3e2d607b1ac0cc46793527cbbe6d03081242f96132b", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478361, "uuid": "478886d9-a96f-4353-9953-7af8d4f53a3c", "value": "T1D165230DAFA98483D14ABD9A424DC82F1578B89E2C3F8EBAD55184340D8DEC547C6BF7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478361, "uuid": "f96111e9-e13c-4836-8fff-715abf581032", "value": "24576:ZBWoEHPEwOSejCcscvi/9c7Yqp6nybPEwOSejCcscvi/9c7Yqp6nyC:dE8wOSemP/+7PGLwOSemP/+7PGd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478361, "uuid": "6bcbfd9a-f4d5-4073-811c-dd6b4f548653", "value": 1428976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478361, "uuid": "113a336a-d984-495e-9167-3a8d1c30cb0f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478361, "uuid": "91199ca6-5426-42e5-92d2-09e4eb3583ba", "value": "SDF098765000.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d905d010-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684488652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488652, "uuid": "0911c5d2-82b1-46da-a33b-a9232914533f", "comment": "Malware payload (Formbook)", "value": "d49edc80de1e6e4737184bdee8a15c22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488652, "uuid": "d60709d3-423f-45e8-9f57-c77c4df73ee2", "comment": "Malware payload (Formbook)", "value": "475ce37e500652d8a0fab2cb145581a7e41616490e80a757670a9a1af0ed7a2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488652, "uuid": "5c598a5b-e7e4-49ef-89b3-c6983bd8c43a", "comment": "Malware payload (Formbook)", "value": "1b788d152871b2744eb345e3fdc4a937038310ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488652, "uuid": "22ddd417-36af-4159-b035-b676885502c7", "comment": "Malware payload (Formbook)", "value": "174ce4f7cf97efd5c472401ec989dfdb74cc762bd4954b989a807dbd07bcd92f9d184429a60756a807280cfd38164375", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488652, "uuid": "a641dbe0-8d8d-43f4-a48b-1038dc54d23d", "value": "T1C14402C5BFF04DA2E5524A315A3697656EF4AC36281086870740BA5FB9F16D2CE0F3B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488652, "uuid": "573701ee-abf5-408f-912a-fc2c64ac6eae", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488652, "uuid": "71b9f12f-5850-4ef4-a231-3edefc4d96c1", "value": "6144:wYa6u8h009tAfApXg+iS9QdZS5dsUvgcFGJ7ZOyMBQO53M/UlW7:wYom5efcXrn91XV2lOvuOyH7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488652, "uuid": "678944a0-9d53-4751-8583-18d3c5fe6e47", "value": 269677, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488652, "uuid": "deed24ae-d5f5-4589-809f-299e3390579b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488652, "uuid": "e919aef1-2e15-4440-95ae-c4f07691f5e4", "value": "HCS-IFK-DPE-PO88-CS-PL-05.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4908dfd1-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497430, "uuid": "bd59f5fd-6fa7-49dc-b946-fc6e6b0805cd", "comment": "Malware payload (RedLineStealer)", "value": "a51f6b0117577afcd3fcf22d5b3ffa30", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497430, "uuid": "da32d9ea-9129-4bd8-ac0d-311853b8064d", "comment": "Malware payload (RedLineStealer)", "value": "479ac6958ee1ec1b57fb339838b5ac52357ebf328c648a41fde880567d9f5e31", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497430, "uuid": "1badc8b5-9a7f-43c9-941c-c516e5258821", "comment": "Malware payload (RedLineStealer)", "value": "14d7994b2337c2abe3bcaf0624b46d1a898992c0", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497430, "uuid": "49cb6f19-e419-4998-85df-7caf7a9c699a", "comment": "Malware payload (RedLineStealer)", "value": "971457f7b7b83ee2f4dbd2a45d2a1a47886947a38c89edaa36efde12682721437b167ccd439e747fa51017b144b6895c", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497430, "uuid": "31c37e49-ea0a-432c-bb87-72fa9e92b2f5", "value": "T17E252302A7D54462D8B92BB488F603832F36BC625D609267768A591F0CF31C1E736F7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497430, "uuid": "201d8311-0611-4416-90ab-c7a0167ea6ef", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497430, "uuid": "59904dcb-0fb9-444a-9a40-eed4c0c68fbc", "value": "24576:gyAHQatfL6kpp8avPkoU4DY9mVs3p0t8Qy7xWO5:nkQWJj84PkoFGmVsCfytT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497430, "uuid": "3b4ec0d3-b0b8-417c-82c3-89292ea5b585", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497430, "uuid": "cee48eb0-dc7c-4c4f-b972-565e977ce0ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497430, "uuid": "1e356666-1493-4b0f-a268-8705f4b1c65e", "value": "274.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2382d2b1-f63b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684496937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496937, "uuid": "187090b7-5118-4774-a40d-cdbb1efb2779", "comment": "Malware payload (AgentTesla)", "value": "22a9b282c0942875f9f99aeeb7503bf1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496937, "uuid": "45740ca8-5e97-4c07-8c28-ed575a9176d4", "comment": "Malware payload (AgentTesla)", "value": "48a9074aa2eebe724b1e9d3828e2eb3ab0fde8d370ef71652b5ffe44cf51322e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496937, "uuid": "c8fe5f6f-9d4d-40d1-986d-9bcfb00fa92c", "comment": "Malware payload (AgentTesla)", "value": "b563cc1c326699fc8556bb13b3bd9265beedc0de", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496937, "uuid": "7ea0731e-7804-4f64-ab7f-c283d8f061c6", "comment": "Malware payload (AgentTesla)", "value": "fdcbc629039c6c38b91a24d28c947d148d16af6215ba94fc1c516486788b57dd64c903ce08e5b33274cd2e42c8266cd7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496937, "uuid": "f1cc901d-ccdf-4ce3-b6af-ca2e5f716b0c", "value": "T14815C050E6E9DADDD4240BF0A1D3D4F407261D28E1E8EA570EDB2CDF31BAE44216663B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496937, "uuid": "44204f24-d9eb-4630-8ad5-1394e6a52780", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496937, "uuid": "d7960c4e-1f3d-480c-ba64-0182567771f6", "value": "12288:v2iNfUFotEvZ412FX6vGIJ4XWfiTBSC8WU0UtuH5T2J3jHuR:v1Bs0qZ4MHJmsoCy0UtugJDS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496937, "uuid": "de889d44-a78c-43f1-915d-03cd1bebdaec", "value": 893952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496937, "uuid": "0a4a835d-7853-42c0-865b-f9ed55931df9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496937, "uuid": "58ceefaa-cf85-44eb-a404-c1eb72f6f903", "value": "PI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b205faec-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1684467112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684467112, "uuid": "83a43a37-ef80-4207-b985-7d35d1d760d8", "comment": "Malware payload (NanoCore)", "value": "35a3137080894ab5abac9b4aa4817050", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684467112, "uuid": "c22c2b5f-6093-4542-95e0-91492c1f5510", "comment": "Malware payload (NanoCore)", "value": "49910ce04e610509059140ea21a639deb0e37e1de1f26bdc1085617849d11b42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684467112, "uuid": "b2de3477-6a8f-4253-bc75-c68a1d03d41f", "comment": "Malware payload (NanoCore)", "value": "7290cb9f3aff4b485b1427b93b9fad8e9ab1d035", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684467112, "uuid": "bd8b5fbd-393f-4211-976b-98ebe840b82d", "comment": "Malware payload (NanoCore)", "value": "41fb31094cc37cb7247c6de5cb13a95e9bda8afa16237b5f4ab9fc4d42eaa47d4f28c4097c37d6bfb218726995b41216", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684467112, "uuid": "5d988efb-9be8-4c01-aa7f-4af99207cd68", "value": "T18215B63D09A68AEAD07FC3E49BCC4957FABCD837B655D92F28C60342624164E61C21DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684467112, "uuid": "97dab912-dbbb-4547-9d5e-b6e95c0570b1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684467112, "uuid": "651a9854-9b1b-4c23-8fda-4a21e1f91cf1", "value": "12288:tV3SljSrk6BdMNB3SWPW4quP+4fclzJgX9uUPHi:tCjHil6+0FX9uUv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684467112, "uuid": "30dc2c10-e427-411b-89e0-a2debaa5e5a1", "value": 879104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684467112, "uuid": "aafed6bb-7118-4cac-af79-65c6b9de245b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684467112, "uuid": "8084adee-207a-4e69-bed2-8f3c6941e2e6", "value": "PROOF OF PAYMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68ef069e-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684540003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684540003, "uuid": "0c915b4b-22bc-4ecd-9841-99e56338641f", "comment": "Malware payload (Gafgyt)", "value": "7eccdd07029a8340b10fa6ebf21106d7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684540003, "uuid": "6e19a136-99ef-46b6-9f3b-5d85b0d26a27", "comment": "Malware payload (Gafgyt)", "value": "49f6e14df48df4b16af23957a2e06dafa8bae561a0022d477dc709f010169bbc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684540003, "uuid": "3077c212-6c7a-4343-9d1c-fe1253de1002", "comment": "Malware payload (Gafgyt)", "value": "d74146404b73141cdc8619d1a6cb637e2c919ff0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684540003, "uuid": "1ea7791e-90ad-4c2c-aacb-97eb48033769", "comment": "Malware payload (Gafgyt)", "value": "6d5704fafeee58f53f45a4c366ecff5e419bc0a00c61e0e36950e86dc17bf10e2368eef4755680d5b036db24f76fa961", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684540003, "uuid": "5bf21ffc-c657-475f-8df4-ab7af1a0ff54", "value": "T192A35B8AD743C2B3CC530AB2124BA66A4621FD3B492EAF49F7197DB09F374C93125B51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684540003, "uuid": "57d8f90b-b422-48aa-a000-49266575c492", "value": "3072:oWCjQrLpnr85EdT9Oa8vqbVr7e/CEgmqAgcVyZIcBI:of5EdTbpr7eWmqAgcVyZIcBI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684540003, "uuid": "f7214433-2b98-4b9b-abe4-5250e1bd39b5", "value": 99084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684540003, "uuid": "bd62fcc6-a608-4423-b043-52f27d427f5d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684540003, "uuid": "e2c7e708-50fb-4350-8f37-2d7d64268897", "value": "7eccdd07029a8340b10fa6ebf21106d7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd80b437-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684531126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531126, "uuid": "abfa9bf9-79c9-423a-bcad-3768ca7b9cee", "comment": "Malware payload", "value": "12cf57002c7afdc1cb1af3c41f6aa459", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531126, "uuid": "1a488ce9-fb0b-4fba-9a2d-56e4f4c931a7", "comment": "Malware payload", "value": "4a299423b0b2951eaafaa3d68a03d8251fd135519eae5a8b73b0ccda5d2f27a6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531126, "uuid": "1d7213a4-1d0e-4519-8eec-9710a476b2e5", "comment": "Malware payload", "value": "4a0ee0c51fed0cbd28cf5a7fac666f592cfe2f32", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531126, "uuid": "cdaf9077-7f81-4f3f-b0c2-ab6e7a9fd0c7", "comment": "Malware payload", "value": "bb42a5cdf4fe4dfdee5ce57b55dcf3827305df56b9d101870b7b93a13cef7ff55712f169fc926b719658650eca725e1d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531126, "uuid": "1c786d34-6fc6-4672-bf4a-bc70eeac5d75", "value": "T16983B40A7E218FADF79D823547F74E21B75823C527E1D285E1ACE9015EA024E641FFB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531126, "uuid": "4b24b0b5-2292-4547-85db-8fcbcf9fe1ee", "value": "1536:WxX5AhHjc2OGaLCsgbWbShfvRzeHU5cwbZnLer:WxX5AhDc2OGaPgbWbShfvRH5cwbZnLm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531126, "uuid": "7559ab6f-268b-487d-adde-e53be3cebeab", "value": 85692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531126, "uuid": "a30dafdf-9e7f-432f-b031-4ab3c082eb76", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531126, "uuid": "5f4afb68-3e13-4169-b624-5db0c5db3918", "value": "12cf57002c7afdc1cb1af3c41f6aa459", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "221e7717-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684532154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532154, "uuid": "e0145606-bab1-4ec5-ab58-b4255173147f", "comment": "Malware payload (Amadey)", "value": "1d5e2a3a0dfe5c0d70a0b2f3f4b1cc6f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532154, "uuid": "0d5a9b06-3b1f-40e1-8351-ef005aabbb5a", "comment": "Malware payload (Amadey)", "value": "4aab7b9de862854e54be702e72840934fda39be1851bfcace4cac31bb315553b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532154, "uuid": "8292425f-0b75-4013-9d01-e0323bb6b7de", "comment": "Malware payload (Amadey)", "value": "ccc1824dc29f211726f75f026dc8e002ccc90740", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532154, "uuid": "3c4bc735-6c5f-4898-b7b1-bb04732409cd", "comment": "Malware payload (Amadey)", "value": "a96ea5fb427d643f220e3f1ee435e0a15f2e8cf024806c7d01948b3f0f8278fb0ea29216dd189c055bf47d8b6b725941", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532154, "uuid": "f17e507c-4425-4316-a633-7c84e96694d7", "value": "T1F2252213EAE454B3D9E507B06CF602C30A3BBDB16978436B9B85884A4DF3685B13536F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532154, "uuid": "1f9a5d4d-8ce7-4d38-b81a-7aa8c828f665", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532154, "uuid": "f27dad25-85cd-4f86-8b4a-de44a6d9b561", "value": "24576:yyBCGqbCWrd85enmP740ZJnPyH9zBnYP:Z47bCWrd85R740L6H9zBn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532154, "uuid": "da655b29-84da-48ba-a2d7-e928c92ecbfb", "value": 1053184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532154, "uuid": "49294154-e396-488d-8890-bff6b852b2d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532154, "uuid": "3b4e163e-f755-42a6-8fc9-d2aac0073815", "value": "1d5e2a3a0dfe5c0d70a0b2f3f4b1cc6f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "256bcd29-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684532159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532159, "uuid": "1abf3487-94cb-4ecb-9a92-e2736c207417", "comment": "Malware payload (RedLineStealer)", "value": "a090d41a114d5b76e8f733b739a628c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532159, "uuid": "6e013991-c077-45e7-92ce-48d7d7948c36", "comment": "Malware payload (RedLineStealer)", "value": "4b06292a5fcea12b32aa4b47a339c69d46dcc017276030261a517c928799163a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532159, "uuid": "f00dd686-a1d0-4acb-baf4-4d24794ee25e", "comment": "Malware payload (RedLineStealer)", "value": "c14226beaf34e8fe5914d5e2b1aabf4fca69d6ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532159, "uuid": "2f06ea35-44f7-4474-89a1-2b8a6aa4d8d3", "comment": "Malware payload (RedLineStealer)", "value": "f74fb20c6e1ba65c1bd66d44516d254ea5e39d60060eb27e14d4d52917120e4d712e947d566b0914d6e0a1ded3a40e9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532159, "uuid": "db4a4122-a589-4190-8cdc-2a7a7c3ddf3e", "value": "T1F1252212BAD81033EDBA137068F617CB0B3ABC62566C833B1746944B5DB39899435BB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532159, "uuid": "ee133acb-d65e-4086-837b-0d0c888c0a48", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532159, "uuid": "0a4d4105-9eb6-4ec3-9819-ea78ad4b4ccf", "value": "24576:oy4gK4oOgsgSiUrftSYvsXs8pIjyKSE0eyeP7C:vjKnOgeiULtS9XZI2Tde7P7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532159, "uuid": "56f24408-c916-4068-81cb-189bd33facbd", "value": 1045504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532159, "uuid": "11d22de0-8695-47d7-9769-20efc0f1de6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532159, "uuid": "6f04817b-e728-4c71-9c60-71190943addf", "value": "a090d41a114d5b76e8f733b739a628c2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5092f89a-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497872, "uuid": "ef9ab221-a8c9-448d-b1d3-822b031a5de2", "comment": "Malware payload (Amadey)", "value": "12f6496d125356b5e176a25d8035fe52", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497872, "uuid": "937c2a55-ac12-49f5-92dd-a2d96043fa37", "comment": "Malware payload (Amadey)", "value": "4b0cfe841317217ecb09b5b3764bf395749d6160ba21ad36dc9f759d7ae57967", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497872, "uuid": "f811b8ab-52a8-4e25-a54b-5fdcf769538c", "comment": "Malware payload (Amadey)", "value": "51c399ebbcd94660f651c7ccb6bb9c90dee1314e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497872, "uuid": "1e2d4508-089a-49a8-a66e-38b6713007c6", "comment": "Malware payload (Amadey)", "value": "54863d348d5995e8b15987d7c82b0c3de65a27224d892eb2bf63834539fa23599b8a1085faa34af7f156503e8577cea5", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497872, "uuid": "eea16209-c0d7-4ff5-9fe5-f9736663b511", "value": "T1152523936BD95031DCB53BB508F713833E32BC615EA8D2AA1386995A5CF3A44787037B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497872, "uuid": "36110c40-dd22-4f33-bb6e-dc07d04a4e7e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497872, "uuid": "9a6ed977-0d1b-450a-a436-da17fda5642b", "value": "24576:Zy7HzriUZs2vQuu5sHLJwXMf0F/e8mPSWqYfIDVFCdZTVGDPfuHq:MZi2IB5sHNwXwwRmPSzcTcTK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497872, "uuid": "c72cb3d8-4123-4c92-b617-93103aca6223", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497872, "uuid": "8e9b019c-d0cb-46d6-924c-48473f4c21c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497872, "uuid": "b0b8b27b-2bc7-4a30-b9d7-bcf920f3a49a", "value": "start.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a871987-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684489164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489164, "uuid": "da97e34c-ce56-4ab3-9363-c1b0421c06e4", "comment": "Malware payload (Formbook)", "value": "922c836b5a2f94d2131e9a628eefb01f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489164, "uuid": "af6f5ce0-8872-4bb2-a104-0307b045d860", "comment": "Malware payload (Formbook)", "value": "4c2d0702d2d40c1da4266fcebbd7eb4b7ad82f896fa6498e435faaf90e677f20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489164, "uuid": "7e85b7c6-0bae-4470-9724-a5f48c61a02f", "comment": "Malware payload (Formbook)", "value": "78a31b992bf05338c1d9e4475a5b06ee6ae1dbc2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489164, "uuid": "5726aba9-ffbd-47f1-8d12-58e827196921", "comment": "Malware payload (Formbook)", "value": "09a9c1d1c8303b66cf15c7dfe50c56d0ab949493bd2ecbbcf8bcc3c8dc0365fd481270ba4e2317d2076badd1306c8ea2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489164, "uuid": "80b9509e-5aaa-4134-92f1-b2b00aa4f4d6", "value": "T195E4F1202BE8C70EE15B4679C1E0D3F05776DE94B966C7930FD9FC8FB18A3A61221256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489164, "uuid": "634ab540-691c-442d-bad2-c17c19a0dcdb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489164, "uuid": "633a3158-4253-4adb-80cc-42035e436d5e", "value": "12288:eEF+gMBf29yk6dwvqjcEop+AaDq+RkQtOqZIYl:eS+pBu5wwCjZw+fHt/aYl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489164, "uuid": "f17cb3aa-5b02-495c-a38b-00218a4d5c1c", "value": 685568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489164, "uuid": "e98f9ad1-374d-4f60-9830-0bc278866e95", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489164, "uuid": "71b7d817-bc83-48d2-9023-84d6691687eb", "value": "PS_231.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1c6f488-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684486841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486841, "uuid": "31fc0008-17a6-45ec-ab1a-59889a2877cc", "comment": "Malware payload (zgRAT)", "value": "2538cc6b4c8d3c5da789d119be9c0340", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486841, "uuid": "c11eed91-5430-4b58-8657-8f5554cd44f2", "comment": "Malware payload (zgRAT)", "value": "4c32d8a4a01d2feb335b8e6fd570cb2a2ff639c0a65348855c43bfc0148c5ad7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486841, "uuid": "9f0ec902-abe0-439c-9631-8572f12ec5b1", "comment": "Malware payload (zgRAT)", "value": "cfbf3678cad99b333726f4a1c45bfdc699a2c899", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486841, "uuid": "6694cfea-4589-465b-b51e-3acb81b23d7b", "comment": "Malware payload (zgRAT)", "value": "44bf8d63eaea89760bc919cd93da3e4c1471e93cfb6687b3a79c396f984ea1f098acfe9ffcb43dcdb79733b16f14a0ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486841, "uuid": "12bd2317-cd8d-4594-b52f-9bb29377e46f", "value": "T1CD34CF5737D06B52D98994B0D0E3193903E3A28B3BB2D7863F4842A54F927D4CD86BDE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486841, "uuid": "e820474b-c618-41d7-9117-45610ae452e4", "value": "3072:VTX8M4ns7PGSyfvgNPI9ywmU9/RI5+0u3PvR//nv4XJulJTbSqptA/PnxnQNmcFK:VrN4s7PGSlPMJEY5XUgJiatGnKNmTvj5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486841, "uuid": "1ea26104-f8e6-42f5-b4b1-0110ae222eb0", "value": 241216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486841, "uuid": "1a793c5e-7e49-4285-924b-1a52bd318628", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486841, "uuid": "769bdcb7-8431-4234-b5de-f9e0a0e123bb", "value": "ZiraatBankasiSwiftMesaji19052023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5df91ae7-f60a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684475990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475990, "uuid": "070895df-fedf-4097-b7a5-ffd56caa195d", "comment": "Malware payload (GuLoader)", "value": "a6fcb8f420d7706494d8a03988a293ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475990, "uuid": "225346d0-8041-4b0b-bf4c-6fb38a4de0ee", "comment": "Malware payload (GuLoader)", "value": "4c392e71f22ef4fe13257964c8c84377788ba6769b7a2ae33f211f7f775ba343", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475990, "uuid": "10f67d15-fabf-4179-9556-098c1232e18d", "comment": "Malware payload (GuLoader)", "value": "46c236652b01ac1ade17e41ec493405dfd4e407e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475990, "uuid": "b7ed39c0-cfe2-424e-aa37-e55905b7e3a6", "comment": "Malware payload (GuLoader)", "value": "a25d2fc18fa1b925ad7ad2f0549bd26a41a6ef7f6e3aff0df2f10541ad3a43a7dfc3929e02d3b0379c0853fbbdca718a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475990, "uuid": "b8ba17e9-a532-4f05-b267-ebdfbc0f101b", "value": "T1BAB40253E2A0C8DBD9384372493BE9912D57BD6AC0F0560F229773159AB336391ABC4F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475990, "uuid": "cb2c83b0-d2fd-433a-9d3d-df33cc971f76", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475990, "uuid": "a69f6bb6-ee55-424d-878d-45a349f7cb55", "value": "6144:3FEKwoLUWHggZIIquDw6xzqO8aK21tWrw5AA6I2BD8Yp4377DlCDxbd8p2OA5Lgd:04xz9x91GlLBtp43PtsJHGt3ibXs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475990, "uuid": "cd00e2bf-9eef-4a34-922a-5ddaf0fa2768", "value": 496024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475990, "uuid": "373d7029-4a42-4098-bbcd-8acf57e300b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475990, "uuid": "5bacf52c-2390-4293-8354-0aa86c3b0603", "value": "PO1436-4677.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70058ddb-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684500072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500072, "uuid": "15716dca-6394-4d4b-a56d-4e477546eac2", "comment": "Malware payload (GuLoader)", "value": "9e02383b3a999708b257e1744efc12fd", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500072, "uuid": "b011f729-d0b1-494f-b369-2945308d3eae", "comment": "Malware payload (GuLoader)", "value": "4cd0df4f823989eff4d7152f7201b16eec9b9c0d645fa15b7c1c903db7c41a82", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500072, "uuid": "ec43b0f2-8722-49ca-a69b-b2b98a17cc96", "comment": "Malware payload (GuLoader)", "value": "628b5da710f5ea07108351cb316451eab0b210a8", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500072, "uuid": "ef83ac49-1bc7-4f00-9fb6-29f3bf041091", "comment": "Malware payload (GuLoader)", "value": "849e8912860c92d5236e571f898f5dda1f98f46f34cc37b82b521991fca6ea4d04c5f49bfbe8ad7815316c6211aedce9", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500072, "uuid": "5d14c7a2-2550-4723-b090-f17f460038e4", "value": "T128641246E4A4492BD553563291FEFB2AC3BADA8120165A4F27744FBA1F203C71E07762", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500072, "uuid": "dd6df81b-7ec7-4891-b1f9-879a17ce1c1d", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500072, "uuid": "a7a407ed-c4f3-451e-9f05-e51701f0a056", "value": "6144:392nYf4aImao8XbqzkoD+mYdZwFadXhRDe2hCdA0tvFJTTsGNqoS:SZaxao8/Q+mkZwFQX7+AMLfsD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500072, "uuid": "497403bc-ae16-41a7-af1b-e9d68be6e0dc", "value": 309736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500072, "uuid": "2ab87e71-0428-4d68-8d2d-4dd5adc16435", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500072, "uuid": "b96f7369-57aa-42e2-9886-479cc9ae641a", "value": "converter.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce1337b8-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524282, "uuid": "d50d0187-1c50-474a-8125-c73cb172dcf3", "comment": "Malware payload (RedLineStealer)", "value": "ac599e640a97ffc0f3ccd09482c54087", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524282, "uuid": "4a9fcfbc-80f9-4d4f-9d09-a1fbd1688d5e", "comment": "Malware payload (RedLineStealer)", "value": "4cfeb3274f2226a746c4d6d9010c2aa5758b3b1462223c3e5fb76371253e8d37", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524282, "uuid": "1c175ad5-e34c-443c-bd6c-ff5734d04108", "comment": "Malware payload (RedLineStealer)", "value": "81a735132a4a9028600d130155e9abe7e698749f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524282, "uuid": "362861c5-78ca-43f7-ab66-1e973edffb87", "comment": "Malware payload (RedLineStealer)", "value": "d93d25b005dc9a8885ce002046ad3163d7e424e398f2be55da5672311cf5ec4c794d35bf60d534a84c76ddfa4f7f3a4f", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524282, "uuid": "eabda5ad-7e4a-424d-b118-7dae03127975", "value": "T114252312BBC4E033D4B51F7028FF12C30B39BC629A78836E1B5AA59E0D764D66574367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524282, "uuid": "0265433c-9802-4e41-8ee6-49cbdd403138", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524282, "uuid": "aaa7e2cb-636e-4c45-b449-d0edd31fddd3", "value": "24576:OyFSdB+vg1Hxatk9sFFdA6OjuCEibsxGu8wTBYlxdY9fL:dFYcsHAtpA6OjuCFbsxWwTil", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524282, "uuid": "b6bbfafb-0bf9-4d34-9ca7-ad6eadff02f3", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524282, "uuid": "c64d7c7d-62e0-41ff-9fa1-c10c078fe7de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524282, "uuid": "f5b2599b-1ac0-42da-9260-978442179e65", "value": "2724243.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b18da85e-f625-11ed-b3cf-42010a9c0076", "comment": "Malware payload (HawkEye)", "timestamp": 1684487727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487727, "uuid": "b70ed1fe-6755-46e3-b41b-942ece1b4ed9", "comment": "Malware payload (HawkEye)", "value": "e488e1a45eb1b7ea061c6a3d9f0729f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487727, "uuid": "64aa55dc-2541-4a0d-b406-07f182f2f4a2", "comment": "Malware payload (HawkEye)", "value": "4e08d3d7a3ecb630ccf016f97a79aab7f44b255484737d574599c25acf0952b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487727, "uuid": "075cea94-ef49-43e5-9f6c-aec10b8de9e2", "comment": "Malware payload (HawkEye)", "value": "523c99b72980e3a82a20378fe22949b2c2bf43a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487727, "uuid": "98570d84-d7db-4a5a-ab84-343d12a7ab12", "comment": "Malware payload (HawkEye)", "value": "07179fb53cfc73dd5f127e2eac503e07c50dceca7ed962e450739bbd71092fd7576a0368e787f9d629c345cd10ff599b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487727, "uuid": "edebca39-b6c5-4d29-a2ee-b343957c1612", "value": "T1B75528BC967409F6C037CBF057D58893B54B7D76F00B9A2750D2731AD2B366224EA82E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487727, "uuid": "8d04f45d-da9c-47d3-b2bc-3d2832dc2222", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487727, "uuid": "4b4093de-e29d-4487-9d73-baad80ac2dc4", "value": "12288:p0yiHh/Iwu6+pM3BHB0kTp05xm0Nj/RfycXzN/7RPyIoDvS/efj1WI0CVq:pGhNu65fI5/NjJfRpNPz1AR0C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487727, "uuid": "2541a452-636b-4c10-bd7a-c6fe85abe480", "value": 1301504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487727, "uuid": "5f487d71-8096-4a1c-afaf-bb1009431bc0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487727, "uuid": "1b7212d0-2877-4ee3-a729-b70af8cb4c58", "value": "PO Lists --- pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6a2911a-f5f3-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684466368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466368, "uuid": "d3ab8752-5393-4a2f-90b8-f6e64122a128", "comment": "Malware payload (AgentTesla)", "value": "56ff498b6c0a9d60f8112f69c075dd55", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466368, "uuid": "d8b5d57a-683e-4d39-a290-f451aed2c1b8", "comment": "Malware payload (AgentTesla)", "value": "4e1a8fd4b8b47004196e7bd9d8b937eaa5ae05d0f6c02593241ae71377ece0e4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466368, "uuid": "6ea34bcf-76a7-4582-b7be-5c90b611ce71", "comment": "Malware payload (AgentTesla)", "value": "2c0e4f53a2175c95764cea88eefd19d6d3d06dc3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466368, "uuid": "66489e04-fafc-4c49-afc0-35829e47d470", "comment": "Malware payload (AgentTesla)", "value": "7f73905756baed16356d51a338402df6c9f4f87ec59a7d596b27fbe826be805c59e0aba4743f3b95a372348957f4e133", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466368, "uuid": "4cd86183-a620-41f7-9f71-31910c31f0cb", "value": "T11FF4613C4AA589EBC1BBD374ABCC499BFA73D817F1589B6905D6034272436CEA0C21DD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466368, "uuid": "0116faca-d515-4111-ba40-4599f3088e51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466368, "uuid": "78162321-8cbc-4159-be90-faa99e767ec0", "value": "12288:VVjZHuexB+sMwOSljSnr6aEKbRgrew468aCO8:DjZqsMwFcnEK0eH6ZCL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466368, "uuid": "c4508451-c5f0-4662-ac33-2dbfcc2b0736", "value": 770560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466368, "uuid": "e5285254-965b-4af1-82f4-b10fc602e453", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466368, "uuid": "7caee0fe-5edd-4fb1-a069-e99096a4d0e3", "value": "QUOTATION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a0be8b2-f61f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (LummaStealer)", "timestamp": 1684485110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485110, "uuid": "9f4a9e69-c3a3-4086-b006-a36df6d38b0c", "comment": "Malware payload (LummaStealer)", "value": "cd4121ea74cbd684bdf3a08c0aaf54a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485110, "uuid": "79aa140a-aeed-4a7d-adbc-adf87b3d1871", "comment": "Malware payload (LummaStealer)", "value": "4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485110, "uuid": "5f110b70-860e-44d5-8688-aed78b9a1e02", "comment": "Malware payload (LummaStealer)", "value": "ee87db3dd134332b815d17d717b1ed36939dfa35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485110, "uuid": "b2d55998-b7c5-457f-9777-b4a1f727c5c7", "comment": "Malware payload (LummaStealer)", "value": "1189e0bbcf3aaef882a0c9820b29e99ba634c2dbd2a3c8a1ec0191d07e7a973d880c606e663ec67d358b608f6cd211ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485110, "uuid": "78e75fe5-53d3-4a4b-86ac-905aebe36db4", "value": "T142649E10B9C29072D17311320675E77AAF7DBA34AE22C8CFE7941D7D9E322D09624B5E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485110, "uuid": "822c43c4-86f3-442f-8466-70bfdd5dc033", "value": "f4ad1b5fcf2cae19f0918ba11a4e52c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485110, "uuid": "9aa2260f-b812-4ea5-a883-3c80225fec39", "value": "6144:oIh0zAu3vOiefUQH3PDKcL90ICtZRIfNJcqTJt2e83Kvixc9Ai2kNND80:o+0cu3vOiX0qIsZRIfjcqdt2e83KSC5N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684485110, "uuid": "1e750bd6-2f54-4edc-a309-597cf03eddf7", "value": 324096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684485110, "uuid": "927c322d-c1e7-4849-8d8f-7e702d5dc2f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485110, "uuid": "08b30ade-ac94-4092-b19e-3ca0cb768558", "value": "SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dda95ca6-f618-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684482217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482217, "uuid": "21cff7e1-7244-4769-95c3-e11e8419c9a3", "comment": "Malware payload (AgentTesla)", "value": "aa6f38d80ec7992e88d152dacf9ada35", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482217, "uuid": "6f8f9054-f66f-49d0-b67b-e2a0a08fd21c", "comment": "Malware payload (AgentTesla)", "value": "4ec2c970844f6f307e2221b0bd72ae2f11b361675206adccf806ef9d7a965813", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482217, "uuid": "4a54b9ae-f72c-4021-a546-980b1db26c95", "comment": "Malware payload (AgentTesla)", "value": "925a70c92ecd8f1609a36305a681cdcc4544595c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482217, "uuid": "7de45f8a-df6c-4e3d-a8a2-b08295aca86c", "comment": "Malware payload (AgentTesla)", "value": "4f067b4d09ec105e1a663ab8a258ded01f628a72d268f1c6b94bd88addc4fcb09f413433e0f44e74af0ae6a0edd3a75b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482217, "uuid": "a717ffd4-78bc-4d73-8020-85fb6b86af73", "value": "T1FFF433EF9C0496ADBFABCF1433990E4F570A8C6B611B405C95F8AD98DA678DCB41B40C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482217, "uuid": "b3700a96-95ee-4b02-a00e-ffe61640934f", "value": "12288:SePpAhFHfOCkLMexfURWKaNb84qlEPYgXabnTaqdNT6B9h+uPNFvn:SipAhFGCkLdxfURWK2WleYgXinTawNmx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482217, "uuid": "311dfee5-ebc4-412f-98b3-af6f1464392d", "value": 753716, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482217, "uuid": "1cd02515-0a60-4e74-9b3a-9e35f5ecc1a2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482217, "uuid": "e4c7e611-1c66-4d0f-9baa-1f8226100d87", "value": "PO#88224.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01b1c63e-f666-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Phonk)", "timestamp": 1684515349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515349, "uuid": "18ed3993-c6d0-4463-a705-a91ef0f0688f", "comment": "Malware payload (Phonk)", "value": "ddf022619ef9dddb01a94ae7fec03dc9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515349, "uuid": "54ae6646-ddb1-4821-aab9-d7f7e1b58efa", "comment": "Malware payload (Phonk)", "value": "4ecb7005db7d4d80ed08ac8c5117cb301c7ba3b1d3e39878b78336ebfaf5c687", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515349, "uuid": "3dbe0d25-fc08-460e-b147-b768d2e156d6", "comment": "Malware payload (Phonk)", "value": "5c8554898e3875ec472cc4e1b139314eab1e5bc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515349, "uuid": "3c030666-2bf6-45fb-835b-919d3ef46a2b", "comment": "Malware payload (Phonk)", "value": "1843736b221c565eb14403b4dfe05f11d6727df59a3691b5bfdbae4b4160c64250fb613d1ffb2274058a94ebbb8c4c61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515349, "uuid": "c8ec7041-f2a3-4266-859f-6355d8e91809", "value": "T1FC850A8EBA118DA2DD8900F2F6E90B749A40AD164714D0BF36D2BBC9E3FE0DE45CD159", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515349, "uuid": "791728fd-564b-4fff-a0ce-64cd6a7ea9ce", "value": "12288:540lXZ1EPxgJHMF9Udf1x33SkYlEZDL5RgiUL63X9DJ5UaVePBwHCGUWxE5PWX93:5VEJguypPFN9JLgwlS5PVq2JeAAAAR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515349, "uuid": "84822cb5-fbc5-416a-ab2c-01e59633a37f", "value": 1806336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515349, "uuid": "eb16741e-83a0-43b1-8165-2078d77fabbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515349, "uuid": "1c7818fe-94f8-42ca-9541-f18937551c0e", "value": "ddf022619ef9dddb01a94ae7fec03dc9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a0a1ef1-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516034, "uuid": "750533fa-3c1e-402a-a281-43d0a285c697", "comment": "Malware payload (RedLineStealer)", "value": "20f64ec660f4ff802c7fb26c4e91bd5f", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516034, "uuid": "3d951049-9d82-4d02-a5a9-189db46cd957", "comment": "Malware payload (RedLineStealer)", "value": "4eed7d3dd259c9a87f79013c937631952416328af3bdbfd6f8a32bad07285c24", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516034, "uuid": "65a90459-9f25-441e-8a25-c286b23d3f6f", "comment": "Malware payload (RedLineStealer)", "value": "0b5eefdba5849a50d3247461169a1c0d851422ef", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516034, "uuid": "4cb6424e-a2dd-4aee-ae9e-abcd9d9e8d12", "comment": "Malware payload (RedLineStealer)", "value": "a15b0e21da34c9010d752c89632308b84478235a60d554d72f7d3fb8f5c0d0fb4390ec6046a6df483157d6f8df16874f", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516034, "uuid": "0c8811ff-02c1-4d85-acb1-d6f670d16195", "value": "T179252303F2D890B3DAF523B018F716D30A367DA01978A25A6F4AF64A4D73698583177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516034, "uuid": "c91728c9-2bdd-436b-acd1-dbb7f277a24e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516034, "uuid": "d396a923-e391-4144-baa5-1ee6416aabd7", "value": "24576:kyao4YF0emuWgXk2yxrtxPljXtHrWTAj4sqz7EI:zafo/mh3/x9xHSTAsVM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516034, "uuid": "b59c8663-e18d-4759-9e16-3158ecd18fda", "value": 1053184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516034, "uuid": "3988c9aa-fd57-4612-b32e-8bc562fb6db3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516034, "uuid": "30dc2d23-7c01-4d7c-bcd8-be058da1a305", "value": "NoxerCheats.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cd25406-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497490, "uuid": "8f3540b1-c0e1-487f-825d-a23db236b091", "comment": "Malware payload (Amadey)", "value": "73ace5435084f5617bddd859f499eb59", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497490, "uuid": "9cd3acef-3423-4387-9b98-f9a3db5be604", "comment": "Malware payload (Amadey)", "value": "4f19106d834b2e43b1f31462fc6a9113a332bf52ae512f5c7f26131a08c488a9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497490, "uuid": "23ca9560-500d-4c46-9fb6-248d53606a2c", "comment": "Malware payload (Amadey)", "value": "d0ce437ccd5fec0269ced702b745858c371af63c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497490, "uuid": "279124d1-c4e0-44d3-ba86-236afcf6d9a8", "comment": "Malware payload (Amadey)", "value": "7b5f98ffa221e2b0f7fe0a752d8ad7edd8059d29bca7faafbff4dc5ee57acf48af4f0d143be7a401e0f375e0b713619d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497490, "uuid": "52488266-ac22-4f93-9ac9-c6b95ff55cb8", "value": "T174252212B7DD8036D8F15FB019FB02930B3A3D93A838972653465D1B5DB69C8A53A33A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497490, "uuid": "a87ab635-91f6-40c5-ac89-28e4412051e1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497490, "uuid": "7a02f21c-5217-49fa-8060-5e6f80982021", "value": "24576:pyaRODgo13ij/8bEWUQ8PnK785gYxe8Fi6yv9IvtuQshETIZTU4zi2l:cEef3ir898PnK7kxeQzyhdh8i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497490, "uuid": "d53cb4b2-0675-4199-90a1-65aad538ccba", "value": 1045504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497490, "uuid": "5b592d7c-b161-40b2-b9e9-03ae99a37702", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497490, "uuid": "6120afef-f652-482b-b839-a55a6ff12705", "value": "LightCheats.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d220466-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475559, "uuid": "acd649a1-c4ac-42d1-b693-17cd0680aba2", "comment": "Malware payload (AgentTesla)", "value": "b8807c8a7ffc75b3baffaafc05fbe08c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475559, "uuid": "9365e9d6-46f7-4594-bc5f-c912ba9d0250", "comment": "Malware payload (AgentTesla)", "value": "4f688d15c3dace8938bab8b7470d94ce9a3a11e5ac4473e202368ae827c43251", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475559, "uuid": "1ee77bd7-7169-44de-abbc-f7a6bda28f61", "comment": "Malware payload (AgentTesla)", "value": "277e0282edbe9a5a6ff53a85d3a0e98b46d4fad6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475559, "uuid": "4242a1e3-a5e6-4e24-8ed7-6d740377e44f", "comment": "Malware payload (AgentTesla)", "value": "9cdbfee085819f9bba12bf09117b588a240885d367e430038fa1f1dc7740ce4451cc8f1913ca6eb861b6145731090c90", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475559, "uuid": "c38987c2-25a6-44ce-a133-615677359cb5", "value": "T1BEE44A6D49BB5FAFF828053FD2D0B7211AE09A61200ED62A7DEB2759F979C410B44373", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475559, "uuid": "3708308a-82ea-45d5-aaf6-5e86525253b5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475559, "uuid": "f66b981f-1b24-4d3d-b1a0-c7f989ca4c0d", "value": "12288:b9blaj8gqRMiCScxpwtRaEpUXMSwqWG0cMzoscx1z80Z9:jaYBdCSsk7I0S8W9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475559, "uuid": "71977e78-cc33-40b7-97cf-2f681d8cdf8c", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475559, "uuid": "a4311635-031f-4937-bdfe-07d82dbc0380", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475559, "uuid": "6d3d1022-68c0-40a0-90b3-5876cda16a3b", "value": "ORDER_110280.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ac1ca3b-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684486615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486615, "uuid": "f84d3648-0b7f-4ce2-ab63-9ae4fd9388c3", "comment": "Malware payload", "value": "658ac2968ac81eadbe165cfd2a770c34", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486615, "uuid": "5808512e-a084-4dca-9595-b168ce6b7fea", "comment": "Malware payload", "value": "4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486615, "uuid": "b67bee1c-a912-4caa-a95e-400b0ddab242", "comment": "Malware payload", "value": "39d228c2b5d1181abe8bce6a95fe852c8e06a79c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486615, "uuid": "5fef10d4-59c9-48bb-add9-675da00d07f3", "comment": "Malware payload", "value": "aae7a7a5d7508994748f465b9161ce0b6037b4c762b2451b08fbe0a5bc82c22cfbc162a07f8f59a2d060fc51c624f303", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486615, "uuid": "5a31c183-04fc-4284-a3e0-6e10d38e186d", "value": "T1F2E3170772A900B7DC77C235851B5F15B7FAF51506208FAF06E869AD0F633B0ADAAB50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486615, "uuid": "b204ef8f-205c-41fc-8c4b-35a24d6aeb0e", "value": "b4a83088f12b4207736dc256f093f9ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486615, "uuid": "e5e43dce-c3a5-4f40-beb7-0268aa45aea3", "value": "3072:60gp4UGo8MYmB99SrtM0ieiG027bAM8mMu0cM:60c4kzOieR02s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486615, "uuid": "fee586e3-ed99-4763-b908-7f0ba116cc7f", "value": 150528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486615, "uuid": "873c5b1c-cbd5-4932-b3d2-9c5f10a2d2c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486615, "uuid": "17d23e6e-df00-4100-af18-bc0f7539177e", "value": "4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01afc527-f652-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684506759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506759, "uuid": "238fa59f-920c-419a-abca-96d3d6289507", "comment": "Malware payload (AgentTesla)", "value": "217bda7f29198cbacce2f4a3a671f768", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506759, "uuid": "f224615d-1d25-4477-aec9-0e12abb717f4", "comment": "Malware payload (AgentTesla)", "value": "4fc166e6973287ac35432fa74d763785404f2ea196d5d1b3bea537f48abc98d4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506759, "uuid": "eb8e04f4-21f4-4873-b090-352e211bd930", "comment": "Malware payload (AgentTesla)", "value": "c45bab29db9fe9674ad9b1faf00719ee4fdc0ba3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506759, "uuid": "1e84587c-82a8-474b-b55e-923015810997", "comment": "Malware payload (AgentTesla)", "value": "aad49d69f3451a470111ce3b88a4ace251a6d9e444cfae3590f0a786ca68e517b8607a0a3f415649aab0bd9fb390548d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506759, "uuid": "dd57b850-c980-4021-8f6d-f8d23f9b964b", "value": "T1AF942329FB8D8648B3A4400D40D5B47BE16539E80F4EFB719989E77F69C9631B233C88", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506759, "uuid": "f385a62d-13b7-4409-a757-878b1f23f753", "value": "12288:SH21u0AgSUpTY1oeyAUUeNQemCjtxtIWu9:SW1D6UhYueyAUdnIWu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684506759, "uuid": "30d9edb5-34f0-4506-85a9-39da1026779d", "value": 442336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684506759, "uuid": "b72a3bd0-6ebd-477a-99d8-c63a6613ac31", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506759, "uuid": "d289ac70-e5df-4c25-98a4-71e9f8b6c564", "value": "URGENT ORDER.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72da236a-f63b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684497070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497070, "uuid": "69bac537-2c53-4baa-852e-b9669ceccc80", "comment": "Malware payload (AgentTesla)", "value": "9d5920ec73bb913e120aec43d5a94577", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497070, "uuid": "21377d46-a0de-4e94-ad29-461e9896cc39", "comment": "Malware payload (AgentTesla)", "value": "4ff65e8d8e7fb3df64db1f3b895db3f2a0f79d9eb402a6b48dbb8bd5017ff706", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497070, "uuid": "fd5076e4-0b48-4ea1-9cad-09ddc3232ce1", "comment": "Malware payload (AgentTesla)", "value": "1e0f81fad7078dd94a60373a1c273c48bdf957ad", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497070, "uuid": "affa8f4e-e6a2-438d-a27e-a513c712fb7e", "comment": "Malware payload (AgentTesla)", "value": "bf275c935eff3c58ba4a4450dde786b8815239ad1db5fb2f33917962ab6e6f82ff0efe4a56f20bfd19d990ddaf5658c0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497070, "uuid": "651915fd-aec1-4bdb-aa5e-27179f379a69", "value": "T15AE4238C0997A745C591D74C47A468D2CAAC24A2D88E0CDF146C2DEB34BB5AEF1F38D7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497070, "uuid": "3d1c0626-108f-44e0-929f-4dc483462e3a", "value": "12288:aVCdaJ08llv2bQOE3R84BT8RW0QosXtfrdPbDuUuFehMap9A67exMGAj2:nMqi3O4OBXsXBVuohMap9A6iMtj2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497070, "uuid": "a16fa5cf-4ba0-436a-b9e4-c0d8b1f0e7d3", "value": 717589, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497070, "uuid": "9b2cef9b-fcd1-4539-a8b8-222d571c04a7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497070, "uuid": "f0978e5e-03ed-4f85-ad87-12722917e705", "value": "DB_DHL_AWB_001833023AD.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef7aefa0-f694-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684535505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535505, "uuid": "1c91cc3c-26ec-4284-9de7-2f7a8c8ccbe5", "comment": "Malware payload", "value": "5c8a55fac6e52b82df29e2a40b5b6619", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535505, "uuid": "5c87615a-ec4e-4e9d-8973-611537913e8a", "comment": "Malware payload", "value": "501f310734064f2d07f6d34c4c2b9d04287bc87297e26a245b748ad8930d2063", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535505, "uuid": "62a02677-f480-4801-acca-35482e4b4524", "comment": "Malware payload", "value": "6f37c0e854ae7ff156595c36378577f5953c9589", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535505, "uuid": "ac5f6e76-7764-42d7-9b02-7fc2698f2c66", "comment": "Malware payload", "value": "5c879051b900041e19133b00c57d8f1a22ec57fe8c149f6449a9f681bb4e1f6e99bae0a73b89803f3281e5f2d459feb7", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535505, "uuid": "65247d30-c0c4-41c3-91dc-7d32f0ce7f51", "value": "T17DF2960ABB54DEB7D86FDD3349B9874530CEB45721A4372A35B0C62CB61B50B49E3CA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535505, "uuid": "b59a5f95-d604-4917-9a16-a9fb51da6c49", "value": "768:DXgvjERF04eX3kHdbe87ZK/+OhzaVbXXi3WHe1lBjBzEHV:Ux1UHdbP7ZK/+OFaVb9wjBA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684535505, "uuid": "b774e750-678b-433e-9e93-a012a87d1d97", "value": 35528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684535505, "uuid": "a7521592-6148-4ed6-b06f-c9f356e04eea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535505, "uuid": "2d838a23-4589-4a66-b1bd-714273cb098a", "value": "SecuriteInfo.com.ELF.Mirai-CCF.28149.7914", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "820a3418-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497955, "uuid": "26c267a8-831f-41fd-b227-26be4edf1d4c", "comment": "Malware payload (RedLineStealer)", "value": "1609dccde582770f0781808c074d858d", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497955, "uuid": "32f2cd8c-0417-4ec6-9835-7af3f432f53d", "comment": "Malware payload (RedLineStealer)", "value": "502f27947c7d4a21ed73303a5e377ea0fefe27e0c98cb7b5b1811ed99287f5d3", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497955, "uuid": "d014cb3d-ed78-4b2c-a3ef-703d73d37861", "comment": "Malware payload (RedLineStealer)", "value": "789f0b8e2470d5dfe6aa36bc63b517b1c4470ba5", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497955, "uuid": "3c0ee052-176b-457a-b158-44089d7f6535", "comment": "Malware payload (RedLineStealer)", "value": "caf2e95d75cbb3818a71fd39434a3ae4ceaf8b6b7fdf2446c30efba2663b72ed978eefad6569ef60d1dd3640b22be248", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497955, "uuid": "9b7bbcb3-72e0-4c9b-81d7-97367f70f8fe", "value": "T1E7252343EAE8D423E5F657B068FB16930F3A7D55083CA3A71645699A4CF2380E93137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497955, "uuid": "b901d91f-f3c2-4d69-95f8-4b99002e953b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497955, "uuid": "bc6a9c01-171d-47db-8117-5dfd7c3d3855", "value": "24576:lyGiJcLM6dnXsOYb9DV6Yjjy+LC6Ylkikox65EyJ:APGLnXRYhDV62LT6C5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497955, "uuid": "5554849e-7838-4e42-94f8-e95a69476f50", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497955, "uuid": "adce9781-ff12-49f7-aa3b-c89ea536d762", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497955, "uuid": "72dfbf54-99ff-4fe7-badf-99ba7cffb285", "value": "viewer.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "915d5aa0-f630-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684492397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492397, "uuid": "7028f7e7-3a9a-4c4f-8dae-04e28cb2cf6f", "comment": "Malware payload (NetSupport)", "value": "b34a5aee3fbc7bbd8f90b265c2e81e5a", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492397, "uuid": "c32e3e15-39b4-485f-8018-7546cab263a0", "comment": "Malware payload (NetSupport)", "value": "517c43d962fcac6df70aeb1b1e03a714cb69e7fafd1747d808d4817e4da32a20", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492397, "uuid": "f78c1acc-d492-4ef3-b51c-898d245025c1", "comment": "Malware payload (NetSupport)", "value": "ee7c5c1b00825b9e5bb0ed55a9df5d3fc8d16994", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492397, "uuid": "a374cf6b-2f16-487e-be9d-ecc5c2b73cff", "comment": "Malware payload (NetSupport)", "value": "4827df5f44ab2828226af2a8c33c4ae3d771a50a4e3108142e2c4659d73b9273019d428972467bc027a0b95ad8fe2c84", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492397, "uuid": "c25e0492-bb86-41aa-a91b-602b40632ac2", "value": "T12DA533262F8203B3742794AEE5707F110408973DB2BE787366263DA7787B375A345AD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492397, "uuid": "48e38ef7-fb58-427e-ba33-6472837aea6c", "value": "49152:6Q6J3WM202p5GutgAJuIxyxWCIZsS85PWZ5FvcBo:p89i7JDmWgzP+Uo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492397, "uuid": "b42afe7a-88d7-4adb-87e3-a330d22ee86d", "value": 2265763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492397, "uuid": "2cfccc7f-9b6a-4b68-871d-e5e23a27109b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492397, "uuid": "0da06e1e-1d6f-4964-8e66-cf3ac26c67cc", "value": "6464a18d793bf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a499af38-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684486846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486846, "uuid": "dec8548d-5244-4a5a-aee1-ba91c125f99a", "comment": "Malware payload (Loki)", "value": "891312ebfe2c2715b07afb904a41e3f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486846, "uuid": "8e52e8a6-7988-4ea5-a402-53023b70b7ff", "comment": "Malware payload (Loki)", "value": "5190da5fffe0094c06dee97bbcf1e4446e1428c1bc956d21875f3cb5a04625d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486846, "uuid": "3c1e2308-7d5f-47ea-a2e8-5c742d424343", "comment": "Malware payload (Loki)", "value": "dd1f418eea429c77c58693b603d9b55c2538881b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486846, "uuid": "389a3799-92b3-4463-82bd-e58cf32c9a91", "comment": "Malware payload (Loki)", "value": "5df63c119bd71671232d20b875f56b45da3682f7d527a200bbc5144448e21325fb5c293591b75476b2c55e316286912f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486846, "uuid": "6d82737c-6a86-4775-be38-61eefe6eff94", "value": "T1CD05F19159A48C21E2ABAFB946B3F23443756D41EB23D34A20F02C977D77E967E01783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486846, "uuid": "7e86c8f1-03f9-49cf-b24d-b9a6677ab389", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486846, "uuid": "a580d385-2424-41d6-b081-dafdcda2a45e", "value": "12288:2HLpNaPn0YPX/N94+OCKY3nZjAqnuvogG+uZVL518XlFpe9ogPoUTE1s2ZkRcVmL:lP0tEn4AgoZVd1A3msUMZsmzIr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486846, "uuid": "6f810599-58e5-49b0-b8e5-299f8df11e18", "value": 835584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486846, "uuid": "e5ceeb98-2933-44bd-9491-5a3ecafc03aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486846, "uuid": "66a09ae6-2a70-4b5d-8961-f91fa74d4f1f", "value": "FedEx Shipment Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1368cec4-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vjw0rm)", "timestamp": 1684478442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478442, "uuid": "713a0e05-3004-48d1-9e07-7eb77176444a", "comment": "Malware payload (Vjw0rm)", "value": "2640b5851d4ff75bfc5c3ddf9cea67c7", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478442, "uuid": "651ca73f-da5b-4c1b-a462-2e307fe23040", "comment": "Malware payload (Vjw0rm)", "value": "51dd8819906a735ebf6cc646da4d4ed23937e66b39a55b0dca5b01e7a0ce3f6d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478442, "uuid": "1e973947-5fb6-4074-825d-819a50e0ddfb", "comment": "Malware payload (Vjw0rm)", "value": "377210fc1a662564fc2c88e0ee974b992bd396eb", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478442, "uuid": "23e73798-d3af-40fc-9e0f-ebafc7ec1148", "comment": "Malware payload (Vjw0rm)", "value": "b4357a7353a8e97bf7f6a53f149b88589cd347fd42d69b04a9bb76e9af41106e6a18122e38729f30098716ee088d6278", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478442, "uuid": "000f72e7-e8c5-49f8-abda-6715b8efd280", "value": "T14D351483645679AAB3B24344D30D8E133615D297EA1B1050278B1F8CDF9DD7C3AE9AEC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478442, "uuid": "49bed117-5b8a-417d-b44b-843f2c888cbb", "value": "3072:znsMGGRlz5Hay9mgUAbud4dGkgvsGHgke6K7lV:R9ml4dGUmK7D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478442, "uuid": "d5bd00b3-ac79-485f-a0fc-28dca53e22ea", "value": 1123104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478442, "uuid": "957394cd-d984-4eca-8f64-d50aebf3144b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478442, "uuid": "78487686-c5d6-43b7-9460-903c92e0c09a", "value": "Spec00301.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42800b6f-f601-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684472078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684472078, "uuid": "aa9f113d-4ffc-4771-a30a-88eb3201a931", "comment": "Malware payload", "value": "52597a814ee98411fb5c4c501318a5c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684472078, "uuid": "f62771fc-2866-4e91-88cb-6172c120da28", "comment": "Malware payload", "value": "51f4e780d426b0e4c12670d49f67ff26257a487d93efcc4e593e133dc99a5bfb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684472078, "uuid": "1bc2fa28-e7de-49f4-acea-bbfd86dc0204", "comment": "Malware payload", "value": "89b89a395ddca41d2a98a4e90e70da1940755133", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684472078, "uuid": "6674e6f8-f82c-4e2b-ab77-5c635c13f7de", "comment": "Malware payload", "value": "1f6fcbcfd6c30730b6db823d3f436acd8f9cc6b9db6b4e8e1d9fafa72c3aa248c22fd20d744ed454ca5884bbd3f95ee9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684472078, "uuid": "a5e30f79-7c33-47f8-9235-99669aaa6580", "value": "T152D4E170609E46A6E01FCAB12078FC76037171F3EDD5DAB50B29A584CEA7F582E4C94B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684472078, "uuid": "392ba775-bba7-42ab-acc2-ed9f0805ab3c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684472078, "uuid": "9cd34394-153b-4c95-9a62-14144baaeab5", "value": "12288:GQv53atccKYCmv0b1Ce9IuwxtJ2o65E6KGoxEB0Ucbi+iP7oMMsKCm:n9a2pHrF9I3xToEhrScqMfvC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684472078, "uuid": "7306c50f-7392-4fb1-93e4-c0f2891aabdc", "value": 631808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684472078, "uuid": "b7c55d31-128d-42d0-a612-1f15e89c4dc9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684472078, "uuid": "b3744770-ac8e-46a3-bc48-5ce634c038dd", "value": "STATEMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69956775-f62b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684490183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490183, "uuid": "0c49268e-9c86-492d-bc52-93758785e5d9", "comment": "Malware payload", "value": "86c0064011ea2d6fb66faa6ab11c5939", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490183, "uuid": "fcc45cd6-4526-4289-a091-3c0bcad093f7", "comment": "Malware payload", "value": "51ffefa8a10b6da720a80cec4735fe173669e7c974946e46c8dda908e824d8a4", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490183, "uuid": "a319f7dd-86be-41da-856b-1fac4b568363", "comment": "Malware payload", "value": "5b5adb2f6e9d9536fd9bcdd37b2945350477b479", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490183, "uuid": "5e7c640c-faa0-4fa1-8a91-854b2ea040e6", "comment": "Malware payload", "value": "98114977d3d65705fae1aa084c92e3bd3a87a8383d6ba71aed2bb6dd11d0a08ac180c5f18153dd9291ac7f0d5e317858", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490183, "uuid": "ed6c2223-3e39-490c-bd3d-68ed7aeec8ca", "value": "T14244FEC04F1518704B4B7D267770A5A1EBBD0E6482889A9BE91F3271F2CE68CCDD9B35", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490183, "uuid": "b6645630-a68a-431e-9610-907f5fcb420c", "value": "6144:Q4ldaPTJ3ryq+kbRQZ1VGHUvcyVcuysJ1a+stko7vNDmaOxhL:Hf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684490183, "uuid": "1e54bfa5-3660-472f-992b-39191e12b955", "value": 267347, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684490183, "uuid": "cdd4773b-ed60-49db-ac9e-bf671c1d80ce", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490183, "uuid": "08862014-8ce6-4144-bad6-a42e35440067", "value": "Yigdaagb.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "247da075-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466874, "uuid": "088fb4fe-37ac-4e4f-be96-50a420a289ec", "comment": "Malware payload", "value": "5880c5cb36fddbfc2001bbe58d819c10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466874, "uuid": "e9ae270a-0c73-4464-81a8-643344534a2b", "comment": "Malware payload", "value": "529ef78cfb6ee8353c6f60fabd8b73ffc11667d3ae52f608a15c5c16a0a87f0d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466874, "uuid": "0b1c7bef-2e35-4b62-b330-6939c292c70d", "comment": "Malware payload", "value": "ecaaa658dfc6652f9edf57b80347577168cfc21f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466874, "uuid": "fb510194-42bc-408e-8261-8b195f5d8b9d", "comment": "Malware payload", "value": "bef5a189ec0fa2ad9ddc416859eb5ae033b3f393998ab62897d1e4ef8bbc192b5370239fa70df3ac8ca154786a386bf4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466874, "uuid": "4cf227db-23a5-456f-bab2-e703c96013fe", "value": "T1A7F40106B648D88CD4CD8932C8969EF01620FC46D988077733E63F2FFD7116A9D16E6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466874, "uuid": "2961bb39-e716-4cb4-9b06-ffee66f5ff8b", "value": "476d7166a4b7cf1e05b10c550fbe4142", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466874, "uuid": "ee256dbd-8be4-4317-b0e8-2b4c5d29c729", "value": "12288:J8+KOKcg0yt6KR0xxSMiaArn6tiURAyTK9AUqVEQGjrlhzLJVxMIxzkaSgVXKgHe:0OYF61xxUaAr6ti+A0VF+LJAIcoRR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466874, "uuid": "d38c8863-459d-4122-aedc-c89e2c248f96", "value": 783360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466874, "uuid": "291b1636-e9e4-4437-b6ee-08f1e6049ecd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466874, "uuid": "e61bd2c3-be43-4b94-88a3-285435a74a49", "value": "SecuriteInfo.com.BScope.Trojan.Packed.29975.29686", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aaf4c715-f674-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521646, "uuid": "4f1af8a9-8b6c-4f3f-a98e-5e43bd3faa84", "comment": "Malware payload (RedLineStealer)", "value": "a9ef6988bdb028db2bd361903e583f34", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521646, "uuid": "49dcd04c-0b5a-4c45-a694-517f74fe27e3", "comment": "Malware payload (RedLineStealer)", "value": "52ad5225864911acbf93403f72f0aade7ae748ff7593bd249e05e29f37f8ac5e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521646, "uuid": "5c5b0009-887f-4490-bb10-e4eb3e4402f5", "comment": "Malware payload (RedLineStealer)", "value": "4e00365ed9fd79d51bed1cb827bdbbbe6a068623", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521646, "uuid": "41e49779-029c-42f7-bd1d-e95e371be3c3", "comment": "Malware payload (RedLineStealer)", "value": "54cffedb8b15e6aef10185bced9f22415359c1464c318330635fcb2700ca55c777ac54df88d74f3e627e2db34a5cc6fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521646, "uuid": "e15307a6-6c71-453a-85ab-df0ba6059719", "value": "T1CA2523537BC59433DFB9177108F225931B39BDA158BC83A72A9A956BCCB2F905431332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521646, "uuid": "7615f475-04ef-47bf-aa4e-f3a57bcd25ef", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521646, "uuid": "434c6071-3e96-4bba-ad0f-2177f6d9711d", "value": "12288:ZMryy90rMW5/uLOhYo06gCg6uVpVEwNzg44xZqh4yN7nb2KiYayN6QXZ86lbbYc8:/yNCurCg6u5/Ey4yZiYaOzpZhLlzIF7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521646, "uuid": "87e3593c-7887-4e19-8cd1-cefc853a56ef", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521646, "uuid": "cff3efc8-ca67-4d62-864b-2472fb5ed39c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521646, "uuid": "ef3c2951-222b-4354-97e1-5a2846902a81", "value": "a9ef6988bdb028db2bd361903e583f34.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ab94429-f5d8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1684454429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454429, "uuid": "10edd0e1-a8d4-4c55-bd18-a14d909ee4e4", "comment": "Malware payload (CoinMiner)", "value": "60289e0f5d2253b860b3fcc66a7db8fd", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454429, "uuid": "d6d36fe1-0105-4f53-9df1-cf94ba67a6d6", "comment": "Malware payload (CoinMiner)", "value": "533a32ae03e1efa0a9bf2a3faa60bf3c7a580b82e0c3dcc89049f6a696a48c84", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454429, "uuid": "bb435750-4357-4a0c-b967-214350580976", "comment": "Malware payload (CoinMiner)", "value": "63635d9e77e0fc4f38a87ff6759d75307a8d0161", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454429, "uuid": "cfaeca2d-32ed-4128-99e2-a69186bbd4f3", "comment": "Malware payload (CoinMiner)", "value": "c55f3e987fdeb7706cf70e407133b64332f759b19b5110af0081f8128bcd8d9ac658af864885aa746ae51ed2f49b867c", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454429, "uuid": "5a828526-2268-48f3-a915-255ebefd6fdb", "value": "T123A533666BE828B2E5725B34D8E20557E7327CF71B71E2FF025580BD2E239A44173329", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454429, "uuid": "ddc38c3c-d303-4033-bf98-c07a3b76415a", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454429, "uuid": "ee9077c3-0b12-40d8-b699-e06e0debc21a", "value": "49152:9Y5U40AAQvCbZXkgn9zQ+kb0uvUiXYcppayuZMo:wcbZXP2bhUiXrRuZt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684454429, "uuid": "d03f4858-62f4-402c-b92b-e1bffd8e6045", "value": 2261504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684454429, "uuid": "e89fb4f6-e786-42ae-90c3-20d349c6f55f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454429, "uuid": "a8858053-f078-4b07-8392-0f5923e64db1", "value": "setup.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47fbcbba-f619-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684482396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482396, "uuid": "073d9e63-c528-4db7-80d3-e929bd5191bb", "comment": "Malware payload (AgentTesla)", "value": "17f3d7f0fb49c75cd9ec0b56c2972e0c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482396, "uuid": "c3b6e717-51ac-4e1d-b2f4-be5a5cbc524a", "comment": "Malware payload (AgentTesla)", "value": "54430311350a637b723f9b810c99eb14b1901cf55e179c2c6935c6c6411233b5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482396, "uuid": "0de73c5c-5f34-4dd1-b261-2debb6e02b2d", "comment": "Malware payload (AgentTesla)", "value": "f88b2b63d96c309727105dc356588763868e704f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482396, "uuid": "e7913f5f-f3f6-4b11-bda0-73d10c7674bb", "comment": "Malware payload (AgentTesla)", "value": "7d284d8d46d7fe453ebfadba0f6795fbc09abbab749dd702695b20bcc44825d20c2d217eb21464f7bb6d7fd4336da631", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482396, "uuid": "049f634c-bb82-485e-9702-3ccb3e976408", "value": "T1BDF433EF9C0496ADBFABCF1433990E4F570A8C6B611B405C95F8AD98DA678DCB41B40C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482396, "uuid": "163e2666-b6a1-4f86-a0e5-b757ab8958ef", "value": "12288:9ePpAhFHfOCkLMexfURWKaNb84qlEPYgXabnTaqdNT6B9h+uPNFvE:9ipAhFGCkLdxfURWK2WleYgXinTawNmy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482396, "uuid": "a6d5fa11-0387-4d37-b1d4-6dbaa7af392c", "value": 753724, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482396, "uuid": "1f8ef185-f9e0-497a-96d2-1b89a40572ab", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482396, "uuid": "f20b2279-cb32-4d19-b011-a2d3e5eecf41", "value": "payment copy.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a180c790-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476962, "uuid": "f0f08e18-d218-47ca-8b77-0779e01c2471", "comment": "Malware payload (SnakeKeylogger)", "value": "a1bcc030b3772680da1e842f616e6329", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476962, "uuid": "822e7a05-960b-4301-af68-fc54207103f3", "comment": "Malware payload (SnakeKeylogger)", "value": "54492f6c2f298dd366978c41c40e603dc981e871d8fbbef854077652f787dde5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476962, "uuid": "042f4431-ee2a-4c55-9d87-025d0f60f60a", "comment": "Malware payload (SnakeKeylogger)", "value": "ebf7a1a91c7143fa1f6a98b039dfc0238b7dc58b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476962, "uuid": "39370310-d66e-4115-b634-c7562ad6a109", "comment": "Malware payload (SnakeKeylogger)", "value": "fcb877eaed6403bb3baf9447568b423f45f1842496d7d6a9234b4b973833b83990076663e671aae8cc38dfc0907f7443", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476962, "uuid": "a8c46104-3569-4d00-8946-89771ac69cb8", "value": "T17205D6E220F943AAE02D96F586202443EF216D7B465DD444BCAF33F58F25F929D07E1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476962, "uuid": "f88876fa-a65e-4ff8-9a7b-bb32a8147e2a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476962, "uuid": "0ccdadd5-b3f2-4616-9dc2-36964081f71c", "value": "24576:dkcEILpX/dycnILpX/6zMu1yj5mjs0pW:dkcEILpX/dycnILpX/6zMu1yj5mj4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476962, "uuid": "45ded1b5-b66e-436a-97f2-159983e19be1", "value": 828416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476962, "uuid": "b1ff4ac1-acd6-4e9a-a203-5224308e9775", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476962, "uuid": "be144149-01eb-4b4e-ab3b-f00aa73ab48d", "value": "9765435789te.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a69b75ec-f656-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1684508754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508754, "uuid": "1a905f80-2613-4611-ad06-1e90fba8cff2", "comment": "Malware payload (AsyncRAT)", "value": "0f1773a12a57d234c1d05d3fbb49db12", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508754, "uuid": "6eb2eda2-5a8e-433f-afa6-44b3ad0e3295", "comment": "Malware payload (AsyncRAT)", "value": "54c3bd453f381dd2844d2479d8901a5b0d0a48d7a7b711a9b903ed1f2aa6fc40", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508754, "uuid": "1d0defa7-c76a-450f-af91-752a5b1d6a48", "comment": "Malware payload (AsyncRAT)", "value": "a7e03c1515b488ddc9fc4e4ff53d1e5586048744", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508754, "uuid": "2565e72d-e217-4423-bba4-9386f7c2932d", "comment": "Malware payload (AsyncRAT)", "value": "b1607b052aa68cdff9aa06f19b55c620823ecdf7be01fe3a2aec9f7639dabf06e73196bf88b20af10e6bd4e5acd02a31", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508754, "uuid": "c8b16152-c0f4-4440-af43-6ded54481074", "value": "T13C25E003B7C144B3D47A1B3145A75B307EBAA9301BE68B9B57A0057DAD72780EF31B91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508754, "uuid": "2abf4652-e946-4c8b-bdac-2dc9d985c0e4", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508754, "uuid": "aacc8a3b-4c1f-4f2b-a7ce-05afe6521b8e", "value": "12288:NToPWBv/cpGrU3yeIn81KiSrzuVfK1k7OeU3TeahPW4sXaztaXj23shHmBV:NTbBv5rUanTiSWK67KFeCMmV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684508754, "uuid": "c215f5c3-1866-4e3b-90e6-7b0821692ea1", "value": 978086, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684508754, "uuid": "405fde8f-4452-4655-968a-869f45627a48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508754, "uuid": "4f8ca006-e4f5-459f-a714-e9ca39ce5cdd", "value": "File.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bf8a667-f69b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684538156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684538156, "uuid": "2b3866d8-8eb0-4fd8-b6c6-417229988bde", "comment": "Malware payload (Amadey)", "value": "e1ee9b0106ecfedae238fd7012be1c6f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684538156, "uuid": "305af68e-0927-4f9c-9a83-9cb1d51b3cd6", "comment": "Malware payload (Amadey)", "value": "54c5e889e6eb38cccdc7a7030ed74360dde8c6b3672d85be33dbd9cdf1e0d297", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684538156, "uuid": "49b9a232-b8ab-4b07-bbaf-80b5b203676d", "comment": "Malware payload (Amadey)", "value": "2e21114add56b7a6df63f1afcb29e087d3b3e66f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684538156, "uuid": "b55ddd2a-d7b7-4bc5-9a9b-5fe8fea5091c", "comment": "Malware payload (Amadey)", "value": "37d9ca347cd2a4878fd82d65328ddb70838ff6aba10b3b7c571fb2e9da94cfa3585b37770bc19daa6d6983d6c2ab9a5e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684538156, "uuid": "2830c8a9-f823-4768-89b5-cc2ae82f1cbb", "value": "T119252342E5D99473D8A40BB4EDF613C32A32FC90E9B8932777E1951E0E322A07925777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684538156, "uuid": "0b2436da-2b11-4b38-867e-1873129a7deb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684538156, "uuid": "3035ec2e-b772-49e7-88d6-b2d4ff5e0581", "value": "24576:KyfTTGJ/Ne+7M3YkmnMnHZBoDrUOcd/H7zZu5Bbd:Ru/NeWiHZBonsd/HXZu5B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684538156, "uuid": "21e37019-62e7-4e41-93a4-ceeb3cd79588", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684538156, "uuid": "820c5016-b498-4d1a-baf4-4dff1f88d649", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684538156, "uuid": "a65247a2-3d05-4229-9f85-4408daeeee60", "value": "e1ee9b0106ecfedae238fd7012be1c6f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c11b7829-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531132, "uuid": "0fff2fbe-c6c7-4835-a10d-265f04d5df5e", "comment": "Malware payload (Mirai)", "value": "1bee7bbe43d9182c35c3664f16c84a62", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531132, "uuid": "2cbeedf4-a858-489e-a3fd-92f43bc0ecaa", "comment": "Malware payload (Mirai)", "value": "550b8cd504b23dde527a18a228486f9aa0da8a069cfdd8d9a32bffc15e2f138f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531132, "uuid": "929c6f73-7e8e-46c9-935e-237f900adc18", "comment": "Malware payload (Mirai)", "value": "6aedee8a67bfd44cf7b8ec806d0fd7c1f1beaa0f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531132, "uuid": "debf2c8e-f563-44a6-bf33-ceb8063fe022", "comment": "Malware payload (Mirai)", "value": "1962579699be8fe281495e9947c87a74bf17353d5a5f57ff6fae003ee47e40b9f870fae1a225f2f01d4a431afc2cd95b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531132, "uuid": "524fe9f9-8a8c-4a00-a693-a2e223cd7624", "value": "T10383095AB9814F12C5C602BAFA1E018D371357F8E3DFB2239D106F21B7CB92B0E66955", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531132, "uuid": "d9366f4c-4593-4174-ba2a-ece0747d8102", "value": "1536:7FnIZUXHKgW6i/2QK1eYGzsriW8pKWzaJ9o0YIpiESeWo5Hy8785dYoYwbZnJZ:aUXKbC1aAiZwWzaXS5o5Hy878jBYwbZJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531132, "uuid": "e16598f9-501f-4d4b-bd4b-033c5c413f55", "value": 83256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531132, "uuid": "4b79c3b4-970c-404a-b848-89479279a52b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531132, "uuid": "b82bc104-6b9c-48c5-b764-6d5e8bb56428", "value": "1bee7bbe43d9182c35c3664f16c84a62", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5d88b98-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684528160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528160, "uuid": "825a1321-b804-4051-a47a-d68d4f2aff4e", "comment": "Malware payload (BumbleBee)", "value": "41a0b77da4ba20fae5c1909aa55ed7d1", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528160, "uuid": "28550e0b-bc86-4915-8a00-30f61f7b1db4", "comment": "Malware payload (BumbleBee)", "value": "552d37f20b03b091ef65a567368481b6e370ee21163af1486c7d6b3b05fb41bb", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528160, "uuid": "dcb71920-e368-4335-8b94-1978bae83dce", "comment": "Malware payload (BumbleBee)", "value": "9f70ad7c20dba64f6aeebdbe3658153e2bf05c0d", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528160, "uuid": "f29d0eca-4794-4020-8644-bdb876cd0638", "comment": "Malware payload (BumbleBee)", "value": "66d52164d8bd5788dfd4601746f296af51ffc13a57a5d39ebb11bf40baa5e4f10f75e4410ff4565feb99aab19e428e0e", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528160, "uuid": "26cfb0fd-5702-47df-82c5-7e96adeefc05", "value": "T19245E011E6921FF5D07691B780AB252BBB707E294319E377EBC0D2373D837A05B1A660", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528160, "uuid": "b62882ad-8b23-4200-9b7f-93986ec4d77f", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528160, "uuid": "6508aaf7-7b3f-4849-bf8a-f126e612392f", "value": "24576:6nHJvLALXKgAosOT+MevrxfrtxvcZR3LpCS90KVjGaMOLLMO49Kxn:20K/TfrK9RT0NQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528160, "uuid": "3d063700-4311-486e-8765-07e036365d2d", "value": 1221136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528160, "uuid": "0bab8886-aaad-408a-8605-79a4426759c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528160, "uuid": "eababbe2-1059-4aea-b33e-8f4ee3d8a8ac", "value": "41a0b77da4ba20fae5c1909aa55ed7d1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36baed0b-f5e7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460892, "uuid": "a1e6e9a6-e4f2-4ca7-9300-b0d89849e227", "comment": "Malware payload (Gozi)", "value": "d0085499305bcfa1d82264ee4f6b3610", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460892, "uuid": "3eeaaab0-aa50-4935-adcd-f21896f8cc31", "comment": "Malware payload (Gozi)", "value": "553c50a45247be28271f44bc860bd17278a35f2d56f3b1a5772e5b09e3c87ee4", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460892, "uuid": "76f86c81-d3a6-4406-a247-7d959c104fe5", "comment": "Malware payload (Gozi)", "value": "cabdb48711e8819ac5ee8a6ec4ef34a0dbdc47ae", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460892, "uuid": "7c5109cb-32bd-4637-b669-e19660964220", "comment": "Malware payload (Gozi)", "value": "e8ad501597661686d6fa27ba2049dee2ea737111699a5936bd8cf73c846c72660b9fb04f539ef8be5b7c11563818f988", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460892, "uuid": "c83a96ad-07ce-489b-a9bb-6b9dcc360199", "value": "T1BEA274E052C93CBD543771F1192941E1D9B68869BA5E2CA4F06DB01CF71CF24E2BAC6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460892, "uuid": "afccc42b-2a4a-4492-9f36-a5fd2b90b661", "value": "384:j03wqvR/MfljenPlBfLo74jDROj68nx2tc:jOwqvR/yj6DfLQ4jAjZgtc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460892, "uuid": "c927e692-19fc-4df2-ad6a-769a71ef5572", "value": 22502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460892, "uuid": "0ca1d73e-e1c2-4f00-a8ae-d8674d38ac9e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460892, "uuid": "946b85cc-bba7-41a0-a4cc-42e2ba5cf50a", "value": "1 Total New Invoices - Wednesday May 17 2023_1058.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dac8bd13-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684489514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489514, "uuid": "ffa3ca50-c74f-4e1d-b8df-a4669a212cc3", "comment": "Malware payload", "value": "d291432ae9c38560b97a69dfc4eb75a1", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489514, "uuid": "8a5a3de9-2b01-460f-ad74-be21b5844cd3", "comment": "Malware payload", "value": "55f1531bac9787ef81ef7d232ee5138eae779afe0f4d3d2c677930d4593c2c4d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489514, "uuid": "b967bf82-a447-4811-b720-39046587870a", "comment": "Malware payload", "value": "3af6cf9b52aa3c830df94c777d82705e4c3641d5", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489514, "uuid": "ca8f1717-7efe-4b66-a2d0-fa14d9a4aaaa", "comment": "Malware payload", "value": "8a0a4e61f01c234fb600e00f9bdf9604c2bad15e9e427ea3c6416bf888e3050ca51a42dbbd8b4821c3fe7841f62b0738", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489514, "uuid": "4b89198a-765b-423d-ac52-d5bb1f420250", "value": "T106246C139292BC61D9174E73BD2EC6A8772EB1604F597B9723299E2F09701F2D273243", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489514, "uuid": "5753eb47-2c76-42ba-b1ba-9a5e69e93933", "value": "ee2cc8de8216a98a04e64dc8ea701849", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489514, "uuid": "9f6a1e6c-afd5-4702-a1e1-60e2147468ea", "value": "3072:2pXwrjjc+LosmXCMsOF43gTbtKle2fq2QttOnM9ezM5M2wKZ:aGj7LosICA+QbtArS2QLH9ed2D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489514, "uuid": "223805e8-b7f0-4142-a2b1-c24c9c476445", "value": 212593, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489514, "uuid": "e03ce513-1fe3-4653-89bb-ee1bd33c579a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489514, "uuid": "5d5497ef-5e80-456f-a79b-b308fb998650", "value": "executor.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52c0b7dd-f64f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684505606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505606, "uuid": "a0034d80-9f06-4b7b-b7ff-9cb985738979", "comment": "Malware payload (AgentTesla)", "value": "583c8c66af398c49a416a807f80fdaa8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505606, "uuid": "18fd0ac8-4b83-4fdf-9780-e672f1e7935f", "comment": "Malware payload (AgentTesla)", "value": "5618c10e74a619d5874b1e30a6042fbb3816f16f787f3d85254c3f7531bbc177", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505606, "uuid": "14a5c268-d327-42d1-a58a-4e8519eb88be", "comment": "Malware payload (AgentTesla)", "value": "057e7c925ffc0fb6d1f3d6b4b86a9cc953b8a383", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505606, "uuid": "f45872c0-8d8c-4f1f-8b00-8dca11638a15", "comment": "Malware payload (AgentTesla)", "value": "9c5b085e14d7b7d454ff9215e71797d21a72568db2209c2b57809202a6439252525b819f292cbd89cd11f30e06e2502e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684505606, "uuid": "70a438d9-f224-4a81-ba23-3d428ebb2bec", "value": "T190E423F242B4DC10527B39E6C6CB41B484C7FA386CA5DF939C12E72861A47FC5AE54AC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684505606, "uuid": "5d145c1b-d5e2-403a-8be9-c1be23d85f4f", "value": "12288:4Ih0e5OLJY2xzZqVIgW/lBsawBUiRCoK7xxsr3fJAsRmgHq8t9G3YAUTF/Fx/mXE:b2wGJH4Ivwqi0o6xxsr3hogHvtoYAUTF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684505606, "uuid": "3bb4cf43-c6b5-4784-9ac1-c8d9d39e36c3", "value": 722006, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684505606, "uuid": "b0d1579b-876e-403d-b5bd-da64789a12e3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684505606, "uuid": "e57bf468-3047-4893-b50d-7023d9ec2f4e", "value": "SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3070356f-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466894, "uuid": "b2210d5c-3101-4df6-b107-b8fd056d862b", "comment": "Malware payload", "value": "f5b8c393a489648bbc06b2cd11f9a72c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466894, "uuid": "d2c03667-6c10-4a3e-9d49-c05c8d18e4a7", "comment": "Malware payload", "value": "563afe9ed5242b16c807bd2e8ec0efd7e5370aa83664a3dc3b4268b16cc07947", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466894, "uuid": "3fd292ef-67e7-408e-b42c-08e7dd0f29c1", "comment": "Malware payload", "value": "c82dfa2f0541168af1f5bea7410cd92f783f7ac5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466894, "uuid": "54483cc5-02c7-4149-a555-5fdca7482efb", "comment": "Malware payload", "value": "cc6c28fd3d5af84e7b94908ca4399ca52ab062f17332fbacc7f411555e3bfaf2c77ecaccfebfb95b35d621c111b9fca2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466894, "uuid": "4103e081-04bc-4593-96ce-71d37b8f319c", "value": "T1F503F1C27217DB73DB0FE0785D2BBDB9708DFC428A6E539D22AC6D02B9569201C1CD58", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466894, "uuid": "7d775674-6e01-4cc4-b90b-dac40fc3a224", "value": "06122351ca4de697e7b6ec29aed515c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466894, "uuid": "808032cc-1f46-455e-a56c-438bab283c14", "value": "768:zAblbR4jVIikHl194gSEQ/Vw8B5uezzKVnqM6fbihpeoJ6HeAH8reDANA:zAb2TkHl19T4e6u6uQM6f+h0U6HNHx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466894, "uuid": "798cc504-33e5-43ce-977d-a94d51f25a77", "value": 40960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466894, "uuid": "7374d029-b422-4b0e-946d-b2cb58c57bd4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466894, "uuid": "41501319-14db-4f64-a213-959b43c0d47d", "value": "SecuriteInfo.com.Trojan.Siggen8.52069.11386.1191", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "252a960e-f617-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684481478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481478, "uuid": "d5840ff7-f969-4b80-86e2-0687fb70077d", "comment": "Malware payload (SnakeKeylogger)", "value": "60f1d7ec562490c276e0b9a8ee392ce9", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481478, "uuid": "9994164c-e026-456a-ba07-c8528f18568b", "comment": "Malware payload (SnakeKeylogger)", "value": "5671e8620e226434a8fb98ffcf9f9ea1483c809b774f532453d650a412795cd4", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481478, "uuid": "12e037da-ed14-4fef-bb6e-90103333a258", "comment": "Malware payload (SnakeKeylogger)", "value": "9b1893dabc419c1e5c7272e7087df175f498f5ea", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481478, "uuid": "532c422d-122e-4f93-9ca5-ed1a39b6b379", "comment": "Malware payload (SnakeKeylogger)", "value": "cc6c1e0406a670ef9e4898540cdb945721035679efcebe75b5e152bba67b16702fa603d369cf8e2405a96508667d11cd", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481478, "uuid": "55eaf1d3-501f-4f77-9e3f-c9c304ec1360", "value": "T103A423768B188F58D84714655B316A8E8BE7D162C6C37EED23B00666BC0B11C4ED0EFE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481478, "uuid": "d829806d-5b23-4dd0-a6d2-da4a2cec0eeb", "value": "12288:Pqs9T1guN7pTpyawZXNVrr7hpZq3apq5ZLy6VncpW1OV3F8d:hhNFpJwZ7Fpq5ZLPVWW1eS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684481478, "uuid": "5424186c-1de9-44f2-bee1-e4b50d80f3a0", "value": 487971, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684481478, "uuid": "1b63e18c-b44d-4bd0-9d8b-ee69f83ce921", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481478, "uuid": "67cbb5d0-1b81-4f13-b130-08c501b5982b", "value": "Swift Cfoc 00109839.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf69c21d-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516124, "uuid": "bad00e8c-47fc-4895-a11b-2b77c548dab5", "comment": "Malware payload (RedLineStealer)", "value": "089f35fa418063a9b9a6ca3bbd7a51c5", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516124, "uuid": "3e3f8b8e-9550-4112-9620-112687a1cc3d", "comment": "Malware payload (RedLineStealer)", "value": "580240d11d8462cea37ed2af07a0040e70fe57d884d57729fb80c6515361fe9e", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516124, "uuid": "cff8f996-30ce-47a2-b02b-b3c24352b761", "comment": "Malware payload (RedLineStealer)", "value": "30a9051c2a2d8f62f983a3803944458fda3d406a", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516124, "uuid": "f284c6f9-2548-4008-9a70-881558310baa", "comment": "Malware payload (RedLineStealer)", "value": "e1538e35f7e81d54e43bf36b73afbe6277d49306b60bf683080a97d9c624d1b0530f75481f2eb67b6af53fa8990fb6d2", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516124, "uuid": "212e9d1f-fded-42c9-b206-7010baf7e8f0", "value": "T17DE3C524279F8934D67B4E3DACB19CC076BCEC12A542D74A4ECCF1593A73B809B116B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516124, "uuid": "75bd8c7e-b247-46bb-95ac-d98ead92b835", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516124, "uuid": "92dc3ec1-7142-459c-9ea8-0a104517492d", "value": "3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516124, "uuid": "ee5d365a-d0f9-40a4-90dd-357bcb3117b3", "value": 148750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516124, "uuid": "554f8795-e998-43f8-9352-73771af21b62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516124, "uuid": "279718c9-c101-485c-aee3-a54a1c36ccab", "value": "reader.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2a905c3-f5e6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460724, "uuid": "e4d6f8a3-7037-41b8-a669-7107407a19f9", "comment": "Malware payload (Gozi)", "value": "c81454f578c854fbaf5758df58543ccf", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460724, "uuid": "868ad603-5afe-4e09-918a-ea62ba207a7f", "comment": "Malware payload (Gozi)", "value": "5856a09e7bd9d9a1e3d2126ffe0d67bd17e71c259c68cd02d1101c6770359a29", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460724, "uuid": "ebb0af40-884b-44b8-aa60-1d6cac079a24", "comment": "Malware payload (Gozi)", "value": "766b7e786aa458c09ad12a1dbea0580e19c36d5f", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460724, "uuid": "eae4c436-d75c-4c46-bd74-e6428a5ea6d1", "comment": "Malware payload (Gozi)", "value": "9a3dcc54b78b524974ce95f685d5aa295d5891ee6a4a97dc86f450f0c4d9e2ccc50131d0d4ab354fada32bc301db53b1", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460724, "uuid": "f9f7791f-bcc8-4ea4-a260-075d939b9092", "value": "T16FF1CFEC99359939EFCA03F228C56C4640E0D9C948252E98F594FBD07AFE1E94A2B1C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460724, "uuid": "276487e2-ebf4-49e1-99e6-514020bee307", "value": "192:nW4a4Zm8+LdNRb63F2o7VT0pP7Y57BnZ5dEq:WcaOso7CZw5dEq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460724, "uuid": "26c59d6a-86ba-4c47-b1ee-0dfa97e3ad50", "value": 7911, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460724, "uuid": "5920d925-0038-4be7-8ffb-1756a71693af", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460724, "uuid": "897ebc7a-e928-4f6e-9495-f91021456dc0", "value": "1 Total New Invoices - Wednesday May 17 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15e2e398-f62a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684489613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "2dffe4c3-8f7e-497c-bba9-54dfd563e168", "comment": "Malware payload (RedLineStealer)", "value": "34c038e44c42ba316cb304e7ba54f297", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "086b7fd0-ea71-4c9c-bf05-9ff02c687fff", "comment": "Malware payload (RedLineStealer)", "value": "589354278ebe177d236ca70a7035f7fe3d23dfb3fc6064ae4c533359431ad53c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "046d1973-6374-4400-9594-a9bf8c57d2d1", "comment": "Malware payload (RedLineStealer)", "value": "046a9fed90a53a05216b4f2a32ac62ffe53fc40a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "d0f1b37d-b2ad-4992-aa12-a096d289ce03", "comment": "Malware payload (RedLineStealer)", "value": "9ac497af18a5e9fd1f88a3a4519fd81f57d7c41a32d6d5990afcaa9a150d9fc63e75e6fbe40a710a7f8f9e980bdbdd2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "d8b7bec4-3b66-4ef1-8233-14475b9fa6ab", "value": "T108B48DF3582B2A3CDFAE3CB4C486395216B150571A58E92DF7750DEEE087EB0F248166", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "2b8f4436-99a7-4f11-b6e3-8d35ec7ccca3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "80f6bcbf-f07f-40e8-bdc8-5372a3f9ca25", "value": "6144:n9iK/fTphszm59OXCWJIQyLNy1yGiGwpMhSz8yc0F6hRlYT8b6VwkkQNci5W:noANhlDWd9YSrb6V1jW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489613, "uuid": "e542e308-0f66-423d-b46c-29881a6aa4a9", "value": 526600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489613, "uuid": "896a89ed-f2ad-44d9-8e6b-f560f5636a63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "6df18b68-4b1b-42e0-aeac-14eb8cc80488", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f6ae400-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684533974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533974, "uuid": "5d0efb71-e634-49e0-9a55-3cad62a9c22e", "comment": "Malware payload", "value": "f721ec8916d2331e6c58e09212995637", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533974, "uuid": "659a7b68-7234-42eb-9971-199eb1820a7a", "comment": "Malware payload", "value": "58b1b9defb6649eb668e6c70b859a5260fe32c03a273b401f597dc09e37653db", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533974, "uuid": "840360b8-5d58-4c34-892d-872ea00c1386", "comment": "Malware payload", "value": "352f4c835c2fc2e9905c27db4e4f020d4a2f7d58", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533974, "uuid": "26a3cea5-143a-4c0a-a188-ffb6746e7302", "comment": "Malware payload", "value": "2efb98541d937802279dfbb55f978cdd484065df09263542b40d668d077b47704e2a5a6c91064e078e79f1c89eb0bcb2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533974, "uuid": "d50324cd-f62e-45c3-bbf8-4522639fc8e2", "value": "T1DE56F805ACC82BA6C06D5B7485EACE6163B41D085AF14B362654FFD8BC762B4BF07C9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533974, "uuid": "1b4f8407-0029-4e1e-aa09-aa11bb5248b0", "value": "24576:avocWXZYzv15eZ6kh9wZhZkvhKRuZBAPZJqh9xZH5xJloaRgkZzILs/1ppAp8ep+:KtztascbyLs+MwpZcG00mWU1I1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533974, "uuid": "fad3c9db-95f9-4852-8fc8-8a38126642d5", "value": 5898240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533974, "uuid": "5e965e98-bea3-4bcb-947c-591361a9f2af", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533974, "uuid": "6c71a839-0f32-463a-af01-bb2a3534e73d", "value": "f721ec8916d2331e6c58e09212995637", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d60d757-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684478002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478002, "uuid": "1674653c-9e63-456c-a685-2c37f0b702f6", "comment": "Malware payload", "value": "5a6576edc9161c529608749eb5041a5a", "object_relation": "md5", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478002, "uuid": "1dbc9827-be7e-4579-af89-c93f04acbf11", "comment": "Malware payload", "value": "58ca1ba2da80c0a8134807ba7cdf46becbc751cd735601a6411dd4d95bb1c8f9", "object_relation": "sha256", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478002, "uuid": "34e69ad6-14aa-4b18-bb7f-1b12871be760", "comment": "Malware payload", "value": "5286ba304396c880e0cc3bd898f5f6cd46291b43", "object_relation": "sha1", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478002, "uuid": "25b58673-203f-417e-a2fe-be35e181301a", "comment": "Malware payload", "value": "e205bcfd4f04d5af488abe285defac5018548cffa7e137f2a868c1e066b4f729cd56492ca1d3bb6b9e1fc60b66bcea98", "object_relation": "sha3-384", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478002, "uuid": "ee510c28-9344-482a-b33a-54a640542e03", "value": "T19D54BE176508EE8BD20187F07F8B7C89770ABE15AAC536D6315DF78F2B70126988720E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478002, "uuid": "2c7ee741-f5b0-4d71-9a24-1a2caa9fc760", "value": "6144:wUWaFJkKXiDU7w5cT/qGLhp1yIXLGmJFRP2UOMdFExM:wUWaFiKXKA/1dXamJF9OMdFExM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478002, "uuid": "2fea375d-b788-44da-baa9-1838450968c7", "value": 282624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478002, "uuid": "fa67afd5-c08f-41d2-bb11-6b27a7590e62", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478002, "uuid": "0f8631f2-8728-4f02-b0a2-c86599679194", "value": "shipping document.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6a49a3d-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (LgoogLoader)", "timestamp": 1684486876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486876, "uuid": "22914372-c5af-45a4-aaea-9432e771ebff", "comment": "Malware payload (LgoogLoader)", "value": "bbe48b1eac405044134ba45bd2863486", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486876, "uuid": "99a54fd8-0709-4245-bdd5-873f04aa7e40", "comment": "Malware payload (LgoogLoader)", "value": "591407a0e2ecc003caeacb9a70ac3ae751c41f1a36588c041b4eeb0d7767f818", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486876, "uuid": "094ca6be-e022-493a-a3f9-f30f2630caf0", "comment": "Malware payload (LgoogLoader)", "value": "2518eb6d8467eaf0118dd3beb45d0467cafa7dae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486876, "uuid": "6febdc9f-462f-44d0-9fb8-aaa9347958f9", "comment": "Malware payload (LgoogLoader)", "value": "9dec001dc8990587ed29cc1f87ee659149210bdeb6c543f6762efe651930f222dc8f2723100a0dfbc279da0e614ec1ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486876, "uuid": "93723c15-6f59-430e-a475-bc308a21bb61", "value": "T1D585227AF1C0C13BD0711AB89DA2C2E0746DB7243D28941BB4E91F9D5A364D39A7E2C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486876, "uuid": "f927642c-8e40-47f2-b340-806caaae6f1d", "value": "4afbc3ea79152c3f8469f1157ab7e53a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486876, "uuid": "aeabb8cb-30db-4836-b27a-1e4cfecce1e1", "value": "49152:ssR3ycULLv5AJOzWwKKswt14AnCl5pQcM2GpAgZ5N3:ssRicULLRiwPbC4CGcaRb3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486876, "uuid": "078b6797-786d-4879-b6d1-c90f957442bc", "value": 1708370, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486876, "uuid": "2d6eea72-db7b-4886-8e76-cbe7ccd20ecb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486876, "uuid": "ba89b316-59a5-4211-b909-bc1753392376", "value": "bbe48b1eac405044134ba45bd2863486.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f87c762-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513815, "uuid": "b449625d-8fc7-460e-b361-b87a1db252a8", "comment": "Malware payload (Mirai)", "value": "7d1841bb4aa1e400efbed5329bcb3770", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513815, "uuid": "1e6dedf6-0b28-40eb-be83-309627516327", "comment": "Malware payload (Mirai)", "value": "5930b55e90de6c5549b2e0e077695aa0b9890dd92f2d001e4a6e2393e7b3c321", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513815, "uuid": "782cab6c-2f32-4aca-8a45-ac2b0bc62e00", "comment": "Malware payload (Mirai)", "value": "77cd0e60f75b3a550130fc38f2a25657369bd036", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513815, "uuid": "9a83ccea-69a2-4b02-890f-d772b09a65e4", "comment": "Malware payload (Mirai)", "value": "19f01be803068d3edecd6a7d90f9903de38811205eb7f4168f53ae1349c24ecba7f3a05c02ae1fbda793932356413e0e", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513815, "uuid": "48136e9d-4a0e-44bb-9426-a7c08004c3a8", "value": "T1C3331917B54180FDC09AC174865FBA3BA93771FD0238B2A67BE4EB322E96E211D1DC45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513815, "uuid": "8d149372-5753-4992-be2e-944caa8a297c", "value": "1536:EONfAqBlMEylfYZtR3DUpEhPskB66o/z7+Snyg:RfZBlMEwwZz3Dzhzro/+Snyg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513815, "uuid": "a0a9cd27-1108-4da1-b1c2-1ca691be4e11", "value": 55104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513815, "uuid": "3c636963-0f78-4de4-ac6a-32bf01f4d2c1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513815, "uuid": "5720f14a-3253-4966-9fce-b6d260981572", "value": "7d1841bb4aa1e400efbed5329bcb3770", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "754b605a-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684534011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534011, "uuid": "f068fcb2-e607-4664-83c6-19507f6bad4c", "comment": "Malware payload", "value": "58570e7343d4d7510f33e07a582e540d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534011, "uuid": "9a71e380-b792-44b4-bf57-f8336fec7895", "comment": "Malware payload", "value": "593ae4eeaa1527b0d106db068456a4751bfe2d87bc76a04d467204fb6a71e9a8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534011, "uuid": "3e1ee185-9ca5-451a-8d41-8406ea6d8a76", "comment": "Malware payload", "value": "fed59365765c27466c89ad354e87f591fabe723d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534011, "uuid": "3709d4ac-bef2-459c-ab50-5795dc81f171", "comment": "Malware payload", "value": "aaa0fa2ae6561ea23cac9b99f120d6fc5246bf14d543c395fb8b6371c451c5ccb9630ab4246cb7dc08e46262d1902e36", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684534011, "uuid": "2539cd4c-0dc7-4eb4-83bc-b939e9649968", "value": "T1F6364A50FECB44B6E9031E3154ABA27F67319D054B24EF93EA14BF6AE9376910D3220D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684534011, "uuid": "2d54d97b-3cb1-4887-9739-b7537e4b63e4", "value": "49152:Xn7PeM/wNyWyHKjl6CKIWFNLTlPCM4So2eTXYydVrFKpZy1I1:XDNgCqjgCMtnte", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684534011, "uuid": "f4b82b8b-c62f-499b-82ac-a99c791999ec", "value": 5206016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684534011, "uuid": "225f5777-383c-4412-99fa-8d6739432513", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684534011, "uuid": "f2b6466b-e5ba-41ce-ba6f-b7e7a159fdd5", "value": "58570e7343d4d7510f33e07a582e540d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "789d201a-f66a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684517266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684517266, "uuid": "83f8bedc-29d4-4a63-932c-cfa4e589009a", "comment": "Malware payload (RedLineStealer)", "value": "a4cd1ae410eb0a18a0c48218b7080713", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684517266, "uuid": "57d374f4-3753-4429-a2c2-d9c88f5e6d08", "comment": "Malware payload (RedLineStealer)", "value": "5954c5d07366206ec5ebb351f47197bb31cf4400a82a25beae6fa9dc6aa2af72", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684517266, "uuid": "03eff16e-ec33-4b2e-bae0-5b8d72d80863", "comment": "Malware payload (RedLineStealer)", "value": "bc307851b41bcecee22c7b8761c5ae3d10cbc084", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684517266, "uuid": "bd9a2394-9c7b-4852-ba3b-836d5dec013e", "comment": "Malware payload (RedLineStealer)", "value": "a82f1d9b39925452b47efb6fa716a797ff8606d16257a7feb4cdf80fa0afa3e9013bb05d4ff0ec7906588dfac6caaa78", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684517266, "uuid": "5ee6002b-d6e2-4cfe-8307-12ae4a30689a", "value": "T182E4303C2CBA15E7C438FBAE96D160F3B52B9D23B70F9A5500C347267A6682177C252D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684517266, "uuid": "dbb58f10-7022-464f-8326-02b54ecbf5c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684517266, "uuid": "c8e8d31e-0b2b-4df9-a09b-088f9bca39f1", "value": "12288:jNsb6MKmBFbOgeAdknhqu0mWnTpOesfZM:k6MKzgnqqrmfbC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684517266, "uuid": "4dc9d94e-68ee-400e-a1a9-dfd8af19b3a2", "value": 661504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684517266, "uuid": "8ba6d2be-c267-4e02-aea4-2a901829db53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684517266, "uuid": "b1efb8e0-25b1-4096-82d4-4656ece6c513", "value": "SecuriteInfo.com.W32.MSIL_Agent.FHW.gen.Eldorado.17537.19183", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2459198d-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684532157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532157, "uuid": "e4ab718c-14e9-4f4c-87c5-61faa8219d25", "comment": "Malware payload (Amadey)", "value": "8c83d41c4afb2b2d0dacae8a35d33917", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532157, "uuid": "f4686ec3-7466-4b71-845a-792e91654879", "comment": "Malware payload (Amadey)", "value": "5a32a3e880dc82b49ad434a67422cbc1e9e8685ef3defad00d3ede8a74ac72bf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532157, "uuid": "0e3019b3-b3c8-4410-bd96-11cdf0013801", "comment": "Malware payload (Amadey)", "value": "80f0e0140a9e71cc7fcda2c3d9f64a3126b0eb15", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532157, "uuid": "50f63727-6986-4475-bd97-886816f2ec1d", "comment": "Malware payload (Amadey)", "value": "0389c755405f7d4326ef773f4bf10e893feb3fd0a4b0d189d4012f60e677a8be25e9d67551ade430784e1f4835744d32", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532157, "uuid": "fbb4803f-3244-4e8e-b6be-25a6693dafe9", "value": "T10A252316E2E51032D9B8933004F702836F7A7C91ADB493BB2385A95B25B3F94B931777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532157, "uuid": "6a7843d4-a8b9-4b2a-9c5d-262fb07219a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532157, "uuid": "fae36ed5-3110-4691-b4c3-ffa7f0c6201b", "value": "24576:wyPB1v2vbSX7VXWXGAvC/YmrkrbToAChYjL8/lbTDA82D4h:3zv8SR1AvZxrnouL8/lbTwD4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532157, "uuid": "8ece3b9e-dc8d-419b-bbea-17dcaf2f2ad6", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532157, "uuid": "ff601676-2edc-4e99-9e65-f91802e08d6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532157, "uuid": "d70d87a5-7c44-48c9-ae9e-df57665a05b2", "value": "8c83d41c4afb2b2d0dacae8a35d33917.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be6e6af3-f679-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684523826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523826, "uuid": "895d7b40-7b13-43e8-81f5-765b8c2a43e6", "comment": "Malware payload", "value": "3f5da85fbf0615209e4de09647f1bc79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523826, "uuid": "43f6bd66-64db-441c-9961-8630426ea98b", "comment": "Malware payload", "value": "5b3ef8813cef59e6d7055834b01899c7f30c2ef599a343ea5d52cb1bad9499ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523826, "uuid": "a5565127-af2a-4fad-b865-da6a43a9b78a", "comment": "Malware payload", "value": "cdde1a4859a8d63d37b5c9eff1d534e9a19d2963", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523826, "uuid": "d1843250-410d-48a6-a926-bb5a512e28d3", "comment": "Malware payload", "value": "666b0e28bd13e68e6eeb607465aa06823e1b0df7a4c63ba3e3adabaa3f0789013a126fa429c9a1503050fe6116d8cdc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523826, "uuid": "8a70e91e-ca5a-4a8f-bfed-c2ba668aa23b", "value": "T1B736C32B5197A6A1E0D123334BD5D3D791E8A23B3CA80CEE9EC4AC18645DE73536C6F4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523826, "uuid": "9a8881df-9f8b-4b27-a41b-a09903c8fd5b", "value": "73230201abc5a1fa94cba1d1d004cef6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523826, "uuid": "fb6e3910-1d8f-439f-b03a-80200efada10", "value": "49152:QaTuR4VqWofCrpx0G92B3nvVg/EJCHpQ+18007buCZC9eV+o8PXjDfj:dUEEzC9G+oQXn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523826, "uuid": "7d7a5b5d-db18-4164-9d06-6b31c62578b5", "value": 4910592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523826, "uuid": "2cb8d40a-5744-4425-b381-161d1a1d22aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523826, "uuid": "94c61f27-5c28-44f7-98b3-efa4f4c49f6b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ce10a49-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478485, "uuid": "74c84f35-915c-4f1e-ac43-2b2666a88b21", "comment": "Malware payload (AgentTesla)", "value": "475c3511365b0423b28d7cc453e4719e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478485, "uuid": "46274fa9-2928-47f1-a841-6ef4d79d3ee1", "comment": "Malware payload (AgentTesla)", "value": "5b6c8a654e3c1a6845ba2057ed5af8601a1aa110592546f3d13c0d30a5466136", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478485, "uuid": "911f37e4-388c-481b-8d21-b3d187e39b6b", "comment": "Malware payload (AgentTesla)", "value": "fa35a1cb210cfd10856b080439874679a7dfbc96", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478485, "uuid": "b6742616-10ab-4cf4-996b-2feb30607801", "comment": "Malware payload (AgentTesla)", "value": "e67dc2031c50d4fd30dfcaf32845e04114643b82f3bf3c38e907add3c5d9b16af80d1d19cbebb12dde54a32b5985c690", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478485, "uuid": "191df99d-a436-4b92-b913-32ec47cb28fa", "value": "T17CC49620F29D7084F3F73F0167AEB6956B8FAB61A932DC1C658486AE7285C14ED31371", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478485, "uuid": "5b02727f-82b1-43eb-8e0c-5baf14b6581d", "value": "1536:9Hmd+CKN/SoY+oYFt6C2MClLxKvylTBm+rbfbrUT0hkpzYWm09gs2:9Hmxw/kYFwlLxAylbvffUT0hmxc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478485, "uuid": "37b916d7-02e9-4814-890e-eb442979388d", "value": 572530, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478485, "uuid": "5b0e26ce-5c9a-4e68-a6fb-c7daf4029dfd", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478485, "uuid": "b73cd13f-4a76-4dc5-8469-b4c8e726fd1b", "value": "nuevo pedido 008794897.pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3f6d47b-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684477020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477020, "uuid": "3893962d-aed0-4881-ac7f-c808949e5675", "comment": "Malware payload (SnakeKeylogger)", "value": "78df23e5fbb27d54348bc923408e6083", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477020, "uuid": "c2576617-2ee1-47a6-bf6b-dcc167e89a2c", "comment": "Malware payload (SnakeKeylogger)", "value": "5bbe6cbe663ff413c9c7a46720cb1efd61b07720d0b828d368918e9cef336b30", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477020, "uuid": "ef1108c1-35e5-421a-9fa2-adb326128477", "comment": "Malware payload (SnakeKeylogger)", "value": "1853562c204377c0cd4b61d6838bd2a7ffcc1c30", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477020, "uuid": "c9c06dad-b06d-46b9-9a20-37413ed9088e", "comment": "Malware payload (SnakeKeylogger)", "value": "0231a98a2f91ee9a0b4a56b0aab6f84c4b61d29645f52994e75c1c66a9808f3ff04d101f640e86ec5d23933a4e35c18d", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477020, "uuid": "e06b0482-b70f-4666-b7e4-d14ef5a2e0aa", "value": "T184D4334B8D02E4ADC255F4B71F5AC177B2B4235B2A16BCEDBA728F4D1EE13002529673", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477020, "uuid": "41e246da-6e10-4b38-a0de-f2ecbc9b3fe5", "value": "12288:vCUm4qZoK6U2JgTi8S3y5FeaUB5ZmW5Qj8S3hPUgyIW+a3XK:vDm4mGU2ln/F0n9UgNxaHK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477020, "uuid": "2c2f7ec5-0998-4ca7-9564-c968df535847", "value": 628122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477020, "uuid": "a005b231-5627-48e8-8f6a-2b4c8fbac68a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477020, "uuid": "059332a6-fbf3-492d-96c5-841e24e96449", "value": "R09865434500.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3ffd7d0-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684512722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512722, "uuid": "fe63f9cb-ae60-483e-9cf9-122f8239ee53", "comment": "Malware payload", "value": "558a45d249853d03345e6f8a1109e681", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512722, "uuid": "7057dad6-ed61-4f6c-9ac8-267688ce3da4", "comment": "Malware payload", "value": "5c1274a89a882c457af5e725f0058e9013358f34c3f4bc66c66a8c77690ba999", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512722, "uuid": "4ba6eed0-8051-42d6-8eaa-4adb994b83b6", "comment": "Malware payload", "value": "2c710d503f26bf9467d6655d12979c4451f26df1", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512722, "uuid": "9e64995e-401b-4171-b4ff-7bba53689f09", "comment": "Malware payload", "value": "add1cabce69e0ae2b41c56a0c086357743b853a8de61b6f6fcd3410d7b0fc46153f29e8ae936c97a7b1a2172b8a0efe8", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512722, "uuid": "93f39a42-7e34-4001-ac5f-7816190d8b42", "value": "T163C58C01F501CA2BC3AC4631199ED7FA23F93C0A8A45469BB24D732D3EB7E54DA5670E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512722, "uuid": "6147e269-d784-4d81-b12e-031ab50d541a", "value": "49152:q7hZ9v2I788gEPPvFgtIODGcOZa1JGQVpboxx0bC8E5VC7G:q7h7v2j8PPvFPOuZaCIpboxx0LEG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512722, "uuid": "6f681f29-9692-44e1-ae6a-6ca989a1b7ae", "value": 2741248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512722, "uuid": "d98d3a62-67b5-4caa-af6c-5680e555aee8", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512722, "uuid": "acd099ac-cc0a-4d31-bede-f528a905de4a", "value": "Corporate_Return_2019-2020 FINAL.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26936d77-f674-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684521424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521424, "uuid": "7a6259ed-3ab0-4390-a448-73f27ad7349c", "comment": "Malware payload (Mirai)", "value": "fe860abff764df6c567f78f901bef217", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521424, "uuid": "ec40b406-e494-493f-8a3d-8a15224e5d32", "comment": "Malware payload (Mirai)", "value": "5c2943e7a8749b836f0297eccdb5681b4d74b3a42896fbaa9e2a0c7d111f7a41", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521424, "uuid": "12e1f7f9-15ff-42a4-b8a4-fec883d65229", "comment": "Malware payload (Mirai)", "value": "5bf41af803837ffa9eee14453b2b9801b38d96e9", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521424, "uuid": "1ff8c5dd-86a7-4717-8381-28f8dc89e3e3", "comment": "Malware payload (Mirai)", "value": "b0967137782f17954785f05ac3e18b6b4a5b896e1d9aa66026c0bca2b25ba1e94f05d7b954fac10fad61c5ec1829ee59", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521424, "uuid": "11f23ce0-6284-44f6-bb45-b39953f98992", "value": "T1CCC2F235EAB1470AFA3549BC7949E546E8968493D71F07090C801F977E360B8F927ACD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521424, "uuid": "c79334c3-e01f-40e2-b0bb-c1c30c827fe1", "value": "768:zTaMXzGzk1W3OwJaeFq1yPaYCGGuR91z89jdH:HBDGI1W37aecjYCGfGBH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521424, "uuid": "dfa6c687-4b39-4315-b7d4-9f165a06c2e0", "value": 27468, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521424, "uuid": "11765a9a-d688-4004-8694-e05d3fd68320", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521424, "uuid": "0060da5e-cf28-4afb-a5a8-17fae217cdaa", "value": "Alpha.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2425952-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1684478682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478682, "uuid": "ddcedfc3-7db7-42c6-b641-eb2dff9d8c68", "comment": "Malware payload (GCleaner)", "value": "1793e3e1c30623a4be6801b4b34464fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478682, "uuid": "9c822c09-3e00-43ad-aad9-c6213587a98a", "comment": "Malware payload (GCleaner)", "value": "5c295da5dcc1e6ca1ffbe68e78ea32cf99854f183c65ead50337d520444bdce6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478682, "uuid": "61f13504-e6c8-4c43-b6be-b8707f7cf2e6", "comment": "Malware payload (GCleaner)", "value": "2790acc268b4301d714bfc480b1902e5ae61e934", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478682, "uuid": "84f3399f-4b5b-47d0-8180-d6b4695e6f0c", "comment": "Malware payload (GCleaner)", "value": "1e19756161a61e9dba06b5288af0149cb08353368055e8e9cf3a564ec1fc9d66d771be71d92ab9b75b1d916c7614f8cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478682, "uuid": "d8b6b109-c966-4206-acdc-fc26491e834a", "value": "T1FE953361D6BD9835F062D1F8CC0D867135F1F81695625A8C2F9D9FBC1B23620FA2BB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478682, "uuid": "f8f4ebf9-a62a-4af0-8697-0e91147e972a", "value": "e92b45c54aa05ec107d5ef90662e6b33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478682, "uuid": "57bf0d6a-b696-4134-9b20-2f3176d88808", "value": "49152:yisJVlD7rehkOdlARV8MFnVobIBdm0gtyPkylMvvggEHGuZiW0T6s8wue:yisJvChoB/rm0gmkylCgl9Zbs1L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478682, "uuid": "d4fa7de4-c433-407d-9527-971c7113bcea", "value": 2014250, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478682, "uuid": "78e4641b-912f-457e-99ba-1a7db3ae6ecd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478682, "uuid": "7d23ebb2-d4d2-44ec-a724-653fb101b6ea", "value": "1793e3e1c30623a4be6801b4b34464fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db86ada7-f5e6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460739, "uuid": "f423c057-a6d6-4972-8302-7146994274e5", "comment": "Malware payload (Gozi)", "value": "9a1925752de9adbb3e396de434f0bbbe", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460739, "uuid": "04420aff-9423-424b-bc9e-b7ef67f379a6", "comment": "Malware payload (Gozi)", "value": "5cd695c87c2b87290e167c8ef030d2858621153b058d8655afee049392a259d1", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460739, "uuid": "086527b8-998c-4e30-b021-4ff2d8343025", "comment": "Malware payload (Gozi)", "value": "fbdf3b5b4cfdf2914bca84454112849a71226aa3", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460739, "uuid": "80b11468-5207-437e-a06c-8832d380a2de", "comment": "Malware payload (Gozi)", "value": "1db644a11104a8f00136f44c2def86baa1a5f4bd16c1b34fbef18b5a24c6a8242ed6fe52f7eae0186b5c9e1622a47523", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460739, "uuid": "0c656a97-1d71-4fb9-85e5-fff3c35f8d72", "value": "T131B2D083550EF699A5FBA3D3E440ACF9586A036C616C4851108E39814FF667BDBC1CFB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460739, "uuid": "861ec237-4c19-4906-b5be-c2b834e495f0", "value": "384:H1Gvrnr43r8+bDR8GequQABhWPzKE7H/vDcGh5I/tJmTMiOc14FEiM1yu7eRBGXZ:VGvA3rxDR8Wuo7KDw6tJmTMG4Ft+Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460739, "uuid": "10426a4a-b1af-4dcd-9d12-05ef6a6438cd", "value": 23488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460739, "uuid": "0af696e3-a451-4d05-9e73-3b5af99c2823", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460739, "uuid": "b9d1a5d0-5e6f-4e42-9ea9-e2443d5c8479", "value": "1 Total New Invoices - Wednesday May 17 2023[1].zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e1ec28b-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684516309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516309, "uuid": "d203da4d-de3d-4de5-8266-9b657dc0ee22", "comment": "Malware payload (Stop)", "value": "735b1b9dc7d60b9512da756cf41aa857", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516309, "uuid": "73f086b1-2ad2-4dab-92c3-4e60acb027c1", "comment": "Malware payload (Stop)", "value": "5cd87944f98dd4e2109b9059e40ea08ad8232bf41dc3b8437a1559ee93edd853", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516309, "uuid": "ee97e777-402b-4b62-a05a-8195e01f750d", "comment": "Malware payload (Stop)", "value": "cefa0c50bb499bd06086400354f6c15f20c69b3d", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516309, "uuid": "cad908bf-3469-4e20-9c83-71530e2d694e", "comment": "Malware payload (Stop)", "value": "2817c50ec7f05ed366ba070278089d4100c106e166b103fbacf3831bebbd5f883a8b6b159e003dabaf2b96aaeb8ed8b5", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516309, "uuid": "60e9757c-8ad8-4a52-b6f2-2b602c2521c2", "value": "T14305E10391E0AC67E7254A728E2EC6F8755DF9214F053BD7221A6B6B08B11F2D53E372", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516309, "uuid": "d9049c41-2e61-48ee-bba9-9177e70d44be", "value": "d27ebe75147c59ca8d8ec3dca01a82f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516309, "uuid": "a88fe762-e3e1-4c5b-87e1-7f772845df15", "value": "24576:6BNP/aq6fUsUKOwM4Gs8lulaaI3nEwZQ1L4:ENH0U0OwMJsdAauEwZQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516309, "uuid": "5708a61d-253a-48bc-ba95-6208fb36753a", "value": 844288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516309, "uuid": "778c8e3c-09c1-424b-bc8f-d2c97c04b206", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516309, "uuid": "1a83beb7-7458-41ad-b256-a97673369a55", "value": "handler.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97010c3e-f62a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684489830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489830, "uuid": "2a2c7f16-f011-4a2c-96c1-14e41a60ecca", "comment": "Malware payload (RedLineStealer)", "value": "c1743a65cedf2616643acc51a232567e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489830, "uuid": "616f1a81-90d6-4e78-a48f-e156c2351517", "comment": "Malware payload (RedLineStealer)", "value": "5e209b28a0d3a0f0db2ae800b62862ef1f4b8b393e1b75fdee86c43a919bb320", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489830, "uuid": "cc984c87-2b16-4448-a66c-125959a1b9e9", "comment": "Malware payload (RedLineStealer)", "value": "b6cff32f60442fd2a54b35613fbdc6cc11141bc1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489830, "uuid": "00306bd2-c90a-4cf2-a986-5bce850709a2", "comment": "Malware payload (RedLineStealer)", "value": "bc8dbbd63c5d49a4f384f0dd9dbf47ba456cbacb85461b79bc4f29b3a07bee62e04548fddbb349fa43b97b196a39c150", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489830, "uuid": "ee2b55af-ef0e-4970-bea4-3012167363fc", "value": "T1DD25235267DA81B5E4B64BB10DF723871B3B7C624CB8C3170A81A5974CB29C5E83771B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489830, "uuid": "17248a4f-f21c-47a4-82a7-079d6ee43b93", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489830, "uuid": "7b3e4448-872e-4c01-8386-2a0196410567", "value": "24576:OyZs26VqBv1WL9l94yVqw6vOBUFmcZYNly89+O8UFEa:dZstVqBoL9wyD6vAXNlyK8UFE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489830, "uuid": "d0697925-896c-4cac-8020-b32561f06bc5", "value": 1043968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489830, "uuid": "a0f4115f-28fa-4a69-89e4-a36bcfa5fed7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489830, "uuid": "7694098d-1883-47f1-929d-9f5982bbee26", "value": "c1743a65cedf2616643acc51a232567e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95ba897b-f631-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684492834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492834, "uuid": "6f15e793-72ea-4550-9911-85a58db04098", "comment": "Malware payload (Amadey)", "value": "f325794019dcc615596e8722a583d1ae", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492834, "uuid": "dbb2fafd-b916-43e0-a120-33297b581e42", "comment": "Malware payload (Amadey)", "value": "5e80834ae919df7171fe5f5acd5c6f8b6fc4c4a54720bde1b491f8e36adc1f61", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492834, "uuid": "89a2c4a0-9220-4fa9-b04b-2f131ee71efa", "comment": "Malware payload (Amadey)", "value": "4482555be7b7de92d57246acfc4814fa17d7d7e5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492834, "uuid": "ddc502db-1676-428e-9f3d-c15d1a0a6ae0", "comment": "Malware payload (Amadey)", "value": "5f6bb349a63fa426b3ed2c6d62c3b8796b9130ec417328f4776cf98c47ccc1ba3abf7a062729212cc43ce06ce93974a3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492834, "uuid": "f789afd5-39aa-4860-b1ad-d5ef0a9ffb8a", "value": "T1B8252312B7E45073EC7E07B22CF607A31334BC151D78D3ABAB49958B8CB19C4697276A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492834, "uuid": "5c7f9493-22f9-49f2-96f6-ea868812a534", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492834, "uuid": "8f2b4e83-580d-4538-a469-6ac3903ae409", "value": "24576:WyFwCPCm9pJ+lx6X52zZVjiZjAAvbyLQvcKmO:lq/mT+lUp2L2iAvu89", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492834, "uuid": "f1fdc773-c18f-4c3f-a36c-dd2c618fdd9f", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492834, "uuid": "61794d7a-8d44-4b1c-9fe6-e2820b61b44e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492834, "uuid": "37699004-398e-47ad-910c-9e85682b8c28", "value": "5e80834ae919df7171fe5f5acd5c6f8b6fc4c4a54720b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cefa0832-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684528149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528149, "uuid": "7681c339-ec65-4f09-9767-ebeabcbaa365", "comment": "Malware payload", "value": "b576aceef87d31cbfe08ec29f174b41e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528149, "uuid": "6595f98e-cff6-47cf-84d5-952e18611b56", "comment": "Malware payload", "value": "5ea7cdead9432b9873168a729364e7ad5a3a6c6ab62f20ff5419aea72316b137", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528149, "uuid": "fedcd345-f8d4-4caa-8523-f22c9b481187", "comment": "Malware payload", "value": "ed6d347a12890cbb1241f00304308696132ca1f4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528149, "uuid": "2ff5d71a-860d-4dcf-a4ba-627af32702d5", "comment": "Malware payload", "value": "e9fb22205ccd1b58c37356d8221df3a322946d21fb7c1fde5d47d2e848ff6d1eee8843be5d595377775ee5a0a1776f59", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528149, "uuid": "b0e2a870-d843-43fe-b465-4de1109befec", "value": "T142F2E68AF9819B01D5D54279FA1E224E3713573CE3EFB3225E242F24678686B0F3E815", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528149, "uuid": "363f98b5-b978-4944-aa3c-7f1224ba3bdd", "value": "768:gdno7OvXyJyioH8quvfamKU5/JI2j2Ii1Hk3/lo0kvlV/:gdn//yQiCZuvL/JIWNiZkPlo0k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528149, "uuid": "e66c5cda-6608-488f-b0ef-0e4c23733977", "value": 34424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528149, "uuid": "0fd0b1fd-996d-42ca-8c67-ac6391506d31", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528149, "uuid": "4ff88b83-aa87-41c5-a3bd-d5254c1a3661", "value": "b576aceef87d31cbfe08ec29f174b41e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6342c56-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524349, "uuid": "524d086a-cad4-456f-a74d-728ccd181499", "comment": "Malware payload (RedLineStealer)", "value": "0fdaf81999b9957f11d469302540d2d1", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524349, "uuid": "0e53d7be-7cfd-4a85-ba34-3786e7827b4a", "comment": "Malware payload (RedLineStealer)", "value": "5ef2573918db29ad62d7a0e65a8b94b56f4faa0e418b71d40e97ae0bf9ec07ab", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524349, "uuid": "5f14815a-f629-4c8e-b09a-bfb50cd4eb06", "comment": "Malware payload (RedLineStealer)", "value": "57735846128ade662f121abd60d5e520bac8cd64", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524349, "uuid": "3f9bad63-f46d-4976-941d-b25ffd303ef9", "comment": "Malware payload (RedLineStealer)", "value": "9380a42d442630bdb8cc316c92478ea87e785a3f00253a4a38cab2d6da460fcbd0b0f8a99c8d729d07ce02c31cd97aec", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524349, "uuid": "97da78ab-efc9-4713-aedc-0ba206638074", "value": "T1A825235AABF90472E5F413B098F613832F39FD711C7086EA2A44B51A0CB3BD96531B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524349, "uuid": "a2b6ee39-d980-4338-9b13-e34d5ddb309e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524349, "uuid": "774c3222-e7a9-4da1-a0ab-4b18c405aa2f", "value": "24576:iyci1wIVg7dkEtzeCg4Ljz08yvAqaGlAlcTcZx/hpKl:Jci1wPMyLH08KAl2tTcZDpK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524349, "uuid": "bb86cd85-4532-430b-97f4-fde6b12b9853", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524349, "uuid": "df3411c7-9c91-4cd8-8efa-f6d24638342f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524349, "uuid": "2ca2590b-c03c-4229-9476-b1bb8d7ce788", "value": "debug.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be570638-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684498056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498056, "uuid": "c36f6cc3-608c-408c-9762-e4c7a3704fb5", "comment": "Malware payload (Amadey)", "value": "fe862f8ea8d0aeeec50fe11d1d8bb0e1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498056, "uuid": "d7aae531-b579-4337-81a6-921d4d6c6190", "comment": "Malware payload (Amadey)", "value": "5f2fa09fa9ae71fa22927ef11f067de55dbd06e5a76743b7ea784697af00ca96", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498056, "uuid": "49585534-525c-4f50-b45c-c206ab470bba", "comment": "Malware payload (Amadey)", "value": "5d3d100c5b422386400167982351753e1bde752c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498056, "uuid": "7fdc5018-f442-4b59-b1b9-1e7d70d556ba", "comment": "Malware payload (Amadey)", "value": "611215a3a7d64d0c989286a67a1e30f315853afb45acdc671c2fe2476cb805aefe66331860e507f33a2ee55aa1b2194d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498056, "uuid": "f54b9746-f60b-4179-8aa8-05193f09cd41", "value": "T100644B135291BF62E5264F729E1EC2F9B6EEF4508F49A7D762146E2B14702B2CB73301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498056, "uuid": "03d4f7de-388c-46dc-aa0f-1ef97de2057c", "value": "52052f823a75c3e49d6f33c06369892a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498056, "uuid": "5cff5c8b-3110-42fa-b39a-5ef24a5aead4", "value": "6144:o24S3FnWj5cXcT285E8fDaui++3sqTUt1:L3FW2Xq2MfDaugUt1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498056, "uuid": "58eeb766-7808-4a07-b90e-fdf698217b08", "value": 330752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498056, "uuid": "13f3cd84-4ceb-4812-9ea3-fcdff451778a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498056, "uuid": "601fe41b-228a-4f91-82d0-11a7d0ca318b", "value": "writer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5435772-f5f0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684464996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684464996, "uuid": "c26fe9b5-7fd1-4ce2-8d6b-c415ec90e04a", "comment": "Malware payload (RedLineStealer)", "value": "487af6ca472f85d12e331a5742fcf7ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684464996, "uuid": "265f7a30-29bc-4cc9-a3e5-29fb3243771c", "comment": "Malware payload (RedLineStealer)", "value": "5f3b29011c81f461600642f07b88ae52d713256bd4bf4366b0ed26a805447f39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684464996, "uuid": "2cb74fd7-fb59-4473-9261-b656697ea4fe", "comment": "Malware payload (RedLineStealer)", "value": "6f53b42da70bc69da0f4cf18252800b4b53a4b1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684464996, "uuid": "2deee77e-5f8a-43b2-baee-bf13c507938b", "comment": "Malware payload (RedLineStealer)", "value": "ff6a14a36eccb491f23d5316432aca72025ef7049f42b161041ab279d0ab52ba80f5f20ca18df24f9d80e070df853173", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684464996, "uuid": "8cc3642b-8c04-4740-ab8f-01243fc29d18", "value": "T13A252213F6C89133C5F0177158F702831B393DA66EB887BB3651AA5B0D766E0E236366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684464996, "uuid": "1ad86cd3-ac9f-4381-8f2f-3a98a77967e5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684464996, "uuid": "72c9f560-9f01-4165-8f7d-adddb3c040f3", "value": "24576:FyM7FW37TBguda4/etbAfmED6EZf//lmb85EpxQmxOWPyAE9UedGIgfOIOxS:g8W37TBguc4SiD6EZfH8g5EpxDxOWPPD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684464996, "uuid": "529119b4-c6d1-4675-b7c2-f31489eb43c3", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684464996, "uuid": "b748a552-72e6-4a56-bd9f-0a08eaaf1007", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684464996, "uuid": "7fb86ba4-7662-43db-92bd-f64c3c441dcb", "value": "487af6ca472f85d12e331a5742fcf7ba.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6de3050-f61f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684485159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485159, "uuid": "392fc428-19a8-4454-98ae-a2d0be66d5ea", "comment": "Malware payload (GuLoader)", "value": "fca4d3e9bbbcbd574bc91461ec197daf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485159, "uuid": "3c54be0d-96b0-4cc4-aed2-7f5b3bdac6f6", "comment": "Malware payload (GuLoader)", "value": "5fe6734d61d90920758e2b143c37207ce9bb4afb67dad6f578e446b7fa7ca8ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485159, "uuid": "c272e9bf-7879-4ee1-9748-b77f8ccecdd9", "comment": "Malware payload (GuLoader)", "value": "ff6e68867b30ce208a6cc72779dd8987c938b11e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485159, "uuid": "9571ab9a-0a96-4626-8653-3ac975225030", "comment": "Malware payload (GuLoader)", "value": "7b75a3dc4ee2374632b92e5478da37edc32531a78bdf214fe632c7cba9fc55d5dc0dcb7549d4da1482bbe98f22f902ab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485159, "uuid": "d660a0bb-cc36-4c33-87ea-a4fa56e8ac38", "value": "T14CD412027F0CDC63E3A3C8775276DAA886399ED51E135317E378752CBABE615B80B205", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485159, "uuid": "ce1b7b90-0739-4cc5-a9ca-4907725b8e43", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485159, "uuid": "556e5dbd-f873-4099-ac18-26ab82a6c08f", "value": "12288:phrO+fXNPEc0XykHayCv2hMzUSF6UWQE/onCO6n:ptxfX9uy8a1uwWQE/5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684485159, "uuid": "52aeea0d-72c1-46cd-9a0b-3dc93c3b28cb", "value": 650963, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684485159, "uuid": "f19be1ff-ab52-44cb-9a95-4a18d97b090f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485159, "uuid": "ab46dc73-7e66-49d5-85bc-7b968dcc6b18", "value": "Damoiseau.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24182b36-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525285, "uuid": "6f1177b2-0cd3-4e3d-8e5a-28d7839fba69", "comment": "Malware payload (Mirai)", "value": "c99bf5127e6213ba957a919fba9ce45e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525285, "uuid": "fc4d7a58-c5d5-44e6-b624-c62854c9f4c8", "comment": "Malware payload (Mirai)", "value": "60288ba2c89fcdbd1aa348bb7b5fcf832f1a563861b46e8a9b855055314ff3c9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525285, "uuid": "cb6f4a91-5769-485a-88cd-0020e1a078c9", "comment": "Malware payload (Mirai)", "value": "a99bcdbefa0bbce0a598cdfb30b7dc84022fdc28", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525285, "uuid": "9c4ac24b-5226-46df-aa67-58c7a7a1fa26", "comment": "Malware payload (Mirai)", "value": "b96e305d07f3f70c935a516dfdc4652662715532b15ecd25e5098514759706dd5eb6223c921e35717f4805d31d8759c2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525285, "uuid": "8f0b3400-e925-40a0-ae83-66b3b4a84a9d", "value": "T102E2F1D793B1E052DE7C1BF2F53DC18A627D469CC5B630A32A056A583B960531A3D893", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525285, "uuid": "59ee3a1e-77bd-4401-a4de-392584068a63", "value": "768:OoiWiO031vpAPbrVWZK3XVGxm9X/Y3UQwpI1:Oorm1vpALgUJa1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525285, "uuid": "3cdf66a1-2612-4e5c-b995-034d50e8ae4f", "value": 33164, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525285, "uuid": "cb93cfa6-1719-402f-9c6a-3ef8b350422d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525285, "uuid": "cd52adbd-7c9b-4f04-8823-3330ba450e37", "value": "c99bf5127e6213ba957a919fba9ce45e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "194ca447-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524408, "uuid": "f34884fe-afb6-42b9-b24f-7871eae372d3", "comment": "Malware payload (RedLineStealer)", "value": "4fc9b6433f4a9142baf59e1701bc1d0d", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524408, "uuid": "92108d4e-b2eb-4a67-ae34-77df5a9f61e2", "comment": "Malware payload (RedLineStealer)", "value": "620f7e13d93b6de6685792c706f48aaefd92c78d406519454116d90f86e875ab", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524408, "uuid": "b927ee4e-cad7-4c81-8042-311cdcbc6653", "comment": "Malware payload (RedLineStealer)", "value": "49e9e466fea0b52bf7ce8728459e36a99d004839", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524408, "uuid": "70edcd27-5115-43fd-983c-87c86e49a464", "comment": "Malware payload (RedLineStealer)", "value": "1c25daf959a5d07ce3d7419f6444f9994f954af1f02d9d2fe8a688ff4c9aae8087415a6b7de575f8c62e3ade88fb0922", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524408, "uuid": "16d88269-d250-4baf-a604-7ecf6f5b7351", "value": "T1E9252303BBE4C1BBE4F01BB058F503931E7A7C526D68476B1782A96B4C726C0E67572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524408, "uuid": "98628ba9-4a09-4d81-8d0f-41899b48c409", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524408, "uuid": "95b14eb2-1f14-4708-8b1a-3a90ab130002", "value": "24576:Ay2ArBvubIbufyxQW/eMFnCqaNXYR/DRULSXzTzx6N:H2AobIrQW/tCz+xRXF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524408, "uuid": "800f2bf0-2d2a-4c30-a4b1-bc61d7d81594", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524408, "uuid": "472b11c8-2951-425d-838f-ad478c7a40ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524408, "uuid": "5d84bdce-08ba-4c33-9469-b3b7be4b61ac", "value": "input.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97a7e1ac-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476946, "uuid": "cd3db278-9e97-47c8-977c-b08e0ce7f374", "comment": "Malware payload (SnakeKeylogger)", "value": "741d55cbad3656ce1d439f00d80b551d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476946, "uuid": "c3b9598d-f2f0-4a1d-9e84-ed4b479dcc6d", "comment": "Malware payload (SnakeKeylogger)", "value": "62f8a25d4004ab00392eed751610158bdceaf54359f694564310226579a2cea9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476946, "uuid": "dd101eb6-9e93-4341-8769-029933f1b8bb", "comment": "Malware payload (SnakeKeylogger)", "value": "876a9f3677dcb740f096a6c90f1a8fbee930fd3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476946, "uuid": "39a90abf-51dc-4eee-a795-ae796808ae66", "comment": "Malware payload (SnakeKeylogger)", "value": "c9ec05a4ede2a992eabca04ce136a3ed6e55597b6fc7bc897586abe78275ecd77beec949c16640eef4f57f9c571b4225", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476946, "uuid": "377e3978-d781-4a3c-bfa4-b58736f72214", "value": "T1FAF4503D0AA589EBC1BBD374A7CC499BFA73D817F15C9B6904D6034262436CEA4C21DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476946, "uuid": "a6f0b3f5-299c-4776-b648-db4735ddbe6e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476946, "uuid": "d82ca214-9404-4a36-92af-9889506a006b", "value": "12288:9xAIdvqXPVxcHD6+pBEpApuw8im+wLE9BPqRU8AvSljSl:9xAIBCVqHDFpeA2iBw6qRDHG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476946, "uuid": "bfe88d26-86bd-4fc5-be83-33a0b3e725d6", "value": 742400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476946, "uuid": "e4d7412a-3867-47fe-a925-84268790dad5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476946, "uuid": "27a0f42d-d56c-44a2-aea1-c0982f7ec393", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9585c231-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475654, "uuid": "5ac9872e-f25f-4eb9-b243-56bfc4dd48f9", "comment": "Malware payload (AgentTesla)", "value": "ffb885882a0f25ea34ecd01e3e9735f0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475654, "uuid": "933f6775-6435-4dfb-b472-740f196d9132", "comment": "Malware payload (AgentTesla)", "value": "64d673ab703de588ebe64fcf054c8941cc24cad19f07a28ce874b7d95863fdf0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475654, "uuid": "b6a46476-b64e-46f9-8628-ffe0ae3bba5e", "comment": "Malware payload (AgentTesla)", "value": "bcedc6f606dd0a39b94f04252af88c3edd57a06c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475654, "uuid": "4429995f-9214-48c8-b296-299acc843cdd", "comment": "Malware payload (AgentTesla)", "value": "15173874eb6b8cf056798bd4ad09ac17f70a58db2f00bc9c724126d41f77a9359fe78e90f3f694224f981676821b65f1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475654, "uuid": "3f916f65-7b9e-4cc6-947a-075473bf20df", "value": "T1B335C0113BE86F2FE1BF0B79D433015946B1F902A356E68E58E0719D28F2B05AD167E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475654, "uuid": "6335b858-8c2f-41f8-aab6-249a1c0ed28d", "value": "24576:4vUDd4HOg70L/eI4gsonSZUULOEjiBCQBtV/XKmfA5Kh9:yUD6HOg2ugsoElbM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475654, "uuid": "3b455984-525a-46ec-9bd9-663e251fed39", "value": 1147904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475654, "uuid": "2438a99b-e266-4936-a5f2-d4e5051aa66b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475654, "uuid": "4b011d08-f484-4f81-9126-242498f62ff7", "value": "Pago 202310038700.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a03b481-f671-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684520275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684520275, "uuid": "8a494dc5-4e46-4445-82ca-4a522e40c1cd", "comment": "Malware payload (Formbook)", "value": "0f6df6fe7dc22d6042a636aa9e7aeeb8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684520275, "uuid": "bec18897-ee3d-46fb-a3dc-fd735a1cd926", "comment": "Malware payload (Formbook)", "value": "64e9e76c9c64aa89f98ba7a6413df1c33fd3e5efeb35a7d52cb9b8b4fbe6f443", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684520275, "uuid": "28d7a344-467b-492b-b17d-9ed37e23118e", "comment": "Malware payload (Formbook)", "value": "6e5e210f48b2b843b98e7568ae0ebba3e17dc3c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684520275, "uuid": "f7f99bbb-870d-4728-8c53-55d9279452c4", "comment": "Malware payload (Formbook)", "value": "6745bdff14d9bb1b3409fa29cbabacbbe052b95f968d35ff359ea474c8ffc17cd79081e04473ab083600268815b40cb9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684520275, "uuid": "2b73d629-8b3e-444b-9735-1d2b1679d0a1", "value": "T18315E0943A90682DE29BAE7546B2FA3453747C61D713430A15F22D9BBD2EE837F012C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684520275, "uuid": "49de9374-51cb-4ca9-94f4-ccdec8387fd3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684520275, "uuid": "7543f40d-fba4-4258-a245-d5f2462619f3", "value": "24576:bP0tmoCXmwsmOG5KL6bWGIJmCQ73h4GJAFPNO1Rir:bP0czBsJJ1JLE+GJArO1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684520275, "uuid": "0a0a582e-4008-47b7-83bb-90d84b4a2ce5", "value": 940544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684520275, "uuid": "2231c61c-a6f9-48d6-a0c5-94fe16545abc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684520275, "uuid": "e01b1939-dd59-4f03-a88b-2505fde70222", "value": "BANK DETAILS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7b3d6a0-f612-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vjw0rm)", "timestamp": 1684479630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479630, "uuid": "c8a496af-70ac-42d9-beae-2c9d640a47fc", "comment": "Malware payload (Vjw0rm)", "value": "f05dd469447e50abf638af13d0563d54", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479630, "uuid": "fa2cb615-a250-4bde-9b93-9e0b6ab7b1d7", "comment": "Malware payload (Vjw0rm)", "value": "659d0615a525282de8d22cd7846442d257dcd1a33e6c6c941d530704954afaf2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479630, "uuid": "14d3ba03-ccc7-4803-b7c1-584e479bb1b9", "comment": "Malware payload (Vjw0rm)", "value": "9c0f3e6b8177c08d066c7696c6bd77c8614fc1db", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479630, "uuid": "3e624525-23ce-42aa-9793-19e3c95f99e1", "comment": "Malware payload (Vjw0rm)", "value": "18661914d242be8bcf4de040a45c46872ea42521f5ab48d8694f238aa781812dbfb0e9c9a0ca4c87d7fbd088fa75dea9", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479630, "uuid": "1fcaff83-b1e7-4403-be98-2956ceb24fda", "value": "T15625BEC2655D6A27BBA3EE06C15957276870C722490F3C11FAC23F8CAF5E88079F99D1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479630, "uuid": "d05b2ce4-629a-481d-ac4c-78fff06bf9a5", "value": "3072:MoZBzWlRm4PuQlGdJkj8qnGBIQggpd0AD:MoZBzWlRm4PuQlGdJLd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479630, "uuid": "2088c4d6-9208-40dd-b503-839a34b6e15a", "value": 1043752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479630, "uuid": "5fc37275-3533-4325-bbf1-12e502672070", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479630, "uuid": "059d97b8-5bbc-4400-894f-6b877e81f905", "value": "Scan005.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8838d6a-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684512757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512757, "uuid": "a563dcc6-c248-4d51-a430-73e72275f45e", "comment": "Malware payload (GuLoader)", "value": "d33288e68454ae4e695c8dc1e1c2f9f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512757, "uuid": "e5664e42-b868-4ce0-8824-d73c7e25ae40", "comment": "Malware payload (GuLoader)", "value": "65d1c907aabc8245129cd3f91b81cbc1f94aa2bf457ffd33c63b23718e619ac2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512757, "uuid": "cfec4a9b-9000-4d99-9153-f97a39613e64", "comment": "Malware payload (GuLoader)", "value": "07c0bf6ba04a996be8a17c03dfd9978597190443", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512757, "uuid": "6d313063-76fb-4fe2-8473-dd2af99f9c2d", "comment": "Malware payload (GuLoader)", "value": "7d5b8b466626641da083a0904afcd2473fa5633cebb482cb5b1136138f7bd2adde4fb9355b09ccedc6988eabed5ca3c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512757, "uuid": "2bcc24e3-d1a6-41bb-a05c-3a04a06f575b", "value": "T131B4223612E78A7BDDC589317914467AC170DC711012978B332D6FAFA878AA68F3B34D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512757, "uuid": "60e155fb-27cc-433b-9b31-6aeda850d65c", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512757, "uuid": "83bb96d9-a9a9-45c3-aafa-2a832353147a", "value": "12288:PKl9TZYH5G8FfIk2eMkt35zogW8kFs05/GdTzLJOJd:m9TybFfIvkDoh8I+JKd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512757, "uuid": "05e07d8e-95b1-4e47-9816-3f853764b330", "value": 504640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512757, "uuid": "02d6e2ac-2adc-4a7f-ac8b-0d777ec9ef3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512757, "uuid": "5aa08aa4-b7da-4826-9588-137ef83db52a", "value": "RENDEL\u00c9S 001-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2103ffb-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684477044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477044, "uuid": "e1a7f712-6085-4b1d-8510-a9f3911453dc", "comment": "Malware payload (SnakeKeylogger)", "value": "0772fd245d4cc724886f54fa49bf574e", "object_relation": "md5", "Tag": [ { "name": "CaixaBank", "colour": "#413AE4", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477044, "uuid": "21c942ba-2176-4176-a246-5d4262c50aef", "comment": "Malware payload (SnakeKeylogger)", "value": "65fbe4b33bfdd2491057338eb43f79d78b0942c7d9ac56a2806d7902a7c8ebcc", "object_relation": "sha256", "Tag": [ { "name": "CaixaBank", "colour": "#413AE4", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477044, "uuid": "bfce74bf-fd5e-4f7c-a9d8-c560a9107780", "comment": "Malware payload (SnakeKeylogger)", "value": "c86e003f80dcc3fa13604e246352152d5d0f89dc", "object_relation": "sha1", "Tag": [ { "name": "CaixaBank", "colour": "#413AE4", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477044, "uuid": "7a6fa4e8-5134-4d19-812b-61cf003c5317", "comment": "Malware payload (SnakeKeylogger)", "value": "3ff4a328c896500fa461c1e573d46d955ab58df6d6bf5ae381c3b23226e8d04ccbf982e2591ac14d5170060469a4a38c", "object_relation": "sha3-384", "Tag": [ { "name": "CaixaBank", "colour": "#413AE4", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477044, "uuid": "68cb7b52-26d3-4fcb-9621-2c5087897f21", "value": "T156D4E0202BD9C70BD06B437881E5C3F057369D84B966C7974FE9BC4FB2CB6A61321256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477044, "uuid": "eb661cc0-d169-4acb-ad80-8ef5fad6f2ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477044, "uuid": "6700f48b-18b5-4dab-8294-78dcbf956c39", "value": "12288:vYbgECYnuw6YuMO0i7SSW8rEeQWpR1989:vwBpuw6YuNmSrrEBw9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477044, "uuid": "4376bbd7-328b-4e7e-85fa-5c11b0746140", "value": 622592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477044, "uuid": "d10f3d40-0f24-4043-b029-d8473ac4e428", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477044, "uuid": "7736669e-d93a-4097-aacd-d7fa7ddd1efd", "value": "CaixaBank _ banca digital CaixaBankNow.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9dc5815-f62e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1684491633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491633, "uuid": "62a8275f-db2f-4683-bcd0-5c2fbba0e97a", "comment": "Malware payload (NanoCore)", "value": "c89ac1b0c745780e6970a12c1ad8fd12", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491633, "uuid": "e9e8cf58-0566-4a1e-9f5e-b7ec1bfaf65a", "comment": "Malware payload (NanoCore)", "value": "6682d37922e7d9bcbb13263a2942817c003aaf48b77e70b9f0a8e24d1895ad02", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491633, "uuid": "4e9eebe6-a3f3-4baf-a841-0c6e7bcb0801", "comment": "Malware payload (NanoCore)", "value": "41570036640780d99b6f5861a9196231fde0f6d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491633, "uuid": "39177159-e863-4c05-a334-4e4ca28eee0f", "comment": "Malware payload (NanoCore)", "value": "18ed1b30db3591bccf67af362f91fbf8813a3e63ab1d1ab67380ec1dce283583498e0aa8ef9f7c065368b00610f126f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491633, "uuid": "a711de20-bbda-4d1c-8a60-a4f09db4f495", "value": "T18AF4827C4AB50AF6C037DBE0A7C58897B94B7D73F00B5A6381D2435DC267A7124EA42E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491633, "uuid": "b022536e-0e03-4764-8a21-c946f4069324", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491633, "uuid": "704b8078-9d7b-48a8-9a21-86a7ed046c47", "value": "12288:RRyid6GHPReFuFiKVARE1phV9CKuQvIWT3N/6eNP4n:RL6GvReEYKVARQh5uQTT3N/z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491633, "uuid": "96e9544b-563c-4d1c-9cb5-7b6c919f7597", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491633, "uuid": "6234fdf9-a5d2-4df5-8730-baf6dca56880", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491633, "uuid": "ad68f794-bdf5-40ce-b088-2ab78a792838", "value": "PROOF OF PAYMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59dfa22f-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684499605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499605, "uuid": "115655ef-0e06-4081-9977-b26d9be051cc", "comment": "Malware payload (zgRAT)", "value": "9558a17f1745704c51de44f8119d705b", "object_relation": "md5", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499605, "uuid": "ca7d7d65-532b-48c8-b8c3-b84f026b2d88", "comment": "Malware payload (zgRAT)", "value": "673a262ad1e6aa5bb587752fc368e829d071a9945c19a8745bc73d730b647b99", "object_relation": "sha256", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499605, "uuid": "52209c38-88f2-4f7b-b05b-593990926969", "comment": "Malware payload (zgRAT)", "value": "0301a781614b4b1367dd764163f50a343f43a2ab", "object_relation": "sha1", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499605, "uuid": "b55ec432-7723-4e18-8aff-3802387caa56", "comment": "Malware payload (zgRAT)", "value": "9dceb38b9fc5672c109a21f39049a5828b9ee6f9a7bd70ab93eefd35dbd898a939a512511a1d956bcee1324c1891eed8", "object_relation": "sha3-384", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499605, "uuid": "914ef852-3c47-4edf-8964-2a34199c4ca2", "value": "T1D464238BB6D85CDE2382812DB14CC7CAE7BF7258166693C7EF438424BD86B54949C90F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499605, "uuid": "44255c13-1cf2-4e56-aed4-e5e9803bcc13", "value": "6144:6ZpjAOFJsQoaZcsejxyxAWmv3s3+Gwa4Fro1eGroRD:6ZpUqsdVXwxnmU3+GFs7D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499605, "uuid": "30454990-0602-4912-9d13-d6ea4aaac3cc", "value": 312000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499605, "uuid": "496ffe57-94b9-4a99-948c-10757db62665", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499605, "uuid": "ff3c4f16-3af0-42d4-b253-e8d9656c7912", "value": "6th Order inquiry from Moshkfam-iran-83784839233440-pdf_1.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22d16ec5-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478038, "uuid": "03bbdcb3-fe41-4641-88a7-c194c8f3f999", "comment": "Malware payload (AgentTesla)", "value": "4abfacbc9e28ddf8ac57c9fdd9005a14", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478038, "uuid": "0f4d17d9-3e0d-436e-b93b-2cc13316bdcc", "comment": "Malware payload (AgentTesla)", "value": "677e4f08cf64e7302b7e5be508499c7e183dd76ea5a0bb8b5159c94332b48c21", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478038, "uuid": "1549329b-9e84-4611-9280-1eaff5cea7ed", "comment": "Malware payload (AgentTesla)", "value": "0d05146b334ca4d8fecf87d6a764bcb0b823094b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478038, "uuid": "30086f2b-c77b-4d73-9fd1-7d436e42078e", "comment": "Malware payload (AgentTesla)", "value": "b889e067aa0a073a70d6606c1e6e4a3dd47c9fafec0524d17408d11275acade7fc01acc29c4a03758e681f7682c2b009", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478038, "uuid": "45bb366d-5c8d-48fb-83dd-e0c5a0235872", "value": "T113B423F4708F51019CE4B631BD335270025ACCF95655206223EF25A7D2AC9AEFEBF6A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478038, "uuid": "aff28d70-8ac3-49d2-a1a5-b99e1604fe15", "value": "12288:WykMB7u019kqMgQE9zDFYbVOy4eNuKyYoEg8klx7mDyrCoN:ZkMpBkhs9zxYkNeNuHnEg8mxgq/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478038, "uuid": "f85665a9-a4b6-4f41-8b0c-60175bd5d9e3", "value": 542016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478038, "uuid": "639aa99b-abaa-4d8b-a764-ae4d693c45c3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478038, "uuid": "c78b0361-3566-410c-989c-fc145b0a24f6", "value": "payment copy.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ba08a58-f684-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684528250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528250, "uuid": "b784f644-6a89-474e-a25b-40a2aa685fde", "comment": "Malware payload (BumbleBee)", "value": "8f59ec5c7010d957b459dc097479fd8d", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528250, "uuid": "daac2922-d4bc-4ae8-a170-48e5186395d8", "comment": "Malware payload (BumbleBee)", "value": "67bbd7501acba95a94a174e9207035d1deb292d2d1752cbc5073d06cc724d24a", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528250, "uuid": "351623cf-3efc-49e1-93c6-9321fb0c7f4d", "comment": "Malware payload (BumbleBee)", "value": "1f88391816623d0d7c91769f968850656d183598", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528250, "uuid": "070977f3-6738-4dc2-b550-7fa30b998e0e", "comment": "Malware payload (BumbleBee)", "value": "dacad148133e74e71ead7788e050a8ff356b3dbe438e0a5c21704e3e4cccbf75c17bdd39c32c9e78c9c20b5c5ef46750", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528250, "uuid": "89f16511-a9f9-4787-bcd2-9dab501719d9", "value": "T14F45E011E6921FF4D466927680AB252FB7303E1C4725D3B7ABC0C2377D927E46B1AB60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528250, "uuid": "c7a96ea9-d9b3-4979-bb01-7bdfa7ccd68f", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528250, "uuid": "086f2d67-5717-413f-a811-2b1f98855ff0", "value": "24576:Lp2qJU4iIuB2cMh1Mgc17V/sCaGhRwQasBxUy0G4ITvVtQOZz0r/aahQIStkn:JmyD8R8QqKbQ8AmvKn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528250, "uuid": "3fe33920-b603-4a63-83ef-fdf10861e27a", "value": 1225221, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528250, "uuid": "2ddf5f2a-7e65-4875-be2f-ae081601aa62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528250, "uuid": "573d0dd0-aa50-4d4b-9dd4-d8517cb2908f", "value": "SecuriteInfo.com.Win64.DropperX-gen.15742.26223", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26aa212d-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466878, "uuid": "3b78b50d-cc30-4a2a-b298-eb11bafefc9a", "comment": "Malware payload", "value": "a7b99ab20702f5ab6ab607130637d15b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466878, "uuid": "254df8e1-5762-4645-982c-ad0d36e83dd3", "comment": "Malware payload", "value": "6880595087e88b40bdf663b1b180c4fc92f8cd89f808f0148403cd47aabe08de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466878, "uuid": "37c2a96e-f1f1-4738-b07b-f8fa1ffdda50", "comment": "Malware payload", "value": "63d5577a24887062ee6885dcd066bd0d9b36c4b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466878, "uuid": "0c69134b-cba7-425e-a4e6-eb0b52ab3de7", "comment": "Malware payload", "value": "d030b08647d4078c665f97622c3227376928d47a60f0c48cef68bd8fd92d27fd46b636ebc91a80bbe65a5f3f7c7536f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466878, "uuid": "e9cfc8c2-7477-45ab-bffc-091cc955bd30", "value": "T139F24BB7F8D28CB3C35AB9B59E80A354C79EBD09D5D5C1020B907E1D38BC2825F9D216", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466878, "uuid": "de3d9fd5-8487-4c9c-8963-f68abb5b746f", "value": "384:QZIl02ZMCAzLKXdCh5KFa9hVBwEbRw0ZHtE:QZA0EpAf+dCh8F63E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466878, "uuid": "e6bc7880-bd91-4a25-a7bd-e3c869831929", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466878, "uuid": "bfd977e2-17c8-4f63-8dc5-04dabc4b6d33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466878, "uuid": "9119f7b4-bc71-43e4-a02f-8d7ecd3b068f", "value": "SecuriteInfo.com.Win32.Evo-gen.11070.28929", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fe422de-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466866, "uuid": "0c6fbb63-677a-4626-8fd7-b7d00b8509fb", "comment": "Malware payload", "value": "e45cec09941abe32e87b4e02268c5ff0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466866, "uuid": "72741ad1-2407-4e1a-9402-5f71349cbaed", "comment": "Malware payload", "value": "689ad5731f3c1e34aa06da8d053d166fafdb65c3f8e06554bbe9e384e0435538", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466866, "uuid": "7e8e4c98-978f-4863-a57e-cb40ebb05b34", "comment": "Malware payload", "value": "6e5d18a34b981536e4d4086976519e77d4199fb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466866, "uuid": "777ad2a7-e756-460e-88fc-06a38fce3c5b", "comment": "Malware payload", "value": "ca450b81e44f6f61e3afb7f1647a311e2beb6b794f271c7e1768a211c5dbc8865358b271f43004f5f1f686ea6e9f6964", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466866, "uuid": "343dff0b-3809-4795-8268-d355204b88be", "value": "T18CE533153A91CAFFC8100971E9BDE1F1A22DEF663B01A066E7DCFE1B38152C2918755B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466866, "uuid": "c5155c73-4351-412a-a1e9-b79d02b4da82", "value": "ccc0e829fe1206cd39d147ca374725d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466866, "uuid": "1b648956-e718-4b7b-b9d0-f59fd1f8d4cb", "value": "98304:ZMFj+zf6O2Iql9FbSYVa9TUSEawBVJ8+Sk1:u+DzkbSNylz8Fk1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466866, "uuid": "27fcebcc-c7f0-4995-b4bf-cf3a83e8ff67", "value": 3292030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466866, "uuid": "d6838f73-6e60-4063-830c-be3d36d2bb4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466866, "uuid": "ebf20f72-6a0c-43c8-b3b2-30387aadcfd3", "value": "SecuriteInfo.com.Trojan.DownLoader11.25482.23074.19444", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b586e68-f611-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684479019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479019, "uuid": "77bfe2f8-d224-41a3-b1cb-44f139b8f095", "comment": "Malware payload (RedLineStealer)", "value": "dd73dfa892205d1deb81ce8ef102534d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479019, "uuid": "feade6cd-8000-4beb-b3dc-d0cfb4ac9d19", "comment": "Malware payload (RedLineStealer)", "value": "696797df9424f9606a3ad63242087dfeec2d2971d1b4f88443f11a15eca54f9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479019, "uuid": "8e5fdee3-f125-44e3-9304-18c802b32878", "comment": "Malware payload (RedLineStealer)", "value": "e17465f96eacca04d8970f073f8c09f3fe311747", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479019, "uuid": "439dc5db-8562-4cbf-a871-308ce5fa0cff", "comment": "Malware payload (RedLineStealer)", "value": "4b00a468b41d1b0fa63391926bbaebbde351f641203493691f934a7398c8be142406301434a2e096cf8f9ef50c4d8302", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479019, "uuid": "835be03e-a54d-4ebb-8b67-d2f246303941", "value": "T1D72522026BEC0171D8BA0B7058F9239317357CF09868916A2398754E2EB3ED5DDB637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479019, "uuid": "a310a060-4cba-40a0-aace-fc095ba5e266", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479019, "uuid": "7cfcd111-2629-4fee-b506-f02ca11d0b7d", "value": "24576:qyxYME6KjxNchrAyNDnpjpJF+LF2paD0ItWcj:xfEPN4rZNa7v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479019, "uuid": "f0a93b90-2020-4bcd-847c-0c1986f13800", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479019, "uuid": "3dbc7834-7a96-4783-a78c-59e828481ed8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479019, "uuid": "113d179d-69cf-415c-9fe5-d7cf7ec61e82", "value": "dd73dfa892205d1deb81ce8ef102534d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae66cc8f-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1684476554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476554, "uuid": "2fea0d60-df9f-44fe-a266-9d39f1ec662b", "comment": "Malware payload (RaccoonStealer)", "value": "35bfd4a3c03ba1dd08cf70f939ebcdd8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476554, "uuid": "648574ca-84d4-49ef-80f3-199b20749800", "comment": "Malware payload (RaccoonStealer)", "value": "6a260fb95bc969113336ee1a7cd34ee1d05eda0dea3bd891c88d2547c6fe4bf0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476554, "uuid": "d8525c36-0bc0-4ce2-9b05-70f74981ebcc", "comment": "Malware payload (RaccoonStealer)", "value": "e69603c71218b137681f7c5d14424e45161b9e51", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476554, "uuid": "07f1548f-650d-40e1-a742-8825ce405aa7", "comment": "Malware payload (RaccoonStealer)", "value": "7c7fbc875567dc32fb57e56d19f3f0ffe4fceb2abfb99dad603a71604e96ae801abfda39dbc0683bc435426d7bc48a3b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476554, "uuid": "785ebad6-a365-444c-bcfe-6ed335f9374b", "value": "T1F45623B3226A0094E0F4CD3C9537FD9972F753578B92D878A8EFD6C12A258E5D213A43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476554, "uuid": "fdeffd57-5c5b-40bb-967c-f0713382e9cc", "value": "895e5e6e037e9108574fb94ed614d804", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476554, "uuid": "c86c065f-de4b-41a4-8178-99574643661b", "value": "196608:sBTxy21xEGoHahhpf6EaQ7u2hBp05I2cKt:YywIadPayu2Z4Ia", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476554, "uuid": "99b74880-9818-4e09-84d7-3dead14c04f9", "value": 6330368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476554, "uuid": "815bd332-980c-4c04-9845-9cfcd7ceb395", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476554, "uuid": "5994e297-31d9-4e93-9fa6-455a05883693", "value": "35bfd4a3c03ba1dd08cf70f939ebcdd8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43c8826a-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497850, "uuid": "3caf3018-0a7a-4371-8337-94ce8685d4a4", "comment": "Malware payload (Amadey)", "value": "367d451adca8222cfaad5f2f11d8e7cf", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497850, "uuid": "75706b24-b80b-4266-8d2c-e641fdbd9f4d", "comment": "Malware payload (Amadey)", "value": "6a694fdd7d38a10d61ee1bfc06ac3e48afd435410c1c69d976ca68034e7a65c2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497850, "uuid": "1360cab9-a5a6-40d8-9de3-ac35bb62746d", "comment": "Malware payload (Amadey)", "value": "158a337f9ecdb12b225f03caa83e60abde07a52d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497850, "uuid": "590afb2d-4c6f-488d-80e7-8f235ce6c87c", "comment": "Malware payload (Amadey)", "value": "ba8100befeed3c88ff1df9adae60a348f2982c38984586d66b8b9b86a50c3771c951a10950d66ef37a28013bbaa4a3aa", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497850, "uuid": "16057b49-080b-4b2c-ad94-1471dd5fac4b", "value": "T107252257F9E890A6ECF617702DF306831F38BDA158B8877B2B97842B49B1580613573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497850, "uuid": "209dca1d-36c1-444e-a470-b6fd6a485e4a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497850, "uuid": "52876481-3b8f-42c7-a086-6a5e5935c1d3", "value": "12288:NMrty90+dyte6a0KlDbuj/UeBXgiGYw8jnjkoM1PHeJTSZbcEZky8eerrKzlXIep:Uy/OzKlDbujsKXgivvkZ5cSH2yZzlX/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497850, "uuid": "afa0c735-0117-4489-961a-7ba014f4acee", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497850, "uuid": "21f95f14-19de-4c51-846d-8fa34a5215ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497850, "uuid": "21b692de-f70a-4935-bc2c-ac25aa2f502a", "value": "reporter.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d011cc42-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1684475752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475752, "uuid": "b5daab75-3eed-4528-93a3-033e3c61c355", "comment": "Malware payload (AsyncRAT)", "value": "6cb6cc9ac94bc7ddffa0c81461a6346c", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475752, "uuid": "fd162e29-684a-41f9-a5e5-37a96e215f04", "comment": "Malware payload (AsyncRAT)", "value": "6bbbaa4861b4826eede41ff0c8244cf407435ab64d463b13c639b03588221b65", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475752, "uuid": "02d87bb9-b3e9-42ea-b863-bf1659a869a2", "comment": "Malware payload (AsyncRAT)", "value": "b1507f91011e82b4fa25c879b12325cf51ec362f", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475752, "uuid": "ee7e2f02-f2c4-4b4d-bed4-ee3e89847fbe", "comment": "Malware payload (AsyncRAT)", "value": "cca5bc98f33f44121ad1969b716229fd29babf2c82b2ff07b5fe08e7f3ec0e7a81d010fd1c108d2025d83f80efee8cd0", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475752, "uuid": "973cd7bb-cc54-420a-97c5-cfbd9bc67164", "value": "T1BD9423B86BB19D5D50B0ABC6A552C8018F5C0AC55103E2EAB12F999F18BF7CCC753E63", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475752, "uuid": "78669fe3-de32-41e0-989c-b5a4764134c8", "value": "12288:WAHTazogPBYqCTI59GSvC/DxzfYJMt3p9Wz:5T0oQBfUI5K/lzfpY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475752, "uuid": "04b7ac7d-9027-4d43-9102-e9e976a7b783", "value": 419902, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475752, "uuid": "bc684309-1422-4408-af09-b784fdcc329d", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475752, "uuid": "b2a6d9a0-3cb2-4f8e-af45-62dc34c52450", "value": "Invoice 6238829.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "416c95ff-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478090, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478090, "uuid": "13cb1ad3-b3d0-4bb8-a496-9a8dfa353ef0", "comment": "Malware payload (AgentTesla)", "value": "76ae48d245d862237f8b73ad8603c6e2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478090, "uuid": "6a6ff683-b196-49fc-8c45-f01de771c635", "comment": "Malware payload (AgentTesla)", "value": "6bff30f451acd0714346aad71891c41a2b4388882a6cf002e8fef9d6093e28fe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478090, "uuid": "96de8685-67a3-402e-ad1d-555c5322e14f", "comment": "Malware payload (AgentTesla)", "value": "83e0c6b811c06ca9e9a763f8659fceaf6c58b782", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478090, "uuid": "29e334f0-171c-4ded-804b-705a1e835e17", "comment": "Malware payload (AgentTesla)", "value": "27b026ee5bd3d5fac27d508c1cab5012e28d17ebdb00ac3a86d77333a59545f7877b8e4bc9470f891f410aefcbea0911", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478090, "uuid": "348d4ded-8633-4ff3-94d4-e9579f552eb6", "value": "T1DDB42335F5517B0D8D8449B4AAF397F6E8ACE1846E34FEA1D21C3E60747AB8DAD0010B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478090, "uuid": "f5dc6610-fc3d-4522-a19b-595da910aa65", "value": "12288:+M4UXw/MXusyMXB//bJVuH/JUlrSO2w8jyKXD+52HF9Hz7cWcs+fP:+M4UA/PvCQH/ylOfjyKT+5QFNzYJfP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478090, "uuid": "1c2f8276-4497-47fc-99cf-a67707a418fc", "value": 512805, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478090, "uuid": "d2ddf987-48f9-4c04-88ed-edf80da995a6", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478090, "uuid": "031e3925-c6bd-42fd-aa2e-825b38bb5b8b", "value": "INV 121-USD-Fortune ocean.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef8281ef-f68f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684533357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533357, "uuid": "bc5abae2-dcec-4475-a40b-5de6b5c827a3", "comment": "Malware payload (RedLineStealer)", "value": "dcc501bc34f2a1ae74586b5d675b779a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533357, "uuid": "da55fea3-17a8-4a01-b2dc-91ef86ad37c4", "comment": "Malware payload (RedLineStealer)", "value": "6c22794de692199a94b714d1d88b11f4b9e7384d4ec042eca7a4d5d8d7e43591", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533357, "uuid": "e76c6cb5-1b1b-4d29-82a8-5d2d7a7d7e74", "comment": "Malware payload (RedLineStealer)", "value": "2a7e961d5b3049ad9b4bf77284993ce6b1685e4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533357, "uuid": "4dc3cd3c-e2e3-4c75-8035-cbfd4e8bc18d", "comment": "Malware payload (RedLineStealer)", "value": "f20b93c7e8f1dbcea1fe070d1868f73c4a643b286acc98b5a21fda3b550c7efab242904ff01dd0dd0e23faa5c462fa0f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533357, "uuid": "1e84ff77-3c6c-4096-bc3a-cd274cf98a62", "value": "T147252306A7E44033EDB21B701DF203E75E36FDA2A8B9976A5150896A5C337D8AD31337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533357, "uuid": "00dc03b0-f794-4973-97f3-e427155c60ee", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533357, "uuid": "253f7924-48fe-462c-ac5a-659753f67010", "value": "24576:zyNk8ptmPaT/DOmPrAWcRSC5OiFH9aLcQ1Tk6/PTZO6:GNnpw0tPr5VCPdaLc8T/lO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533357, "uuid": "8f83e672-a6e6-418d-81aa-ff43408b2f85", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533357, "uuid": "f57e29f3-1df2-4022-b0e0-57e0e47a657c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533357, "uuid": "44f9614b-5509-4af8-965d-d8b1ec5e0800", "value": "dcc501bc34f2a1ae74586b5d675b779a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0e09138-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684477015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477015, "uuid": "b4319956-5674-40ac-97eb-469d5b4e5923", "comment": "Malware payload (SnakeKeylogger)", "value": "edf65819283c9f999eabee398ec1ea3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477015, "uuid": "49fef71a-bf37-48b3-8a8f-648789aca5ab", "comment": "Malware payload (SnakeKeylogger)", "value": "6d79b5cb1aa503cef77ef725f7cb1980e312be3271b4e0fde0bf012c6c54becb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477015, "uuid": "c92b8ea3-09aa-4eb7-b99b-717af08b6032", "comment": "Malware payload (SnakeKeylogger)", "value": "d69c4e6e02d2debb3490e2519291f32317b45069", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477015, "uuid": "d7187ee3-2c4c-42e9-be62-052a5361dc02", "comment": "Malware payload (SnakeKeylogger)", "value": "3db21f42084faa3dfc887c6a81c4d2abc64c1325f84ea9d67c045d6e6313ecfdc4021993edb4962ef94ee1f15ac53c22", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477015, "uuid": "38429a5c-3048-4b0b-935b-f50b616f9bf6", "value": "T147155DD1B190C89AE86B05F1AC6AE53025A3BE9C54B4C10D56DDBF1B76F3352209FE0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477015, "uuid": "29068519-1b5d-4751-abf6-d88b6105780c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477015, "uuid": "c0849d20-44ae-4fef-94a9-f0c51bf42110", "value": "6144:WqHXAu45yDwEtTa51KZgiEKt+dHFLfZ0WZvx3w7/9tOwUxtVVDvCS/IpGGwIOAF6:WqHXfgtiEjZBm/9tO3ruEVAF97PZGyd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477015, "uuid": "e0c6ecf4-3ea8-4470-8f4d-b099af6628e2", "value": 914944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477015, "uuid": "12666e01-d5d3-409f-897e-b976199ef080", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477015, "uuid": "c96ff2cc-ca7a-4515-97c4-9cdf0d0b0f5b", "value": "Hesap-Hareketleri-17052023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f6f0491-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684488877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488877, "uuid": "3b929839-9ba8-48c1-9814-4745e7ee2b5b", "comment": "Malware payload (Formbook)", "value": "b7d660d51a724b8878d766a1fa0e11bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488877, "uuid": "ede18517-4752-4f95-b31b-2d485673637a", "comment": "Malware payload (Formbook)", "value": "6d8cd5b437db834821da59ec82032cb88c459cb614382e4125c208f42c35a7bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488877, "uuid": "3e271de4-ff58-46a6-893a-5c92c6acc665", "comment": "Malware payload (Formbook)", "value": "bb634ce4d27ff2da2e0aa84fc69a113f9b1a2da5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488877, "uuid": "d8cc304f-a21c-4532-9362-7dc7c4480ed0", "comment": "Malware payload (Formbook)", "value": "83e3d6f8c4f88d6e2db9571f8bf21875a01e2250a3af206210f28e1ca7054cad95cb331210a96988f1dbb702d963d1c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488877, "uuid": "3af247f5-eb14-4ea9-942d-1005651602cb", "value": "T1A615DF50AAF9DADDC8250BF0E192D4B007165D28E1ECEA570EDB2CDF31BAE44316653B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488877, "uuid": "2b5bc8b6-35f7-44a8-9da5-b7e4eeea2550", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488877, "uuid": "d8152ec4-e308-429b-938e-960ca1acfb62", "value": "12288:w2iNfUFotEvZ41YJsWKf4G5rNT2m4B8mHGiTJ+A2K4LbBm+vFhEVBZ5iEu3I:w1Bs0qZ4aeWKR5rNTi8mmiTA8B/u4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488877, "uuid": "bc7f15f2-ed53-4b51-a093-22ecc2f84e62", "value": 918016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488877, "uuid": "a7119ca7-cbf9-435e-ad3e-2f68ee7ca39b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488877, "uuid": "0ecf05fb-d4fa-415e-acb5-ed183c5da1ce", "value": "payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1efb9731-f638-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684495641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495641, "uuid": "fed84a18-a037-4f1f-a48d-9a9c6a6d8d66", "comment": "Malware payload (AgentTesla)", "value": "ac7b9f4d37fa2d99c4378ca00b247907", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495641, "uuid": "de36881f-02c2-4446-a0c0-a7b29de9d6fa", "comment": "Malware payload (AgentTesla)", "value": "6e57cd573de3d14fe09f11364476b54f2b935d545be1258ee843d31573846622", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495641, "uuid": "b868c710-9e10-494d-a422-2fd3c6a1e257", "comment": "Malware payload (AgentTesla)", "value": "0f998dee4b813821192a675d8a96d4cb0c0c91ea", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495641, "uuid": "789101e6-98d0-441a-8c62-eac6efffad0e", "comment": "Malware payload (AgentTesla)", "value": "b19c63cbf70d4019cc564b25cf363f65f5c9e25d074ead8324646c631be3ac19c30aa13a2e8b39d87db88811a3acd1df", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495641, "uuid": "99f547e2-28e3-4020-bbfd-fa5e0e589c80", "value": "T1D025DF2062AC9F6AE03AD3F544A1D1B047F55E6A787EE7578EC67CCB3A60F210641B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495641, "uuid": "48f9137d-238a-49ca-8b34-9d37acfa33d6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495641, "uuid": "95c4401e-d0c7-4fdb-a2fe-472623543e7a", "value": "24576:FB94uQFPPHcDuDSqbjHQ/bHImc2gdNeF0SvRd6gKJvbdlA70:L91QFPPa4Sd/DS80cs7vbdlA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684495641, "uuid": "9ccb4bda-d87e-4cd6-86b6-0f70e6611f39", "value": 1015296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684495641, "uuid": "09e8d11a-5f83-4e6b-9c01-7e033d9dc68e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495641, "uuid": "bff42c6e-2e15-4342-9a01-53a7ad73e53c", "value": "rCita-00373________________pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5987338b-f61d-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684484143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484143, "uuid": "aa3192f1-b054-4559-a8eb-746b5c82ba14", "comment": "Malware payload", "value": "b1effdc4e3dea0227467a29c16f7f697", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484143, "uuid": "bfe28fd8-2eb5-4fcb-ac3f-51279b750fbd", "comment": "Malware payload", "value": "6f1418271bf27147880b471e7013897ae873a754200bd0d64a54f152f89cc5d0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484143, "uuid": "f61154c4-719a-4a12-860f-593e60eb440e", "comment": "Malware payload", "value": "c2881263e380c660d4ceaa0bc34840e8176cd6ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484143, "uuid": "1f9bd868-093a-44de-b5bb-06a703ffc723", "comment": "Malware payload", "value": "01cfca6d78b0c0e3599f6b923c1ed484f76bb0c4894d8fa8096a804ea3e94030a5b4a6d1d9160ff3750c7bf0fcf6d2b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484143, "uuid": "7f208682-22a1-41ab-8cb0-7eefae2f0551", "value": "T15E251202BAC28472C4721A324A796B20A97CBD205F76CEDF67C0761DDA725C1D735BA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484143, "uuid": "c4de279a-606f-4352-999a-5edc9be48af8", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484143, "uuid": "34eb8111-78ba-4b1b-aca4-4bd19b9da505", "value": "24576:lTbBv5rUFcDJ8MB06Egqp1rXAz3fJzQmr8B5:PBHX7OHAz3fBQ28B5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684484143, "uuid": "6d38edac-fcc5-4a0d-a307-9d96cfa61604", "value": 989207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684484143, "uuid": "dbeb7305-25a1-44a6-991f-9d43ee51239e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484143, "uuid": "83cd7b8a-1c95-4483-9a73-d8fe4362e46a", "value": "B1EFFDC4E3DEA0227467A29C16F7F697", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa5a1aa6-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531094, "uuid": "f46e7691-41ed-4c1b-9c72-058f3bac08bf", "comment": "Malware payload (Mirai)", "value": "84a108d55381bda47ea2af40ec9938c3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531094, "uuid": "9becf6d0-69fe-4f86-b1bf-9c2a86690ba8", "comment": "Malware payload (Mirai)", "value": "6f2ec09f847f7e6798a6871f849c7963d0ebd45642a72103e13397e2c195e76a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531094, "uuid": "7f42fafa-02c1-4de6-a2ed-c75e78cdbdf9", "comment": "Malware payload (Mirai)", "value": "57fa4e15f3933336b938003c786579f00939caf3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531094, "uuid": "edda3ac6-9947-46a2-9b38-f31c52128d3a", "comment": "Malware payload (Mirai)", "value": "62e2bc5032486530169f33b838cecbcf61b0d9f8b35b690462017946963d771d7482ff1b7729ce9c3054982f9765e1a0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531094, "uuid": "d97d1f8e-6bd6-4353-9013-252af90fdfc8", "value": "T119E33A46FB814F13C0D61776BAAF4249332397A493EB730699187FB43F8679A0E63905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531094, "uuid": "df719f88-a067-49e5-9e7b-b67f7ff878bc", "value": "3072:LVlbRKTR4MXZp1aqbeCn8oyy6pGcUtx8wbZnI+Xy0+M/9AYIC:LVlbIeMb1aqbeCn8Dy66L8wRI+XyFM/F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531094, "uuid": "8fd9843b-0b3f-4ee8-97c4-e4ac8dc9914e", "value": 154960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531094, "uuid": "43fdc57d-3d04-4298-be25-13a3202f9c21", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531094, "uuid": "f8166aef-f25c-40da-b032-a3555f9884a0", "value": "84a108d55381bda47ea2af40ec9938c3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "280a0e2b-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466880, "uuid": "26f6790b-2b95-461e-823b-4ec2d2c066c6", "comment": "Malware payload", "value": "cd7182296e132106d01911ca9e0b081d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466880, "uuid": "48a63295-fb0c-4a7e-8c24-34dfd1c9203e", "comment": "Malware payload", "value": "6f512de4f1f8042692aa363aed8a9230500b226aadcaf776f05f12f15c6fbfd0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466880, "uuid": "58ded7ff-1a0f-40d4-acdf-dcebf9a2c6b8", "comment": "Malware payload", "value": "030f1365f35fed7a58abd88b0e31c02dd1493431", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466880, "uuid": "5d59ae81-26d8-45b6-885a-4706271d5a4b", "comment": "Malware payload", "value": "ff37c546fb4152cc88bf54ab558ca71340f36fe1a6738b1e7ad7879472fed99eaa31e4369d3a94602cbff71b1a64bc40", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466880, "uuid": "b462738d-2593-467b-9ef1-ed915f5a3fe7", "value": "T13E55F1567B969037E6FAC139828B05ED9C377C587AC294161F78FD0D2478948E0BE32B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466880, "uuid": "48be18d4-f4cb-4dd4-b842-1fb083447de2", "value": "d2ad0f70195873b91c5462a0ac6ef507", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466880, "uuid": "6f4e062b-8f0f-4845-9383-ac380d53d6dd", "value": "24576:YgbWbciWKAzT6HVLjs4+MkyPz4ihL4Qq/XVHaPOMv9YP28FWZluYD2G2qqq:1iba16VfEhyPzF4Z/XVHahvuPh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466880, "uuid": "4beed686-e603-4d3e-97c7-1eaaeb22fef2", "value": 1389568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466880, "uuid": "289abd70-613e-4679-8023-a722ce8e7067", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466880, "uuid": "c5b342fe-cec9-45a7-a5ee-28a8d30543d7", "value": "SecuriteInfo.com.Trojan.Win32.Rbot.19875.28818", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5edd4ef-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516134, "uuid": "26a9e051-7c32-4607-b619-2235fbd874be", "comment": "Malware payload (Amadey)", "value": "ce0a7a04402cfb34689a32f99ad26fa4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516134, "uuid": "8bde7c06-54d3-42df-b119-39bb3a373a96", "comment": "Malware payload (Amadey)", "value": "6fa15bdf313e766adf5bb28e44c1e5c1024305515b6750ffafe0469d2050ea61", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516134, "uuid": "03bf863a-6cc4-40c0-a72a-11c6c951cd64", "comment": "Malware payload (Amadey)", "value": "a646e0ce76030c54ea7ecdc6229665cd65db947b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516134, "uuid": "245069e9-aa7a-4a98-899c-91fd28a24964", "comment": "Malware payload (Amadey)", "value": "ce3566b80d5ddd345f730e699f59d9e4a1a895931c8457b488f794eac48126c181facb8340247a1a4d68b1253842af30", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516134, "uuid": "4f79f340-c9b6-4586-9c7a-705509046525", "value": "T1A3252347F6D45073DCF50BB05CF712C72B3A7C836874866B6B05A9AB0DB2294A236727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516134, "uuid": "f8e417f6-e6ca-448d-b3e0-ab9a0d256955", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516134, "uuid": "9133bf84-99e2-43d4-96ac-1f6ccb3025ed", "value": "24576:nyQxwZe+kFFrvWLqQSShE6I8jvxy62eOHyO:yiw8LiLbTc8LxH2eOH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516134, "uuid": "6048076e-95ec-4f5b-8db2-3cd1e6ae9c1e", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516134, "uuid": "0f4db4c4-f3aa-411e-ab8d-42340a1147ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516134, "uuid": "7a8aba8b-82b0-4bf7-9b06-fbb3ebe77673", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4c29700-f617-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684481692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481692, "uuid": "dd562e41-7ad5-4b93-b613-f0a5376c9603", "comment": "Malware payload (AgentTesla)", "value": "42ab672e792d1e986296f4afb3d75459", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481692, "uuid": "d89cb633-d893-4b8c-85c0-48748a69273d", "comment": "Malware payload (AgentTesla)", "value": "709d08c5d042ba4781761dfe3f0fab35e0008946c94bbc46b0329cbc7d97cb98", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481692, "uuid": "441ee97a-8809-4629-8b1a-c003130ee1e5", "comment": "Malware payload (AgentTesla)", "value": "5e94bd557a4610f29e6eb05496682881ecb9c436", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481692, "uuid": "66171019-8926-453a-a924-26d6e1d472f5", "comment": "Malware payload (AgentTesla)", "value": "57fe8917e5b62fe334b40152a0673b90f016e068d860a7e8263d5e4351c80fae9221a1c1ce1be04628b98b101c755610", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481692, "uuid": "551af085-c893-4035-859e-5730e5093c35", "value": "T1FE05AE2062AD9F1AE03A93F544A1D1B047F54EAAA47ED7478ED67CCB3A95F210B40F13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481692, "uuid": "10ae7bf3-3914-4b7b-9ed9-4baba1552ab1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481692, "uuid": "f0375711-e5ea-4d26-be5e-d68db3ee78fe", "value": "12288:7S8hue/3H1oz3n36KWN5s5tO0+Gh56ULBUps7pRSJz1uV:7BozDwq5tO0zuULBUASJ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684481692, "uuid": "56d642e1-35a8-463c-a634-5a0bd908fdcd", "value": 810496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684481692, "uuid": "df2c9389-0e2c-4068-a7ec-27fbd2cc0f34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481692, "uuid": "39b8278b-429b-4fa4-9f2c-d3a7f7206527", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c0da489-f67c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684524923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524923, "uuid": "2c16e800-5d1c-4224-895f-177ede9ad2fb", "comment": "Malware payload (Mirai)", "value": "daf688e958702135e44f292aac280b2d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524923, "uuid": "ec329b5d-936c-4bc6-99e8-8b0bb8b6eed7", "comment": "Malware payload (Mirai)", "value": "715ab1b47bebfe2e5f765543bb8893a379f290eb4a10de4f1cde9e1d969b0707", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524923, "uuid": "0c12631a-7394-4b06-806f-69855e088c1b", "comment": "Malware payload (Mirai)", "value": "7756802a7753b9c508de1cbf0728afd49b2f204c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524923, "uuid": "b1ac56aa-286f-4d39-8864-9bf9b07e7017", "comment": "Malware payload (Mirai)", "value": "e33e8598e0feeea980ca8c8d0b63fcad4b6d138c8e3739ef692c8f1101c849bd27fa1046cd803b19784c22407b2476a1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524923, "uuid": "a68d10f6-bb4b-43db-8438-28f8e4200724", "value": "T122C2DF44E106DE00E9EB38F22D489ADBBBE02F5B2966CE60675057E2AF5C3528305DCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524923, "uuid": "b3bdebfc-4cce-49dc-a13f-0f08f2ce8b0f", "value": "768:8VdafO76jpmNJJKehmA7trpfIX9KeA7PfsU4uVcqgw0t10tLya:cam+AnKehPRa9acU4u+qgw0tYua", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524923, "uuid": "7fd58392-468a-4e47-8b0d-c72ab73099c0", "value": 27544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524923, "uuid": "d2650f0e-0fdc-41a9-8af9-1642007e6a85", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524923, "uuid": "cbf7b48a-a933-45ee-878e-d155f507c872", "value": "daf688e958702135e44f292aac280b2d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60df1cb4-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684499617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499617, "uuid": "d5d5ed42-ebf6-42cf-947e-a698cb6aacfa", "comment": "Malware payload (AgentTesla)", "value": "fad8b83d53677317bd8de160981aea7b", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499617, "uuid": "83e40bd2-22d3-49a3-bb50-1d8d45d90036", "comment": "Malware payload (AgentTesla)", "value": "718ec95d75da51e1216c9ca8e2ad22c84fdd379f568a484d951f6d20a0a76223", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499617, "uuid": "a0ef80a5-28c0-4265-96a8-025b6aaa7b72", "comment": "Malware payload (AgentTesla)", "value": "b4e56ebd322f17e21e328ab3e56f4b60510bf7bb", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499617, "uuid": "d0e6aa11-d0ba-4666-8af9-b5e77e534ed4", "comment": "Malware payload (AgentTesla)", "value": "f25b45891d1fc4a09e68d8ad8735dc1eff62ba3e3b04860efe4d3e1dc872742ec14efe007760c01b9aedd8aad9b7654a", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499617, "uuid": "0362cccc-9ad0-4139-bc0a-f7b1bfaab40f", "value": "T10EB4230FB627A4578D2DB5FBC1D02C28A023925B6890817FDEBC57C17A222B34E56777", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499617, "uuid": "cb3ad5f6-6512-4768-a8ef-3ea1d2cd15ea", "value": "12288:if1tYtWz/uEsk3xeNnS+FTRDzRtMdMYqXFt7Fcy8KnSF2klrcIVm6:k1tYYzEsES+nf3DVtmSngO6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499617, "uuid": "2435641f-e1d9-403c-8603-96e1a91254c3", "value": 507874, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499617, "uuid": "c0ab929e-bcd1-4ea4-9ffe-663cb759d77f", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499617, "uuid": "c8f05db9-733e-480b-a4ac-64029de93530", "value": "New order_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba621487-f679-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684523819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523819, "uuid": "e59c3196-c9df-40c5-aced-f568c911bbb5", "comment": "Malware payload (Formbook)", "value": "12c369c11d54a064a064187dbf4e1c67", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523819, "uuid": "4961e144-008b-4575-b82d-338cf8de049b", "comment": "Malware payload (Formbook)", "value": "71a645f62d75e1108a47968a53fb0a9dc807bce7ac17e59c047ff05143c7eace", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523819, "uuid": "9e5e2a59-4cf4-4419-9177-a8578541a62e", "comment": "Malware payload (Formbook)", "value": "a2b877a9c5bb17daf90e926e6f318ec5f3688ae0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523819, "uuid": "87ae526b-9e1f-4e56-924d-51a379e023a7", "comment": "Malware payload (Formbook)", "value": "98b9cd461cc677f68fb7067c22258d17c4685188a95e426ae2076f98fb9736b2e67121ef3f9bc3d5cf2b442b3498c64f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523819, "uuid": "fb30ce6b-0650-4323-ac58-d3ec4a0bfc34", "value": "T1616402C0D5D8A8EBD41306B11DB7AE1E489BEC175478492B772A7920FAB3193641FF0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523819, "uuid": "05ceeaef-c07e-448e-afaf-a86e78313e8e", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523819, "uuid": "2096ceaa-e73e-41df-bad6-3cf24d8c3fd2", "value": "6144:oYa6L93Bjo2e0QeVe1seNxSGvjCUlsz0HccPkhoVMKAA4D1R2:oYm0MFNhLCUlswtkhoGQ4Dn2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523819, "uuid": "152a9f64-1365-4b2e-b515-d19f2b78d509", "value": 309043, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523819, "uuid": "85a0a806-6f47-47a9-ab30-c5718b0c2cfe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523819, "uuid": "d68061d4-0d39-43d4-9bce-e1726b50efc8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "847a2a55-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684486792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486792, "uuid": "41beac93-d845-42d7-91f0-0ab04d975e07", "comment": "Malware payload (Formbook)", "value": "8868ebeb3e9116d971b09e64068e701c", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486792, "uuid": "84610d0b-bce8-4458-b4e8-a6d1ab5a91e2", "comment": "Malware payload (Formbook)", "value": "71c9ddb24aff4a085e93b6ee88b0cd394f198d02842de3140b2311ee67c00da5", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486792, "uuid": "7fbce526-ffef-44aa-941b-e20b9b559526", "comment": "Malware payload (Formbook)", "value": "33957a7f3f08ed40de6ad1015cc990f9068485b6", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486792, "uuid": "e4958122-8814-4670-b092-06fa51330f16", "comment": "Malware payload (Formbook)", "value": "7c7a5bbf864505b5914b43c8a472ceabe11a7fd7ec7d63632151b4357c0613b89c24cf0d48f113593f7bfad93949ee03", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486792, "uuid": "824a3bae-d0dc-4be3-bf62-f70aee6bbebf", "value": "T11245F002D688AC8FC68147B16B4B7898621E7D36BAC45647370CB75F1FF36A5AA13C0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486792, "uuid": "8822280e-2692-4bd0-8898-80bdcb2865e1", "value": "24576:cLKn/7A/BQmQmz+MXUq+MXUbyUIn+WDkXXXXXXXXXXXXUXXXXXXXXXXXXXXXXD3q:cLK/29+MX1+MXPUI3KRj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486792, "uuid": "60bebd95-44fa-4d45-a0b9-f1db8d399301", "value": 1189376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486792, "uuid": "4e9f8fd3-c218-446e-937a-a8a9a8e0dc16", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486792, "uuid": "22360350-6eb4-4155-86ca-001d09133640", "value": "FAN_4334634634634.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da828b37-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1684478346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478346, "uuid": "a11730c9-8146-490b-aeb0-a730ed5d9f40", "comment": "Malware payload (STRRAT)", "value": "081311df816dcdf6da3c38a927654056", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478346, "uuid": "ffa1a607-728c-4602-86a2-16eea5623cba", "comment": "Malware payload (STRRAT)", "value": "725ed7a69d3d5c99e4bd182b4719617545d40aef99a703f394710f77cffba6de", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478346, "uuid": "029d9805-5ccb-4c7c-8e51-9d1e2b6320a2", "comment": "Malware payload (STRRAT)", "value": "5b78d1c6a07c7a5a7f9d8cd199c178064c3b0129", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478346, "uuid": "40768bc3-3ed1-4caa-bf25-1cc11aae9853", "comment": "Malware payload (STRRAT)", "value": "ab2499aeba0fe339d34ca323ddabd2d1e063c317bd7e43f57ab5d379d6a488671dffef968860c8ec30a339ac4faf640e", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478346, "uuid": "945feb7d-34d3-44af-bc7a-f894089d3980", "value": "T14524021B7D4BC4C9F10F9573012A8226AA1C85B8E84AA17B31FC07D82DF5D685B62DDF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478346, "uuid": "5cd4200c-effe-485a-a1ec-c8ee00ad58ed", "value": "6144:+l97T6KPuRIUn7oEixwY5k3L5u3tnUznLfLlIPlv:k97uMUnkxwFodnCn9IP1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478346, "uuid": "3ed5f59b-4933-4789-8a3c-99330bd4d768", "value": 223553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478346, "uuid": "145d09c3-1e2d-49be-b157-8b2afd65d752", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478346, "uuid": "43830bbf-b34b-4969-8b72-93c278dfb1da", "value": "COPIA DE PAGO MT103.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a21dbdc2-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684476534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476534, "uuid": "92a8c190-4810-482f-a82a-40365e26ad13", "comment": "Malware payload (Mirai)", "value": "81bffd3a0ae90eebc5d11dd87e05a74f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476534, "uuid": "5afd18fe-7c3e-4056-a480-d41d8bed8389", "comment": "Malware payload (Mirai)", "value": "73435f40147fb0952b95a172533f07cdd8fafe02112704b94e5327f39d4915d1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476534, "uuid": "8e94a9ec-72af-461b-9809-f3f54efb5621", "comment": "Malware payload (Mirai)", "value": "2a3caf27606554edabee561f92839b0962c3a16b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476534, "uuid": "b61f91e3-83d3-4418-942f-ae6f178f1fca", "comment": "Malware payload (Mirai)", "value": "0d9c2d98fc6e83cf13f7d8fa7855037fae5d557f72533fe47887dca126fac5ed6b9036e9b7c8f62203bc23112c79e5e1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476534, "uuid": "85fd8fa3-9417-439e-80c2-5380d9b839f1", "value": "T139130263B2E30D20F667603D1D4C2C26A14DCD71036C6C24FB96397D78A949B6BD66F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476534, "uuid": "84d43cd0-9d92-4e39-b6f4-d2673efcc297", "value": "768:I8RDPdyFpL7yetmdFUvjkQsItmQdoG7zfozBcY9wkU3PSv5YpG1n4IgdRF:IyPdyz/yet2kI+7oeY91hY4n92RF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476534, "uuid": "fcd66745-1a51-46b7-8f8a-e9e359ede6ca", "value": 43340, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476534, "uuid": "262e963d-a2bf-4cad-a7e8-b35cdb8022a3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476534, "uuid": "78a6dae5-2d66-4fb9-a0c4-353a1cb78d19", "value": "81bffd3a0ae90eebc5d11dd87e05a74f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b22abf53-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684476561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476561, "uuid": "c1b0fcd7-bd4c-4a10-8ae0-1db4a27152ad", "comment": "Malware payload (Mirai)", "value": "096d02ab35a608863e8b3b8d39ab4cf0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476561, "uuid": "ba77be3b-c763-4377-be2a-706b7f2ebc2e", "comment": "Malware payload (Mirai)", "value": "734d78e07719d7d6e10b2fcc11d3f4e2df158299dd8bb6f3d4bbfe62fe144507", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476561, "uuid": "8c0752f3-7275-4e18-af70-fd7459d96412", "comment": "Malware payload (Mirai)", "value": "1a6e647cc01f21ff78d543942380ab78df2801c1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476561, "uuid": "8634a201-8766-4554-9032-c77b3b226423", "comment": "Malware payload (Mirai)", "value": "0a5e42c42c07646be4bccfdb745e73ca6f8f891fab9ac3cb9abc2187b7656b6b295b0e6f34e7407376a00ffab09e58d2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476561, "uuid": "51f19116-e9e2-4aa3-a483-28b93f85ea63", "value": "T1FB7302FE078E9421CBF58239AD240FC7EB7110BAFB6252A350289D7B3C5630799655D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476561, "uuid": "007dc04b-7d22-4be0-a488-938de11fb5ab", "value": "1536:B9jYE6/QFVN2W2BWeu+XtXiTbfoS2G/4xGE9S4z3ex/gYYD8:ssfkWelsnx6xGEQ4z3w/2D8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476561, "uuid": "d1f221e1-9b1f-4645-adc9-f404b7dffd84", "value": 77732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476561, "uuid": "84849ae6-12d8-4132-85a4-0ea620f5450e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476561, "uuid": "e62c638c-5be1-4342-8508-4443522567bf", "value": "096d02ab35a608863e8b3b8d39ab4cf0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc15fcfd-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516118, "uuid": "f95a7bf3-a8a0-4269-b88c-a51a49dbbdef", "comment": "Malware payload (Amadey)", "value": "2d4f18fe7fc725512daf24e4680691d2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516118, "uuid": "09361e83-8bd5-41bd-82bf-0829e8bad428", "comment": "Malware payload (Amadey)", "value": "734d9e97dab5ca1c8f2be28ca59f1015dcbd6073bcab224b1b7a565f3ee0ffcb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516118, "uuid": "e41b2337-7058-4819-8141-2057d214c8af", "comment": "Malware payload (Amadey)", "value": "dd87e073fe7a70a9078996f138da3ff455c17aa4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516118, "uuid": "d3dc46a3-4196-474d-a4ad-08382c27b2e4", "comment": "Malware payload (Amadey)", "value": "14f8bdf841faab8356dfe84985b3614066c44cbc33821e28c97177a7e4fd6d6e7f049d6f2261c59ce6b1d3caa60dcb54", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516118, "uuid": "a3a420df-a13d-48c0-a98b-1c4925b45698", "value": "T107252363E6E14872E4756B75A8F643D30F3E3C95983A83EA3609BD5508B21D0F87077A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516118, "uuid": "ba66f46d-8c24-4175-9693-923336699469", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516118, "uuid": "9a2d85ad-f3bf-4473-8d3b-ea3788ae479d", "value": "24576:ryJ90z+SPBluZsHkSEzorfuFBKOZIELM:ef0zHPBluZ8QzorfcZB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516118, "uuid": "3b2bdd36-0a85-46d4-bd05-2afefe0fe37d", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516118, "uuid": "87fc499c-b988-4deb-9aa3-ce83cb26f033", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516118, "uuid": "0e2c9d48-0d52-4ec0-b21d-c341ea1e9d0c", "value": "physics.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca88334e-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684528141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528141, "uuid": "83af3f54-200f-4930-8073-5da8a24d291e", "comment": "Malware payload", "value": "929e2ac01de2d8740231a1b79a75b528", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528141, "uuid": "a716ad5f-c97f-4b9a-ad7f-1d4c386c27a9", "comment": "Malware payload", "value": "7573a33d27662f5cd83890def7d768bc74912f51a7caa864b9df9aebb64786ba", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528141, "uuid": "adcb2f25-c21c-4ffa-9cb9-ad0d3a85eb99", "comment": "Malware payload", "value": "bb3b6c92b504f7cfe614121a1775787d6c1ed7ab", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528141, "uuid": "5f7c43df-45ac-4a7f-8165-3288f0d7ee23", "comment": "Malware payload", "value": "ab0648464438ce30f635dacddec94b0133ce0710826e54830485ba78750731204ab3dbec44d3e8d3e195f167eb1f1b29", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528141, "uuid": "a6e16608-9d1f-467b-8a86-155e0f92c628", "value": "T13E23F94AFD81AF00D4E521B9FF4E114A33539B6CE3FE72129E251B2167CA95B0F7A901", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528141, "uuid": "10546d43-3313-45d3-bead-6ee0c50cf29f", "value": "768:EFnyDvGNri7fdw8qZ0se/p6DK8pmlZyx3iV4JGWnUPftn+KlAe:EFn0Gc7V320se/p/4mlZyx3iwGWUTA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528141, "uuid": "2eb1a269-4c4b-463f-8da6-779200e17008", "value": 47536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528141, "uuid": "2bc33076-4b57-4a3a-800b-1083f4f95315", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528141, "uuid": "d07ce247-f379-4a61-9aac-4e0e35822e56", "value": "929e2ac01de2d8740231a1b79a75b528", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5e8d9f9-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684476567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476567, "uuid": "784394c4-d20e-4d89-8b11-7eb1886256c5", "comment": "Malware payload (RedLineStealer)", "value": "80bdb2487d444257268d6f5ac13a3326", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476567, "uuid": "2189b5f8-0e7d-4800-adbd-d8da90a475a9", "comment": "Malware payload (RedLineStealer)", "value": "7588a382091163ce334f06afdcca94d0101a0c5de155bc3de6aa41509e70c64e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476567, "uuid": "d6392698-8d3c-4db5-857a-9a8b45cb44ba", "comment": "Malware payload (RedLineStealer)", "value": "9e409fa1b0674154365a1244540b9cf45933dff2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476567, "uuid": "432772dc-88d1-43e4-96e5-20e582e6b64c", "comment": "Malware payload (RedLineStealer)", "value": "caa6abfc4af1198dc37d5446acea35c2cea34524ce9a9f4afde45124574f0114e49e002d30f7c75ce11b429edbc10e4d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476567, "uuid": "6fe6972c-e6f0-4ecc-a405-17b0a5c4f471", "value": "T157252311AAF95132C8B46B705CF712870A717EB14C7C8377278A79070C72AD9B572BAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476567, "uuid": "bb794160-04b5-4554-8abb-bfbd81fdfc9d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476567, "uuid": "f3bab934-5ee5-4c86-ac5f-9645ccdf2d08", "value": "24576:MyvfFtYFo2mT7mI8zxhCB08V9MULq5Ji5x+J4frdSU2S:7HA3mT7v8zxS0ULlrW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476567, "uuid": "36c6f53f-6e19-46a1-9ab4-046dad948581", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476567, "uuid": "173a4dfa-ee09-4000-aada-fe648e8e2bd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476567, "uuid": "e796dcac-dff4-420e-bc81-0d00c1c73b40", "value": "80bdb2487d444257268d6f5ac13a3326", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8d11e25-f62d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1684491175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491175, "uuid": "db5492d0-8b87-4d1e-babc-cf8fc0d983e4", "comment": "Malware payload (Smoke Loader)", "value": "6fa86779d8dcc1cbfe407b91d4e524d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491175, "uuid": "d9d345e4-3ab4-4abf-9c5a-c916b6b00c81", "comment": "Malware payload (Smoke Loader)", "value": "75d45a1e3c9419f82273965a5b44cf36687ff697872cd45ba97203e5b4576716", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491175, "uuid": "d5f4a152-5c49-4252-bf87-4403779019da", "comment": "Malware payload (Smoke Loader)", "value": "0e09f4adf72135854f22810f86f5d764425f3b7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491175, "uuid": "d2e5a718-45db-462a-b989-d00e1c09562d", "comment": "Malware payload (Smoke Loader)", "value": "57dc851059d172ba8dc655799446564da3e9d70a7dc201c75f00c208ea3603aa261ffa3f998a139f589aa1f1bd389f99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491175, "uuid": "55277bb2-2617-4c08-9bc7-b9086b358e11", "value": "T183643B0392D1BC63FB1686768E3EC6E9767EB9504F0967D722146A1B18701F2C97E332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491175, "uuid": "a1647cef-ece2-4e3c-8231-3b16581709e7", "value": "a5b920833de11e763698004374a64e2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491175, "uuid": "32435aa5-55d7-4d53-b673-6a57e2a0281a", "value": "6144:L8t6EuYdYbbkdO2Hz1qWTMtBm+77G6daL93Tu:5Eu6Y0dbPM6qpqDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491175, "uuid": "34309a4f-f697-46ea-a131-8454ab599f5b", "value": 332288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491175, "uuid": "2e77d745-ac2d-4f0a-8a58-28690fa8fca3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491175, "uuid": "3aa7549a-0e45-4bd4-8d0a-83c98a8e4b78", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54664688-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516347, "uuid": "a2d15649-5b14-4950-9574-788baf98a48b", "comment": "Malware payload (Amadey)", "value": "d085c6836400a823da36226cd1b7438c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516347, "uuid": "dd5e6751-b219-4559-be9e-faef249dc747", "comment": "Malware payload (Amadey)", "value": "762f35f79d1147ea3e7108416a9af5ae4cef3352d10de31c9c87a9a576c2c1f1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516347, "uuid": "88b65642-f593-40bb-8391-17f2f5c3dbfa", "comment": "Malware payload (Amadey)", "value": "cf282c4802f19948570b028828bc3aadc74993b4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516347, "uuid": "31cf1b8d-7b4f-4bfe-aa66-9b84f951be39", "comment": "Malware payload (Amadey)", "value": "e3ea2810434fb202397513461c9372f90948b344d6862826677be2ad98830ddded8f9e0b4ba8cbe5d5b68b78c2a34acf", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516347, "uuid": "3448c9ca-5cbc-4b21-bbc8-144cc8edcd01", "value": "T164643B0392D1BC63EB1646728E2EC6F8765EF9514F492BD722146E9B18701F2C97E332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516347, "uuid": "a68a4b45-16a7-4356-9ce0-3746daa1d78a", "value": "33ad97a6371f251a2ce2085c8f9feaea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516347, "uuid": "fa670787-84c8-495f-8e14-cbd20b7dccc6", "value": "6144:3yT7tLaNZGzLNt+Yix2imCF979KQ93Tu:4tLwZoNt+r2YJDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516347, "uuid": "9ede7372-db34-4c2a-b9a9-082f962bc1ce", "value": 332800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516347, "uuid": "afc615f6-2fcd-48a0-8871-75c0eeed4e94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516347, "uuid": "245fa0c6-d070-4f5d-866c-85148a192fbe", "value": "token.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9095586c-f678-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684523320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523320, "uuid": "16701ccc-f398-4899-91e5-e68ace6a7a2c", "comment": "Malware payload", "value": "441ab0284ea33924e3c88c586a6c2082", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523320, "uuid": "6ed58aea-67de-4714-9544-1c4682ed85b2", "comment": "Malware payload", "value": "7653083d6c27428a459d491cd224d94dda2fc53cb860a61c75a896e0aa56702a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523320, "uuid": "71f3db79-9a1d-4fc6-8a74-429f17d83c0f", "comment": "Malware payload", "value": "fccfaffa2053953c441e69c1845887381ac5f6c9", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523320, "uuid": "803199b7-de91-4bd7-b93b-3d95428452c5", "comment": "Malware payload", "value": "23fbb77f91f422501bc760236728b2fac3072675fedeace46e135dfa0afa88612a99fb9eda7fd9101b7f8d9d5fc6d527", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523320, "uuid": "cca1c396-b94c-451d-a215-10bd720de7d5", "value": "T171254A09BD809F52C5D92B76F64E429833278754D7AAF306590807397B87AAF4F3B309", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523320, "uuid": "326b7e63-6904-4197-8a61-e162b80238e5", "value": "12288:erXiRPpwBSHJB2A6f13P5D79dmuxlNzJs4dm3yxiD1WjfGAIFDFvyq766PdYYTQ0:jvwlP5DJdrRJsskWU5RPdc2ByWwK3R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523320, "uuid": "d7932374-febc-44a7-8f26-f8d5056ef00b", "value": 1001465, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523320, "uuid": "e080405f-c780-49de-85b8-d0d709000a41", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523320, "uuid": "511f49e9-a455-45ab-aecb-a547d5f6c0c7", "value": "linux-arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05010ff1-f648-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684502470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502470, "uuid": "b2476aad-f3b0-4382-b246-47963eb617f8", "comment": "Malware payload (zgRAT)", "value": "c04215e833e361c1ae1a08f2aba85e07", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502470, "uuid": "23b1b2c9-7dde-4c5f-b8e1-29053d07b1a0", "comment": "Malware payload (zgRAT)", "value": "765c609266421fe30c769a001ca281aef3341c889230ae4c328f05cf69c89d6e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502470, "uuid": "ccee8e52-790a-46f7-9733-551e6e803ea4", "comment": "Malware payload (zgRAT)", "value": "c90112d6c22d213018d54bfb68e25d864ae7e546", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502470, "uuid": "46ce9a9d-4ac3-4a85-ad38-a201366384fd", "comment": "Malware payload (zgRAT)", "value": "ca8d321761db03a4990d76c6d6b03ae816728640af9f6a88463df641d9ed51ab810242016fd430c8e3ec4729dd4ee138", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502470, "uuid": "46bcdf48-1f91-49d7-8ec7-3b827a87215a", "value": "T1D7A49D3B769ADC12C3885733C1DB4800B7719A45B253EB0979CD13AA29433AFE54A6DB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502470, "uuid": "a655e4a2-5f91-4762-87ab-928b9b84c2d5", "value": "6144:zAJGMcnDC6+r7eCtNnhkTUQ1O37EagSBG+wKb5sOqk1vwuRcYn4:Umr6tg3147LbrwKbFqk1YuRc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684502470, "uuid": "8c96c169-c8cf-4248-a5d4-cf701ee01ed4", "value": 463944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684502470, "uuid": "31937246-98fc-47d0-9269-cf8b75197060", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502470, "uuid": "c8588cd7-3f34-4958-927b-fde11629fb85", "value": "SHIP PARTICULARS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4819273c-f5d9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1684454908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454908, "uuid": "8b7904e5-ea27-4585-a474-d97b5aea41f5", "comment": "Malware payload (YellowCockatoo)", "value": "7abdca8426b8978613045c6deeab6e01", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454908, "uuid": "0ef834b8-46f1-4041-b665-c9530e97a636", "comment": "Malware payload (YellowCockatoo)", "value": "76701a8ea0b224e8321dd0fd27debd7b882d2edb3e8a59cd8040f6cc2f49549d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454908, "uuid": "635f25fc-7bb2-4d0b-a1e5-4e066922ae56", "comment": "Malware payload (YellowCockatoo)", "value": "bbc92423cd901cbd96001791048bae38b32f6991", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454908, "uuid": "8565c439-101d-44c3-b860-180c3c427c88", "comment": "Malware payload (YellowCockatoo)", "value": "9b5d4b1fb019e0baf309caf3077ca73d8c85e8b8763196fe5d670ccc37e99201a057299c4669e11603fa490a4f0fe5f7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454908, "uuid": "4a5d5942-b81f-4fff-9fe5-dab16c25d956", "value": "T12FD489543BA7CC4CAB2C16E87B9B53139B2556F3D6F29F4E06A2B1340A5E8613C4D0F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454908, "uuid": "133c809e-f5b4-4d0d-9569-a92ddf65ac66", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454908, "uuid": "8203a85d-58dc-46df-9c87-dc453e81b659", "value": "6144:zJgwizXy3wiyWYkQA0yZhT7Psvsnru8r8YPBkN5Y57gs60U7FM7LYjY:agRyHU0y375r6bY5gs6QYjY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684454908, "uuid": "7800af8a-f98b-408e-acd9-1fa6e1d1a7b5", "value": 606208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684454908, "uuid": "6f08b3d0-32e7-44b6-ac3b-7570edc60181", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454908, "uuid": "891ecd13-75ec-496b-8562-63987e5d6e92", "value": "HABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZzND5JfGMKCH4froYXDFQi7KwigSZRDJLrAGMwYkvuaDCK1XHBQc7sK0YSNVCZZLBY7LWN2s.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe326d41-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684531664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531664, "uuid": "deb9b20f-8101-4dfd-9283-784adcf6289a", "comment": "Malware payload (BumbleBee)", "value": "39e9221f379e26c7d70e9e76651c26c1", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531664, "uuid": "6bff5e7c-5a16-42a6-ab0b-77a6a211c862", "comment": "Malware payload (BumbleBee)", "value": "76ce89794491beaa5885d05df0f01f5af39cb236df31ac81e82536882ed92031", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531664, "uuid": "394fbc36-f0a2-4e94-ade5-7aaa2285ce4f", "comment": "Malware payload (BumbleBee)", "value": "51d2fc96a2d6559f716d9bb1a4de4ffdad0eba64", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531664, "uuid": "d4714ce8-5acd-4b43-8e0b-43bcba054643", "comment": "Malware payload (BumbleBee)", "value": "c911b1b04c82705e9c1bad7b08f70394f95822c1c090a5edb95fe7cee84f781194461c786e35cf472123499d1423eb92", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531664, "uuid": "fb7d1c67-4eae-410f-ac8a-1dc767eae083", "value": "T1ED45E011E6921FF4D476917680AB292FBB303E584325E377ABC0D23B7D927E05B197A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531664, "uuid": "2a52260a-4b40-47ed-afcb-c6aaccf65511", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531664, "uuid": "3fd15092-5971-42f8-91c9-4422fbe64e2f", "value": "24576:JRnTYEAEZO+waOunLnSqVPS5kGWymbofA5UygFVvE6LusNO5Qe:aglnGqKmboPv1LusYye", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531664, "uuid": "79e1d6c5-7e56-4a44-bc8f-54482f27ef3e", "value": 1223177, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531664, "uuid": "684e5ec0-84cd-4127-bd88-fae949f30f37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531664, "uuid": "ff1cdde3-00ff-450d-9be0-3625a3fafb73", "value": "SecuriteInfo.com.Win64.DropperX-gen.25745.32518", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59f4c99a-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1684512920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512920, "uuid": "5254a8af-d8bb-42cb-b396-0a91b556a628", "comment": "Malware payload (Fabookie)", "value": "6284cdaa02d6e7d2c71da13c2e043b6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512920, "uuid": "3dc2f751-b2e4-4fc1-93db-e66cfcf32516", "comment": "Malware payload (Fabookie)", "value": "773cbf06467c01055d9faf1c1c7134cd6c7cc1eba80a8d6ca889ac800ac479b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512920, "uuid": "53ccf955-abcb-492f-bf84-d26b41c3c11f", "comment": "Malware payload (Fabookie)", "value": "192e42dbaddbf33c0fa447f38bb239d7ed149d98", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512920, "uuid": "c63e8325-dd28-412d-9c64-2c2a95a87deb", "comment": "Malware payload (Fabookie)", "value": "8bf82b078e81d708c19899f373483a237fbea51381ed2d86f143d2d66f939c2952d2eb968d04daab1d4b8361752130ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512920, "uuid": "4a34ca4d-fc40-4bf0-b517-3a9b1649f0ac", "value": "T1A9D4AE35A3D80C56D589113E448E43B19B203E287F2E87CB95E5B5CD0A723F0EB69EE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512920, "uuid": "b5efebae-65c6-4d2f-9968-f88fa5448b45", "value": "a53b84419f7c4c2d994076e70a6910a8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512920, "uuid": "01fd0106-1978-493b-b5e6-877084c00d3a", "value": "6144:XfI7s1nzDI6FkzJwz9OhcHQU8rATK/GHbI0/tGKP15Vuc7GHbI0/tGKP15Vuc1y6:v2EutcHZ049Duca049Duc1y6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512920, "uuid": "fe460ee4-d710-4fb6-90ff-e69a2e8c6607", "value": 651776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512920, "uuid": "15a901ec-755c-4803-9cd7-33fcb43ce7ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512920, "uuid": "30cc34f0-d49e-487b-a990-a49f7ee7b3e1", "value": "6284cdaa02d6e7d2c71da13c2e043b6f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9d721f9-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497673, "uuid": "d9181c42-60da-48fa-b6f7-56854dac7301", "comment": "Malware payload (RedLineStealer)", "value": "8f9bd08ef84bf163fed8f5c571f05aa8", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497673, "uuid": "617eea01-f48a-4d0a-adef-5a64804886d5", "comment": "Malware payload (RedLineStealer)", "value": "779b60b61302e4b8b37370e77d1d10d5c2a4044cd644bfdfa6c873dcd8ce6926", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497673, "uuid": "63b257bb-6956-4cfd-b431-dbc22b2e2308", "comment": "Malware payload (RedLineStealer)", "value": "2265a56f5bceee6deb63acdbdab02b847aedca0f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497673, "uuid": "25a7cf7d-4fdf-43d6-9d16-abf4ca5f40b6", "comment": "Malware payload (RedLineStealer)", "value": "4cdce1ff878a127078e847b5b0508417f0a174edaaef881ab147394c8d8568b36b6bf7630ea8078c78e6421e410cd276", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497673, "uuid": "e9b75ec0-d895-428a-8643-0d7c4e2c26e9", "value": "T18A252343F6E41493F8B62B7005F247CF0B37BC5545B8875F2B9AA54A5CB22C8A272367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497673, "uuid": "b2a587cb-3d78-4acc-b58a-6802e12d9230", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497673, "uuid": "570f8720-4983-4475-bdf5-e95b955ab4f1", "value": "24576:CyWqR3cMYnts2M1RXy7rbqAXS0QrlHMzb8F+Vgf:pj3cbntchy3o05fZV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497673, "uuid": "307207a5-7101-4cb4-b946-b5ea8562cbf8", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497673, "uuid": "21822845-710e-4b2f-9252-618329c27d53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497673, "uuid": "98ec6d88-a69b-44dd-b661-f8c7b532853b", "value": "executor.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67afa980-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684533988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533988, "uuid": "40af8309-30fb-4715-91d5-cb8eb3a68272", "comment": "Malware payload", "value": "dba8a0f0978705d0c42085105cf5ee2c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533988, "uuid": "5930d2fd-aa62-4e77-b2cd-51b3fbcb94b9", "comment": "Malware payload", "value": "7835711589a3fc91713b52203aea798cfef5521bc3651e3aadac71e3e1c81be7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533988, "uuid": "b97d7135-6168-4574-a403-48425365ce11", "comment": "Malware payload", "value": "ff00b3493dfb49c815e8d8b7cc113e81b55587be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533988, "uuid": "dec157bc-d2bf-4290-a06d-b152baad21c3", "comment": "Malware payload", "value": "fce3a85abebae97edeba3bb44f9179f65b1494009ac42f1d0d41437be0afa4eff87b807da01e2c0bee875c2bb7778216", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533988, "uuid": "e98ab8cf-5c8a-4d84-bacc-545a93a61368", "value": "T176363C5BB8824A82C4E4367ABC7D41D473A34EB99B9713666D05FE3C3EBE1990E35304", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533988, "uuid": "72154bb2-53d4-4ca0-9cf6-f9a0f6e2dd21", "value": "49152:oQdGkSpsqkVpXGi8TEeK1cam+lr0wSHyeVI18:oQYzpsqkVpXXeKTu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533988, "uuid": "ceecccfd-96c7-40f2-99de-15aeafc1916e", "value": 5242880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533988, "uuid": "ba739b73-24f7-44bd-83fd-2fb9b485faf6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533988, "uuid": "8ffe56d0-ca56-4b66-903e-8a7a21eb0340", "value": "dba8a0f0978705d0c42085105cf5ee2c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c38373b7-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684528129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528129, "uuid": "d3a94db4-4b83-4656-ab8e-963e2efefc60", "comment": "Malware payload (BumbleBee)", "value": "55519fec12c96e9ef6bb170cc1f874cc", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528129, "uuid": "7ed370da-ee81-41e3-bbe4-5f90b4368bcf", "comment": "Malware payload (BumbleBee)", "value": "78cf36a4dc3af2ffb0dd7fe40e67804899e4940d8ee142bfa19b3ebb02462684", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528129, "uuid": "44ab87ac-508c-48ca-8347-da619e8a2b92", "comment": "Malware payload (BumbleBee)", "value": "19d53f1e869bf10b1366dd6bcd08d4244fbe8658", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528129, "uuid": "d75c7211-3308-426f-9fa3-7c37aa33549c", "comment": "Malware payload (BumbleBee)", "value": "fe6dce06346e53db7cd22432d4bac692c17e3f50222fcc39f36a865e1426cc0987e4915168e26733e667cdb514784b22", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528129, "uuid": "05de8f71-c3e5-43ed-ace3-e0d253386b2e", "value": "T1EB45E011E2A30FF8E476917681AB262BB7307E5C4315D37BABC0D2377D927E05B16A60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528129, "uuid": "071c74fa-a1d5-40f0-8836-06cfc6b65ad8", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528129, "uuid": "c78b6a57-c2a1-491f-8f4a-6ee1b7f481b4", "value": "24576:rRVKL5uAztHwZpU3Hr9gHg+Rin685cYjsUwJAHGB0KMyDxUBeu5/C:eYj23H54g+KjsUwJ0jKMyV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528129, "uuid": "b39da1d9-a38d-4622-936d-5f7daf7652d5", "value": 1226252, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528129, "uuid": "0923302c-033d-45c2-8118-ffaef4c90b55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528129, "uuid": "68b48842-b4f3-4076-80f5-21b8f5fea22b", "value": "55519fec12c96e9ef6bb170cc1f874cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0314403f-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684477985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477985, "uuid": "c549e105-49ea-4541-9b96-b7f1636a1443", "comment": "Malware payload (Loki)", "value": "9489c862362a7be7a2bd9d51df3a1753", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477985, "uuid": "1255c41c-b708-4f5d-a13a-08bddbbdfd3a", "comment": "Malware payload (Loki)", "value": "79f601e924552897840b22ac3766647a092ba289b5f2eb6c829dcb1e4070cf19", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477985, "uuid": "7b24d9a7-cbb4-411b-9f2e-4849bd072305", "comment": "Malware payload (Loki)", "value": "a9389b242bd0220633df3be58568efc1a73276b4", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477985, "uuid": "59b6308a-415b-4d36-961b-4c714a323417", "comment": "Malware payload (Loki)", "value": "c77f50db55d6dc538337973d88f897eda5cf03df018ab5120ce8766f5b8250939d8e8b8f64755ad73f0411b6fa1a4901", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477985, "uuid": "0f7106c7-1b5f-4e95-9e05-f9d1b693bc99", "value": "T1F6350213F244CE4AC9418BB1AEA3A898531E7E55BF89744B26043B6F2EF75B07943D0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477985, "uuid": "ff00b9eb-09b8-40c7-b2e4-0fcb4ce19361", "value": "24576:SLKh+MXUY+MXUDyWWKCpJ0GDJqCCCJCCCTCCCQ:SLKh+MXn+MXWyW1Y0GDJqCCCJCCCTCC5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477985, "uuid": "e7583110-440a-4370-8a43-f59782ee3d26", "value": 1077760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477985, "uuid": "14f7ba82-6521-475d-9ff6-8bc50165eae7", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477985, "uuid": "4c9e792b-5f16-4303-b515-ad8722508351", "value": "PAYMENT ADVICE.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9d246f3-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684477003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477003, "uuid": "837ddccd-9fb6-4798-86f9-e91ebb583d31", "comment": "Malware payload (SnakeKeylogger)", "value": "ebbd4a0c9ae1290a34e09d4f75a32c00", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477003, "uuid": "2c56868b-561a-4474-b0ce-78bbde0f8b59", "comment": "Malware payload (SnakeKeylogger)", "value": "7ade52d9d7e7aa377a7855a6effe236cebdccf32661cbf1329ea4da9951f2df7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477003, "uuid": "9e50f361-fa96-43ef-8b1d-4219d5cf2930", "comment": "Malware payload (SnakeKeylogger)", "value": "39e1be09f4c665a0232f325e3ead3facbf4a8a2b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477003, "uuid": "aca4ca85-c6c7-44bf-b0cc-e003761d9416", "comment": "Malware payload (SnakeKeylogger)", "value": "a124bf8dabb8ea9eb778ea4d4b2fdc568fe6692cf9a0082b1b12d677cdf64764157590487ab858e5eec68b35b5d4c1a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477003, "uuid": "6c06ef6c-6def-442a-b05f-00968da7dbd7", "value": "T1C0D4F02027D9C70BD05A837AD0E1D2F057B69D84F976C7D70FE9BC8FB18B2A52212256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477003, "uuid": "673ddadc-df51-4d09-86da-6fa5f85e2496", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477003, "uuid": "9b3ca74f-7804-42ca-86a3-8e0a7bc85a06", "value": "12288:QOYpWgBRmPidU739cfogJbLP/4fzHdbFawIl+fRD6pXuxW:Q0mwi273u1LPwLah8qu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477003, "uuid": "8475d649-584f-45bd-a580-7f2eb33240e7", "value": 623616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477003, "uuid": "f2bb50db-618c-434c-a2f3-19056c2fbdbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477003, "uuid": "81f39627-14fb-4613-a9c7-52497e84a014", "value": "XM7BRuBRKdHbyKX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb2b9d93-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684476576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476576, "uuid": "9b78f5ad-4b56-4237-86c2-e1e29ecef64c", "comment": "Malware payload (Mirai)", "value": "9b1881717125c915b702998ca5d8df1f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476576, "uuid": "42d59376-ff1f-4a9b-97b4-4154713fb0d1", "comment": "Malware payload (Mirai)", "value": "7ae5ea380a311dbb37731cfd313c43d465e8bbaf9d38eb471072a3a335e518b1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476576, "uuid": "5f1158a5-1e6a-41fc-aa95-d79b8f912d91", "comment": "Malware payload (Mirai)", "value": "41273885582396bdec3680c8dd215850b5b78489", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476576, "uuid": "9bc6f694-70f7-45ff-b54d-929d42b69c77", "comment": "Malware payload (Mirai)", "value": "1cf4e681f42a49d3d9454c1d4271ff94ed760e0725836dfd21cc00e03466219be42496b77e4ddb661a07d48d5bdcbadd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476576, "uuid": "fa03d50d-3420-4d31-99a5-106d398becdd", "value": "T16213027792CBF615D16EA779099E7CEB441A228A5489CBCC3E45F971054C880FFE4A70", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476576, "uuid": "592114b0-eb4a-472e-8bc1-e8e908d1cf49", "value": "768:Z975koPgYfyDwhu1dDugWHxDkUoK6DIfJnzPE/mHrNzNwVEUqNY9wqUFltBTvSqY:77kKRhodDubHBkUoEJzP/XJNIUvT6Rf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476576, "uuid": "a72ec5b6-a6ed-4aa4-8662-0edf53359404", "value": 45052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476576, "uuid": "5b040da0-cc17-4743-b4aa-42ba18fe0b0a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476576, "uuid": "18bec661-7d33-4a8e-b448-714bfb1f1cb3", "value": "9b1881717125c915b702998ca5d8df1f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ddf2bb1-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684525275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525275, "uuid": "67f46863-092a-430e-af5d-b99c3263ef11", "comment": "Malware payload", "value": "abd14f2083e4b79fadb4ddf0f69659f4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525275, "uuid": "32483dee-b4c0-4ea4-9362-7d2a85bc94e0", "comment": "Malware payload", "value": "7b2cacd8a70808f5a1b068211a95f28800098c926db5423b03fe6df49dbd2c5b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525275, "uuid": "d6ffc0d1-a07a-4837-862c-57f6f6b9cc0c", "comment": "Malware payload", "value": "d71036c1e4e1d3ba6c96ac371ac2fa64c2cba887", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525275, "uuid": "4f701f0f-a343-456c-8b82-02353c3e0834", "comment": "Malware payload", "value": "ed9a145710c34b0f627c2be397b49d9f4b8e54b7f26389d55745d794dfa493eacf697f34bc17bfc8a2e1f0184392c431", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525275, "uuid": "39f1a153-2748-4608-9419-70eaf23c0060", "value": "T1BD85BFCEEB8294B7C56B0A7005DBD77A2330E938805F4F576A9DCD78B817990BD0EA05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525275, "uuid": "4fb09375-3356-4710-9c59-d3e800fcd7f0", "value": "49152:bNihhOhBNhKhyu7cYx9z2rAnKsfRqaFyZB5Ss5+Nu:5ihhOhBNhKhRwwJ2ro4aFyZB5Ss5+Nu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525275, "uuid": "b97180ff-b6cd-4fbe-b0ca-7efa00d45eca", "value": 1870048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525275, "uuid": "c0d1ac57-7c85-4933-9560-6fa0a2f2dff5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525275, "uuid": "676b065e-db79-48aa-ac9d-adffa835c069", "value": "abd14f2083e4b79fadb4ddf0f69659f4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67e3c84f-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513802, "uuid": "52d516d0-7633-4e72-bf68-0d068b308df9", "comment": "Malware payload (Mirai)", "value": "8e174c3ff4d2ec710a342860ad3b7141", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513802, "uuid": "978fee06-f1f9-4898-81cc-ec2261cdbd57", "comment": "Malware payload (Mirai)", "value": "7cd270ecaa0916aeb3e59c4f71cee9ff95ceb65ada032aab8d00394e16add03d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513802, "uuid": "40c72179-a6d2-40f9-a408-9066152daed9", "comment": "Malware payload (Mirai)", "value": "ae0ac42584e1dea5c535b3cb9802e1bc9043387b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513802, "uuid": "268d8a89-75f5-476e-97ce-3147b7d196ce", "comment": "Malware payload (Mirai)", "value": "c7f96644959de9724847fb3f4a227e021eb428c6b30fd4b5d7d62e9ce711ecac8e24c903793e95fb554143b68709deeb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513802, "uuid": "7c19c5b7-2700-4f78-9404-123639927680", "value": "T1A463D715FF550FB7DCABCD3746A81B0239CC554A22E87B3A3534D828B65B24B49E3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513802, "uuid": "2c392adb-7d81-4c07-808c-03df6d3b048d", "value": "768:ID59zclowooHX6gcKbW4e9JQxOTe9/BekPSl0Sw+uo0iZ5qqXizwX7+e2kWI//w0:I1wog7NeaqA/BTPxq9Z5qO7+BkWbQsU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513802, "uuid": "b01cd1a2-170b-4485-8ff1-55ca0f5d588c", "value": 73228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513802, "uuid": "0ac46106-92cc-498b-a688-27efb4146eda", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513802, "uuid": "0721898c-7e28-4860-ad88-b62c2e1c14a1", "value": "8e174c3ff4d2ec710a342860ad3b7141", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6115840c-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684488021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488021, "uuid": "1cce12ec-ba4f-4914-999f-306934a6724d", "comment": "Malware payload (Formbook)", "value": "636227723ccecd4a363b94e6682e444c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488021, "uuid": "0431c09c-d067-4c00-8caa-466174b5ae3f", "comment": "Malware payload (Formbook)", "value": "7cdbc9e74ca8d6119202864a709809712505bac9f32b6d60c552f01a1ac090c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488021, "uuid": "fb6fa96e-6c24-4b1a-b56c-5e896cd0105f", "comment": "Malware payload (Formbook)", "value": "046b3afdbb518c8e85614075a4c8a5b6f4f4db34", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488021, "uuid": "cc2957b5-c968-4f43-9c13-2670f4b9b3f8", "comment": "Malware payload (Formbook)", "value": "92dae386550e7addc9f6a44c3b75bad5580f39e2c06776363d0b4f349e8da00f042fdad83fa5c1684e19319bf00d9388", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488021, "uuid": "3a107445-7faf-40f6-9f97-0d47701043cb", "value": "T16025D05062AC9F1AE03A97F508A1C1B453F44EAA687FD3578ED27CDB3A95F610B50B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488021, "uuid": "8e52bb77-3805-4abd-9cae-0afd929f4510", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488021, "uuid": "9a63d386-e7b8-4005-93e7-af121f2fcc61", "value": "12288:rS8hue/3H1Jdo/aNnIPVVkD2jFPCi9vgU9Ri28jlla945wbpoMJZztKNTuY4ICeF:rBPo/aGtVkDkFX/8jqRbFJnKhuYT7lP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488021, "uuid": "40dd610d-1136-4380-8597-18be1d6b21e0", "value": 1022976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488021, "uuid": "59eb6b24-ccd6-4c34-926c-43b5749dd5fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488021, "uuid": "a2672f97-4cfa-4b05-8373-2734353efad6", "value": "revised order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b70f78f1-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497614, "uuid": "81ea4bd1-9f91-40d6-a39e-76a5664ed103", "comment": "Malware payload (Amadey)", "value": "f2ec42c6f0427ff68f1c4188fee61420", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497614, "uuid": "11a67402-622d-4bfd-9412-4dff89469148", "comment": "Malware payload (Amadey)", "value": "7d154d8b37082086072b1be3905611e19e6ba466b825a8968ca45e7417643bad", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497614, "uuid": "29029161-4c90-44dc-9afd-326b4851a26c", "comment": "Malware payload (Amadey)", "value": "5c8efe8122aa192e9a2af6fac35e2daeb89e9959", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497614, "uuid": "c76a752d-9ab5-422e-8b43-43e4abb426d0", "comment": "Malware payload (Amadey)", "value": "4382729a857f91b8aa4bcf8d26cb69570c3343d80f5f6cfef1a751f8347b19a88296cd3e7f5db84af0ee228e5e2f067c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497614, "uuid": "9782eb70-8e85-401a-8a3a-39bfe2460ae9", "value": "T17E252312B3E881B3CAF50BB519F31183273DFD96A874876B2505891B1DB2394E9327F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497614, "uuid": "df1f3a30-6cba-49df-9055-f71a1149058e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497614, "uuid": "872a21f3-f389-447a-b547-9ba726da28ec", "value": "24576:ryzVvjzIGxOu5f9y99xI5pSXQnvgJHX4ki0eZ6oa1hX5qN05PO:eBj9y/xIbSXBXnneZ6p155L5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497614, "uuid": "3af9fce4-db58-4fbe-918f-3a093f88f898", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497614, "uuid": "a0548ddc-2590-484e-b10d-d47e0533c6ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497614, "uuid": "102f4246-f328-42c7-8291-6845f16cc01c", "value": "debug.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c9af021-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466861, "uuid": "0b8c4b9a-1d0d-4c78-b052-e15539eb92d0", "comment": "Malware payload", "value": "bb6f08e7e3daf1d27240ae9aa32b0fbf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466861, "uuid": "6ab44970-12f6-4443-b818-dc36d89ae242", "comment": "Malware payload", "value": "7d9671944e0f845093fc39ab4087315b396f857e3bfd3bac1bde6465c5cc1907", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466861, "uuid": "736fb94d-95bd-47ea-bd75-33766a3d6697", "comment": "Malware payload", "value": "a386c6db88db7dd13c122e3fe5c27180393a0b32", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466861, "uuid": "1f1c3504-e3e3-4665-b5a6-55d796b4dff3", "comment": "Malware payload", "value": "59b8968d34f99236bda923b625f0fe2b4630d91684879edef6e32ce0fa512e42130f7055723d38049d81c449dc208908", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466861, "uuid": "2bfbec8a-9e9e-469c-9382-fa59a4a185d3", "value": "T171357C02B985873EF27117B03F79135499767C3D5570854B67B83B4B8EB29F2AE22322", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466861, "uuid": "0038cd86-440f-4017-9632-40b1d07dd0a4", "value": "af2d926755c0ee1745be089ccb037a67", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466861, "uuid": "40ce5f24-f689-4524-b47c-fded1c8d1b12", "value": "12288:/iisZ2EC95e+hiWt7ITY3nc4zF/Z5ijVR5Zrhkssgc1Ad2uN8qIRZS9VC+r8:/iHl4Zt13c4zf5iD51hklgpN8qIRYr8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466861, "uuid": "646ce802-231b-4c0e-8d18-ca15d0ed9f83", "value": 1069056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466861, "uuid": "1de13922-1d4f-4247-b128-8058b16f8719", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466861, "uuid": "7fd8b1ba-54e9-4b8d-9319-cc0be81f5d6d", "value": "SecuriteInfo.com.BScope.Trojan.Wacatac.16583.14849", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a12b9c36-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516046, "uuid": "da285d18-95b6-4614-a809-aca32b549af3", "comment": "Malware payload (RedLineStealer)", "value": "b09d0055d64a71e4c3e099a739e0eadc", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516046, "uuid": "3ac646c7-8d19-4b1f-aea5-fd7739884e64", "comment": "Malware payload (RedLineStealer)", "value": "7f11fffaa39ef0779cdd89e8af5d5f8f747d1ac8766e4804b61d86dcf4f5cd5b", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516046, "uuid": "b9bf3365-7f16-44c5-8dda-8a3e583a0c66", "comment": "Malware payload (RedLineStealer)", "value": "e9c14b91ef3f5ce0f0d4be0310fc1edb57f64a4f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516046, "uuid": "d2f1cc61-34a4-4348-b5dd-25e825ee499a", "comment": "Malware payload (RedLineStealer)", "value": "c09753daa32c86985164ef381dc504b6ba5724c8869d857eb32b583cd5ab8cd904931b1224403f8532be95a1fca03ab2", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516046, "uuid": "afab197b-58d9-46fe-861d-99a0728cdb3f", "value": "T1B2252313F6DDA952EDE51FB00EFA03C32736BDA7693CC26B16529A660D734848432376", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516046, "uuid": "49630827-beae-4f2b-8091-a894954c889d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516046, "uuid": "72fbc3b9-895e-41c3-9ec5-a169611bd814", "value": "12288:TMrJy90NccY6T1iNBKGBCwuGKnT3cwEkjS/aQEz4U1LKcjH8BFeB6lba7N4jNz5r:qyWbEKRwuFLkkyaQg4U1OGmFe6e7g95", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516046, "uuid": "0a231f42-28f1-4328-9de3-662b7f2c3343", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516046, "uuid": "073e03e0-0c70-4373-96e3-fd4ad0ce873a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516046, "uuid": "a4e02573-0888-4c25-a4c3-6e36cf337910", "value": "compress.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "993aba65-f656-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684508731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508731, "uuid": "58053493-18dd-4c2f-a33f-69d45fe02062", "comment": "Malware payload (AgentTesla)", "value": "9c040616832e13c93a68d73aa061cff7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508731, "uuid": "4bc8e8de-23f4-4882-aaf0-5e6c32507f73", "comment": "Malware payload (AgentTesla)", "value": "8067342812e8fee9dc78b51e57c8c9402598bbfa7742355e2e58bc77ce6be38d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508731, "uuid": "f057d1cb-e9f3-411d-a182-774ffb89bdfd", "comment": "Malware payload (AgentTesla)", "value": "e6911cf06b30e48244c62c08479e5df03f32970a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508731, "uuid": "cf2d631d-5c5a-4f4f-9488-b1e9be3ad687", "comment": "Malware payload (AgentTesla)", "value": "9042b68e6aa52483ed4a4804e707b0cc9d77e1e292baaa444e7d46db0526006fec7c32268aefd46ef7183e77d0046625", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508731, "uuid": "044728b9-777f-42d6-a316-b22a0f906aaa", "value": "T10AE4507C8AB50AF6C037DBE0A7C58893B94B7D73F40B5A6341D2435DC267A7124EA42E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508731, "uuid": "8a466440-71c2-406a-8384-e3e2fff2fcd3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508731, "uuid": "34bd09ca-90e1-4db2-b526-4b813030265f", "value": "6144:b/yiHYLTLIDz5jSBLO9155Ckt3cwZ3xwXc17y1lFE+BI/QsboV7eMkL5w0MXm+cX:b/yiHD8LOHHcshw276DEG48RCw0uqX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684508731, "uuid": "627af9c4-fd9e-4e48-980e-f705cd7ad9ee", "value": 691712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684508731, "uuid": "c8d4ce69-41d9-48a6-82f1-91e6562fa54a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508731, "uuid": "8435a8bb-8233-4984-b25f-d70423fc67a6", "value": "Shipping doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a900dd9-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684488305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488305, "uuid": "8c35256e-fdf3-47a5-bd97-4158bde9aefe", "comment": "Malware payload (Mirai)", "value": "f49a6d73edeab012b5919b5cec5c0b70", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488305, "uuid": "559949a6-eff8-496c-a210-471b4941cc0c", "comment": "Malware payload (Mirai)", "value": "81dd96efafea7a8f28f96bddaeba88298c909e2d90ab6612c7bec41e51398d97", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488305, "uuid": "81a0b7d6-8f3c-44ed-b5b7-3bd2d624a333", "comment": "Malware payload (Mirai)", "value": "0e375f7d94f8b9ae4dda1f59203295cc68816cfe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488305, "uuid": "7e2deae8-709e-46e7-a1b6-6994806df443", "comment": "Malware payload (Mirai)", "value": "2a78c0e2890f3ec755f8463542ac4c6344e445f41f7a0e19c495537e403963d0b82e22e5a7d7e6f11be82d4539335abf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488305, "uuid": "adeffabc-0df2-4826-82ea-fa6c0eb4465d", "value": "T17D935BD7B8009DBDF80BD63B4412090AB07062554FA31F36B3A7BDA7EC761B86D96D81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488305, "uuid": "c04f3f82-3592-4e85-8036-88b705107ea6", "value": "1536:xE4ftJfpDUjWMLVzrkRpakCdbtlULpENLQAxuD86LXElwcg3rtLE7vTuF18PnWeD:xijWMLVzrkf+btlOA8AxuJXZ35L63+eD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488305, "uuid": "c566e9ef-2eab-4395-86b9-5023243c32bc", "value": 93516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488305, "uuid": "aadaa6ee-6b7e-4c40-af12-33a67d18dcd5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488305, "uuid": "fabda639-5881-4550-bc32-be1650890ee5", "value": "f49a6d73edeab012b5919b5cec5c0b70", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fba7e5b1-f647-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684502454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502454, "uuid": "9709521d-0cd3-4220-a667-8398072d38ad", "comment": "Malware payload (RedLineStealer)", "value": "d590b559453ca8be7ff87d34194633bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502454, "uuid": "e4b48d48-edfc-4673-b729-ca5668d7fef4", "comment": "Malware payload (RedLineStealer)", "value": "82100db8cbb0445852c00c370cfebeb7d88c5686b0a06a79b72a18770141deb3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502454, "uuid": "0183e043-3012-46bc-8acd-234bc09c402b", "comment": "Malware payload (RedLineStealer)", "value": "327871f9db542a203320b21848f69e850c744088", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502454, "uuid": "c28e53d8-0bb7-4fab-8242-6c6cd96ca81e", "comment": "Malware payload (RedLineStealer)", "value": "3b6a551a1ad858cc03a0081148104a7d6a922c17e6a53622dc433268d73ea16f913e7c2d03bd6a0d892c58c7073cb7fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502454, "uuid": "d4d38e39-e7ce-472c-9dcd-220da74fcacc", "value": "T143252353B6D8D562C8B62B70C1F6078B1B35FD716928C75E23C6B94E1CB16C8A831B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502454, "uuid": "fa244dff-d840-444c-940b-dd780b5f9e88", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502454, "uuid": "1c9e5f17-54c3-4e84-9b11-23dde6a0480b", "value": "24576:wy+xJF47Qet8KXtuIPjso4AvstcUB+BoJRfG06sIheQ:3IJ67Q88KXXLZ4AvaM6jfNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684502454, "uuid": "2576e694-a8ee-4acf-99a8-290c689ececb", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684502454, "uuid": "a5c47478-4312-4a76-bd94-b152cf1bebff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502454, "uuid": "eb6de339-df24-4749-9900-9b3150f251d1", "value": "d590b559453ca8be7ff87d34194633bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78291181-f63b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684497079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497079, "uuid": "84e4164c-fcdf-4bd0-a539-c333bbcf8123", "comment": "Malware payload (AgentTesla)", "value": "ea0e96a02377e9e4db32d8f4d6aec75a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497079, "uuid": "3d1ef61c-80e4-438c-904d-279d59020225", "comment": "Malware payload (AgentTesla)", "value": "82bdf8d51de5a8c83057f679e17818ad9b1f644d69467acdca364603c421c700", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497079, "uuid": "50cf778b-d666-45c2-b656-e4288effa192", "comment": "Malware payload (AgentTesla)", "value": "e6781b3ce0021797e16325fe686b32884c7fb284", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497079, "uuid": "032be5d2-0973-4885-ab07-85c3d733ece4", "comment": "Malware payload (AgentTesla)", "value": "06097b2494bc282795179610f81c8e47b9679711fff22d437f0071618ab8602c341d24dbe0a097d8b50a5dfa1b4d9b8f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497079, "uuid": "1c25d0f2-db70-4fc6-a1c3-3957db89bbe9", "value": "T11915E05126B48F15E2B66BF95672E13443B22C15F626D3094DE12CDB3DBAF823B017A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497079, "uuid": "2d5628ab-801f-4b2f-be5a-34fb1682c9df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497079, "uuid": "287ff33d-9edb-47f6-83e6-d2ce9bdc69bc", "value": "24576:uKG48P0iBY5FQvaKluTpwclGKOUGd9fpfef5HnU:gP0iWHqaFTpwclZgXEi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497079, "uuid": "f8d718de-4166-4b56-8f02-239eb6b25e17", "value": 918528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497079, "uuid": "4da231b0-ac7c-4ecd-8ba5-d307585ec3bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497079, "uuid": "bee5df59-8d7b-4ba0-b7a7-963ec7b13fda", "value": "DB_DHL_AWB_001833023AD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b420708-f64b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1684503956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684503956, "uuid": "bce1d282-5b3e-4215-841f-e83bd061d10f", "comment": "Malware payload (AsyncRAT)", "value": "177f883d3ed120057960eb0b539cfe74", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684503956, "uuid": "3e4c9053-4183-4d2e-a502-077a44ce8e1d", "comment": "Malware payload (AsyncRAT)", "value": "82c85f030f61b2ec5d5b7197020dc37c18ed6b0c0e1b88037d6433d8a168f7c9", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684503956, "uuid": "5a5bca05-6baf-4eff-a9e3-77a1de15ccde", "comment": "Malware payload (AsyncRAT)", "value": "474c33d3144d0350480de87b08c2accea2550d17", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684503956, "uuid": "b773ea90-6e21-4629-ae65-c1a262ab5b28", "comment": "Malware payload (AsyncRAT)", "value": "1d8b1cecb27597702485165151d74636694f93f0c181b578d4b8faa7fbe775e303adfde414a927178caefc8c54190be8", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684503956, "uuid": "03b21a5c-b415-444b-869d-1ff9915ca0c4", "value": "T167C4F101B7D688B2E2731A364E39B714A97CB9301F24CA2FB3D44D6DDA34581A625F73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684503956, "uuid": "b82974df-6ca3-4b69-9401-33f3fe732c3f", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684503956, "uuid": "869a0959-f727-4604-a769-4e4c1ead2f97", "value": "12288:AcrNS33L10QdrX6r1nBnHW9AdaaZn90RB3ZI6gRd:jNA3R5drXq1BnHUAIAnOR3I6gRd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684503956, "uuid": "52dfedc6-1191-47dc-8b31-c1307f52e64b", "value": 587632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684503956, "uuid": "b8bf5615-9e8f-44d9-886a-60fbea7d9ada", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684503956, "uuid": "c412352a-9ac1-44f3-a697-5792bb33b8db", "value": "177f883d3ed120057960eb0b539cfe74.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58246d05-f657-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684509051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509051, "uuid": "7201be12-1fee-48e7-abcb-50df0e072b83", "comment": "Malware payload (RedLineStealer)", "value": "49e8cd3d181ddd4686531fb3a6c86093", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509051, "uuid": "719ab8bb-12f1-4ddf-be60-127049475774", "comment": "Malware payload (RedLineStealer)", "value": "82fe25e51fd08311f7853a1178ec5279ea70a79ec0c86d7809fd2118e3e05558", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509051, "uuid": "12cf031e-57c5-483f-9878-1adb7147e699", "comment": "Malware payload (RedLineStealer)", "value": "c6d673045b558903f24de42562064aaa2e57caee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509051, "uuid": "ac2f3b2b-b081-4d3e-999e-9845c1c20ae7", "comment": "Malware payload (RedLineStealer)", "value": "328bf8e8c1fd8d935347f972a8acb3211ed8a8fb7e61b2bd86b9dcdddbaa9ee27c731cbea639b3547e856e6a0f841cc7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509051, "uuid": "23926144-139a-4412-ae7b-f79731a53076", "value": "T162252223ABEE8073E5B56BB014F751930F367E91AD3C47B623465D8A4C326D4A932723", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509051, "uuid": "81be9451-e61b-4aa5-9f6d-ec2d3ab2adb4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509051, "uuid": "4bc6c826-c70e-4fe7-bedf-287f231ee40e", "value": "24576:WyQ5rNE7lfOt+rhQwfpavklPzhiXe3JW/RZbW:lQfyGtShHdlPzhiaJW/n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684509051, "uuid": "d626b7e8-2d6e-4bc2-94ab-cd7859b3b04d", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684509051, "uuid": "684391b6-d898-462b-80d5-15a312d4ddfa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509051, "uuid": "ff0bd9e7-82c6-49ed-a02c-fa4c3f0ff5b2", "value": "49e8cd3d181ddd4686531fb3a6c86093.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab512c90-f606-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684474402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474402, "uuid": "8601c207-c1d1-4c8f-863d-6807516721e8", "comment": "Malware payload (AgentTesla)", "value": "4285baf5b9246963176354bf76b64a9e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474402, "uuid": "4ef5e8e3-a27c-440f-b736-993e484f8b90", "comment": "Malware payload (AgentTesla)", "value": "834999df6bd40e9353c000403521e320abaad8f93bb4a1a3e7e020d50d761a9c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474402, "uuid": "4a98a038-6697-4536-9c50-c49cf3d0cbf4", "comment": "Malware payload (AgentTesla)", "value": "bbfa4dcaf86f212d843377f98cfcf5408cda3f0f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474402, "uuid": "39530887-2696-4708-81d5-6e5427bae1b9", "comment": "Malware payload (AgentTesla)", "value": "18b31b03f8b869c9e4589e6e37a6da6992fd8ce27719bfae5ec050491826ba40f6e0db6f9b9d0f092ae85bbc41b0a4c6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474402, "uuid": "bb3bcb61-287b-4ebc-96ec-3558f0622b40", "value": "T179D4D070619A8B52E02EDBF12478B871177134F3E9E5C5380FE6A6C4CD6BF146988E4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474402, "uuid": "834bbb33-6686-4448-8ca1-080cccbb20cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474402, "uuid": "e465a34e-6054-448b-a842-a33a4c1f2617", "value": "6144:WilZaTgM93nbDqEbTmVIxIQs+3rCO2zZA16/enuIgzPIER52FI9oR+Q8yvHrb0:ZwTTbeUmVlQ1bCO8Og/ZLJ5FrI/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684474402, "uuid": "9041eede-218a-4067-9257-af9ea6565d9b", "value": 625152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684474402, "uuid": "814281ab-aa76-4591-8b79-73e9436b9dc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474402, "uuid": "65a38546-2a65-4db0-aa9d-8adc3158a146", "value": "Invoice,jpg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46354fe4-f62c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1684490553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490553, "uuid": "356cd60e-ee76-4a2a-b2fb-92fab32a4290", "comment": "Malware payload (Fabookie)", "value": "9f5edeb9c5a4c7a714e567033f7b7029", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490553, "uuid": "0bd61d5e-7cc4-44d8-9434-e02e25c49823", "comment": "Malware payload (Fabookie)", "value": "83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490553, "uuid": "76e357bc-2ce9-4a90-9f85-49be114a5337", "comment": "Malware payload (Fabookie)", "value": "c94c776de6e738bc6c31e238a1d3e1447579a260", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490553, "uuid": "524581ee-454a-439d-914d-0ad1f7142162", "comment": "Malware payload (Fabookie)", "value": "736ad846c031d1208b12a716d77e81817c5a9a6aed960ed9abb5eb72096b08f33ac0f77635f137b40db33cabf4871a9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490553, "uuid": "def3bf21-5a52-4053-bebd-d43b2e25e353", "value": "T13624AE80F391E195D15E8175C927CAB86262BC1C9A345BBBF294BB5F2E313C74036E27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490553, "uuid": "f64dba2f-ecb3-4c08-9709-ad748289fe16", "value": "4fd11f5c9a089e7b45c77cd8b5fde1cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490553, "uuid": "5cde3d27-a99e-48d2-a7ca-3cd39827c202", "value": "3072:XPK40EkykKqUa9antF5hvvJkuXpqQhJkKqUa9antF5hvvJkuXpv:/aVKq99UF5hvv/zh6Kq99UF5hvv/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684490553, "uuid": "e5e29870-fa6d-4ced-b668-00c810984721", "value": 216064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684490553, "uuid": "4d14f820-4c2e-44d9-b43b-9dcb069c34b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490553, "uuid": "2efa528e-bfa5-4428-a67d-60e54049efd1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b296c53-f640-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684499124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499124, "uuid": "8d5ee54d-eca1-4859-adf0-1df6f6c29a6b", "comment": "Malware payload (AgentTesla)", "value": "4d0e331deaa258bc549b39550d7b2d48", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499124, "uuid": "5951b38a-5af3-4374-9263-0d422d348b9f", "comment": "Malware payload (AgentTesla)", "value": "8428406eda6db55581a934d0ca6b892e5aeaad581174e907b02bcc8e48d6280f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499124, "uuid": "23942ae0-b41f-428b-9f97-7eaa144aab01", "comment": "Malware payload (AgentTesla)", "value": "03869d19f359b1aa0c0574e08f943b131958b441", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499124, "uuid": "eb7f8996-b49e-4cd8-be10-3e8ce243c229", "comment": "Malware payload (AgentTesla)", "value": "0495c9c1069b1b953c5dfae25bf9ed9f56bc5d250999ad4cf7351fb1fee3b8300f91d27291c2fdf8a4c2a8fdb0326021", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499124, "uuid": "2abbef03-f01b-4597-9690-313bad4f4d7a", "value": "T1B415F1D116A44810E2AAAFB98AB3F23853746C51EB63D30924F02D973D77E977A017C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499124, "uuid": "927023f8-73a1-4201-9b7f-29f39295094b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499124, "uuid": "6930f610-e14c-4644-8ed5-90ed67870df6", "value": "24576:6P0tj6tVhE8cqiuo6NTsB3hgwLvt/W32:6P0V6tVq4q69sB3hJ/82", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499124, "uuid": "55d6876f-9c8a-4e1f-857b-ee8327100b35", "value": 876544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499124, "uuid": "d7fd1c23-6b42-45c6-84e3-4a031962beec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499124, "uuid": "aa550132-799d-45b9-8fed-ce87f9ee9381", "value": "offer number UC23070.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e2c0db2-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466890, "uuid": "b2a69eb7-cd3e-4210-b1d6-28f674c4ab3f", "comment": "Malware payload", "value": "ec7a49925fff099f09880a451ce398be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466890, "uuid": "1f3d388e-4c83-44a8-8ace-04703640173c", "comment": "Malware payload", "value": "842a7b173f7a1991baed51c00c4e4509e23241807cb93ea0e48b5cb213450afc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466890, "uuid": "7de2d004-b40b-4c50-a6ca-a7138a1fe293", "comment": "Malware payload", "value": "13dfecd7a4decc020714b6d4ac56b0dc20088e6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466890, "uuid": "7c77d607-54d4-4565-9ebc-77a7f23b5273", "comment": "Malware payload", "value": "09a904e3d81c2d86370feed053f78c66502556f6f155246a526a44fff333689ad2ff07c6021db8e6d0c3784645db1227", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466890, "uuid": "b0e8e53f-9426-4dc6-afdb-65e85fa3eb7a", "value": "T10A14BF373DF20069C4CE81721575D6273FBFB45043756AB3AA68A95AF632DBC0F29260", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466890, "uuid": "52052621-09f6-4f83-b8f2-b854c6461b45", "value": "768:iqZPqD3VTiFd0cyxdcYdA08TZqWBq3AktDl73oicKLeZ9tGqnS3AcvvNU:DZSbF2Fd08TZqWEQktD1oF7lSZH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466890, "uuid": "17e46b06-f946-4ebe-9921-68fdc878c552", "value": 196608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466890, "uuid": "e7be2342-a2c9-42ac-8601-c374bcf2ace6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466890, "uuid": "f5566b9c-4767-4ed9-9fe9-97509e3410ec", "value": "SecuriteInfo.com.FileRepMalware.19224.30009", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0fa3534-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476988, "uuid": "f2abb313-00bb-46f4-a72a-f9ecbde5731a", "comment": "Malware payload (SnakeKeylogger)", "value": "008a212497b84808168738a453f25268", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476988, "uuid": "e09991cf-33ef-427a-8b35-d860c0aa63f2", "comment": "Malware payload (SnakeKeylogger)", "value": "84bb3eef041b324e481d2f90eca48a5cd85866adfb1188405b28807bb3605398", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476988, "uuid": "5942039a-c142-4a6c-9955-4a80a88e9c93", "comment": "Malware payload (SnakeKeylogger)", "value": "b76183d77454f9e2b780dd133ab3f3f002cb43b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476988, "uuid": "6371045b-694a-4cb6-807f-01b139b93ce0", "comment": "Malware payload (SnakeKeylogger)", "value": "bd04be8144cf3c5eaff052be579c83fc137a765db28c334fef91f88db2021fa891d5fa096d3a89447aa12aec2bd2f251", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476988, "uuid": "c52d6fc1-7647-4d24-af45-1a282a3d9026", "value": "T157E4D02027E89B0AE5BA83F15CE0E2F057B59D9D7026D20B4ED2FCDB72A9F910751613", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476988, "uuid": "4a6cd6a4-91c9-44e6-a78c-e1e05c4961d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476988, "uuid": "2535c507-de51-47e0-abf2-c000bd46e072", "value": "12288:5qBt7Zo+HOCc1JFHTaxY+/CyOdcL+tRALZeRKjIHcH9:5q7KiiXFZyOdEkReZeR3Hcd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476988, "uuid": "f25be7fd-abc2-4964-95c7-bdb061c4d5da", "value": 666624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476988, "uuid": "ed131c8a-169e-4772-9dc9-298827aaf3c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476988, "uuid": "69a44763-2c7e-4651-90bd-0e2520ba2e74", "value": "sea freght quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c03b05e7-f611-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684479161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479161, "uuid": "ffa66577-1acd-4776-816d-4251f8178da1", "comment": "Malware payload (Loki)", "value": "8840414a8ba647e57aeadfa3fc8edbd4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479161, "uuid": "6dac6e59-932c-469c-bf61-de25f8e575fe", "comment": "Malware payload (Loki)", "value": "856afd89ee07b6f8be9906cb827c0cc407a6be6f19925f77e76fedaf512e5305", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479161, "uuid": "80357904-d3a1-4a67-b81a-1a0d48641887", "comment": "Malware payload (Loki)", "value": "fdc4e15fbfd34a2a880a6f34a4d6c79b39c9b832", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479161, "uuid": "c969c7ed-1d53-4cb5-9a68-af0c918810a0", "comment": "Malware payload (Loki)", "value": "7ce96b4984baeab9f0bc6b9be632a9a90876a167d61704a11abd6373280463b7f67e3fee7f205651dd16e5add3d57eaa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479161, "uuid": "47781eca-9a29-4735-8cb8-36474b1ef1a0", "value": "T16FC4E13417E9C74AC11B877880E1C7F0A77A8C85E566CB530FDCBD5BB28E6BA6321251", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479161, "uuid": "f11102b0-ee89-4e5c-a326-37c0b9acc49e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479161, "uuid": "ee674de1-15ff-4223-9d19-479cf728c86c", "value": "12288:F2z5jMGDZQbYQO3mZbjakp3pKdiixtTdzJ0RCL:A5jMr0QOgPl3pQiGtT1ug", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479161, "uuid": "5326cc3d-a560-4640-9722-1543e20724d3", "value": 559104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479161, "uuid": "07071780-0410-4da9-b75e-c3b1865698d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479161, "uuid": "baa1b00a-8b53-442e-b465-7fed5e2f9d32", "value": "8840414a8ba647e57aeadfa3fc8edbd4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d7230eb-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497840, "uuid": "d5703d3e-ad61-495d-96d7-a1fcca9987c7", "comment": "Malware payload (RedLineStealer)", "value": "cb3a520abd545c3ca98d19b397a91bb9", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497840, "uuid": "b7c64e2c-52af-4988-9bfb-08d2c28be85c", "comment": "Malware payload (RedLineStealer)", "value": "8595a17bb8d9bd23576c0835dea9c1bb30d9db94a89f0c7c7927a7f98998c123", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497840, "uuid": "94d736aa-42e9-47b6-820d-cd13cc6840d6", "comment": "Malware payload (RedLineStealer)", "value": "ed9704c823d19fa011f35fc06cd876fc6e3c8f94", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497840, "uuid": "e48061df-0bb6-4077-b834-979abb9efc89", "comment": "Malware payload (RedLineStealer)", "value": "95f3a39cc838912ea1c15b3d11213d4cb187a6ea62fc5e9c9cc40391cd446000adc169f462a54cdff54a595604afe9ea", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497840, "uuid": "680fe103-1898-4f33-9a51-4f1315bb0dba", "value": "T1522522037BD88432D9B94B702DE713830F387D616E74972A4786588B6CB3A54D972B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497840, "uuid": "3c9e2cda-aabc-43b5-825b-e7b7579bd828", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497840, "uuid": "c0401984-0700-42e2-a80b-06e59330d058", "value": "24576:Oy8eMwBnXb0fnCCzl5ByfH6FToUTqR8mC5eZep57vs:d3DBXHCzljxFTjuRgdP7v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497840, "uuid": "a27be3b2-5b77-402b-84b3-7d185301dff1", "value": 1046528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497840, "uuid": "46e37226-cffb-40d8-bc30-5a086fda724a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497840, "uuid": "3f5d95c7-886e-4751-a4e4-f2ef858aa4a1", "value": "registry.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a03f5fff-f617-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684481685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481685, "uuid": "21b29cf3-c199-4ac0-a37e-a63125573625", "comment": "Malware payload (AgentTesla)", "value": "9c89b5ba42996e4d737fdca4c3ace2ab", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481685, "uuid": "1900a755-f6fb-4d28-a7e5-9349c5c44fc2", "comment": "Malware payload (AgentTesla)", "value": "85cd08d9e4dc65f4bb496d313bc345e9744d0d50581032661afeb85987c71744", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481685, "uuid": "82604926-422b-4a41-bf46-05c6df10b210", "comment": "Malware payload (AgentTesla)", "value": "f9ecff3ceb6c7ac3d8aa801dd0d6b0b46b670cb8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481685, "uuid": "c6ebc698-bbb0-48f4-bbb8-db0dcb69d0cc", "comment": "Malware payload (AgentTesla)", "value": "82e2e1641d8d70247ed3597c1af7a203d20ebc8f80d3e3b08b596f7a0e82de9e79dd83d6c0185d018cbb4207b29aed6c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481685, "uuid": "2dd37a62-1b6f-4872-b8f1-b4c6276e55f4", "value": "T183C4237B01C84346E402F6146ED6DE8594273A6CA1F21FB256A25C0A1BF3DDF6ED2F90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481685, "uuid": "b6b9bfef-16be-4c1c-91c2-ede814c1f7d0", "value": "12288:cCAUIZNXGWN5sZ1ik+bvzTlt98KyIAQbpf+dCNqFd19BotKXznchd4X:ntIZ0wqZ1iXvz5t98hI3df+dC8FL94k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684481685, "uuid": "ef05815a-e384-42d3-97aa-98a6d68d2dc3", "value": 561945, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684481685, "uuid": "213c45b6-2515-4ce1-bdf6-951c9f882e96", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481685, "uuid": "bd7704e8-c7a4-4a32-88ed-5f6a91e79136", "value": "SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "154064cf-f63e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684498202, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498202, "uuid": "f2c02c8b-5d5d-4338-8ce3-90661e2ee17b", "comment": "Malware payload (zgRAT)", "value": "feb14fb4aec7d1f3e254232290588a18", "object_relation": "md5", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498202, "uuid": "756daf03-0bcc-4931-80a1-0bf3d78c69e7", "comment": "Malware payload (zgRAT)", "value": "85fae7d3e6fb6f95d937aaf2d1fcecbf696ff81a5bf160e6a55aaeae21615f03", "object_relation": "sha256", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498202, "uuid": "569c207e-5055-4eae-9a8c-7a9b1faa294f", "comment": "Malware payload (zgRAT)", "value": "f2db5e82c6a2cfe09e0b79e7ca2ad4020370c476", "object_relation": "sha1", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498202, "uuid": "67cd067c-7d9b-473e-9f56-a4124ba18292", "comment": "Malware payload (zgRAT)", "value": "1ba6c7a61125a1c5cec6aa729a47a9c822ca979c500c734cc6eb628a52844dc0825c73a02ef79e9b0c3ff487e36dfcd3", "object_relation": "sha3-384", "Tag": [ { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498202, "uuid": "ce1a9201-aec3-4f27-84a4-a0b9fed28ef7", "value": "T1A814138ACCA02485263E0D97BBC979C944F18B4FBE8DE8E075C4ED316919F1B8D954A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498202, "uuid": "61f743d2-b3c6-402d-83fe-a0ea854fcc53", "value": "3072:ituSD/pKLSKGXIRCoB3EvqPhJIB9Dz/2IxLvEID+rcwufK6+5JLQ5H1JCQjjFkOm:/p263EiPhqB9f2Ix7M0SJM5H1YQCOeth", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498202, "uuid": "61c1053c-7012-4cf8-b48b-a83a895a1ee8", "value": 199566, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498202, "uuid": "de78079b-6c42-4a62-a2b6-7c6a8b63f3cb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498202, "uuid": "6020c0f8-31f8-44ea-9336-7b53be99065e", "value": "client.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45d53924-f663-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684514175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514175, "uuid": "1423e890-0026-4f81-b9d1-83b3ac60bbd2", "comment": "Malware payload (Mirai)", "value": "4c1d89fbb7035809d59d3c7d4a2f8566", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514175, "uuid": "448d3a0b-918e-46d9-b394-97cfc2fb1574", "comment": "Malware payload (Mirai)", "value": "8602a9c7e4e8b1b18bf1a5eb5b4bcf5be3a78f73bc7612f50d2eed94657ea4f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514175, "uuid": "eb131600-358e-4e05-8885-e4b51e25ee11", "comment": "Malware payload (Mirai)", "value": "5aa2cb4de95e6094b403c3c9a434481a8099cfe1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514175, "uuid": "82c74a94-4187-4098-8b3c-55a103779140", "comment": "Malware payload (Mirai)", "value": "663959a1576d07d88eb6345b1149664a67d7b92c2ea1c0df95c4aee0cdaf5498d72d9a43cb0b25fa07f07e21a7dd7b59", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514175, "uuid": "ebefd5b7-fde1-4843-9018-06cdac679114", "value": "T1BBF2D752F8825627C2E4237AB6AE5A8D373077ECD2CBB21BD9614B207B8151F1D23F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514175, "uuid": "e6448de0-6194-499b-83f3-052bebca2c37", "value": "768:0LzdVtJX5qy4G5yqdZYX/jy2QGP2k6V3Gf9UQMGtq+2mslbnoX4wQ:mzpq5G5yki/jyH2sEvMeqrN6Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684514175, "uuid": "f01bf1e3-76f6-4b06-9451-06b9816d226b", "value": 34472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684514175, "uuid": "33d48dd4-5261-4196-b94b-e1383f1d95d0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514175, "uuid": "da021e48-4d7e-4bba-a75c-3741677e9f29", "value": "4c1d89fbb7035809d59d3c7d4a2f8566", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a32a4d3f-f661-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513472, "uuid": "1d9e723b-2ef8-4446-ad2d-7fec85ae3867", "comment": "Malware payload (Mirai)", "value": "9f6ef1c79737343c7a9dd3ac8cf52a44", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513472, "uuid": "d0e21618-915f-4e7c-8a4f-4cd9fa148c47", "comment": "Malware payload (Mirai)", "value": "86aa6c4c8eedab5f81bb712ca637d1fba4754b5823aca84fa056bd0aa6c2d8d3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513472, "uuid": "d4a60a01-cc9b-4e1e-a1ad-070ba61eea66", "comment": "Malware payload (Mirai)", "value": "d7884d32a190bd18812b1b4082cd4feebf49a6db", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513472, "uuid": "ed7e39b1-2717-4b0b-9c1b-7d407d1eb0f9", "comment": "Malware payload (Mirai)", "value": "ad0d55ea8881cb3718fc857582164094ef3d2319612e69cd99d88c6531926bd7ea6443bd75b15b6675e9e69c0c30e18b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513472, "uuid": "0821a49f-1fce-48dc-a655-649f6cc42c3c", "value": "T10E435951F8819A23C6D1127BF66E028D3B2613E8E2DB73079D229F2037D682B0D37E55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513472, "uuid": "5674860a-d0e9-427b-9a85-61e04ebba44a", "value": "1536:im24T1doxQlKXnBvkjgzDH9apyaiC6ravnQ8r:R27n6joDd09VnQ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513472, "uuid": "c314a1dd-3fa2-4c1c-9081-09a71c2e0c3d", "value": 59256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513472, "uuid": "9a12dc86-8d7d-43d8-8156-bffdf3150e79", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513472, "uuid": "5b4cb769-d31b-4beb-be94-934899cf49ce", "value": "9f6ef1c79737343c7a9dd3ac8cf52a44", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bdd35ec-f62b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684490133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490133, "uuid": "48bdfa5c-7d41-4fa9-84f8-eec05ed76cdd", "comment": "Malware payload (Amadey)", "value": "6a3cbaa069149158a633de336cf1be32", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490133, "uuid": "d852ce3b-8855-4086-b571-0134661e901c", "comment": "Malware payload (Amadey)", "value": "874873e5e0519da1185c9a47aca06d474ba9c851b22df0ed49fa745f3f82c9c1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490133, "uuid": "69990ea8-b586-4e2b-90e4-965c683517db", "comment": "Malware payload (Amadey)", "value": "e16c51b2289fd16426b16804dc7eb1b05d900154", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490133, "uuid": "56d11d73-0db0-4cbc-bac9-0fbb9bf0f506", "comment": "Malware payload (Amadey)", "value": "856a454ed87474e397d4d44b5df5256abdf0b91a51e8bc1454c1523784c1527844c22a79048646c79ce81cd22bac4264", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490133, "uuid": "bb6fc456-628a-4986-9b8a-c2442081d687", "value": "T175252342FBE504B2E9F55BB028F743A30B3ABCD39DB887672285564B48B36914670737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490133, "uuid": "0862a463-a183-4409-a39d-30f315bdac14", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490133, "uuid": "0a741d69-c7a6-4af0-a3e2-fe47e1e75834", "value": "12288:EMrzy90FlwPGu9oARsktJ2TqBFc6vkMqWaM+Y8TslSLB1FmM5aokfh26K/0FrBbh:XyW3uuFktuSFvhqoCKSLBroeMrhg3m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684490133, "uuid": "83a4ade2-410b-4629-8b94-af1eb646eb1c", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684490133, "uuid": "8001c6c0-a5c1-4f2f-b569-25561fc73ae2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490133, "uuid": "e6595df7-48b8-45f5-bf2c-d2c62e9de41f", "value": "6a3cbaa069149158a633de336cf1be32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de8ec043-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684497681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497681, "uuid": "6d5d021c-e21b-42ad-85c7-0f00b0f9bf67", "comment": "Malware payload (AgentTesla)", "value": "692bb631558c76fb78bbe839443a6f92", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497681, "uuid": "22df03b9-5f02-44b3-993e-f72cd59a0bbe", "comment": "Malware payload (AgentTesla)", "value": "875eeaa0704d70d88f6b7f33996f7e341940657284eac3b2a48386877c40ea8b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497681, "uuid": "78a00686-9046-46bb-99d3-945b29f902ce", "comment": "Malware payload (AgentTesla)", "value": "2a617e5cb0376bccad169883b7ac0ee70e56eaf0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497681, "uuid": "9fd52e8a-d051-4492-a2e3-74287b2af467", "comment": "Malware payload (AgentTesla)", "value": "b13d703dab9f5a0ae82145ee06bb44dfe64723e31915c2b21a9d426731af6cbe06e1bd6c33ef38bf910eca134b4db271", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497681, "uuid": "2a87b92c-7b40-4f6b-a95f-52cfd99b27f9", "value": "T1EDD4E03027D5E70AD12683B890E1C2F0573ADD96E0A2C2574BD9FC9FB25E3FA5251253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497681, "uuid": "360a4ea9-9f26-4206-8ef1-80f6104de912", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497681, "uuid": "dadcaef9-d945-46a2-b697-31418e02a6f1", "value": "12288:/d0nwq9AQ+RLyzkWkzMS7EZkKmfluX/CxFYkdcUhNg:/ddqYY07q6fsXu6CV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497681, "uuid": "3d1097c4-13d4-4bab-b4fb-f1cb625938d1", "value": 628224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497681, "uuid": "a4ef2716-e77c-40e0-99b3-9f5e456fb378", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497681, "uuid": "c09395e2-1661-4148-813d-0b8a03c26fb9", "value": "Baankasi.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d62d33ee-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684532456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532456, "uuid": "ebc44386-9be5-4e20-8b78-51935a19930e", "comment": "Malware payload (Amadey)", "value": "377f9d9aed58b4f47d5bcfa4fbbd707f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532456, "uuid": "95eab3ff-6b8f-488d-b96e-81539d953dc3", "comment": "Malware payload (Amadey)", "value": "876c2609bd4aea165baa5bcae5e3758566c5a4a5dae926b3c5876d5cc5e04a51", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532456, "uuid": "36ce7d09-2e30-43ce-846e-593978a622e9", "comment": "Malware payload (Amadey)", "value": "cc2c557605a3bc6cba7d9136d6114d9f50e51774", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532456, "uuid": "d7ece50a-a4c2-4771-b796-1c6309adf624", "comment": "Malware payload (Amadey)", "value": "e0a9c97a122a1a0ffc1409049ad229dbe75183b035b3291ff69c0ae0cd73b3a8b50165f7caa75f095f240287785d3843", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532456, "uuid": "3c2e56b2-77b2-4a57-bdb7-2453dfc7a27b", "value": "T10A25235652D484B2CC791BB409F303831E77BCD2AD3997AB63462D5C1C736A4A0B1BAF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532456, "uuid": "d9b88ecc-0fbb-4f1b-9292-1f1ccaed73eb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532456, "uuid": "a21a6956-7357-40b9-9595-941fc7e53037", "value": "24576:eyy0Fe182NMgm4JDsZm9ja12e81HW6h5TktuoT:tPIt04JgSw6h5T/o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532456, "uuid": "a058cced-5b9f-474b-ae78-6cc8a7713097", "value": 1053184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532456, "uuid": "72cae37e-836c-4287-909b-68b8dbf9a8e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532456, "uuid": "ddaa9e97-f59f-44db-ac94-140ab9ef63ee", "value": "377f9d9aed58b4f47d5bcfa4fbbd707f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5daca4a-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684489532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489532, "uuid": "5ac66e3b-ef25-4927-b53c-b5354a3c8052", "comment": "Malware payload (Amadey)", "value": "02db59819a776985d0be2e0ecb08a1da", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489532, "uuid": "6130a583-949f-4b9a-b308-d6eefa8a9ffd", "comment": "Malware payload (Amadey)", "value": "87a3c559f8bcd788fe2bc6c0221c56cf056ff70de5d7b8454720a3f547953bd7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489532, "uuid": "8187b266-b666-4297-a3c6-d2f12498a9b6", "comment": "Malware payload (Amadey)", "value": "b3274d8288f42c2f77c21d773803aa822207e7b6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489532, "uuid": "5e15a0d2-6a1f-4d64-8cd8-2d97a9c5efe5", "comment": "Malware payload (Amadey)", "value": "1fe2e1a9f8e479867968952f5ad05c1c5b2ecad775c37feef806a308bd539eb8f3415c9434ca3abe433896ce72eac537", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489532, "uuid": "a8f04ef4-6550-4b02-a7b9-3819e7bebca8", "value": "T1F4252342B5E98527DCB41BB51CF752830B3BBC91ACBC565A17829E7A0C33B94243276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489532, "uuid": "5a3d3112-4be0-4970-b3e2-40257cd59e14", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489532, "uuid": "2cc95d1c-5968-424b-a1a9-a2ad1c6ef07b", "value": "24576:1yggrWfy0o9ZB/0ltNgKuH4ccSngRDm8AAYuv:Qm6x/xHYh/fAm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489532, "uuid": "d64f77f0-d35e-4bab-869f-5b66223471a3", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489532, "uuid": "09bac511-ff4e-40b5-89c1-37e38c03e289", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489532, "uuid": "8313ec7f-cf48-44ce-b50e-833c2f2aa2a0", "value": "02db59819a776985d0be2e0ecb08a1da.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20233344-f608-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684475027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475027, "uuid": "d82090dd-bba5-4af7-ad34-df9dbcbda7c5", "comment": "Malware payload (SnakeKeylogger)", "value": "3633458c927c8454026704b8b8e66ece", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475027, "uuid": "564226c6-892f-4a96-9bad-9b00bef046a3", "comment": "Malware payload (SnakeKeylogger)", "value": "87f5e55ee94c5bb17283d1a35583e2f170134dd93869d430e2ee96061d354407", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475027, "uuid": "88aa00fa-5358-428a-b8ca-3b70e0069249", "comment": "Malware payload (SnakeKeylogger)", "value": "460ca162c1c0d930f8ff6a6a194429faded50953", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475027, "uuid": "28db6e09-0398-4ac1-8393-8b32a43d3752", "comment": "Malware payload (SnakeKeylogger)", "value": "fb30de93fbd83afb6b2420f5c63ffbe08d556368910d14165c964aa2581c401904ada1a83cca3b6aeff3a1cecb24b97c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475027, "uuid": "93d065ba-3444-445b-a1d4-03f203d8abbb", "value": "T11C6506D03298094AF17F1BB596772CA143757F0B99AECB8E4C9270CE21F37508956B2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475027, "uuid": "216c380c-7319-4dcb-8629-2872aa5ed679", "value": "12288:uaQ5OwYsmnJziCTw1Y1jpcTzGmKnoQGPc9M6GUt2G/zYGD5Ie44qt9Atr8BQ8mYe:wFdmoCTwrzKSsRYIaAGWTABe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475027, "uuid": "a8d5f967-4834-4755-9948-30ec33b5a622", "value": 1510248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475027, "uuid": "3a036442-05c0-453a-a66a-dd883d9d9361", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475027, "uuid": "51cc415b-5a7d-4d5c-bcf3-63d17f886fe5", "value": "PO-New Order#1306.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95cdf690-f646-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684501853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501853, "uuid": "d3728667-8918-49d8-9e2a-07d05fa1646b", "comment": "Malware payload (RedLineStealer)", "value": "cf85364b0b8b296e14ad7f686e6619ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501853, "uuid": "666439df-5997-45be-b51e-b5088b3312fa", "comment": "Malware payload (RedLineStealer)", "value": "87ffd708547e091f022b6b1e49cbd642031f68f6c6da808ad830de44ab40d702", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501853, "uuid": "2cdec2ff-7b3f-430a-a180-399fb9c744d7", "comment": "Malware payload (RedLineStealer)", "value": "ee1a87b23bbee64da4a9b7ddd84502c7ce6d016a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501853, "uuid": "57e7086b-39ca-4696-8ef0-5cb6377fe042", "comment": "Malware payload (RedLineStealer)", "value": "19fb24d7ceff33c5296b8f28c59625451c56838e4b693307b3928fd59176a822c372d69e6dd31e133c505a5c887468a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501853, "uuid": "53e47b1f-954c-4031-9423-3676fb756fc2", "value": "T1E9252242B9E49433E8752BB018F601834B393CB2697C436B2B94962B5C707C5E5B7B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501853, "uuid": "5b937425-3b70-41fd-902e-74163b46d070", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501853, "uuid": "07a37960-2ab1-4735-b639-40ca75a37546", "value": "24576:Rykvt+txsUmlVa3b5+00gJvtUBV4sEHsaNJS8bZtcTG:Ekvt1JlVsb5+sFUUhMUTZty", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684501853, "uuid": "aba634e4-2151-4cf3-b095-ea75139c9664", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684501853, "uuid": "702dfa47-4a0a-452d-97af-8cb6c567e7e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501853, "uuid": "1025c4eb-133f-48a0-8c35-82750b4affb2", "value": "cf85364b0b8b296e14ad7f686e6619ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c68ea35-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684500066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500066, "uuid": "64dac584-c5a7-4b55-976f-6537bb09752d", "comment": "Malware payload (GuLoader)", "value": "59f37c93068614f607c9b89a221a7bb6", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500066, "uuid": "f2739776-7dbe-4699-b9d9-2558527f9b61", "comment": "Malware payload (GuLoader)", "value": "88dd3ca31aa5d3f9915ff9ff743f9e8c8dfd9843bb9b17afaca5ef8576b96b0d", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500066, "uuid": "ce1a5224-7ca1-4635-bfb4-6b44e029e98e", "comment": "Malware payload (GuLoader)", "value": "b3335e7e7a21df9664631189da57e749f49f7131", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500066, "uuid": "383842cd-0b52-4446-98e4-cd2114501884", "comment": "Malware payload (GuLoader)", "value": "920c99066da6a4b2e01b31e9815183433d9a6a6dc1e14a66545a2da314c2fc0ee37c6a2ffa60354bb1571c70376e12d8", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500066, "uuid": "e4484c26-14b9-4381-acc7-06e1a8d15080", "value": "T1527423FB4288C8924469CF1EF1A521824A1ECF8FB5FD1781143EFDEF561189E246798E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500066, "uuid": "1e9a5adf-bfa3-45d6-8f92-bae4310b6bfc", "value": "6144:NE6O/XSCWHcbd5GnalPBA5KBm8GIgsHri0nJ+Yrul5WT0z7pgjKu:CpDWHqCnalJunsHriIJElcT0z6jl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500066, "uuid": "ff63e71a-7cdc-4153-874a-f40e42b6cb96", "value": 358868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500066, "uuid": "2c3eb43b-1640-42d4-b802-768ebdfeb7ed", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500066, "uuid": "4c1e0e35-f131-4993-b937-00beaebf8e2d", "value": "builder.dll.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2caffc41-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684487933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487933, "uuid": "89d92d2b-aaac-4bd1-a876-9f0304d00cf3", "comment": "Malware payload (Mirai)", "value": "18e0e77fdbc92a54194f5b221fa59733", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487933, "uuid": "bfe2e057-8d5d-46c7-972d-f498e43ec0e9", "comment": "Malware payload (Mirai)", "value": "892aa0ae0211b3aac42fb7f8e3b443f30f31f13594bf37405c50e0db9b6a3616", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487933, "uuid": "5d813773-f8e8-4a02-8dc2-58e76e0fd007", "comment": "Malware payload (Mirai)", "value": "6fc89c860fc4690c338b222042066326fc0355af", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487933, "uuid": "15922b09-93f1-41df-a3f0-0b43579e3c47", "comment": "Malware payload (Mirai)", "value": "7a7576d7c73f6410194cc9e05b1a91f72213ddce166ecdd56cb62eb4ce37ef10817efa8d9ecad2ad8013b1d4300e4889", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487933, "uuid": "88719c28-7cde-42c6-ac09-3d830399c675", "value": "T12C13F1639E1F013FCF2C033481621FB5D9964CF259AE89CB84849CF9B0156B53EC5E9A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487933, "uuid": "4e4dffa2-3680-4f30-8812-2ce42baa38f7", "value": "768:Ej7aQY+N3MesekA75NWWlOFZ9VbAJMk2VgitbYrXpGdsOkOQVYC6VhGlez:i2T+775NZOj70JiVR8rXpffWC6nOq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487933, "uuid": "0f947b20-2f8a-4cf6-93cf-3edf0599efb9", "value": 42664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487933, "uuid": "80b9e1ae-0d33-44be-9b4f-c2c1c7540c15", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487933, "uuid": "7c448147-1ddf-44ce-bd36-4210364c2fff", "value": "18e0e77fdbc92a54194f5b221fa59733", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b271da6-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497755, "uuid": "cc7a183a-a182-4b43-abca-a973d849b6b1", "comment": "Malware payload (RedLineStealer)", "value": "5e5ee6598f80a9fa537b754fd724ef8a", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497755, "uuid": "d2c853c5-6fda-4180-8c67-8a576d2cd0a7", "comment": "Malware payload (RedLineStealer)", "value": "894602c3c434862c415dfb8f286b497f791b51264396556f3d955983a045917b", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497755, "uuid": "fea828a7-b190-4b92-b73d-22ee9d778b60", "comment": "Malware payload (RedLineStealer)", "value": "ee291c761b389fe6e4f2159e72d8eaa314f27329", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497755, "uuid": "11767001-a171-4130-8047-3bb1af6b7e7e", "comment": "Malware payload (RedLineStealer)", "value": "1a40765c99574d3f35789cde4403893129b8cbbc27430d98a431b6fc81b2712d9ae27da0252d930b7ed3a4aeafbe3b45", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497755, "uuid": "fb6fb11a-ccab-4b8a-becd-b46d707cc13e", "value": "T1A3252203B6E90533D8B21B7068F707D30A387DE28A6456AB3744AE5D0DB2BE0553677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497755, "uuid": "5a7ee4fe-9251-4a6e-909a-f97060eade33", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497755, "uuid": "4eb6351f-3455-4e3b-8000-b3d088ce0c09", "value": "24576:Iy/OmW+Qp4lMdjzZb8jnQ6pBOsIhxI9ZP2:P/OWQNdnZ4bgBEv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497755, "uuid": "64de1588-1b26-44aa-87fe-5b2dd0699d84", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497755, "uuid": "aa1349a8-9035-4d86-b509-0abf373b51e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497755, "uuid": "435d775e-1486-486f-8583-ebe08d8b5d2f", "value": "installer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4371e796-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539941, "uuid": "2b33118e-f8ec-4cb9-9928-5fe48fca5411", "comment": "Malware payload (Gafgyt)", "value": "e6bcfe2c7d72ab9d8d004e55d1b5b1d4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539941, "uuid": "949c028e-6384-4224-9860-bbfc583a3aae", "comment": "Malware payload (Gafgyt)", "value": "89612421f0d4af43152c7ffd4658f459bdd262168b661358f137a63a7e0df5ad", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539941, "uuid": "5f9292d6-6766-4b1a-a946-442b80f93c1e", "comment": "Malware payload (Gafgyt)", "value": "0006c237759a8967a9b5ed7e1c35959955e11278", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539941, "uuid": "c8c0c74d-6ffa-4539-8c0f-4dd1db7ce146", "comment": "Malware payload (Gafgyt)", "value": "c0297dd198035ef233e4ab5bef7f6b5702adb8a7c1b0941fae391c291ec02514edbda42fcdf3a842c32c9abda49116ab", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539941, "uuid": "c91206cc-5972-4e66-b047-ad80f6850e66", "value": "T1FEE3962E3E21ABBEE16886310BF76F70C39529D636A19346E16CF7185EB124C1C5F760", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539941, "uuid": "7e0ba13c-b2bc-4e0d-bd1f-a988be3449e6", "value": "1536:mVNs7K397V+nT57Abf6l6T6B6v6N6/6AePe1ebeZe5/s18c2rKA49xXAQTI/e0hU:vMQhWTXAQT4NNFj/ImlWs4zWfOodW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539941, "uuid": "9b48d098-636b-45dc-b6cc-13120468cc93", "value": 152121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539941, "uuid": "54e2dfe9-fb90-4ebb-aa7b-4952ca4fb727", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539941, "uuid": "6517a568-1763-4f94-80bf-14cadbefca66", "value": "e6bcfe2c7d72ab9d8d004e55d1b5b1d4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a87fb71d-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684476545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476545, "uuid": "1f4f1a46-ebaf-4c75-8994-702e481ff653", "comment": "Malware payload (Mirai)", "value": "57df2c251b7db683b43e8a8249bf7ba6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476545, "uuid": "6c675b78-966d-4eec-9a20-64947e517f72", "comment": "Malware payload (Mirai)", "value": "8ae988e7278ed862666e82251d840470cd3fd58b5bb59206fad7d9779a9298eb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476545, "uuid": "47adb523-5112-44dc-b788-85cb9269d406", "comment": "Malware payload (Mirai)", "value": "a2ccd0d8dc55d08a05c2a58df818ecc9a997bd92", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476545, "uuid": "30b639a9-6fc7-4853-8075-f8f722c59f0a", "comment": "Malware payload (Mirai)", "value": "53f8e734cdade7ad94ed022bfe0f6930597b60526a094dc585e86dbb61c15c41ece11f9854737dab64d1f7973dc1543f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476545, "uuid": "f236ced1-e328-4568-995f-1028666cba3f", "value": "T1F133013023FBEA23CD1802B63B0D21DEE93949344653266A10533DA9C59EDB9436FDB7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476545, "uuid": "020bded2-deb8-47ee-bd51-964f0c5434c9", "value": "1536:gwrOA7BG7j+0r6Vi19sOAoYd9FHZU6z0gpKvHgZOBgTYbmKX4E9H:Pd7s7C4pDsToYd357pYHgZOPbm44E5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476545, "uuid": "e506cc8c-a9b6-4371-a5a1-eb820862a8e9", "value": 50496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476545, "uuid": "e2caf3c8-cd21-47a7-9131-e9fc843a84df", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476545, "uuid": "cdd7beb3-9658-433e-99df-4bbd1da35c29", "value": "57df2c251b7db683b43e8a8249bf7ba6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59cf80c5-f663-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684514208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514208, "uuid": "9b6381d4-ad3c-4a0a-82c7-81479bbdbef6", "comment": "Malware payload (Mirai)", "value": "72dd547bffe3a8e243ff9c8701a79991", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514208, "uuid": "79aef9a9-f082-4961-b9a3-6935c4016586", "comment": "Malware payload (Mirai)", "value": "8b48f0cc9b16b42dbcc66ed8098c0b4d900e8a20eb35f477236a9c6300f13cbe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514208, "uuid": "744aeb5f-d40b-490e-8657-76dc9c1c5d4c", "comment": "Malware payload (Mirai)", "value": "7d956b72a833d333e51e461ba11df5bea20d90d8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514208, "uuid": "8a741e5e-d08e-4ca9-b65a-c090a685f8d5", "comment": "Malware payload (Mirai)", "value": "eb2f9f6b6cda747507554c24b7be54826a44129a517aa71ccf4137d53f6c12dd6026627ac93820d807d29f7aaea34716", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514208, "uuid": "cdf851d9-b69d-4e0f-9d48-4dab9be0f1c1", "value": "T17BB3C60ABF611FFBEC1BCD3B16A52B05248C641A12A97F367A74C929F91720F46D3D24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514208, "uuid": "42855dd5-8686-4c46-9d48-c92e2035a158", "value": "1536:Q52XzhBh1G1Ep3zyvBPchkE0dZ/xU6sOIZ6D9va2yGGZVyAInQcy1:Q52XzDzDkIW5U2vaR5ZIuZ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684514208, "uuid": "153f77c2-f5dc-4f74-affd-360a21bef62c", "value": 109432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684514208, "uuid": "a062d717-bdb7-4b37-89f5-8db9919c39f4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514208, "uuid": "8280830f-c3d2-4c82-9a12-f052f26865bb", "value": "72dd547bffe3a8e243ff9c8701a79991", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48378d91-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524487, "uuid": "697fe606-bd30-4e54-b3c6-a6a2c52f05c4", "comment": "Malware payload (RedLineStealer)", "value": "4bc5cecf80709c18c51e0eab9f248b6f", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524487, "uuid": "9607e146-14c1-477d-accb-daf65fa00583", "comment": "Malware payload (RedLineStealer)", "value": "8b6403ea3c320280df0e5a6d6167e753b2a68ef713c31802e77de9f38404a9f2", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524487, "uuid": "28d74736-31e8-4176-81a3-a68d5e18db84", "comment": "Malware payload (RedLineStealer)", "value": "e83e198f40e7822669b0993820b4ed819f8dc017", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524487, "uuid": "a9c6dad2-65aa-4a57-9a0e-c2aef13858dc", "comment": "Malware payload (RedLineStealer)", "value": "fd364de04700db69dd9c3dccec240a7122c9943dea75ed43942b350574e345dc3ba68f068b648ded8dc727a815e00c87", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524487, "uuid": "feda4804-3827-4c32-a97b-b8bef486c118", "value": "T111252383EAD481B2FCB867B058F603931B347D61DE75822B3B4A586A0D716C43975B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524487, "uuid": "55ec0014-04d5-48cc-a7f3-abaa62f73fd2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524487, "uuid": "20f7e671-f6aa-44a1-b307-d1f84c4aa134", "value": "24576:ByAq7CF3JDVuRPC57tFlHbpC/HKX1wXTq8ZPzXi:0AYC3JD2Pg7ntGXT51", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524487, "uuid": "6dbdab3f-3571-4db0-ae0b-709fa4ee752b", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524487, "uuid": "747597a0-69af-4775-b35a-7d59d41922fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524487, "uuid": "0c74bb8d-09c7-4473-9a31-09698fe12a4b", "value": "report.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dcc3814-f613-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684479721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479721, "uuid": "791f9ab1-18e9-443f-8d71-fda675200eca", "comment": "Malware payload (RedLineStealer)", "value": "843f0c2dedb11983efff1bb10898750a", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479721, "uuid": "85d8d770-b8e1-4b77-a31b-b7bf721c2578", "comment": "Malware payload (RedLineStealer)", "value": "8c12d6457b16824b853d37847b4f8cc266dcc4400df5c139639e362e89b63d15", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479721, "uuid": "26d90ea4-3e59-4028-9f76-ae893369f876", "comment": "Malware payload (RedLineStealer)", "value": "49d0b18e22436b862861a8c56be948dcaf7d660a", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479721, "uuid": "1a4a8cb7-9b9d-44df-9439-b0938b4c5b15", "comment": "Malware payload (RedLineStealer)", "value": "3215e6a0dc88549d512a6c0c166957fd00d7d3427af60d624b30571519685ed09ddeba1e7c5d0c4eb23167c1a8594c5e", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479721, "uuid": "b87e2326-cfaf-4db0-a075-400f06d906a3", "value": "T1D5549D107583C5B2C567143C4CE2CEE57A2D3C6107A996D3BECDB7697E322E0A2252F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479721, "uuid": "4caa5c07-5dee-4b52-ad92-99460afdd41d", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479721, "uuid": "b2e7ae64-7d5a-42d8-978e-519ce207ae6a", "value": "6144:bDKW1Lgbdl0TBBvjc/XYrcjaYJ8CTzkLFEPrg7VuQJY2HK:vh1Lk70TnvjcvNJhUEGcOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479721, "uuid": "79d6e764-988c-4fa3-a9a0-2ed628320f1c", "value": 291768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479721, "uuid": "0bf4befe-5f20-4ad2-99f4-b9e75a3e7d51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479721, "uuid": "b4737753-f342-44c0-8c5c-c1733d9529d7", "value": "DHL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bc78ac0-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478080, "uuid": "0260eef8-2687-47e6-b3a0-8856c5409329", "comment": "Malware payload (AgentTesla)", "value": "aca17fef35cdefd67e8edd1ef0182ad2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478080, "uuid": "0cdcb641-5770-42c9-8ac1-025a4a6d471a", "comment": "Malware payload (AgentTesla)", "value": "8c4593fe0a096ee5d84af4a962d9ab51809ee74104cccbd906ddddb0ff7862a7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478080, "uuid": "329a5084-1922-40e1-a369-c0591950fda9", "comment": "Malware payload (AgentTesla)", "value": "3047c781b5d00bcba1d5599b789e3281c8debbca", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478080, "uuid": "88c1cc62-6a65-4d99-a8a8-6bb8bcf5c749", "comment": "Malware payload (AgentTesla)", "value": "7723c6424f23f041848ed4a22afced279058d913a1bff5f2e10ddaa3fb852ca634823d89f7ee2a4154b06bfcc038ea9b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478080, "uuid": "2812d24e-2169-4e47-bc65-0c5325aa9079", "value": "T1BEF4E01023A48B4AE6BA87F45DE0D2F017BA5D9E703AD30B4ED2FCDB3299B510750A17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478080, "uuid": "ed9cb1f1-4b12-4af3-955b-a36bf63d88a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478080, "uuid": "437c09f5-43be-4f48-ac7f-f43983361f1d", "value": "12288:3qBOEkWvdtEIMSHH1wPDFBL7tpFp+Llmii3bDHLkdDi6h:3qlkWUIM4VeV7fr+P+/ow6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478080, "uuid": "212ae5a0-4200-494f-9bcd-433ed0ed8570", "value": 756224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478080, "uuid": "260df34a-4d85-4669-b95f-baa22c68d07d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478080, "uuid": "d21e55ed-98a4-45e4-ba69-aabae9eca060", "value": "DHL Beleg 8355916_5242561461.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c57d71ce-f60b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684476593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476593, "uuid": "734944f5-3595-4496-bc96-bc7f44b5d72f", "comment": "Malware payload", "value": "aca3f57c858a79bc8e4e671084b0b0c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476593, "uuid": "36725295-4e04-42d6-899b-98fb0c6633b2", "comment": "Malware payload", "value": "8c6e318311702d636f056a34514761eb2554fcd99d0715953ab04a9bee623e85", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476593, "uuid": "b4a02ffa-961e-40d6-90f6-07615ae7cbff", "comment": "Malware payload", "value": "3c3d97e9ff70d4122a075d8a304eaa63a8c5eb7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476593, "uuid": "a9ea8010-ac35-44d5-803c-efef86790b3a", "comment": "Malware payload", "value": "0374fa0e64ed4ff29d892f046b600fb78a0b8d4dc73fec4ad8ac35546db1f14ca5a58f5e9c860932bad11593640b3766", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476593, "uuid": "b3dd2e5d-b07a-4b39-b8b6-c2af57104317", "value": "T185348B13618880FAED66D5385CF88777573DE43003AF19DBBF8C32598A653E1A73624A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476593, "uuid": "76c7ca50-2c0f-4ea6-8992-c1fc8ad0cc34", "value": "728c6b1d6104d08ae563f697f3b86300", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476593, "uuid": "7ab43165-7d51-4d22-84f8-5ec336cf92f9", "value": "3072:zXCfmNLFTVDL96wGGcaOl+XZtjLyxT1ozAOEh+2uxgTqCHwx:jAU5VDLFRLOl+PSBuxg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476593, "uuid": "74f23572-d89c-45cb-bf0b-3c6721ea370f", "value": 242456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476593, "uuid": "187e58f3-92ce-4c8d-82e9-056532e1a960", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476593, "uuid": "498f0703-aa41-42b9-957a-fd7f63145340", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ef4dd94-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525679, "uuid": "2bc1f870-11ea-4d39-a4d5-4a742beeacd3", "comment": "Malware payload (Mirai)", "value": "a3430918ce6c068345337bb9270b7262", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525679, "uuid": "6ee29720-c740-4337-aad2-0672a16c7989", "comment": "Malware payload (Mirai)", "value": "8c93cb61382ad583f70c1657309ff030bc92719d050091ae9a2443fecf47ddbb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525679, "uuid": "7544c63c-6567-4191-be89-a86bf1786e14", "comment": "Malware payload (Mirai)", "value": "4ff6ff04dddf17b739034a1acbb958dc71b21054", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525679, "uuid": "7e2c595c-15cd-4aee-8fac-5e1e7a08ad24", "comment": "Malware payload (Mirai)", "value": "2b9b2b8512f078b56ac4896fd5ed164d97ab837f2b088ab8e4fb024435fc27f779c0ab890dc4001a31882e69945df3dd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525679, "uuid": "3e607e10-4366-4ddb-8898-2ab4acd16686", "value": "T155438DA5C5B8BCD8D54986B8BA14893D8B13E00895E32DF6EA858756804BBFCF1097F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525679, "uuid": "a41692fa-00ee-4bdc-b65c-4400cdc9d876", "value": "1536:8/QKINWfEaWwtRy04Ci3s+v9hKfs3etWOaSu+8jLIg:84KrsZb0XOstf+g5u+8v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525679, "uuid": "77ea5265-8f0a-4952-b82f-6fb819bd31a9", "value": 58176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525679, "uuid": "41dc79f0-0d8a-41b3-8e39-2eb4a2bd16b5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525679, "uuid": "47250e9d-2e32-4b39-8d9a-5d252ca0754e", "value": "a3430918ce6c068345337bb9270b7262", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5003ef36-f655-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1684508179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508179, "uuid": "01a04d7a-3c6a-40e7-bf46-3729c188dd66", "comment": "Malware payload (AveMariaRAT)", "value": "8bf616ce8099e7e502ef770a86b8c8be", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508179, "uuid": "14a7d3fd-753d-42b4-8ceb-ec2ba9a83211", "comment": "Malware payload (AveMariaRAT)", "value": "8ca26ad3a105ee3dd82c2141db2f837651ec21079d1aceb993abd8c705de6648", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508179, "uuid": "48b1e7f9-a30e-48d4-bd70-922f78462c73", "comment": "Malware payload (AveMariaRAT)", "value": "3e3375d83b6151cf0e48ca6321402b0a465aed2d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684508179, "uuid": "90f489b9-6190-475e-a80a-ed7eb8a958cf", "comment": "Malware payload (AveMariaRAT)", "value": "646c35759c759fb8691a51477095f66a7950c11efe17016f9991e66ebe0de0e4ae2e1fd5955b3098fe54b96b6a90020a", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508179, "uuid": "9578fd0c-51cb-429c-a820-9be6b7c9c2fe", "value": "T1A315AF22B2535932E59317B85D0BB3882829BF101D6FAC663BE67D9D9F33D463930253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508179, "uuid": "0eca509d-6d44-4f37-9b59-092e4afaa15b", "value": "138311b07b5df4b457c8667f3504fd8c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508179, "uuid": "e77fa2ac-d651-43ea-8c21-cc405c8f7723", "value": "12288:+QBzavIzVsaYnU73sX1uyth/ZAknhZCoxWapgv09PzDVPSO+Lb4av:+QBmqsaY2iuA/jav09PNPr+oa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684508179, "uuid": "7f1b86c8-247e-408d-a2cf-c9f2ff40529f", "value": 957952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684508179, "uuid": "f39d4104-c11e-4115-b639-f5c5a81ed58b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684508179, "uuid": "478fec8d-c911-4791-b2ba-b5f8f385506f", "value": "DOC20220513PRELIMINARC0559DOC03027321122021JIHG25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e85f67d5-f5da-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1684455606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455606, "uuid": "69adfa60-94ce-4d7c-8ce4-5423871d218c", "comment": "Malware payload (AsyncRAT)", "value": "67d8c7e9e7bedfef96659f382623ee45", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455606, "uuid": "341cddf2-6c43-4855-9e01-5ecff163e892", "comment": "Malware payload (AsyncRAT)", "value": "8ced69a3c6796be12a0433300b9935b4c63fe4817b0830e1965b07fffaa360df", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455606, "uuid": "a1911c21-586a-44f7-adc2-55be82535263", "comment": "Malware payload (AsyncRAT)", "value": "12ae32535f3341bc02bc4d20c79bf63532e9e533", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455606, "uuid": "01a8068e-d94b-413f-85e6-c3f97a70031c", "comment": "Malware payload (AsyncRAT)", "value": "e25d26b9c1d80131650095367f4b7fb00a563e1c701f9e286fe4867cf0d92aa07028ebce298983e0029efe37036fa286", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455606, "uuid": "344933cf-707f-4271-94e9-5d2124db670e", "value": "T1466533520C8C80DDF6EC71BF05E9EDA36231ED648916661831E369277839FBB31E9361", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455606, "uuid": "95db4f1a-b160-47c7-89cd-22c2213e7bc9", "value": "2eabe9054cad5152567f0699947a2c5b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455606, "uuid": "05a04ac2-1a08-4af3-9e4a-4ff1ab2339dc", "value": "24576:HLENwgVrRdQugbzw2f0tgDSmo54/zoGhhMs8IMIubqC3+o+BD:HgNRqzESGcLowb8xIMhOo+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455606, "uuid": "93cec5d9-524f-4bb4-90e4-d24eb68b5c44", "value": 1459712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455606, "uuid": "e317d4f2-d0a8-4bcb-942a-f7d6647a1176", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455606, "uuid": "75025b0c-4c45-419b-926b-6fe10e2d7178", "value": "yenidds1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "972ec6f5-f5d8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684454611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454611, "uuid": "fd617013-6520-4d3e-85fc-f82fe8bad36d", "comment": "Malware payload (Formbook)", "value": "e6e24d5bcc8fdc2ab0c1784b4b350504", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454611, "uuid": "92c9e3fe-c1cb-4608-b991-c8bf9cc58dab", "comment": "Malware payload (Formbook)", "value": "8d09e31a3dd39e1aefa76a78876ce7c3a2bbe90dc00cff250710531115b4b88e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454611, "uuid": "d85bf98f-52de-4740-b91d-355a5ca3a0d2", "comment": "Malware payload (Formbook)", "value": "769f7c16b83a34ffa53d0bfa4b7addc21666e2e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684454611, "uuid": "435fcb2d-beec-4918-8c57-92b4260bd9ef", "comment": "Malware payload (Formbook)", "value": "4a2ba2babfdcdb466d2e6c579caae8d441b6f7721ec5309b2be3bf9131c797dc1fe37b054cb4adcda3ca64a7568396cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454611, "uuid": "f30af543-5fa2-4182-aa8f-5a31050d91c6", "value": "T12D4402842FAC8237E42246309772CA899EF45D3A595853875714FF2EADF27C18A0F327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454611, "uuid": "f910f1a8-da9a-49a1-bd2c-0914d24029b5", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454611, "uuid": "1050244c-fdca-4345-93d4-4d499ccd1910", "value": "6144:wYa6HENKgtiUlEUMjSZBQcm6tNFIATsXNYhKp4TyADNiHkEgq4ECYvKoQ:wY96ZRBQcm+1e+VfNiH//CUKX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684454611, "uuid": "50cc91d9-282c-45ba-a996-216e2b0cf02b", "value": 269528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684454611, "uuid": "aadf8aad-f03e-4368-8f3a-5fd09f7d4899", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684454611, "uuid": "addbb3ac-f7dd-4308-9159-7d9438a49725", "value": "AZIN FELEZ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea9b688e-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497701, "uuid": "7cbf62bc-e863-4a83-b212-2c55b5f03ad4", "comment": "Malware payload (RedLineStealer)", "value": "da5b9e5ae829e073367ecacd63d7350e", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497701, "uuid": "9ed0ca35-4e19-4b40-ae68-9489e4478027", "comment": "Malware payload (RedLineStealer)", "value": "8d9614451341a94d0454e7266a4ed54b13f776e117a2ae4187967cd7001e52bc", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497701, "uuid": "ced30d7d-7acc-4826-a6f7-a749612140b3", "comment": "Malware payload (RedLineStealer)", "value": "4da987f5e946227fdb33c17ecd14caaf3306a01f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497701, "uuid": "19dbb92a-e666-4814-bbf4-872d47178878", "comment": "Malware payload (RedLineStealer)", "value": "dbcf2e6c36632ccd0150f6189155c574623669b8393a760976ef62e6f29ab5e6359fca30aae146e5066cb54ee53e8ec7", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497701, "uuid": "0bcaa9a2-bc1d-4c8f-8910-97efb98184ef", "value": "T1D7252393BAD19021DCF4A77628F116530F3ABDF499B4C7136A88560F4E72284D935B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497701, "uuid": "0d09648b-3d8b-4fe6-940c-930c02ef8bbd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497701, "uuid": "bce0fa6d-f460-4219-8591-01e1ca2a6d20", "value": "24576:CyhiDAbkGLm71gQlGLS6vU2XDSSsG2LpW4Rg2G:po0FLm71rlPDiDSS4phRg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497701, "uuid": "6b9899c7-5ce9-4c24-b8c9-eee613e4d209", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497701, "uuid": "7ba39181-c9df-4705-9b08-332860a2ced3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497701, "uuid": "8bdddd32-0d77-4bc1-84bb-64895eb848a8", "value": "game.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54f55a38-f663-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684514200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514200, "uuid": "3c00c422-a608-435a-be06-7ca95b8eabdb", "comment": "Malware payload (Mirai)", "value": "e9c7c797e1f740ff5f0ff5f3fd932ac0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514200, "uuid": "c7a12c1f-415a-4a90-ad0a-e7d54110c7a9", "comment": "Malware payload (Mirai)", "value": "8e3c1979771dd8e7d6776bb4dca99d287cdddb12efe61b65af7141bc6fa2aacd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514200, "uuid": "23bbd627-9300-491f-9820-cc1e6edbe2e8", "comment": "Malware payload (Mirai)", "value": "81dda51a6251e9277b5756c4859f4031189fb442", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684514200, "uuid": "94ac6945-09b6-407d-a44d-d94c0918b2f4", "comment": "Malware payload (Mirai)", "value": "aedb6abbed6132e9f98d40ee6bb4d12c569ff11363fb579cca05028f69276a8248fde26bc5c58f30d9a5fa1f3a91f156", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514200, "uuid": "1ba9fe56-00f4-4b93-8bc5-1498ae0dc0f6", "value": "T16A334B02B31C0E57C0A35AB0253F5BD097BEEAD022E4F689351E979A9671E375482FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514200, "uuid": "3111b029-6f5e-4044-8cd9-c784da0edee5", "value": "768:pO7HKtChgliRuLR/QPNIHG612oCSylNEhs9am0oLojItAgOYIFRxtKSowQQIo0:89c7G+dl0mgamLTtAgz8xgMQQ4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684514200, "uuid": "4a0e3ed0-a5a1-4dc6-992c-a62fe4ea83bf", "value": 54792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684514200, "uuid": "5dce9f7a-f895-4af0-aee1-ff930d298193", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684514200, "uuid": "636a02b0-a927-4516-a39b-85fc5fdd3871", "value": "e9c7c797e1f740ff5f0ff5f3fd932ac0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97c6e1b9-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684486824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486824, "uuid": "65895f26-9d1e-4967-9e8b-29fd6c7a87bc", "comment": "Malware payload", "value": "54135a65680fc6e6e0148c97200f3269", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486824, "uuid": "e0994504-c73a-4548-a13b-11b5c5a87dfd", "comment": "Malware payload", "value": "8e838bf771450aeb53d8fba7c714722272eaac3086b2d49fa7a6a53ae5208d84", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486824, "uuid": "7fd1e975-1b73-4ad1-90b0-643fcd71e055", "comment": "Malware payload", "value": "ffc7bd0130f783ff4e4405796ec65b582258b31d", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486824, "uuid": "3fdc930b-6189-4456-836f-d301a76d2725", "comment": "Malware payload", "value": "5fe6a8674b6610ecf367cb66884a68a40875eaf9e167804726dc095758e6bdf1bbda86f7337154557f3b306a07da44e3", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486824, "uuid": "a605778d-f4e4-4d7c-8d35-0713ea9226b3", "value": "T16B758C11F101CA2FD7DC29320C9AE3F967B87C4A6E858A87331D731D3EBAA54C946B45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486824, "uuid": "62c25494-13bc-4846-8d66-2aa56b1a7873", "value": "24576:mZb23FjwOtmPkaolu3KqqzkcuWN6b5S1KFaF4W13vIlIolVtZpolcyPIMIRlYfb5:igjwO8PkW3KqOuWNNb0ADh5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486824, "uuid": "ecb8683e-cd2e-46e6-bc9f-f9bcc299efa7", "value": 1640960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486824, "uuid": "1687034d-d3ce-452c-a111-87ed4a0de920", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486824, "uuid": "d9343fca-837e-4a34-83bd-b30e90a7bd3a", "value": "VAT3_Return_P052197241A Frezzy.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27f35b4a-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684525291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525291, "uuid": "0fa1685e-b819-42f3-aaa8-286c8bd6dff5", "comment": "Malware payload (BumbleBee)", "value": "37ed820eefa1564fca7bd05f3648a85a", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525291, "uuid": "5dba78dd-4659-48b0-a764-1321173ac90d", "comment": "Malware payload (BumbleBee)", "value": "8e8e213d3be36b54778b1bd04b565225c50530b82dd57c6354922eb3e9cb7137", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525291, "uuid": "fe439303-d187-443d-9153-535b7e2aa82a", "comment": "Malware payload (BumbleBee)", "value": "d04ff080959018f266cb26280d733a1f5f6f931e", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525291, "uuid": "652d1cb5-b1c9-4adc-a4bc-0e0905d1df95", "comment": "Malware payload (BumbleBee)", "value": "3912f0e07790ff36746bcb5545b887ae861f0785e5ea947034ff955bfc8ab9853e5955c1a3fd30c8c5ce78824f395cb9", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525291, "uuid": "133f9f1b-88d5-40cd-91d7-22164fbcf8f0", "value": "T19B45E012E6920FE4D466517681AB262FBB307E6C0315D3BBABC4D2373D837E45B1A760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525291, "uuid": "4535595f-2a83-45ce-9a7f-0ed7e08c6b76", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525291, "uuid": "3c38feaf-b36f-4804-b0e4-784b182402c0", "value": "24576:3FCcW8RT9F67gwL3k2UeOL9HnUUCexncTD+1z4IHN/Hp:PIr3jUeOfc3+TZJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525291, "uuid": "9284a66e-8639-4844-9ccb-4b8f5659f3c5", "value": 1223700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525291, "uuid": "95ce71de-181e-46f6-b5b9-dfced2c703c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525291, "uuid": "b11e3ea1-2856-4286-bcba-8ce32634d46c", "value": "37ed820eefa1564fca7bd05f3648a85a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70f892d6-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684489336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489336, "uuid": "adf21923-27ce-4928-a442-a6519c1a5ccd", "comment": "Malware payload (AgentTesla)", "value": "84c9ce66eb5da123afd99caf1321ddb9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489336, "uuid": "8dd55bb4-21af-487b-85dd-3c2ddb649103", "comment": "Malware payload (AgentTesla)", "value": "8efba992cadcb0d382ac58643f729ce09ab9e8071f27c1fe1ae2f4e6024b607a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489336, "uuid": "7322f9f3-ec28-48c7-a199-e5e38d670d3e", "comment": "Malware payload (AgentTesla)", "value": "3510b13be9d2b667ef331ee5ab2b03b7c25d18ef", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489336, "uuid": "7b2b7f40-ba64-447f-b568-2873fb517dd1", "comment": "Malware payload (AgentTesla)", "value": "6d33f5dbd1ae74679da8ca74a792ef6f6b1ff608c470e77518ac303b6391b359f14934a0b047b81fc93d25f2cfb82463", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489336, "uuid": "bb238cfc-ff24-4a31-b2a5-30e923a25cd8", "value": "T1BFD4E17060AE4B90E02BCBF165B8FD72033270E3E9D5D9701B69A1C4CE6BF515E8895B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489336, "uuid": "af4ba5ab-3280-4dd2-82a0-cc5fc5cee955", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489336, "uuid": "ce5e884c-a2ba-431e-b8cd-3a7f74195ed9", "value": "12288:CYMv5bwYwnsfOV82PfJfHNzEK+flTlYb90zpPCoBJVy/IN/W:83bfOV5hft4KETl6Qpn8/B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489336, "uuid": "73614443-80a8-4eb8-ad63-3677a513aff9", "value": 598016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489336, "uuid": "f320af59-c43c-4cf6-a4ca-0dbfc95017b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489336, "uuid": "5139d75e-cb8c-4269-863d-97c2dad4f9df", "value": "ORDER.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e37caef9-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497689, "uuid": "e36e0406-e110-4ac2-bfb2-b5f879aa0511", "comment": "Malware payload (Amadey)", "value": "d15355a808dfe142f09ae3e768a4c24e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497689, "uuid": "e1a98b95-9fa1-49e8-abb9-7d2e025727bf", "comment": "Malware payload (Amadey)", "value": "8f18a3b5abbabf8d6f33c1a9dca2f5858872bac12b93bd7a03600f270f5451af", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497689, "uuid": "b9e4b015-a7bd-4e6d-b4bf-9f54665c684f", "comment": "Malware payload (Amadey)", "value": "00afef6eae9f30491d69f615ac80802f0152ef4e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497689, "uuid": "3e47fda9-8895-49a0-ac8a-1926ea4980ce", "comment": "Malware payload (Amadey)", "value": "251d8ce6d7bc3600f4d0629cd26fbeeb9a23685545b6662ba88cdeb6a3cd1cf05e3a6f8cc633e060a0aea4a094db014a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497689, "uuid": "a2205c2c-752a-485b-8047-f16640afe18e", "value": "T1DB252341BAE84031EAF9573119F713E31F3ABC51D8795A5B2766DD8E0CB3284B47232A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497689, "uuid": "ef65b805-3df5-4104-a974-3fb49ffe61a8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497689, "uuid": "1e10d618-7346-4e33-8ea1-cb979c5de392", "value": "24576:Nyu5U/7KwBWUhkv20a2EBuZwjDBGlabr:ouWHWUhF0aEEMl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497689, "uuid": "25ba4dee-42a2-4540-b8b2-4ee4dd67fcb2", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497689, "uuid": "3fbc2afe-b0a0-47f4-9d6a-1296e5925e70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497689, "uuid": "184d8ae6-0759-41e8-8adc-750895b8ab87", "value": "filter.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cae54868-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684499795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499795, "uuid": "b491ccf4-46c0-4f40-8f70-ba8b16818710", "comment": "Malware payload (Stop)", "value": "f4825ea493fd8ae7defc24b05c4c1a93", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499795, "uuid": "eacdf3e5-b646-4afc-b3ce-665baa312b59", "comment": "Malware payload (Stop)", "value": "8f2486c896e10bb516f077a31e6d36c281c868ca4214ab44ee4d5306311d481e", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499795, "uuid": "ed20ca50-faf1-4a39-9253-0b14a34c1245", "comment": "Malware payload (Stop)", "value": "d7d3f3943f91b5df59f30f46058736aff7718660", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499795, "uuid": "ffab1a7c-235f-4d68-9d37-0871d4e857ac", "comment": "Malware payload (Stop)", "value": "a86002ba39d66fda543566d0ef8d08c61d676362a1197c6c589083f9b6aad0b734fe9f64cb95ba2cad7560fc2991cf70", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499795, "uuid": "f295a7d4-8913-4081-9b3b-a77a7190f3d9", "value": "T19D05E00292D1BE53D7254A728D2EC2F8769EB9504F4A2BD712186F6F08711F2D97E332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499795, "uuid": "68de1775-d7a7-435e-a4e5-911d16f90e98", "value": "a5b920833de11e763698004374a64e2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499795, "uuid": "c5ecead7-6a55-404e-ba06-276586a2eba4", "value": "12288:iBSSygvLcyrTDAqG4RSLufOhys4+K5mmLkScLhvZ9DNCPwKDChkNZf5wrotRDue:iTyar5cLRefLk3Z/y82Z44Jx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499795, "uuid": "17dc6cb1-f51f-442a-abaa-f472ded63f9b", "value": 843264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499795, "uuid": "f1cb1e8e-8a6c-4161-9570-a32130d4e1ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499795, "uuid": "c251c4c9-85b3-4ad7-9775-5d615e07c711", "value": "injector.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "480d00bc-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539948, "uuid": "31a0aab9-3dbd-4f2f-b355-a7d260b85227", "comment": "Malware payload (Gafgyt)", "value": "068d7214dcb4d1c5fa8810a618836519", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539948, "uuid": "8904f77e-f2d5-4920-b60e-b575db4160ca", "comment": "Malware payload (Gafgyt)", "value": "8f77b612cdc526f54af6b3ffb56de25c8d4bd9a4ac68123f466f7d3b1195255f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539948, "uuid": "dc002624-9dfa-47fe-b574-71e392288a68", "comment": "Malware payload (Gafgyt)", "value": "916d0e75607f484798a3beee66df6941269c05b3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539948, "uuid": "da2561ad-7ed8-49f2-b712-e8ad32879e7f", "comment": "Malware payload (Gafgyt)", "value": "e266270434935bff45780b80ca624ad25190df1014662ee13cdbfaca31bd02b54e422bf000fd0a1032a2197187c5fb73", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539948, "uuid": "9682d5e4-f3d1-4b7d-9c9f-ab8f2fc142ad", "value": "T1B0B31792F900DFF6F40AE67608C34B256670BF660F536A66B21738A79E721C43867F41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539948, "uuid": "67f79b2c-ca24-4b02-a558-14d32182214a", "value": "3072:I3qnsXB+LaDYRQHgYm7yzMPsM0+N6hRm2pgYMx3IPtW:IIaDYRQsyzEsIeRm2pgYMx3IPtW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539948, "uuid": "17547f56-360a-42da-9f9f-ec9f01882d11", "value": 113755, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539948, "uuid": "70a05394-84dd-4c0f-bf12-05902bd58802", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539948, "uuid": "8ac8fb80-e4ce-4a1e-93ff-3ed4ca6aca7e", "value": "068d7214dcb4d1c5fa8810a618836519", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d38e509-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466862, "uuid": "ede56d1a-81db-4204-a1fe-8a245cd256a6", "comment": "Malware payload", "value": "ab4d89295c6285ca4bae6e66721fad90", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466862, "uuid": "fd390b26-8391-4d5f-ab3a-0936c0aa2c2a", "comment": "Malware payload", "value": "900e32411c6fbf7319ce3c67dc5260395dfa7badb55693504a182a2ac56d8ecd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466862, "uuid": "ecf0b60f-1685-410b-8844-4261d8fd33c7", "comment": "Malware payload", "value": "83e0f12b45e54b9127cea30517f40df2fe81f769", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466862, "uuid": "940234a5-a570-4031-9f93-9ccb8f45a595", "comment": "Malware payload", "value": "19f51bbe5dd1b961eabe5cfed3de80c86f990834d4054065382c25059f7cfc7664e6ce30a0ea5867928a8113a674586e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466862, "uuid": "e4146970-0b77-481a-849c-4de451dfc3c3", "value": "T10824C891BB63FC43F351E1358CBF5569C5953EA77BA360B5B59C3D8AC6BC622800E202", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466862, "uuid": "89c5a0fe-4bd3-44e7-a81f-82b3d6234a26", "value": "1536:KBqNpQGJyB91T75GhzKC3rRmq4IjG3S5:KBq4myB91vQhM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466862, "uuid": "32e8dbd8-eb88-49e3-976f-6fbb78d79fb0", "value": 213504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466862, "uuid": "b23d7663-1fcd-4715-98a6-c913760aff08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466862, "uuid": "2d13df84-331d-4994-b2a5-293cde5a8b04", "value": "SecuriteInfo.com.Variant.Zusy.460032.21741.2876", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4af6789c-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684478106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478106, "uuid": "770be4db-fc9e-49d1-b09a-2c3fd6aa201d", "comment": "Malware payload (Formbook)", "value": "ad0f1127ea2e0a563c8863684b42657d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478106, "uuid": "c768e46b-3e61-498b-88e5-0491797eb01c", "comment": "Malware payload (Formbook)", "value": "907939021dfc3946ca5395b6a318ac3957e069725e5689968522a58ae81d0ab4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478106, "uuid": "ecc9c73a-3b45-4bf9-a103-7ecf08bb8d75", "comment": "Malware payload (Formbook)", "value": "df3e2c75d399e2c5104ba80565e7d380766d3fc2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478106, "uuid": "71e10fa4-b485-4dac-b4b3-8e0f824d74b9", "comment": "Malware payload (Formbook)", "value": "2d6d8394295546df6ac5e7e4a223239f29dfd597ac4c54acc829c22a381b7086a04707fa652e61d15bfe24f2516b416e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478106, "uuid": "b4eb0e3c-593d-413f-8f33-f19e3b3ee916", "value": "T1A905DF9056C5862AD05A0F7892F1CEB053BB9E98BD79F2439ED9FC0B77BB2D11221113", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478106, "uuid": "5891542b-5c76-4874-b235-8404cdd1ebd0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478106, "uuid": "a07fff46-6097-4923-b83e-f6d195a44b18", "value": "12288:B0gifordrIOMq5o6IAb2FGGAu6XnwEG4ArzPd4Ly6:B0jopUOMq5jISsQ+DrLdL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478106, "uuid": "e43e9d5c-607d-441f-bebd-1796d900e524", "value": 818176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478106, "uuid": "eeb477b6-2e32-4968-95fa-c7ff1cf4c218", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478106, "uuid": "0d56c0d8-f764-445a-8f07-616043933004", "value": "HSBC Payment Advice_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94a96cb4-f631-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684492832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492832, "uuid": "3d49704a-631c-4143-bb5e-b76412535d9f", "comment": "Malware payload (RedLineStealer)", "value": "411df23f95a725a93a09665c974b2f52", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492832, "uuid": "6b6d93d0-ac7c-4035-8c8a-f2dec21cd3f9", "comment": "Malware payload (RedLineStealer)", "value": "90a1febb9e1c00b4c108718d66c99458a5e0ee1b41a448a083b61a5c8728bf2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492832, "uuid": "d42df62e-2f2d-4b56-84d6-9b13d566513d", "comment": "Malware payload (RedLineStealer)", "value": "00a42e176a491ba445729e333b996d612bb19ecb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492832, "uuid": "e928b2c8-25ec-450d-8757-61b769b898b2", "comment": "Malware payload (RedLineStealer)", "value": "74b332c071dc406fec003a416500bd49eba77f6138b07209c5097829f8277d6cf128ae01624a8336e215ce4e5e144e1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492832, "uuid": "da344f4e-a8b9-42df-a294-eb6a761da75b", "value": "T15F252317F6DC0466E9B167711DF611932E3ABC52A93893B76342BD5E0A72680E03237F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492832, "uuid": "1899087b-5959-445d-a308-fb1c16f562b5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492832, "uuid": "b2b3c963-9c3b-4adc-b51d-a04a18a3b87f", "value": "24576:CycW2doUY1/Lm+oJ2m9lqq6gFJap/dyjvP:pcWmq1yleQ4/dyjv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492832, "uuid": "436b4268-ad35-4b19-a8b5-d8c1cae5738d", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492832, "uuid": "7647fe84-e365-4ad1-b22f-c58f3ba996b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492832, "uuid": "88d525d7-fe9a-44ef-83b6-9c15f4c4239e", "value": "90a1febb9e1c00b4c108718d66c99458a5e0ee1b41a44.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9f46dfb-f679-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684523818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523818, "uuid": "02764a95-1a72-43ad-b63f-1092c688c7a9", "comment": "Malware payload (RemcosRAT)", "value": "ce4052db6e9670cccedb04244232db54", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523818, "uuid": "bbbd6e76-a4b5-49c1-8616-54b05ca87b66", "comment": "Malware payload (RemcosRAT)", "value": "90a337ab1343d9a80a9d5bc97c004fb22ea4a9f562fd2c8ef65cf423738263cf", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523818, "uuid": "bb8d6787-742a-4395-9f0c-5400d3497f3c", "comment": "Malware payload (RemcosRAT)", "value": "4f45442edf772a5920d642039823182166ce8eb6", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523818, "uuid": "3c24794f-c9c1-4d21-bac8-d4d5533cbd1c", "comment": "Malware payload (RemcosRAT)", "value": "7820c8faa50608fb5ba6301d81864d0b9579f881df1d74376da50f30972cf4dfa0640c91e081079801d85f99a717f965", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523818, "uuid": "a32cb9ec-fca9-4f2f-b107-961caa982eda", "value": "T19345D1F7286B2978DE993CB0D4C939A215F005170948F62EF7611AEEE097EB5F2041B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523818, "uuid": "e8a19a7a-6b20-4dd2-b3e6-45ae48d87dfe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523818, "uuid": "971ad8ca-aede-4ed6-86b2-fa1e7bb67b27", "value": "24576:QANhdWjv6VoRAux123MBAKx9nf4L7XFz3Tu9o:FNMeov123M6KDnfirFDTu9o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523818, "uuid": "f32b051a-05c9-466d-8525-a9e45fca6916", "value": 1241600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523818, "uuid": "2d17ca9f-ba45-40eb-b593-ceb5fcca19a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523818, "uuid": "84fbd996-2d1e-46ad-b800-fe1dc763e048", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fb9e7fb-f65c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684511131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511131, "uuid": "5d321158-becf-4de6-9a18-4108dd50bac2", "comment": "Malware payload (NetSupport)", "value": "44ceea9bb05fe4616c1b09a0c1f520df", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511131, "uuid": "ce17cf84-5a1c-4f81-a153-3f43103470c5", "comment": "Malware payload (NetSupport)", "value": "90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511131, "uuid": "4206eae6-f9eb-4941-8247-2c64087a6013", "comment": "Malware payload (NetSupport)", "value": "748c91404e96a24b4e382faf3e514e921f6d42c9", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511131, "uuid": "a83d6a19-6b04-483a-98cb-74869f327c2b", "comment": "Malware payload (NetSupport)", "value": "730796b8f70f042cf8513ca90b8d0c24255062144d1bb063baa2dcd2d93d0ef40921526b5ad678153e66c7cd6bccfaf8", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511131, "uuid": "c167c12c-c3ee-4c03-a606-a4e990ffb5a0", "value": "T1C2D2CA8926D3B052975BF03A675E8C85E2AD48130BD46D0FB81D7178FF9683CCEE4668", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511131, "uuid": "086e18fa-61a6-408d-83e9-b165b2f99912", "value": "384:O39+2LVw4HL53XjwAKbTNhLYKFUtBFe9B9PlRSOfXAWbQjNP:1ow+3XUAKnNyKuFcoWbYx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684511131, "uuid": "ce5a5ff1-4279-4c7b-97f2-2e169fba0dc0", "value": 30796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684511131, "uuid": "1cbd7459-7912-4951-95e2-3e4fa27094de", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511131, "uuid": "b7469535-0985-44d9-887c-2b121fd773d8", "value": "90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5369b06-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516106, "uuid": "1742e703-a510-4420-8dea-e55530ec88d1", "comment": "Malware payload (RedLineStealer)", "value": "3388b41fbc329ff7378355d3a0f184d2", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516106, "uuid": "a4f38151-052a-4297-bf0b-9110bf6695e7", "comment": "Malware payload (RedLineStealer)", "value": "90e7e1beb7d1b772d71a027804a5b7058065a1338891192fa6c7fee4a5011e7b", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516106, "uuid": "6d8a7807-17c8-4f9f-b1bf-bc96c87fddad", "comment": "Malware payload (RedLineStealer)", "value": "e08a2e27063213360c07253572c1438d1bd6692b", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516106, "uuid": "d76ff710-8807-47c8-b1fa-0e8a884418e3", "comment": "Malware payload (RedLineStealer)", "value": "ef9df7d5d50535469396ddcbaae7332b55cf35a802a42f45021685a763082ac182bd60bb6d79198d4914b37ebba58b81", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516106, "uuid": "738c905e-e0ea-4764-92dd-98af2dd74de1", "value": "T1E42523226BE89472DA7617742CF717D30B3A7902183CD7B62B05A95B0DB15C49A32BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516106, "uuid": "4703a4a8-6202-4ec3-933b-da46ce1493c0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516106, "uuid": "dd590426-0e5a-4b33-81bc-ec39317afb33", "value": "24576:syWtdMeBmBQdGf4n/HJECfkYzFJ1FCdQagFF38F+MQg3L:bidGQdq4/2gkgGdn8F3E+k3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516106, "uuid": "a45e0b8d-e837-40ed-a9e1-889d53516d0e", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516106, "uuid": "5060f6ca-a40e-4f00-a315-878b348f641b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516106, "uuid": "fce366ed-5407-4c0e-a048-e740c71e90c6", "value": "helper.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5863b8cb-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684512488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512488, "uuid": "6fa5f6e7-ac63-419d-9116-a288495d4936", "comment": "Malware payload (RemcosRAT)", "value": "a98a545874c06efde00c0c2a54c4e503", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512488, "uuid": "c252401b-4b29-41bd-b300-b4ff191fbecb", "comment": "Malware payload (RemcosRAT)", "value": "90f752930ccd1f6ae8292480b705f65f0ef2e70407b3db489651822ea1349f9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512488, "uuid": "e014f821-b54f-4e7c-813b-c186f1b2c494", "comment": "Malware payload (RemcosRAT)", "value": "a35e935da33a72622e6da3507a1cab3e6aea3347", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512488, "uuid": "ac9894b5-b1f1-4e3a-a466-2dafe659e4ed", "comment": "Malware payload (RemcosRAT)", "value": "9224aeb2dbcbd6c11b9c824478b26088c6671064a65336fa4eb8bde6b59e50d164e531f39e4626697f52049fc6c0c404", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512488, "uuid": "36e4e987-310a-4cb5-90ee-43dd0b1c2655", "value": "T1466512311795AE7FD7FE0B74E4B525140EF06D67A630F38D998420EA50A2740FB62B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512488, "uuid": "a92f4cb8-d9ee-4d50-ad04-cf4743ba4a32", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512488, "uuid": "d64ff471-d3d1-46b1-ae37-db9bc90ca72f", "value": "24576:BSCeIM5/f84n0Gz39WPLZuMRau+5IrtXOplftVBUlK15jDLbO7eyV:zvMFf84r9EoMfk0OjfDL67eI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512488, "uuid": "60543319-43a7-4353-8cbb-46dd4bf3ecc6", "value": 1412608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512488, "uuid": "a87182bf-a29f-4898-bd91-89b21a5eb263", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512488, "uuid": "3a8b3a01-d949-496b-8eb4-7e856f38ded9", "value": "a98a545874c06efde00c0c2a54c4e503.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2fe61fd-f60a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684476106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476106, "uuid": "bb39a544-3fd3-479f-ab63-8ed6af57ace7", "comment": "Malware payload (AgentTesla)", "value": "6d5a53854105ba060e840a399e012c1c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476106, "uuid": "9f44e394-0194-4625-a200-ea95a1b6ed69", "comment": "Malware payload (AgentTesla)", "value": "91cdc121ddcc77ba9e01963b2ff1a92192cd4a7804915a67b598f69d457160b3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476106, "uuid": "094b3910-3d80-4cd8-a8b1-7dd90de66509", "comment": "Malware payload (AgentTesla)", "value": "ae6f89adf6ce67669ba2e5cf91d55f74c10905ee", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476106, "uuid": "55b7801d-9e4a-47f5-ba46-439f0a38b981", "comment": "Malware payload (AgentTesla)", "value": "5f212aeb7fdafb8ecd7be1154650e48daaa4055dc7e686bdee47727b547e1bc934d6442338c1c5ef1a71606cf2faedd0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476106, "uuid": "14cbcda9-eb34-406a-8313-e4de0847b948", "value": "T180F4DF2426C39319C519C7FD84E2E2B013A6BD877072C6570BC6FECBB686FE94651287", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476106, "uuid": "4b373a32-bdfd-4c87-9ddd-d60cf94cdb15", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476106, "uuid": "c076cea3-a49f-4dc4-abd0-a76b307b9b6f", "value": "12288:MmHB0VHwDXDUeY0gDFc2MtD45Xe1UbQ7Fpe0GQYvi6:F+oX7gDaltDfNT9xYvi6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476106, "uuid": "a22952c5-207b-4bda-84a1-9f7ba7cb8d26", "value": 722944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476106, "uuid": "d21371ba-3ecf-4762-a0ba-53323af0dd79", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476106, "uuid": "3c78f716-97ce-476c-aa36-f36880760898", "value": "kind request for quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9feefa53-f625-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684487697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487697, "uuid": "ff6c2c14-3864-47da-a975-2361aaf125b7", "comment": "Malware payload (AgentTesla)", "value": "55591ef3036c998048648a992f5b1192", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487697, "uuid": "3c000ade-aeb9-456c-9048-68c9a64a506d", "comment": "Malware payload (AgentTesla)", "value": "9375fd07cd429efac657a3735c1787a8f6bf8f8076fec0e61abfb81d0dd28235", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487697, "uuid": "3d5f230a-cdc9-43a2-91e5-ddda66fe6ab2", "comment": "Malware payload (AgentTesla)", "value": "3db04d502cbfbbb6d0e1116968f9db3bae5bb73a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487697, "uuid": "811221f2-419a-4046-afaa-22e4a63b383f", "comment": "Malware payload (AgentTesla)", "value": "a5a079582fd31eb2972f9415313c084804f6d2b8e00c58f402e61f24a6af96fdf9f634e5e893305a0fccab01eb5bb5d0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487697, "uuid": "50238c66-8e21-4eaa-baec-d1984283bf28", "value": "T17E15D08126B88F55E2766BF96272E63443B53C54E726D21D5CE02CDB3D76F812B00BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487697, "uuid": "c6984d4f-3222-4d5e-9063-c2185dc6622f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487697, "uuid": "8c98abd1-8bc9-4bc3-8e66-56faf1be7bd1", "value": "12288:F0EAZJLpNaPn0YPX/NarqFTmooTcbLNkcinxJ57+p5EJYtcYdBmmg+th0j50Hd1m:KEAZ8P0pwTboGZoCTzs+ti5B6N7cVrJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487697, "uuid": "2135c1cd-98e7-46de-b40c-6c88968c0cb2", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487697, "uuid": "22a97e67-9779-4071-8472-64ee8bf1a2fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487697, "uuid": "06653a40-ef9b-43d7-8d59-c685cc7a74f4", "value": "CL030220pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "583c3046-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684499603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499603, "uuid": "195f0e2e-7594-4559-9d12-5dd0d2434ea2", "comment": "Malware payload (GuLoader)", "value": "58074c1697d6085975a044ed08d7481d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499603, "uuid": "2d57fe1b-5970-49f3-8166-0c9612cddc79", "comment": "Malware payload (GuLoader)", "value": "93ccdf36bf1289217112f981ac1ed6e9ea361eada1adfda28c435bf88946cde7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499603, "uuid": "87faff96-894f-4f02-b72c-9f2a68790f64", "comment": "Malware payload (GuLoader)", "value": "414dc24a5da4da60509c28148c6a6da49dccfa70", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499603, "uuid": "c6adb880-3e42-45a8-8534-42218b9207f6", "comment": "Malware payload (GuLoader)", "value": "0779066d2bcc610aa9e39fccc476eaebe653630486f72d6609ab87171e117540cc3f2549e22912cfe3f6e61daa0455a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499603, "uuid": "3ce18183-8967-4845-a658-ee6c0a58e6f8", "value": "T1D7A4BEC5F6B35522C3AD0274BFBED764D6789C0809016732223CBE29B9E63F6D507668", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499603, "uuid": "b05e032e-e7c4-4530-8226-7298d08cf3c6", "value": "1f23f452093b5c1ff091a2f9fb4fa3e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499603, "uuid": "552dd343-b6d2-42e9-98a9-7ee3a1834a38", "value": "12288:RyypyHyyyhyZyVF5ffqy0yyyLyly0bLBhXx1Qy+yyyyxvqy4Scb8yfyy6W8dAUJT:G7Ei8ddgzghlmkvok", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499603, "uuid": "13d4eaab-d0b5-4736-a818-3dcb7ddc50a2", "value": 483516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499603, "uuid": "4a5ee86b-21ed-4132-8645-857b08cad7a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499603, "uuid": "b3d610c6-1e0b-4368-8490-f6e3e5d1b53a", "value": "20231905230113871607.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fbea059-f5ec-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684463135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463135, "uuid": "c653a5a8-056a-450f-80ca-ea21aacc6d38", "comment": "Malware payload (Gozi)", "value": "3a82e5d15cf39529fba72513be829c90", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463135, "uuid": "c7ab568b-2529-4e55-8e34-f93607911dab", "comment": "Malware payload (Gozi)", "value": "94582a5d97f5edb8597b9a7a88863f0e39ba660fd14427062c046f37239fb1bf", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463135, "uuid": "9cc34546-36e2-4ae4-a34b-cdfabe2abd37", "comment": "Malware payload (Gozi)", "value": "aa8accb58bd9d7a5e357a2017209444ed8a50e03", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463135, "uuid": "311f4fbc-56d6-498e-a503-25a36c5f68df", "comment": "Malware payload (Gozi)", "value": "47d33c4ed1b19925a38f5b8f07acc7a0816492cc9016bdb30eb5d53183553204b7ff3c2f67f5c10a33bb75dac1613bf6", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463135, "uuid": "a30578cc-d38c-4bdb-9ff1-f42adeb95f91", "value": "T196A3F1E7C789248CD80686A174A47E8890EDF2C649CC302032FF0E8F67A9D157F766D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463135, "uuid": "a3e778cf-1488-4623-9839-82afc2ae060d", "value": "3072:3ZT4xN0quicGhRizn3aiOcBqGggASQRtPPd:3Zm+quMfM3ROcBfggFOPV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684463135, "uuid": "06d340fa-2ded-4f77-be6e-b0f6c4b4cd92", "value": 99093, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684463135, "uuid": "5ea9b337-fc0c-4a2e-88ff-2860898fc81c", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463135, "uuid": "49dd5a15-7d59-4b8b-a9e2-0c37875797c9", "value": "1 Total New Invoices - Wednesday May 17 2023.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3bb2cf5-f65d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684511889, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511889, "uuid": "d02e5342-10bb-4b6d-aed5-50d183a1f921", "comment": "Malware payload (zgRAT)", "value": "253b4b2b16aa179cefbd07e3152eda0a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511889, "uuid": "a5dec6b8-cce7-46df-a99d-17759b1b6b41", "comment": "Malware payload (zgRAT)", "value": "948d7ce354a4a05b6ae760f7cd6ee8bf052e187c3c56d0f89636415ff9d7e98c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511889, "uuid": "4586a815-5851-46f5-9024-ac7373c0f86b", "comment": "Malware payload (zgRAT)", "value": "dd418ace22e1ed429012982a10ee673887e9fa4d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511889, "uuid": "4a9016f5-5c32-405b-9fd8-09137a1df812", "comment": "Malware payload (zgRAT)", "value": "96ecd1608fbcd8f6667ff278aa313c9d5c7a9d974c0a3e9afbf048c7bbbce347fcfab8d9d41a83a024f2b4eacb2c31d6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511889, "uuid": "2c76c21c-97b0-482d-afed-8b9765b8c901", "value": "T1AE34D01B37C49B56C95C54B0D0E31A3117F7A6C37AB2D3453B8442E64E927E0ED8AB8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511889, "uuid": "34190e1b-6660-460f-b6e0-4e6e4a905bc9", "value": "6144:cQa45Z0jYqbLAc/QM4lFQVEQTeUSmwTi3lMBcvj5:1r5UYqA5FiTermEi3ld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684511889, "uuid": "706e531b-d7ca-4c1f-98ba-449392da364e", "value": 242240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684511889, "uuid": "3ffd6637-db2e-43d6-8650-e1a696aa5571", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511889, "uuid": "f0827986-e6a8-4ee8-84e6-c59e2e4dfd0c", "value": "UPGRADE - AGENCY LETTER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4b0614a-f5fc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1684470096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470096, "uuid": "d8d35b23-9471-4dde-8e6e-2891b50e6391", "comment": "Malware payload (njrat)", "value": "b830235e02dcad0cd83ffdfe5e6b7064", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470096, "uuid": "a767e083-e22e-4b60-8f76-79f36860797c", "comment": "Malware payload (njrat)", "value": "95026b172d2e0dfd1fba9b0892ecf5569605e0950b97d5af563f7a22b1409c4e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470096, "uuid": "75ce6c55-f410-4003-9cd0-681f4aa719de", "comment": "Malware payload (njrat)", "value": "e19783964987deaf710869816b495beac6ea201e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470096, "uuid": "1efeb3b8-3750-4fbe-8473-93b7c9e1000f", "comment": "Malware payload (njrat)", "value": "941844f7e3375da5b87b65be65701110aee05823427a917785ae17d9a06ec3d4ec7d794c61655eaf34302128fc671e6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470096, "uuid": "05fe4992-fa66-4da5-96ed-a9ac297b368b", "value": "T10EF2194D7FE08568C8FE067B05B2D41307B6E04F5E23D90D8EF664EA36636D18F54AA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470096, "uuid": "c5576cbb-2b18-49f3-914f-1f9f93a6b0a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470096, "uuid": "898600b5-ecec-4ce0-9968-a1d50b67b1b6", "value": "384:x21SikMvmkO8IV+ytbNF2f1sseiXerAF+rMRTyN/0L+EcoinblneHQM3epzXyNrp:kdIV1tbNF2GViurM+rMRa8NuM46t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684470096, "uuid": "303d9f92-034a-487b-897f-94fde15780e0", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684470096, "uuid": "333fbcf8-a57d-464f-9234-af8549c34bf6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470096, "uuid": "9c6888de-41d6-4773-93ec-9679c0bc8b5c", "value": "b830235e02dcad0cd83ffdfe5e6b7064.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e454b26d-f622-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684486523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486523, "uuid": "c2f4aefd-073f-4b6e-adb3-ae22f7f67329", "comment": "Malware payload (Amadey)", "value": "a4c06bf387ac75fa50d97712f13c6242", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486523, "uuid": "3c25e5a6-7699-4e8f-937d-6a297a9e8576", "comment": "Malware payload (Amadey)", "value": "95ccce304a02de6d04b468d94b9fd8ee06b61f0c7b0de96752ab2188d644a9ca", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486523, "uuid": "0a20a982-aaa2-469f-bbc3-5ca15cceb0c8", "comment": "Malware payload (Amadey)", "value": "0eca136686c6958826e1719b6db0d7ac15bb8f05", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486523, "uuid": "c6ce4b08-cad5-4c67-a07a-ff8e6355627c", "comment": "Malware payload (Amadey)", "value": "9aafd2ef0ce9c691c8fd3c4152b824014cf49708b0ad6a8f12d5d0468df554bf90651e1f7f78cc23e44e07965e6cd3f6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486523, "uuid": "e3949c87-35ba-4dab-a746-74ab8f05f93c", "value": "T11F2523129ACC9076D4726BB444F603D70A367D924E7AA3C52386DE4F18723D4B639BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486523, "uuid": "34e8daa8-e212-440a-88df-59adada9339a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486523, "uuid": "cc0fb54c-2302-4153-bf86-61df6acb16eb", "value": "24576:Wy9xER1TWv2sJKFsZat1rIv9fQfiAkOg:l9xG6+KKX+fCR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486523, "uuid": "fe4b0934-b8cf-4168-917e-55251bf0c843", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486523, "uuid": "ae83a28e-050a-4505-af4e-b6cfc8168224", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486523, "uuid": "6e8d70e8-96ba-49c5-bbf1-a387b886e013", "value": "a4c06bf387ac75fa50d97712f13c6242.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2281f4a2-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466871, "uuid": "5ef721ca-319a-4070-a24d-9146c5f2f926", "comment": "Malware payload", "value": "53fd736d5d76d5ce38bfa3ca1924f087", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466871, "uuid": "0e556bf5-b740-4958-8f42-57e1bc886bb2", "comment": "Malware payload", "value": "96024ab07dfc13716fe28fba89b2e0c8713ae7986e1a7769b57accc28d40e7c5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466871, "uuid": "9fa51387-fdb8-4aaf-8cb7-a358b9c20eeb", "comment": "Malware payload", "value": "89eab109b13be06ee22d3cb67b6bb0153a335da1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466871, "uuid": "88a7b4c4-b191-47a5-91ae-3d2b894eb11b", "comment": "Malware payload", "value": "a5399b7bd1d121eb2f09f17b0f3372f18d1be4c500e8703e41d3cb43359783f95af53efbd0ec82f199ef1d560a027777", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466871, "uuid": "2d22fe01-d3d5-4089-a2b2-dfcb8ec9962f", "value": "T16C179E43EAD240F1C94626FE11AB633FAA359F11432596C3F3643E42A6316F16D7A3C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466871, "uuid": "ba8317d4-4ba3-415e-9fdd-54135dcc1e37", "value": "e5a5fb712e135e7b20ba7cdb9059d008", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466871, "uuid": "b53f07f8-6cf3-4589-9306-4e03982c059d", "value": "196608:BqQxw4GuZ996bLh9vGV1gPDpKEaXa0YX1lSzfyzleNq6eX4stSzSjfPvywcLT/:5xl8bHiK71uYX14TywNq6ext/fPvkj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466871, "uuid": "38a39b63-7c9f-40d7-a95a-f9ae24d97d0c", "value": 19870352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466871, "uuid": "23e66662-b126-4277-9952-7a77ce3efe4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466871, "uuid": "5fb66e7c-5a48-46b6-8f2e-f42fb0028086", "value": "SecuriteInfo.com.PUA.Tool.Skymonk.39.20047.4758", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3552017e-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684539917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539917, "uuid": "186c304d-c2a2-4e24-bb1c-246fa76455c5", "comment": "Malware payload", "value": "16212f3930f3c8327ba9872acf626c3b", "object_relation": "md5", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539917, "uuid": "67bdc537-3768-432d-bcfe-87a71b494d8a", "comment": "Malware payload", "value": "967557d5d230867011eeb79101830a722836ea1779f4755e3692e130420ff17c", "object_relation": "sha256", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539917, "uuid": "7d53d17b-380e-448e-9e03-c9d94f04d2e4", "comment": "Malware payload", "value": "d0baa14c847f9effd4953be7dfe19e40f6001ec3", "object_relation": "sha1", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539917, "uuid": "696aec4e-3047-475e-bfb1-49070115a0da", "comment": "Malware payload", "value": "c4c15c57b5afe4179f532e89809e37412d08aefe3dfa58cbadcf3e5128da33ebe0681d1f619a78af7a4ee60da30019cf", "object_relation": "sha3-384", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539917, "uuid": "fdbc5afe-715c-49b2-bf79-8bc23c9f8fe3", "value": "T1E7A5DF13F796D8A2EEF3823A56619375612B9EB52B4346D33C41BA3C1E7B2C107679C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539917, "uuid": "1582e258-76da-44ea-9fed-ffee8047fe26", "value": "12288:D7Gvn8arxAcIkA6j+zzMN08oaYTJkvN+iTFbkUFnvXAH:2P8arxHvknMi8oaW6kivXAH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539917, "uuid": "ed6b977d-00d9-436f-9cc0-c0d1e2cdec4b", "value": 2103093, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539917, "uuid": "61423a4c-605c-4574-bb62-69f9ab259743", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539917, "uuid": "aeb1d34d-d619-4ad8-821a-2e9823bbb7ba", "value": "16212f3930f3c8327ba9872acf626c3b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8749e2e-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684489537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489537, "uuid": "40ae152d-cf85-4087-97d1-6166851a5270", "comment": "Malware payload (Gozi)", "value": "3912f44df67d43a47c51c62e5fff2701", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489537, "uuid": "563fb735-82c4-4d3d-9650-da7d6fe083b7", "comment": "Malware payload (Gozi)", "value": "97aa441e8b104661a633d705fe16af3ae24dd645e8ae96c1be21eae69d353092", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489537, "uuid": "d5bec58f-63fa-4d62-8008-3b4cf7b595e7", "comment": "Malware payload (Gozi)", "value": "79cc7c67519d2a73f8dcfdb73c5268f1997e924b", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489537, "uuid": "730e8c81-1f73-4533-99b3-316e5a7004e7", "comment": "Malware payload (Gozi)", "value": "b673f2305761c33e9e7a8072ea2a7f9a39edc13571f05cf94f82feb287cdbc0d9d7e8f11d2abd41b46623f1206935eb7", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489537, "uuid": "e3062c8b-b5dc-4b1c-97ab-6c3f550a30f2", "value": "T18A92E17787129C85E61FEBAC17BD586135DA3403F9030F98B94020623AE90D7F793A6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489537, "uuid": "3404b693-fc5d-4e45-8717-1883c3a12fad", "value": "384:LGUFwhF+xcfbVndEUiKyDzpgwiqgRHlV0hkeYZcb48gpzO6:vGhA0DypiHT0htYZkGi6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489537, "uuid": "09e9fff0-4dd7-4b70-bb29-42b524e85608", "value": 20591, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489537, "uuid": "27b876bf-e0f7-4176-9a84-7a45101ad613", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489537, "uuid": "863d6114-c6f6-4fec-8d74-21ad0e2c8599", "value": "1 Total New Invoices - Wednesday May 17 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "917fa410-f612-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684479512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479512, "uuid": "2c10f6ca-d872-41b2-b2a2-98ec8b503df5", "comment": "Malware payload (AgentTesla)", "value": "f3b034889c7524d6f5636549af97962a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479512, "uuid": "4b5679a7-1725-4676-9e02-8073b74c5c0d", "comment": "Malware payload (AgentTesla)", "value": "97e8f682e55292ced96ad0b8ac320581950d2648e57d2b463470754fa0b98f73", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479512, "uuid": "805f99ad-ae2a-451a-ac41-7b040834b9c8", "comment": "Malware payload (AgentTesla)", "value": "e3fe4c339869bdb0e86b666b94e1dc6d625a656e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479512, "uuid": "9cfa97da-0324-4862-8b25-e89406cbb885", "comment": "Malware payload (AgentTesla)", "value": "b821724c8748094f894641eeaef5b14268c599c6c8afbfcc21c6ba02707ba6edf3b0e01d4137a4483accd314dc196d61", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479512, "uuid": "1bfd56e0-a1e4-46d2-98d8-10df33e6112b", "value": "T1BEB4232403F875B1F1939B2D7999AD2DDDA3F82AD1E6D0BDFED843C321350604E486A9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479512, "uuid": "b52b5e07-ce47-439e-8e1e-a1e81e56bb43", "value": "12288:wSWskmzu0+6Kd1cML4T1LtDwuFsLyFd0E4kSJZGwrZK654s98P6nVqWh3i1jW0+:dWsX+vdNL2xwuWLysEpCGwt54sK8qc3T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479512, "uuid": "bd800551-fd9f-4dfe-ac4e-828eca01aee2", "value": 525875, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479512, "uuid": "3f9c427a-6d4e-48c6-b396-799a9e1dd801", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479512, "uuid": "82619bff-2df3-4b87-83d0-db71feb1dad3", "value": "INVOICE SWIFT COPY.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "312e5264-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466895, "uuid": "1f7157e8-166c-4948-a1f9-aa7db8432d26", "comment": "Malware payload", "value": "9072933486b2129372c9544c240b595d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466895, "uuid": "1b252cd7-9b94-42b8-b259-8ff615c8bd5f", "comment": "Malware payload", "value": "987132faa64afc4c240e06954981429f8e589134537665e956e80d30e3ec1072", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466895, "uuid": "c2c98187-2e42-4e4b-8faf-c0d957e53f62", "comment": "Malware payload", "value": "f2c52fa89f554fc3b5267949e897fce1b8e86d67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466895, "uuid": "8a302770-1a97-44ef-909d-6a06d9d5cee7", "comment": "Malware payload", "value": "eb8e4a12d3a4a283af3229ec787cad2bfcff91050494e81cdb788d879f68425870945f70c54b1f7ed5b181300bb41f76", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466895, "uuid": "ee8f061a-99a1-4f8d-93de-19e73d2bc723", "value": "T1A1D39D43A761D7D1D882BB701A7E97140B8B1F726339477AB4B86C2D1F3684B8E05B9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466895, "uuid": "3080d666-69d9-4da0-b05f-49b5efbd6c4e", "value": "1536:Zz4eUt+oUVVeZgYShphwkNl+V1X0aCO9PXFIm8lZOwjt4TkdWK:F4zUV4eYShD3l+VWCPV58lZOKeg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466895, "uuid": "a23c8a64-df1f-4216-a793-ee48c8dc3e65", "value": 135168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466895, "uuid": "b72b8aa2-0bf2-48ef-9323-1672b1c2b31d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466895, "uuid": "3e07e8b6-8652-4baf-b69c-b07514468b49", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.4763.16159", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a8782fb-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539926, "uuid": "9489dff4-8c39-4b4c-b8fa-b3abe2dcd8f6", "comment": "Malware payload (Gafgyt)", "value": "9d81d703af164685e9873a95d8c9dcb6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539926, "uuid": "3969a405-d5a2-4177-8f59-0ef51d9f191f", "comment": "Malware payload (Gafgyt)", "value": "98750c83ff54521ef4a669cf3a99601e10691311b962a9f3f9d8397588baf47f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539926, "uuid": "cf011913-f9d3-4bb6-82eb-375180a98fe2", "comment": "Malware payload (Gafgyt)", "value": "81812915b5866536ad144b1307f2a1b2c5fe2e1a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539926, "uuid": "6610994b-27fa-4a66-a8e1-608548935a71", "comment": "Malware payload (Gafgyt)", "value": "98242d09f972bf199b6f228f4db200089ccda1ae1f5ae9bad3ad82c4635401a16a103e352f538f951cf84db69a002ee1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539926, "uuid": "ba1865a2-ba97-4d3e-b24a-db7acee1f18f", "value": "T13AB33B4796A99FB3C086BAB515EB59300722ED120F2F1A9621387BF4437F5CD740EBA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539926, "uuid": "e0c1be16-766f-417d-ade0-c9f6f2d107e1", "value": "1536:MqfWC0o17MhzlJpKgElT0T6Rk0MgPCkB5EDQEPWmmycgYVLu1IPYC:lfHdBeQglT6zPjcQgWmDcgYVy1IPYC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539926, "uuid": "374e4596-80d7-4aa1-a512-5fc7ca6dc1a4", "value": 108482, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539926, "uuid": "30505239-150e-437a-9f2c-3f8c66331171", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539926, "uuid": "b63cded0-9fe1-49d3-bfce-e9cc79907a1f", "value": "9d81d703af164685e9873a95d8c9dcb6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ed8b8e0-f62e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684491480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491480, "uuid": "332d0e5e-7bce-4651-aa4e-073b58035e67", "comment": "Malware payload (RedLineStealer)", "value": "c9f8bfac21ae6f00da524670c4ebc6f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491480, "uuid": "39db01aa-74a2-4695-9beb-31cd3cb917d7", "comment": "Malware payload (RedLineStealer)", "value": "9893ec0e2902925018922ca40cc3495001dec4ccd32137cc13566c74bd1438e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491480, "uuid": "a9bd9856-3e50-45d2-814a-6cf803200853", "comment": "Malware payload (RedLineStealer)", "value": "46bd75b36aabf4869228e71335f0c6ce06b16173", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491480, "uuid": "c89a12d4-ec86-4a4a-b5e9-cdb0772bc270", "comment": "Malware payload (RedLineStealer)", "value": "5a664e26062244c4fa0e89f4a507da981a25791ac3a192a6fdd5ba6273a70e3b655c2e3f662e01e4208edd2359e38dd2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491480, "uuid": "e9c1bbff-19ac-40e2-8341-864984626035", "value": "T158948E8392D1BC6BE7154A728E2EC2F8765DF9508F4927D722146E1B18711F2C9BE332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491480, "uuid": "7311327e-abe5-445f-98e9-9ac593aeed01", "value": "a5b920833de11e763698004374a64e2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491480, "uuid": "57bdf1dd-7174-4622-85bc-876c79f5b64e", "value": "6144:z1NqjBg23Lr8fybt81TtW2KVAvu65EHBoR76JrnM93Tue:yjWMr8fy21hWt0R5EhoR7PDue", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491480, "uuid": "fc8f8e3e-25ea-42e6-8151-aa9990c90499", "value": 427520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491480, "uuid": "882ad271-b320-4a2a-b824-1d0632a5e4e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491480, "uuid": "b32359b7-7fcf-42c7-9ef2-ce586e889d17", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "581afa01-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684489295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489295, "uuid": "12f5cb11-593d-4139-b661-68db08777a01", "comment": "Malware payload (Loki)", "value": "9f7d9d269e09a8f9da818d4032a75646", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489295, "uuid": "e78a58aa-3493-45fd-a58e-c83af901da04", "comment": "Malware payload (Loki)", "value": "98ae8fd010b084c35d1dfdc4443518b48ddb798b51defad59da5d9f803f2719f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489295, "uuid": "d219a096-541e-49b5-a63a-8a4a84e98aec", "comment": "Malware payload (Loki)", "value": "be72b4e2deec4228f3a9374ec0711b2cac10c127", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489295, "uuid": "3576c1a9-a0e3-48a3-9b3c-f0ee822dee10", "comment": "Malware payload (Loki)", "value": "35b51fc8d9cd18044a7856bdc43287580a3913b3a47781b25e063359ff69383df61ea675943b587a4cacb5834f7d0509", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489295, "uuid": "bc61ff8c-df58-45f0-9af6-95709ebaada2", "value": "T1B6848E2CB7ED6681E9FA5BF6A974828857737C942923E70C5CC034F52DB27520623E27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489295, "uuid": "3f458257-ab77-4ad4-bf1f-b2724a5c676a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489295, "uuid": "aad73667-81f6-4686-979a-79bf001c21bf", "value": "6144:64Ne7HIIW+64wYJwzfA3pHsHECazSAaXJzYVF280hwYOCQ7rgy3rFSl3dixFYyF+:i7HIInxs7azQ9YjgQPL7FO3oxFYG/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489295, "uuid": "1bbb0081-8e37-48b1-a73b-3199c6262f93", "value": 373760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489295, "uuid": "ea546126-762a-4ed3-84e2-b284f0f8035a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489295, "uuid": "6c15ebc7-1bdc-480f-a7f0-30f37c034cc2", "value": "IMG_6160_10822pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28fb9d7e-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684487927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487927, "uuid": "27c0ffc7-0d51-4fa0-888f-ecd603c83d07", "comment": "Malware payload (Mirai)", "value": "458670b3d934dda676e4afb7bca1ec5f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487927, "uuid": "a06e1199-85e7-433e-aa93-fe8a4d472c75", "comment": "Malware payload (Mirai)", "value": "98d94b7c7c874f5f5e13d85f2c6dcf0c38944077fc48adfc3596d7549e0b8698", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487927, "uuid": "e66027b1-263e-419b-8d13-2a13880430ec", "comment": "Malware payload (Mirai)", "value": "5fd3d6cfa0115694ef769954dbd236905097c7d2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487927, "uuid": "277bcf3a-6392-4cfd-8350-7ff1a52b413d", "comment": "Malware payload (Mirai)", "value": "5b58870dc32b6fccb30b09c721e505ae696372795f67cb8a70efd70eacab9ff79c6ab5e80697a7cb2ebda20dfaed106e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487927, "uuid": "07d64015-ef65-42aa-80ca-20c4fb6c2cd7", "value": "T1D083BEA2C5065C50D24C86B178A4C9383353A515906B2FB6B9DADAAFD407FDCF10D3F6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487927, "uuid": "de940c2e-5c98-49e1-adcc-9bb575d1bd6b", "value": "1536:+/fOldsYgaZX3gRh3V9VD3Ip5F6KrkBwTLKSrHbcxcbCd6saL3natKVEwbZnNI:+XGkG3gRhFDDYiKi2uSUxcbiaTaMKwb/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487927, "uuid": "0f7b8cdd-4a65-4d8d-9d3a-4ece1f6e68da", "value": 80920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487927, "uuid": "727ba254-aadd-4391-a92e-d675591992a9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487927, "uuid": "f4c20012-c8a5-49ce-8a03-94d0e488b6fb", "value": "458670b3d934dda676e4afb7bca1ec5f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21e121a7-f608-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475030, "uuid": "f4a756ed-d349-4575-9922-6255ca775bdc", "comment": "Malware payload (AgentTesla)", "value": "e3b08c6c9990aa525793c1fd21e943e8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475030, "uuid": "8e64754b-d8eb-44ba-8bf7-73c40cd5cbfa", "comment": "Malware payload (AgentTesla)", "value": "9902db17f899e8cccdd139798ca016f32244e2c434e0abab7b7ccdd3a3ec1122", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475030, "uuid": "1a6a76d4-864a-4268-854b-73855de83458", "comment": "Malware payload (AgentTesla)", "value": "6312d35553b9098ddf2f1c710f7c29b095ca489f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475030, "uuid": "ca6a5a39-6c69-4e69-a925-7d5441fc574b", "comment": "Malware payload (AgentTesla)", "value": "dc8fd957309953155a18314b1f7917f32799a3c9b5e7058b290681db43fc7282f702ce332bf7aa3add6bf46c90630aa0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475030, "uuid": "98b16aea-55a9-4376-b000-e37db743600d", "value": "T175F433781FEE608AD033A26C36F61D88932C5F559E61C572AE4DDA4037118BD22E7ED8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475030, "uuid": "cd436d8c-f45b-49ff-aadd-6e9a1613deb1", "value": "12288:qdDVKvBmeXXAI1BA/zrCFH6ZelPD9EOVHW927gmitBl0i3tZH/YAUW:qdDyB3g+2/zrqdlJEje3MB+i9FYAB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475030, "uuid": "c119072e-e42d-42d8-98bd-5cae4d6c146e", "value": 755355, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475030, "uuid": "6d10d60b-54e3-4827-b342-612bfbef220f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475030, "uuid": "23f15fc9-7cbe-4b7f-81b2-c13d52813dcb", "value": "PO.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e01a7c79-f60e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684477926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477926, "uuid": "1ea92163-6e64-49d8-9ced-1dd70db0796b", "comment": "Malware payload (AgentTesla)", "value": "1a5c873cb5888f65900ca5ded9a7500f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477926, "uuid": "c4a6bffe-bb83-427f-9556-3411c12f84ac", "comment": "Malware payload (AgentTesla)", "value": "997fb68f57771d4e6d2c607afae34ddc7b06daa6f34be448e5f7d67e78b183bf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477926, "uuid": "fa8d971c-3ccb-4e54-abeb-70573f0b4e3d", "comment": "Malware payload (AgentTesla)", "value": "0284bba09adb95ca0f3656026c09177a9c46fa15", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477926, "uuid": "b021749d-e441-414e-a944-58f79fbbf7d6", "comment": "Malware payload (AgentTesla)", "value": "93556cd553b5abafeff70d9bcf887e2e18e0ac88a280b26fc81b69553930e878df6ebc3639f699fd82801171e80c40e8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477926, "uuid": "e6c82954-a92f-4322-96cc-7caaf3a881c8", "value": "T15E05AD6437692D07C9A909F88491F2B043A44C63606ADED70DC6BCFB76EAFD95A1103F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477926, "uuid": "74ef47f1-9704-4545-84ae-ef73004a89e7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477926, "uuid": "c2380f4e-b43a-417e-9a93-f5e1a450c392", "value": "12288:/DxMeeqq0OQu9znFY3VWM4ezwkzoAukvcO9c88D:8qTM9zFG4XezwbAuLX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477926, "uuid": "cda36185-618d-45bf-985e-15e035243e97", "value": 806912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477926, "uuid": "2c254cff-9dd2-4969-96db-02de7411774e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477926, "uuid": "d253e11d-1a2b-437e-9744-0f7acdf9e721", "value": "PI160256.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22a2f0a0-f620-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1684485339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485339, "uuid": "e8804f18-0ddb-4cea-8d02-683a8d61c526", "comment": "Malware payload (Gh0stRAT)", "value": "71c46a859f0729eb66d3fe7a9ae4c4e4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485339, "uuid": "d7dd47d5-605d-40cf-9908-d6dca6073d0f", "comment": "Malware payload (Gh0stRAT)", "value": "999eafb11d2d8990f7a5b5b86f4052b8705a8fe0d21ea806d25bcffd54173e73", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485339, "uuid": "ac4647f3-7108-4298-afee-cabad0a22808", "comment": "Malware payload (Gh0stRAT)", "value": "5094579ca8e60d04a3fd7ffad72f2cf6bb61c2a7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485339, "uuid": "5332303c-5d46-4a49-8aa9-32c027af14c4", "comment": "Malware payload (Gh0stRAT)", "value": "47ea9a8a35a9a5473d133b6b22fd223608690e80c9904805d9a6037e5f9a8714e6a30322b1c68acf8c31ef83df723032", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485339, "uuid": "2c516802-6b72-4f3d-a5e7-0743fd48777b", "value": "T1FAC38C11B660C431E1DB113D54799B765AAFB8304BB874C7F7E807B99EB02D06A3934B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485339, "uuid": "e6af918d-8c6f-47cf-8bf8-45eea72cc38b", "value": "e3caadd564a0f376a947bee28dccac67", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485339, "uuid": "c2792c7e-481e-4c37-a1a9-55744be0e759", "value": "1536:STHyv5Zb8g9D720iWDrrZDvvyBnzD6nMVV4J1C2cffcWQVGsC/MY:dvj7biWDRvvKPyHyfcW2GsC/H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684485339, "uuid": "a59e28bb-3a4f-4c75-8f67-69ded2a9a2fb", "value": 118784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684485339, "uuid": "ffe9c56c-ccfe-4c6c-8248-5bfb8c1a00e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485339, "uuid": "fac284da-3ace-451c-a5a9-94a70b207298", "value": "71c46a859f0729eb66d3fe7a9ae4c4e4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a085da9-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466883, "uuid": "09d14543-e0a6-48c9-a1c3-440b20cbb935", "comment": "Malware payload", "value": "fd478a063f248391e792d31fc0ef7990", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466883, "uuid": "27395064-8838-43e5-a0d7-988c4c225899", "comment": "Malware payload", "value": "99dd5b005494af6582e06006b2b176873f5924d5b482ded34a89b05005e36d40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466883, "uuid": "1117a3d7-5b77-4734-8b49-b1acbc08f11b", "comment": "Malware payload", "value": "4b019ffba473890553b1663185ba4b08e7ab61c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466883, "uuid": "0659aa33-b5cc-4e05-aa22-f417d7613dae", "comment": "Malware payload", "value": "9a73ccb0d0820ace2703faa3d303644afabbe624470f13817337b34d2d2addf98109f50bd726a42476d55db7941f7181", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466883, "uuid": "2f05908f-e1d1-4098-85b1-525c200ded8b", "value": "T17EB38E06B387D1F4EB049370CB1213D2D66ADCA61B6783BBB6820DD52A7BCB59C0467D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466883, "uuid": "812b6e1f-7ca7-45df-90f6-39171ec518c3", "value": "1536:X5HjaDYm3wjjer+CttlYepl6Rh3xkz3x6akvvf8GFRRi7T2WTdtg:X5Hj/E1yRp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466883, "uuid": "aa5a42a6-294d-4e24-af9a-dbb46ad38a32", "value": 114688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466883, "uuid": "ef6d8af4-e347-4c75-a668-d8dfd671e559", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466883, "uuid": "56294992-8791-46b0-9586-003b4f0d02ce", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.19072", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7963801e-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684486773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486773, "uuid": "b2c6d2d1-90c2-49a6-a48c-4e74ed797b26", "comment": "Malware payload (SnakeKeylogger)", "value": "466258d58e1e084a10cd86fca4e56722", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486773, "uuid": "ff6008ca-970f-4573-afdc-b791879b5a8d", "comment": "Malware payload (SnakeKeylogger)", "value": "99ef6c6948177b2a7573dc76c726bd5689ab8e3d2cf68e4025b8bf09ab1843c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486773, "uuid": "92358af6-0c8f-475f-8b34-81509a5bc5ec", "comment": "Malware payload (SnakeKeylogger)", "value": "e61727d95cc36a9d1d442e9ed6a8c9b370af157a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486773, "uuid": "52782c42-398b-4613-bc37-992c6c5a4418", "comment": "Malware payload (SnakeKeylogger)", "value": "a6c09f1a9c826d37c57fc6b882b29710dd2c013af8f053ebc72b247131f942d4738d819be5f93e1b9ab84217beab3748", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486773, "uuid": "c5ac5ebb-7e6f-4956-9fb1-73a337a35f1b", "value": "T10A74AD31A6FA5A09F5FAAFB9AB74114043B239D199A3E34D0EC030D60E77B018B47797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486773, "uuid": "9028ed4d-5a91-430b-bac5-b7ff3a2b65b6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486773, "uuid": "e2690ea2-cdf7-49b9-9637-805f9579f43a", "value": "6144:7TFBekEYjeX+ksL+1P/wWTAoevgVE8Kj3U7VQMqrhhBxRYy1+aePTFIfmePBhnhY:fekEYjeX++HwWneSNP7VQHxxRYC+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486773, "uuid": "8cf770f8-0868-4ef4-a12d-0550c95ddfdf", "value": 349184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486773, "uuid": "0a4288e0-782c-4276-8907-0eff5997189d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486773, "uuid": "9b457f77-91fc-4f16-8f36-819ea6bd9061", "value": "SQAW84OO0000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4e134ad-f607-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1684474901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474901, "uuid": "1746026a-c705-45f3-bb34-1420d40a9e2a", "comment": "Malware payload (RecordBreaker)", "value": "bb28b7a38a642a996bc62ebb98a51f32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474901, "uuid": "e68c26ff-cf3c-4b43-af01-4f6d415dae03", "comment": "Malware payload (RecordBreaker)", "value": "9a0424e0a844cdc1feefa28b806a3adcf05299039432e4c27ab2210235577e6a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474901, "uuid": "45dc7df9-5ba0-4895-9fd9-ea822179f636", "comment": "Malware payload (RecordBreaker)", "value": "6055f9e7383ab304b3ee6693abce1dd8d4add473", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474901, "uuid": "8df04b28-9eb7-458f-bdf9-171bc03821f3", "comment": "Malware payload (RecordBreaker)", "value": "4dd6325a815d198a6a894efb54e64ae70c0a098be28b9d53c28d8dfc6559ce9fdfa5050d0ea1a3d99ab34f406f602a6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474901, "uuid": "1610b9e0-d684-4286-ac4f-d14ee26a030e", "value": "T134863345937C1917ED3B1B35B1384313CBB6F6620D32CF4A081C68992F62B46AD62BB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474901, "uuid": "f6e9d7c5-1516-4063-8035-e3ac2e12f69a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474901, "uuid": "1c35a36c-c508-44fd-a70a-545a8489afaa", "value": "196608:wOKEdBeyabjlSr11EBY+qT2cgvjtEyFbxdjUWNc5p0jn2RgQl:wD7VS52cwZEyFbnUWNczW0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684474901, "uuid": "a9a326b3-a134-4ba1-bba1-35c7de810811", "value": 8561896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684474901, "uuid": "94ad89b1-5eaf-41e7-88c0-2cffe089a357", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474901, "uuid": "e4ecfde8-7553-4c88-89c5-f02390b1f1e1", "value": "bb28b7a38a642a996bc62ebb98a51f32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59b0c21c-f5e4-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684459662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684459662, "uuid": "203c7022-5b40-439e-b539-f8674d1ad440", "comment": "Malware payload (Loki)", "value": "1572d1c00328d799f4e16e3e0b583137", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684459662, "uuid": "1e27cbb9-c5e9-49f6-a094-9ac3fd814a64", "comment": "Malware payload (Loki)", "value": "9a61f797f46dd083f31d86f2ac2ceda810b52e1088cb7697a19f87bd6c89d4a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684459662, "uuid": "bec42573-43f5-43b8-add1-5780ea73cfe0", "comment": "Malware payload (Loki)", "value": "a953d673f9f652d57cbbdf5b7b51cbb6df2ab260", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684459662, "uuid": "487c88f5-33fb-4714-99d2-2398faa001d2", "comment": "Malware payload (Loki)", "value": "2f5eab9104a9dc0c91b288c741ded9e6307c9119c45dce191a85a54c514aadca2c112c1fdebaa9337aedf4cb2ade7ea6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684459662, "uuid": "a8540107-0169-4286-800c-8085b368d172", "value": "T1B1C4E03427D9C71AC40B873980D1C3F06B3A9C95F862C6671FDDBD5BB28B2BA9312195", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684459662, "uuid": "588fde99-67ae-412a-88e5-9f88fabaafa9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684459662, "uuid": "ab7eed5a-fa26-4536-8ae6-d2b4a1890082", "value": "12288:w2EuN7gSnXzHKJH2SyS/3N8/YRZjpC++:yuN7gIzHKJFK/YLh+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684459662, "uuid": "9c62fcc9-21e0-43e6-ba40-2b678dbbbaa1", "value": 559104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684459662, "uuid": "8fcf78f2-fee8-4cf1-b332-cd0b93c98dce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684459662, "uuid": "8aaf4b02-8541-4b08-9041-052133225e32", "value": "02a4fgXPgGpv5aT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f0199a2-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478622, "uuid": "f75bf3de-04ac-46a7-a286-b90aa77e385c", "comment": "Malware payload (AgentTesla)", "value": "6b95252c050f09a6503757e485cf88cf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478622, "uuid": "f23b4ef2-16fa-4023-9793-560381316c6c", "comment": "Malware payload (AgentTesla)", "value": "9ab43afcc6d6703a98fa7931708051db6ed8d173646b74a49a93a5118a2f5982", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478622, "uuid": "0d08c371-f207-4f45-bb58-e913d12485b6", "comment": "Malware payload (AgentTesla)", "value": "8ede098ffd0bb86a0b2eedef074f74fc514da8e5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478622, "uuid": "2fcffe89-aaed-41ee-b4b5-fc9abad76194", "comment": "Malware payload (AgentTesla)", "value": "105c27d6c3d22be08ae54ae8ffadf1bcc08c28989aef0389f31502fb62fdeefd6632ae92e5ba4431c3d2d66482dfda68", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478622, "uuid": "b231bd15-03c3-4b21-8a15-aa04dfc41313", "value": "T175B42335E5517B0D8D844AB4AAF397F6E8ACD1806E34FEA1D21C3E60747AB8DBD0010B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478622, "uuid": "4497400c-1107-4174-bebd-5cc3c6f86bed", "value": "12288:jM4UXw/MXusyMXB//bJVuH/JUlrSO2w8jyKXD+52HF9Hz7cWcs+fn:jM4UA/PvCQH/ylOfjyKT+5QFNzYJfn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478622, "uuid": "a337c289-74ab-4a59-93d9-f7d052b66e04", "value": 512793, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478622, "uuid": "35371ee0-fe6b-41c6-89d6-8932bba0ab90", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478622, "uuid": "cebde8e8-d494-494e-ab1b-e5d573fcbdf1", "value": "Sales confirmation-.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f306d00-f625-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684487642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487642, "uuid": "4c252a13-dfaa-4dda-8870-54e05c9ebe0c", "comment": "Malware payload (AgentTesla)", "value": "e4eb9fd2d1dc903ff007ce7f6bdf9053", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487642, "uuid": "8049200e-3405-43b7-829d-fe6343590711", "comment": "Malware payload (AgentTesla)", "value": "9af409d17a496757dd5281ec1ce8f17506a7c0219fc62541c3e46c95093e53b0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487642, "uuid": "c923c6d1-b934-45ce-8351-cd85ffe9443f", "comment": "Malware payload (AgentTesla)", "value": "b42fa629b1eee7cfa4ff824ea7dc912f00b5d23b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487642, "uuid": "e6ac662b-0bfd-4be1-83ba-ef2049238d08", "comment": "Malware payload (AgentTesla)", "value": "67aa799c627a5826e57932d7f4a01d1017321cdb1b23f5f14318e151354cadcb1e27a8dc75ca2365fb3a7861a5b8746d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487642, "uuid": "706de526-b451-4cd1-9cbe-3efde2634306", "value": "T12C5412903EB4C427CCE2867239793329EFD9E52D58A5C70713250A2EB816B93DD1E3A5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487642, "uuid": "f4f8c4dd-45c9-4e82-b1bf-1584ae36de87", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487642, "uuid": "28e9aa55-9692-46fd-adc1-0ae3b1858edf", "value": "6144:vYa6QbqSyg9TaCol0biBEVxZ7GhgY/ZuU1G9w54ejjCggzv:vYubqG9WCHi+VxAlZXM9w546Cfzv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487642, "uuid": "ca244302-3009-4125-947a-fa6df1c13fd4", "value": 304282, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487642, "uuid": "b74aa463-b965-4c02-a4a7-3ae593df3e21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487642, "uuid": "030f68c4-d6d4-4673-8835-34b48f7da3ac", "value": "pro_gabcu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94c298f4-f646-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684501852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501852, "uuid": "b1969a40-3af8-479c-bb5f-58bfe5813e3c", "comment": "Malware payload (RedLineStealer)", "value": "ef19376e34881692af71320836e91d51", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501852, "uuid": "8bd0417e-e1b6-4065-85cd-d46f303e10bd", "comment": "Malware payload (RedLineStealer)", "value": "9b5b6c55d53edee579c735d37badb13babc4f7ff754f76ace0a73c7f3ac77132", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501852, "uuid": "be26e41d-98d2-41a0-bbd2-8d23ddf0b4d9", "comment": "Malware payload (RedLineStealer)", "value": "136e3051fe340417e9c5c88de03637b23f047fe3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501852, "uuid": "9e70aa85-0581-4ab6-b7a8-f215977aa717", "comment": "Malware payload (RedLineStealer)", "value": "91d72515e37f4d46dcf182fef9bf2403c4022946ab9e77bd8b4747c44c67cbe9fe38d49ed53e1372ad35e6587fd4690f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501852, "uuid": "5ba3d9ee-72d0-4a23-94e6-0ad0671ba074", "value": "T1BE252397BAD5D035F8B81BB0A4FB018317357DB0E93C825F2A565D0809F29C06976BEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501852, "uuid": "0f981fbb-e70a-43ab-8f12-e0c9f941979a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501852, "uuid": "b795e841-f80c-4c72-9627-2bd14087aa8e", "value": "24576:gy9Mi6kQO6NR3MOZxLIYX0lHPYe4VOC/3F5VW8:n9Mi6JP7cKLRcAe4VOO15VW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684501852, "uuid": "29a18a56-29a3-4ccc-871c-a27db453482e", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684501852, "uuid": "f4535e16-1003-481d-94ef-367843b08642", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501852, "uuid": "c096906e-ed6c-460d-b1bb-8626e386ddba", "value": "ef19376e34881692af71320836e91d51.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c96e8dc3-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684531146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531146, "uuid": "7badb29c-fbfb-440f-83b5-5c75e353ca6f", "comment": "Malware payload", "value": "edf24c140efb5a80ce7af29778de959a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531146, "uuid": "32b62173-f902-4004-b585-f770c066c63b", "comment": "Malware payload", "value": "9bf8f7aaedd4bcd755cbaae8a990aed5d6daefb6468ed915e7489cd1d1b6d288", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531146, "uuid": "8317f51e-adff-4b3a-867e-7c96048a603c", "comment": "Malware payload", "value": "9f2e3ef94470ffa3cf2d83d083b882854539afef", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531146, "uuid": "cf186434-24ef-4b7e-b449-9ecdc0a971e0", "comment": "Malware payload", "value": "41405a708cf91b6050b8f80bdb16360029042cc047ea2464ef1f2553d1f37205fb38961438156674679bf9ee105d2cf1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531146, "uuid": "cc245012-c4a1-4cf6-b427-c48fdcaa1953", "value": "T17893B51ABB511FF7D89FCD3746AC0B02388C958622A83BB67574D428F64B24F55E3CA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531146, "uuid": "51fc531b-0b6b-4b98-8d93-b3658aecfb80", "value": "1536:NUYh3Z42HG6+8dVqWnyg4/RnpZH5FBwXw5qwbZnr:NUYh3a2Ihg4/ppu4qwbZnr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531146, "uuid": "75726505-5236-4de8-8b70-76df39b5a30b", "value": 88844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531146, "uuid": "631c2690-c67c-4c35-8377-48d501555b2c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531146, "uuid": "da62ac59-9f5f-4375-ab52-7a0cd71e10da", "value": "edf24c140efb5a80ce7af29778de959a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01e514a7-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684512772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512772, "uuid": "41c459a6-114d-4f33-9612-bd1277848ee4", "comment": "Malware payload (Formbook)", "value": "8c2cfcd152e46cad8f46e42a9b3f93b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512772, "uuid": "820a4e10-8cb8-4594-a163-d6ade6fb52b3", "comment": "Malware payload (Formbook)", "value": "9c0a4fbfc6a9ee19747c3bd56699ad195ef95f65752476a208f7ef7fc2dd27f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512772, "uuid": "20ecd39e-2180-4b55-b740-127e0733bdbb", "comment": "Malware payload (Formbook)", "value": "110203802b738b13626426d3140c4126920b29c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512772, "uuid": "ae59e18a-82b1-4f36-aedf-b32a415ae8d6", "comment": "Malware payload (Formbook)", "value": "e278c66425e099c24d7045720ae33902f4d25f18db8394f668c525d41686bbd8638a6d5f60c654055a64f85d47250e50", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512772, "uuid": "28610f3d-7665-4ba4-b2c5-1b4cb31949c4", "value": "T16CE4F1202AD9C70BC16A927981E1D3F0677ADE94F4B6C7934EDCBC4FB58B3A25311246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512772, "uuid": "0a9e8c14-444c-4a31-b671-332c81c89544", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512772, "uuid": "521158ee-7616-464d-bbd4-bebcfa3b8fbf", "value": "12288:uGgihlsHPos48Pn13qLaJWw5lCewWuIl6r:uGHPO2aIw50ewWuIl6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512772, "uuid": "599a8be7-f8ae-49ca-8443-5e4b2b8df5fa", "value": 685056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512772, "uuid": "fb4e2c3d-409f-42a0-97f2-b62c5c18af27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512772, "uuid": "010f2b65-466e-4c69-bf7b-2abae011f47e", "value": "TE\u00c7H\u0130ZAT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26e0b028-f608-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475039, "uuid": "94631648-3055-4f60-a103-230f93e2847e", "comment": "Malware payload (AgentTesla)", "value": "284de1eced465bdca47f8cc530003a03", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475039, "uuid": "7e4c3aaf-d6c9-4e40-b03e-5aec63674538", "comment": "Malware payload (AgentTesla)", "value": "9c12f011c55fb007079146d47ac150500585108217d74e4209f234006d91590a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475039, "uuid": "f96334b0-7cb8-4a34-8d1d-5967feb990fe", "comment": "Malware payload (AgentTesla)", "value": "70b9a94ea9188e82bb096cd912d7ec3836687daf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475039, "uuid": "89540795-334d-4de1-8b26-5bf0d898ec33", "comment": "Malware payload (AgentTesla)", "value": "8a1bf077eaa463d0d9adb147ef0e92f14d33d741040322f200dc753df5ecece8614617cfa6ac4d3827f25cd3a4b8ff0c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475039, "uuid": "629de968-4c80-433a-9899-3f4fd38a1a89", "value": "T11025D63D0AA58AEEC0BBD364A7CC599BFA73E817F15C9BAD4486034272435CE60C25DD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475039, "uuid": "5f41d0f8-6824-452f-92ac-d8ff9c5147e1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475039, "uuid": "025ef29b-3b31-49c8-b752-6d320d5005e2", "value": "12288:SGR9FmwVpAy1PAJ9rYFj67enPD9EkdHI9cdSAy7Rpmi9zZHDIv:xR9FrQAYJ9r8pnJEvUTARwiBZIv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475039, "uuid": "fd43384d-755b-4524-8944-ba7dfb8997be", "value": 1030656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475039, "uuid": "c40ead1e-bbac-4371-943c-1281fc6ce9a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475039, "uuid": "98d66aab-6174-483a-8ffb-52ef7765e5d2", "value": "PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9700a8be-f612-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684479522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479522, "uuid": "907f70b5-de72-43a8-9047-10efc6f25bdf", "comment": "Malware payload (AgentTesla)", "value": "0de90c36257d7e8bc7d0f45b31a13147", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479522, "uuid": "703fb364-9391-4ea7-8df8-15e7237d884d", "comment": "Malware payload (AgentTesla)", "value": "9c44d5b30c9ec1d5b163c227b65b54071d90f1d9569ad813c957a53db97c2463", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479522, "uuid": "ad68658e-6e34-42b3-aec2-d0d68c5f70a5", "comment": "Malware payload (AgentTesla)", "value": "9a0d0922a41a9d55ace2c7024cd4bfdae88c42b1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479522, "uuid": "87f10bff-64fa-4222-bfa2-81ae1ca58eaa", "comment": "Malware payload (AgentTesla)", "value": "4f0180dcd5d0fb579b047377a7a44233b7263831dc6db7d6fbcc0485b972a67efe3d7b5a01b73e6e34665b815b6836f5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479522, "uuid": "d67eb4ec-29f2-4aa6-a2d8-97ed12e1b5b0", "value": "T1B3E4D01423E49B46E1BA87F45CE0D2B05BB69D9AB036C21B0ED6FCDB31A9F610750A17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479522, "uuid": "ba4fe873-496c-4a1f-a021-f8c0ec68afff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479522, "uuid": "098dd513-3abb-4999-89ff-10160bad97e4", "value": "12288:DqB2mz80g6eLY1YHk/vfLtDguNsT0q4jvrGyrZcq54mKqjE:DqlgDc6SDxguuoq6zGyh54mj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479522, "uuid": "19051a0d-1f5c-4c2f-8246-e0d41f8098ea", "value": 704000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479522, "uuid": "f0500b8f-f006-435e-8a82-40b1db0dea7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479522, "uuid": "7142cc65-6169-4b8c-9bbf-ce57a037bbeb", "value": "INVOICE SWIFT COPY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25291463-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466875, "uuid": "76d8b55a-8456-49a0-a760-ac32c13c9c58", "comment": "Malware payload", "value": "fcde802b9035f3e3faef6cd90a6894a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466875, "uuid": "680a5e6f-9a38-449a-a6f1-8a0bec4a2c32", "comment": "Malware payload", "value": "9d9cee9d54adab8811bfb8b0e8111d74faca877fc45f2d4c9cbf63912e4e760a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466875, "uuid": "75858051-4a7b-4742-a137-f8bd83028525", "comment": "Malware payload", "value": "5e5eab19f3f59f27eb1e529cdc76c41d398141a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466875, "uuid": "f00cfbb8-a241-4c2c-8572-440618857bf2", "comment": "Malware payload", "value": "f58f111ec1ab533d0f8ef45d251c9f3cc89bc588d02b5cf8cda5a59fe406d38d1d0062ed7b567fec83f7040d53a1bae6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466875, "uuid": "7e91acd3-318f-4c13-8403-fee218209273", "value": "T135D4239BC7D59039D03A9BB49F3FD211CB27EE0B19782168258EBCCD1F3A1529A09357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466875, "uuid": "c31e87ba-2393-4367-b0b7-d07e08c18a53", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466875, "uuid": "2a9e7601-7ea9-4671-a5b8-484463651ae1", "value": "12288:K2UB6obxXbQLdZMbd0dINyUvpGA1eUUHinA4M9bQuA5NLaa/8O8/nCQnwh4llg:K2UHpgXKdL0Uv8LbaMdQu2+a/8O8WWM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466875, "uuid": "1ff1db71-6ca2-499a-87e9-81742eb866e3", "value": 650735, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466875, "uuid": "756217f6-6bf0-49ca-861d-f1be265ac922", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466875, "uuid": "f7d7ea11-2a24-4a46-81a2-e1130e52e4c1", "value": "SecuriteInfo.com.FileRepMalware.8733.31916", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee602cc4-f606-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684474514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474514, "uuid": "64c87665-c7e0-4258-89c3-df37c7dbd033", "comment": "Malware payload (Formbook)", "value": "cf672cec0cd8f57667f20506555ad6b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474514, "uuid": "fbc55097-5e29-4d7f-b6c5-f5720c2b22ca", "comment": "Malware payload (Formbook)", "value": "9db4d565a6f30190d44161862b8edf337f86427e75f3c704e4a4ae1d3993909f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474514, "uuid": "06c71935-d073-42ac-9935-8fea490fc127", "comment": "Malware payload (Formbook)", "value": "4e6343ef6b1229fa46ea60d475d73b15eddaa99b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474514, "uuid": "db7e649f-8101-417a-a504-96bae959ae13", "comment": "Malware payload (Formbook)", "value": "c7e526df1b79595efee976c1fca39fc8f5c691644728a8aaa3738ab8348a144b8bc41077f8640f162152ffecdf4b762a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474514, "uuid": "f1f8d93a-ead8-403c-857d-cd1cce406754", "value": "T18A64F153B69B8060DA599F35D0EB42051B70FBC9B5A3C18B30CE73394D837AFAA4954B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474514, "uuid": "0f3f6f5f-4c4f-4b12-93c7-531b3c07aa1c", "value": "6144:y0u4UN3fBwJb3j/ROtJBr6/9UAXGrh/BJONpLwrIDin4:7ZwwBEr6/9tXAh7Cpr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684474514, "uuid": "6a8be396-3db7-4037-b789-2384f05da910", "value": 318024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684474514, "uuid": "3df93208-b07e-4c7c-b4f7-f1f5bc533536", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474514, "uuid": "b70d28d3-2158-49af-a4b2-2dfb8380a1d4", "value": "RFQ__67656537___PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e93422c-f612-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684479373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479373, "uuid": "abba1ded-d0d9-45dd-a639-a68ae7fd314a", "comment": "Malware payload (RedLineStealer)", "value": "69811ec182b83029eec691523464ca31", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479373, "uuid": "b0e42b8f-c5a1-4d40-93f1-ae5d48c84d08", "comment": "Malware payload (RedLineStealer)", "value": "9e6416f8b3c6783b7045e1e7e18743c102e6b1c563700321b724d4e9af61ca14", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479373, "uuid": "c4dfb557-09dd-4003-b926-924cf2346cbf", "comment": "Malware payload (RedLineStealer)", "value": "c249a724dc5c1a72e634f7927b5104943b47f9ee", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479373, "uuid": "c946144a-d1c3-4ca8-af77-982151ac795b", "comment": "Malware payload (RedLineStealer)", "value": "829e9609fd426528ebace71b3b57f74d324b4905d5557174639235744938a623c16ef72a953f840598668ea98b4f69df", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479373, "uuid": "690c8c0e-feb7-4007-ae71-e6e7d258ae96", "value": "T153549D107583C5B2C567143C4CE2CEE57A2D3C6107A996D3BECDB7697E322E0A2252F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479373, "uuid": "ccbf2e3a-699d-4ad6-9794-dd9d75f9290b", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479373, "uuid": "0600f2c0-27b2-4333-9106-68cfcd9684d4", "value": "6144:bDKW1Lgbdl0TBBvjc/XYrcjaYJ8CTzkLFEPrg7VuQJY2HK:vh1Lk70TnvjcvNJhUEGcOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479373, "uuid": "b6cda8cf-c464-4333-a80d-61146479c05d", "value": 291767, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479373, "uuid": "adc62e88-3eed-4ce5-a1d5-158659505056", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479373, "uuid": "4b0f4ec5-dcc8-4a3b-a89b-5cdb995ef95a", "value": "35647.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "445a2d0d-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684516320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516320, "uuid": "9f9c9328-a44d-4eaf-9712-c93bd11b0613", "comment": "Malware payload (Stop)", "value": "c5dd8f749a132adfaa501458e448fa18", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516320, "uuid": "ce5ded90-e176-4698-b278-d63823276e27", "comment": "Malware payload (Stop)", "value": "9e7dfc2e09525f92fd865aa1a1bb141a7bbb152f04a80d254c7d3b0853e07ef0", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516320, "uuid": "28eee914-c333-4058-acce-e775f90f8e28", "comment": "Malware payload (Stop)", "value": "4baf86d119150c8dfbf0fb0ea79390943cfef080", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516320, "uuid": "97b866b8-d470-41a2-9b64-463e4a2d46eb", "comment": "Malware payload (Stop)", "value": "54507ad1ccf27498014a890a3bd77d8b3076bda834d346e3a9ca710708b3f44f2a8ab70ca36dbaad68ce042c4269c5a3", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516320, "uuid": "76597f68-2919-4bcf-9f4a-19071295dc6b", "value": "T15B05D00392D1BC67EB394A72AD2E82E4755EF9614F483BD721186B1F18701E2CD7A332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516320, "uuid": "9aa01377-d7bb-46e6-b80c-4d81a0448816", "value": "33ad97a6371f251a2ce2085c8f9feaea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516320, "uuid": "723eb7f8-5dff-4726-a582-30740e2d14b6", "value": "12288:GjyAnxbdKor6r/dvgqKBWeB+WtCNh2SgkfhBEQ3b1vUQwmHRIC4L8x5IPPj3pvDu:GfnxbEocdvg1j+WtC6SfbEKT/4oiPp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516320, "uuid": "b876f03a-9bcd-4645-b93f-fdf7828da054", "value": 843776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516320, "uuid": "a2bd192e-ca22-4a8c-8501-a7f7421efa29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516320, "uuid": "999c92ff-d9ac-4ebd-86a7-1a646974424c", "value": "launcher.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff82cbd6-f61d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684484421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484421, "uuid": "89ae3b2d-7584-42e4-a183-f44af3444cd6", "comment": "Malware payload (RedLineStealer)", "value": "a2a456be9e321f6266f75908b883f761", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484421, "uuid": "1429a430-1062-4d39-8464-338826a2da6c", "comment": "Malware payload (RedLineStealer)", "value": "9fdad0b81063ebf7e5c4515a184d969c0fd3ecd39f5c13f87dee1ec8290ae485", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484421, "uuid": "004346a6-0579-4597-9cc9-6cea6ca3f332", "comment": "Malware payload (RedLineStealer)", "value": "8983e3a6c585858a0a11697cc931aa5505c82e84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684484421, "uuid": "61c787b8-403d-4381-9942-6d7824b3887e", "comment": "Malware payload (RedLineStealer)", "value": "f177d4ca9b2575b7b5e3ebc39a0637ed3e379aa59dace79d413feaeda8ff3884738065eda6d53b5594261097dd1fc59f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484421, "uuid": "65809fcf-22f3-451c-ae63-73997c727296", "value": "T1D9D41E7C8AB50AF6C037DBE0A7C58897B94F7D73F00B5A634192435DC267A7124EA42E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484421, "uuid": "6eb8022d-0f12-49b1-87e2-b87897e92a39", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484421, "uuid": "349f3373-336f-469c-887d-18bc827d664d", "value": "6144:TyiHruTLIDzm1rumNdl3gNkvtQiRaUGYsnarsWlr62svdoeRH0vfUK:TyiHPI3wNULKYsn7Wx62cs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684484421, "uuid": "0e094c14-8c6c-4f96-a672-2b215aca2ad6", "value": 621056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684484421, "uuid": "9a81282a-f734-4338-a7e6-0f5b5b540bde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684484421, "uuid": "5089ccf5-863b-450d-96b5-549405ecd3d7", "value": "a2a456be9e321f6266f75908b883f761.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca174427-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684475742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475742, "uuid": "b7bf8e2c-deec-49f0-8fb6-19032b41cea4", "comment": "Malware payload (Formbook)", "value": "4480c12911273920a05b5f21eb0c1c8e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475742, "uuid": "1984233f-a3e2-4103-af64-d97d3cca4bd2", "comment": "Malware payload (Formbook)", "value": "9ffd0fab2b4e2feca4aabe82f3da2f0621fdfab109a41020d42c749985ea67d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475742, "uuid": "cc1945c4-a0e0-40dd-a1c6-d56d3e4dc1fa", "comment": "Malware payload (Formbook)", "value": "af578feb47efb4acf537c4c58f1ef0ca6cded301", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475742, "uuid": "f836e08c-4404-40a1-9e39-61fe9d444efa", "comment": "Malware payload (Formbook)", "value": "756f5ac80e1c273c468d3e296ad3e6923db3972329d42c9ebec60bcaf162e9a43706eaa932624a59a0a04178d8f25a99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475742, "uuid": "3c649e2f-4fdf-4c6e-8d31-eddd32c47f44", "value": "T1E334120085F8D853F9A604312FBE7A5EBEF9A8255435E34F0750AF44BAA36C15B0EB53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475742, "uuid": "fe391864-8492-4cd7-9242-8fd621fd0fd0", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475742, "uuid": "a38cfcad-f573-4fab-a48f-45eea56fae3e", "value": "3072:HfY/TU9fE9PEtupbDDWw9ghyd6XRBz18Wm4mAD+plb/s2u/SeS3JKkaCt2+eNN+n:/Ya6HDDW3cG720mAK35MTC45atV4m9cQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475742, "uuid": "e24a8969-90c8-43fe-97e4-8ec7353c9503", "value": 246464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475742, "uuid": "e37023dd-4075-41a6-90cf-8bd1b734c66b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475742, "uuid": "95978cda-7426-46fa-b9a5-5ba2e0ed1718", "value": "rockrocee.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cb8e560-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525300, "uuid": "9d4cc6d9-c815-4686-b1cc-f9feccc65482", "comment": "Malware payload (Mirai)", "value": "bab9c6f5dee5fe773a97015fddc02c3f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525300, "uuid": "acb52a7b-426e-45a2-883f-e88559f1c155", "comment": "Malware payload (Mirai)", "value": "a06ac505850ddc55314833cfad981177dd2288e7ec8969dd247ca9a0c43c6b00", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525300, "uuid": "d0f8130b-7da1-4eab-9901-ae5d33056f73", "comment": "Malware payload (Mirai)", "value": "a072e6261136d059b61977bc9dec6f443b07d370", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525300, "uuid": "f0a28f1e-deec-4619-a51a-af6ed644a338", "comment": "Malware payload (Mirai)", "value": "9bd2b48bdd506b84038cadf793a96b7e107ac9aeaaae77836565eb9e8be9531ecda08809a5da3908e4671da699fe1763", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525300, "uuid": "14ac14df-0ce6-4467-83e0-09923b79a425", "value": "T1E7C2E17B713254D1DABA443BF6A4408732B725B4E0FBB53633588A085A8344F20F96EF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525300, "uuid": "85aa21e2-4f76-4302-a7ec-db0b9200a40b", "value": "768:Hdgqn/t695RxSUryMiL8IyLxU5TEUT4ps3UozN:9X/I9zxL4LJKsBT40zN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525300, "uuid": "69023cab-1534-421f-aa6e-f3bcbda9187f", "value": 27580, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525300, "uuid": "34348f4e-7b0c-4be0-9320-bdd5892b39b0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525300, "uuid": "43168d9c-4a23-445e-b237-37cbb27cc096", "value": "bab9c6f5dee5fe773a97015fddc02c3f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb0a779b-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1684498050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498050, "uuid": "9d3ea584-3f94-4914-b414-1adbd24341ce", "comment": "Malware payload (Smoke Loader)", "value": "80c0b78bbab08bb50102b9572e6cdc23", "object_relation": "md5", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498050, "uuid": "a8e2c8a7-bf0e-43cc-a348-667f6a499e15", "comment": "Malware payload (Smoke Loader)", "value": "a14e9800d62f640c6d5746febe74df939eda8376b8e8fbd63d764a5618cb7cd3", "object_relation": "sha256", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498050, "uuid": "40df35c7-bc35-43d9-9236-e29c3e6d4697", "comment": "Malware payload (Smoke Loader)", "value": "7fc22829f1f3fa4d4f8ab7e47c6eec0dbeb343f4", "object_relation": "sha1", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498050, "uuid": "c51db720-760a-47ce-b467-1c3fe3f5293b", "comment": "Malware payload (Smoke Loader)", "value": "9ea071964d950fd49866f3ba48cda4f4b82e1a5ae7e22946f5ac2c59b74d6bb1ae6a6f94cc78978a00cd9dfe03457767", "object_relation": "sha3-384", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498050, "uuid": "5ee83bbc-028c-48ca-855c-9571874fdb8a", "value": "T16C643C0392D1BC63EB164A728D1ECAE8766EF9514F4927D722146E1B18702F2C97E337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498050, "uuid": "1d1d471f-320e-449a-9d09-b4e8f3c90c39", "value": "52052f823a75c3e49d6f33c06369892a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498050, "uuid": "0952c571-4d7f-46e8-99cb-b940d4c52184", "value": "3072:GMbkDZR+P/1phFENC7/8ENfTyM/gPAmY4rM0ecN+fukDGtSKc5v893TE1:WDZUjh+NC7UENfb44mWcjGKcK93Tu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498050, "uuid": "e4766234-7a54-4006-8993-1aa3400b32f5", "value": 332288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498050, "uuid": "2599aa81-2a26-4665-aec0-310bae8b459d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498050, "uuid": "6d00ea7e-0e4d-412a-804c-44e41dbeec33", "value": "registry.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "257c56df-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478043, "uuid": "b0f4cf2c-b6a7-4c31-b0ae-cd45a8caadae", "comment": "Malware payload (AgentTesla)", "value": "9c6a79d3eb4252f5e5f4e1494ff995cc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478043, "uuid": "a7e5b2a3-4f80-4aab-8aa8-a78080d4110f", "comment": "Malware payload (AgentTesla)", "value": "a1e791d05730569356fad45cac12cc6fdd3c6a81009ea50ee40609053ce3216e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478043, "uuid": "5e0528af-fcbb-4d89-a37e-5c40a3ef8c91", "comment": "Malware payload (AgentTesla)", "value": "f43cdc7d43cca5c1a97e088ddbeddb8d1bea315f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478043, "uuid": "615050e4-aa24-4bf9-b184-367e8f57d6c5", "comment": "Malware payload (AgentTesla)", "value": "b3464dcff5ce25f133372cc96039ff7386e8494233cac52b5241cb5be96f6695bdb7d067dff9bbd8364466ace901c04e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478043, "uuid": "170e4ae3-13e2-4cde-bed1-813c69f2b7a7", "value": "T1C1E4E02427D9C71BD02B427981E1C2F0577ADD94B476C7834FD9FD8FB18A7AA2320166", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478043, "uuid": "36933e1b-643a-41b5-8c28-1e7e6d2708c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478043, "uuid": "64f1e81f-9f23-47cc-b51d-b2c528dcc24a", "value": "12288:hpgMj7VqpKWPbtXx7vmemUr+cfnPkZVhS3gV+CwC0j9u:hp5h+Zxh7Zm2vM/Lp0Ju", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478043, "uuid": "65abb1ef-56b0-423e-8957-9519cb3c9450", "value": 675328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478043, "uuid": "1ae5a150-3701-444b-981b-47fe9682593d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478043, "uuid": "b37a38a9-c741-4a22-8c4a-cd5e2cdcbfa9", "value": "Siparis onayi eklendi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1964b961-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466856, "uuid": "ebd82fcf-f52d-402a-9dff-7bcf9e458482", "comment": "Malware payload", "value": "1c95202809b0ae034534be9aedeeb210", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466856, "uuid": "06911af5-5b28-4924-8c79-35a9e1465f0a", "comment": "Malware payload", "value": "a1f46aa45e0bef5d47b20f44c9309a3b9b4d7aa585f693ed7b1dca3fbe75d699", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466856, "uuid": "b2ab28ba-3067-4369-9cb5-20ce61ae7495", "comment": "Malware payload", "value": "f5772e4f28479229dae5fe4effedec128506150d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466856, "uuid": "3d6cf518-090b-47bf-8942-a43ee421117e", "comment": "Malware payload", "value": "6d3596748fa503e672794b9272877f78eb8a9b46cf9d5378aa1eb2303351c1d5ef73f36b0e80b5b7a809994e62849831", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466856, "uuid": "c17eabf6-5517-479e-b1c1-4a52d6ff4c12", "value": "T156A533DD8394253CF85BC7752099E15E9C3779261E3A720763AEB8DC4EC73A2A049363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466856, "uuid": "9231027e-4114-4fe3-909a-1c9141658512", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466856, "uuid": "f5e22ce9-483c-434c-8b8c-573485ef0817", "value": "49152:Pa8EPc+ISjWcO9lJPA8cnSrgnwzq9Xhs04q85RBXZVinXBgx:y8EQpvAJS0nFKjFmRgx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466856, "uuid": "1dedecf5-af84-4939-b4f2-9e9624112b93", "value": 2105680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466856, "uuid": "cfbe54c7-035b-45d6-acc7-259f5433a857", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466856, "uuid": "3810615a-ffb0-43a9-b44a-e88ec615db72", "value": "SecuriteInfo.com.Trojan.DownLoader7.55414.7802.8980", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "768d5cfd-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684486769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486769, "uuid": "cccee5a6-f202-4574-a7ff-6178a828b4f2", "comment": "Malware payload (SnakeKeylogger)", "value": "9542fc960e92998b249a6dd413683a1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "PRT", "colour": "#27EC70", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486769, "uuid": "348fed3b-09f8-4b9c-8c9b-2a3bacaa3947", "comment": "Malware payload (SnakeKeylogger)", "value": "a21c508de19d0b316579d1686ef31559928d3d0c105e0f41b16aac61cb1218d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "PRT", "colour": "#27EC70", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486769, "uuid": "1e5adaea-7b4c-42b3-82e5-3926f6931176", "comment": "Malware payload (SnakeKeylogger)", "value": "2a93ee008552e22915ae10931ffa199556869c64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "PRT", "colour": "#27EC70", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486769, "uuid": "094cb740-259d-454c-9f13-21440ca37d9a", "comment": "Malware payload (SnakeKeylogger)", "value": "b25d9997ce486cbc0f2571acb5189379af58119cefbf9cb485c7ad69305bc879fd0866e2be7c61734f4cc0feaf46e15d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "PRT", "colour": "#27EC70", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486769, "uuid": "eed42e21-d6e8-4338-b56f-20957242cc17", "value": "T18805D04122B88F15E1765BF96272E23443B22C61E627D3185DE02CDB3DB6F827B01B93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486769, "uuid": "0d950aef-f4b8-4a54-ac44-4c6080b3a2e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486769, "uuid": "9c595ba4-8667-4454-9002-be7e937a977c", "value": "24576:k5lJ8P0io62CfACjR6hAzctBtMhu6Pd9rpMULR:nP0iYZCjR6hAgtDJ6PZMU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486769, "uuid": "23bfa168-1287-4d4d-9a11-09698201b645", "value": 865280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486769, "uuid": "1b22a521-8a08-431a-8e29-5fa55bf55cc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486769, "uuid": "28a4ef4b-b6bc-453d-a484-69130a6d450f", "value": "Comprovativo de Transfer\u00eancia.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d4b3844-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478056, "uuid": "a7e7a515-271b-4b7e-bca1-21d532153404", "comment": "Malware payload (AgentTesla)", "value": "76f73b00e8abfe1aa4384ebf9a0c7540", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478056, "uuid": "f2ee4432-819d-4800-895f-b4468181cf3e", "comment": "Malware payload (AgentTesla)", "value": "a2568c55311566d7907ad76b9b833d696ca45eb06b06e581a1e673d4442c613e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478056, "uuid": "d189d926-cd89-46eb-aab1-44f2f91bcdc2", "comment": "Malware payload (AgentTesla)", "value": "0867ad423041485d49c29448c96a60559077adb6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478056, "uuid": "5af031f1-e68f-4180-a82e-8be3e9813a25", "comment": "Malware payload (AgentTesla)", "value": "33b5d36a520842d032e5518babf539541a3b00d2e0eb18a5b1c740c65af3003ad6dc10c4c52dc6ca3f514a220d863d2c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478056, "uuid": "aa34b2af-87f6-4098-83ae-bc5bc3b77105", "value": "T1F2E4F02023D5C71BD06B4279C1E1C3F057729D90F966CB838FE9FD9FB58A3A22261256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478056, "uuid": "892e832a-6ab9-4749-a4d6-d72c5a656483", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478056, "uuid": "7a813779-a6af-4cca-8651-123df0468185", "value": "6144:n2UnS45yDwEtTaLcxc5xhXnDGrj4x2he6PMXYjMVEiPMcI2PKDiJ1bdpOE2w0ezn:nagLcGzSRjnZG0i9pd88d3TmOOvm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478056, "uuid": "683b54c8-3092-4e2c-ae7a-6d6c232f066b", "value": 660480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478056, "uuid": "3cc46495-6c56-45df-9d32-4162c910624b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478056, "uuid": "38898d6b-e6b0-4393-8143-0340c1e22cab", "value": "new_order_PO10701_DEMOO_SRL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b0c674d-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vjw0rm)", "timestamp": 1684512788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512788, "uuid": "b8ca3aa7-e656-4166-98e1-8c722ac98edb", "comment": "Malware payload (Vjw0rm)", "value": "328c532dbdb1c8476def9b91f98230d9", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512788, "uuid": "82374b00-deb7-4ecc-9cec-2f8e72341b27", "comment": "Malware payload (Vjw0rm)", "value": "a29300445badc2587283db55eff6ecd93fcb489bf2c4ac94a2d756c96f73b035", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512788, "uuid": "13a49ed1-2b74-4155-b538-2b28c52ef4f6", "comment": "Malware payload (Vjw0rm)", "value": "abd932482e30b79d29a481a1fa448e7e907a4948", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512788, "uuid": "ec0e9b0b-c58c-4f32-a982-bddb47bb139e", "comment": "Malware payload (Vjw0rm)", "value": "ac926ce7c7b67f5ebe2180533dc1aa7213a0cdb3323635c31bb55cf11ddc5d6365bfbc437c24b003ad3e56af27dac4f1", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512788, "uuid": "a7529cef-a0a1-46b5-a9e3-ca35e40917e5", "value": "T18C151AC636F43A0A97A3D664C712E222AC74FA231D8B35D67DC03B4E7E75C505DAE920", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512788, "uuid": "91fadb77-897d-4bc3-83ee-7253c7626fd4", "value": "6144:QQ9aF0K7PD3n1NtwFfDEqD4Acy+GJIIyoEHwdCRslR/Y1FnW/ceZ0CYZ3a0W3Od2:TI6oje", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512788, "uuid": "4cc5bc89-8d29-424c-a350-9e3230f34866", "value": 944733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512788, "uuid": "7b9ed6bc-f79d-4724-a567-3adcf1594b6b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512788, "uuid": "5b5b3279-4c17-4b67-b1ab-cb49c5ee81e5", "value": "Tax Returns of R58,765.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f53fc1f-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476959, "uuid": "e0f2ff19-559e-491c-a8a3-c8cfd0c0d9f8", "comment": "Malware payload (SnakeKeylogger)", "value": "f544b8bbcb06ca57129f4244d6d7a1a7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476959, "uuid": "3a51a2c0-d2b3-48db-91fe-1132dc435c61", "comment": "Malware payload (SnakeKeylogger)", "value": "a2b90a437fe9f0a39bd7b472aa9ffad9391806a1de172df409c8c3e411e9c590", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476959, "uuid": "513240b5-6d5e-4a0b-8718-1f8394d575d5", "comment": "Malware payload (SnakeKeylogger)", "value": "54bb6c9e4bb95cf2e2c5a725860f6421ff770815", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476959, "uuid": "e18f7fda-3896-458d-9e39-b5c8bff7ecae", "comment": "Malware payload (SnakeKeylogger)", "value": "9a44feaf826967e530d73e944922c992ded8cc720ac941a03eae67c357a9567e2a5ace573f86173162bb70606bbd09cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476959, "uuid": "69d064d4-cd09-4e7e-8a55-34b5824e4fec", "value": "T150E4D01422E58B46D5BA43F05CE0E2F017B69D99703AC70B4ED6FCCB72A9BA10751E17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476959, "uuid": "6c498d78-da79-41e2-b3e5-c723f8ddbe6a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476959, "uuid": "5d00114b-8b7c-4e9d-91c1-c9c4e88bdcbe", "value": "6144:Ts3nHKq8DwEtTaCh/NrFOHbo5OK71aN2GtWb7HitAc2RdGwZxCAmsZO3gx73k+Qt:fqBCTrFO7oci1ao7H9dGwZxCAbv7I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476959, "uuid": "c5d251b8-9e6b-40d9-8b9c-202372da24aa", "value": 669696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476959, "uuid": "99d8b1d4-4e1a-4c92-8fb9-414c0d50f331", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476959, "uuid": "1964432f-2475-42f5-8487-a9f22640d26b", "value": "PO 9876DTTYJ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3746b0dd-f631-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684492675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492675, "uuid": "5abfd45d-779d-4169-914b-ac9da917f633", "comment": "Malware payload (RedLineStealer)", "value": "acfc91deba0e90b709d3e647d2e6eece", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492675, "uuid": "20a5c9ab-90f4-4574-933d-0c9bfefa2785", "comment": "Malware payload (RedLineStealer)", "value": "a2c39b847ce41938e37d805ec11bfdded2b04747ce9c55eaf49dffaa65bd894a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492675, "uuid": "a5615937-68df-4703-981b-ac0d8a035ad6", "comment": "Malware payload (RedLineStealer)", "value": "1407c91e919e0a4503a6c96f1dfe9f0de6857241", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492675, "uuid": "e52080ae-5702-48dd-ad84-3a94c99cbfdd", "comment": "Malware payload (RedLineStealer)", "value": "d3e02bf89a4bf0260a4917d65f221048f9d4a706c22ccf63ac26290ee24865f2c9beaeba3521f4257fb77608d0d8aa1a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492675, "uuid": "efda68be-c710-403e-8cf7-1969388e4879", "value": "T19D748D22109C543BF427F532ECE28B75922C7EF7235F66E767C4312E4B1A1D65AA600E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492675, "uuid": "4f845d60-1b07-442f-a90d-6c4cf4e64f22", "value": "aa13816afc0cf283e1c2ef6f42b98abe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492675, "uuid": "944242f7-d512-4345-bfe6-87de2e116bbb", "value": "6144:YWFE7mPpV+2d9abRzQgmdVyWZcwjeQoXFc9aUCue+UbWb4cYo:YWDPp7TabNQgmCWZcwSQn8j+K44", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492675, "uuid": "391584e4-36e1-4a99-aab4-76bb66a1d97c", "value": 359192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492675, "uuid": "b2e06039-e525-4e5d-9180-6ce7cab69d3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492675, "uuid": "4cce63ec-1380-416d-996f-8cede9702839", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4875dddf-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684478101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478101, "uuid": "6dbfba4a-f5df-4a6b-a5e1-4b0517c849bd", "comment": "Malware payload (SnakeKeylogger)", "value": "1184d0e72d0c1bd0bd306f0178116b7a", "object_relation": "md5", "Tag": [ { "name": "BBVA", "colour": "#1DDAF1", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478101, "uuid": "14ddb2bf-484a-4ceb-ad7c-7b3d00b97ac1", "comment": "Malware payload (SnakeKeylogger)", "value": "a2c60612d5450af22322938dad549462026ec1fe256cdcaf9719f27be7fc901f", "object_relation": "sha256", "Tag": [ { "name": "BBVA", "colour": "#1DDAF1", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478101, "uuid": "32f61d20-da1b-4930-9fe2-50b9517ee67b", "comment": "Malware payload (SnakeKeylogger)", "value": "c8e7970ff0aeb27be8ac1bba86645e051e67a6a7", "object_relation": "sha1", "Tag": [ { "name": "BBVA", "colour": "#1DDAF1", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478101, "uuid": "66f5e60d-5959-4039-a9c9-8a99a8b00dc3", "comment": "Malware payload (SnakeKeylogger)", "value": "a928bd93000b4dc41fbafbd8b65a417df24e23db9d12d493cc3a039d9d99ecc1a320ff5a9c7c644214f287423e9232bd", "object_relation": "sha3-384", "Tag": [ { "name": "BBVA", "colour": "#1DDAF1", "exportable": true, "hide_tag": false }, { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478101, "uuid": "e0dd1bd9-9160-4c79-8ebe-5404d7e4fd02", "value": "T1EEE4DF1422E9DB4AD6BA43F45DE0E2F01BBA9D99743AC30B4ED5FCCB32A9B510750913", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478101, "uuid": "1dbbb5e9-f3d0-4e4f-84cc-e0de21aa6f87", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478101, "uuid": "315a82bc-6614-4992-97cb-a0c05b90c00e", "value": "12288:JqBCdCvPSIFGcGs7goLx43SI6oCiI23r3:JqsEvqUGcj73LxRACl2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478101, "uuid": "a963ff19-e7d8-4ce0-9bd8-d8d13bd9bf53", "value": 665600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478101, "uuid": "4e85afa1-6180-4f95-8358-23033bdc3a3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478101, "uuid": "127cfb39-06f9-41ed-8039-a353c5124aaa", "value": "BBVA-Confirming Facturas Pagadas al Vencimiento.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaa204ae-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684498130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498130, "uuid": "ce9ef0e0-b841-4814-ad24-acd9a2d2a3ba", "comment": "Malware payload (zgRAT)", "value": "1acc4832732e8e792257b16664e2262f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498130, "uuid": "0fbf87d1-dad0-497a-826f-fa33a8d5e159", "comment": "Malware payload (zgRAT)", "value": "a2d6c74bb380d01f7a666731a33f0be3b167c17b7436f9fff3f77f744c198ea9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498130, "uuid": "c591450b-364f-4aae-a536-fc02e732fe9c", "comment": "Malware payload (zgRAT)", "value": "246ae9c3ab70463cfc0eb8101110d5452bf1ccda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498130, "uuid": "a2382081-702a-4833-9244-3a2546692a21", "comment": "Malware payload (zgRAT)", "value": "2d2b9c94d68a90c09c716e62a531d133f979c41571f0b68ae355a198165705d3ea098884e160529135ce2181d4ae3f4d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498130, "uuid": "7194b667-ea52-4463-8cd1-34c9f7693f0e", "value": "T1F494F635A1F12AC5F896CEB28E61E619FFE70C81AE61924EE16039F216337C4C5451FE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498130, "uuid": "534d3d10-9390-437c-bf26-9e0fc6b1cb35", "value": "6144:zFbhCRWDz6VF5990stoidLRy8KHEPAbJDkXgVq3sla+Nvj5:3ro5CidXQEIbJWgVuCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498130, "uuid": "01ab5a36-d30c-492e-abc8-a864befa463b", "value": 412736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498130, "uuid": "ff90de35-2957-421b-8cde-ec71b1772153", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498130, "uuid": "25e81937-d0eb-4eaf-b8a7-e6ded7653333", "value": "rFacturasPagadasalVencimiento_PDF______________.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc974cad-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684531661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531661, "uuid": "64fe948a-f399-4e7c-a05e-068ada908ca3", "comment": "Malware payload (BumbleBee)", "value": "7d0ec2a1af07e7c34c3cc8cc521a0e32", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531661, "uuid": "42e2ef8a-723a-42e4-90ac-4db3bd88bc58", "comment": "Malware payload (BumbleBee)", "value": "a2fd80e9dccb349dcb92e88614c5a591b2762999e9bec6f488d3287c8b36ebe6", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531661, "uuid": "71ac7083-2c78-4648-a64d-22a98c0321af", "comment": "Malware payload (BumbleBee)", "value": "f3ce2155e4443fd3f7060bd39cb8e7a0f0fe60f3", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531661, "uuid": "548bb93e-65d7-43cc-9c04-2106113c479c", "comment": "Malware payload (BumbleBee)", "value": "fdcf5eb4712f5b74593dcbc27a35601f27cdd8c24749a9e0652c91fbd7464f6bebcf73527682f149467406e74a98ad04", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531661, "uuid": "4a32c366-1b52-4df6-a074-a2ae99ef700e", "value": "T18645E011E2921FF4D4B6817681AB262BBB747E5C0314D377ABC0D2377D837E45B1AAA0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531661, "uuid": "8e0ed45b-4108-4da4-9e3b-c0fbad884360", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531661, "uuid": "c2d5e928-3e40-4ed2-a5df-e6bf926020a6", "value": "24576:f/AxL2HrN03HVkLI/LcnghFdk57CpCK/VrQtkEE9UYYkvzx:mwYI2wghc5q/GtkEAsKx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531661, "uuid": "438af9a6-0bd8-47ed-ba43-e8d13e21a500", "value": 1222154, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531661, "uuid": "efa47369-ce29-4b6f-acd7-617fdb9d8281", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531661, "uuid": "7ec80c93-e855-4984-93d3-484517679c8a", "value": "SecuriteInfo.com.Win64.DropperX-gen.18519.17594", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "548962d0-f614-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684480269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480269, "uuid": "c4325fec-b5d6-4523-a13b-d2dc106d6026", "comment": "Malware payload (RedLineStealer)", "value": "b983ebaa522f25044973b82889dfb25e", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480269, "uuid": "c317a7fb-b02f-401b-8a9a-4832ff7036aa", "comment": "Malware payload (RedLineStealer)", "value": "a333249617500c9277baeaea4dacc48f912b9db3939e85fe8865778a2d701931", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480269, "uuid": "eb909653-5c7d-4962-b39d-e13df090b000", "comment": "Malware payload (RedLineStealer)", "value": "316c79139cb25138819945e16acf9e26c207b6e7", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480269, "uuid": "9c405266-1e7b-4f42-aba9-a6b5093181df", "comment": "Malware payload (RedLineStealer)", "value": "34640bdf53d24ddd9b2e17f00b48fc3e57370e0563e5c3d03a0d8a7f199c1d75e43bc3d997498a6fe670b455aef18d0d", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480269, "uuid": "1722ec99-701e-42fe-824f-5179d04fc932", "value": "T18D94923BEB45E0D2FF49963C3AD3646F2CEE797A17A510A20A014356345DF7039E0BA9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480269, "uuid": "0bdfe951-0f96-4fef-b06e-08ce0937bbb2", "value": "88ed05598d45c16a126d02464dd4684a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480269, "uuid": "0356aa08-0f3c-4268-b79b-e5777a6e47d6", "value": "6144:1/yAY/kwmjbPwkCp1Ds1l58hUllLVd/+Vo3lEVm6+yoV:1/A/9qwkCLs1l58hULLVp+VimVm6+J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684480269, "uuid": "94ee230d-5555-432c-b72c-3dcb9f58c560", "value": 443488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684480269, "uuid": "cb2c1eeb-4e29-45e2-945b-0631d9c19eb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480269, "uuid": "fb36d562-77ed-4ee0-9636-abac21fbf1f0", "value": "processor.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a072fb2-f5fe-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684470695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470695, "uuid": "5017a438-302f-4e2a-a26c-0675638e8450", "comment": "Malware payload (Amadey)", "value": "eeee97ab5ada4159fee20070fa810b1e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470695, "uuid": "2823624f-16bf-4e96-9e20-fff9f65107c8", "comment": "Malware payload (Amadey)", "value": "a33a85ec95382b08ad57705f113adab57971fd7e33d3072fad4a817955319c1b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470695, "uuid": "f629a7dd-4dd4-4df7-ad36-d907eb0be21e", "comment": "Malware payload (Amadey)", "value": "010741b25de08434f8d9d5ad03fc93827a4d44a8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684470695, "uuid": "a81b8444-8d7a-4270-a88e-c354a6ad08ca", "comment": "Malware payload (Amadey)", "value": "85e7b31b5521dd688a064f9ba35899e8f6b1febbd311efb580b8315c660aeb3598023eb20a33dbe1df112c09b29f3367", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470695, "uuid": "1df3d4fa-005b-410e-bddf-677f6a43e61d", "value": "T10025239276E98165EDF12BB4ADF703430B353C91257C83AF27C8EA49CCB29507972726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470695, "uuid": "c0861e13-cb20-4d53-8eaa-a31e7f40c09e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470695, "uuid": "25226c00-09e1-477f-9972-8de1b062abca", "value": "24576:DyTE/bUZygIv7bofIp0gF7iKRyXH3WJxgwhmaRnQyyVmudnS:WTUbUZf6790gF4XCxX3Qyyd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684470695, "uuid": "c2743270-1496-4410-bd3c-67591eb5130e", "value": 1045504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684470695, "uuid": "504c8a79-4edc-4e04-ad8b-31a0b6601140", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684470695, "uuid": "64494b96-4d85-4ae4-84cc-4261e24dee94", "value": "eeee97ab5ada4159fee20070fa810b1e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3118d5f3-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525307, "uuid": "3c04203f-ce4b-43e6-b326-abc86748bb88", "comment": "Malware payload (Mirai)", "value": "0f5694c5862b194b70c02bfbe0476318", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525307, "uuid": "0f2cb8d6-3ead-471b-9080-16e5536019f8", "comment": "Malware payload (Mirai)", "value": "a34142668f5367637cec898cfb284dddcad10402cf83a8d2b2f254b0bb4f00d9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525307, "uuid": "f4bf0038-7e87-4908-bc91-8d9e443611ec", "comment": "Malware payload (Mirai)", "value": "ae99523382b6324f612b2b2b2b5579433791640e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525307, "uuid": "5230864d-ce9d-4ef2-8767-49bcbbf092c0", "comment": "Malware payload (Mirai)", "value": "dda245df844bbf29f8c327193dc97906a60da4db3b3f25e6af51a59cf43b3961270e0e038a6b94926f294e37ba4e6084", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525307, "uuid": "b0dd2d41-4ae2-430d-8d2c-3c721a3cdf38", "value": "T1EF33F1234D7CE8F3C2159D39B5AD44EC7A829FB855DE39A38532024831864F92AF82C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525307, "uuid": "09746d6a-1edd-4daf-860e-6e7b9faa5e97", "value": "1536:oF18iPwsQfUal6BJZsSoSKLuQy4L24JyYmU6:uMsQfUYILoSKLB64sfU6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525307, "uuid": "03b49038-2a01-418c-a2bb-c971c7b7ddad", "value": 51920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525307, "uuid": "958d416b-0dab-4596-b95b-157b65e37460", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525307, "uuid": "411c4f25-cf91-4d8b-8452-9389e558dcb3", "value": "0f5694c5862b194b70c02bfbe0476318", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d540ff16-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524294, "uuid": "13ed6dc6-587f-4c52-be97-b6ffa2f7adc8", "comment": "Malware payload (Amadey)", "value": "01f6e73d4b4d50bba0adf7341eeac51d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524294, "uuid": "544e38b1-57e9-4f01-b2d2-38e8cb7083b5", "comment": "Malware payload (Amadey)", "value": "a4ac65cada8b38616e721b9d63f2d3bb6de8333423940fb6e1f5c63d121f8778", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524294, "uuid": "7e9cf74a-9a9f-4f8b-b990-a80eaa4fe65f", "comment": "Malware payload (Amadey)", "value": "35d586d66d5969221de4d623eda9fd2e1b38cbb2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524294, "uuid": "d75caba7-4c27-4974-b2f5-c2a6af180a84", "comment": "Malware payload (Amadey)", "value": "61087d52d9b98451bed5c2a2a6a0726e1b28c850cbe82edad8c1115212289f605f0a49460f7cdd96feb7dd57455b6fcd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524294, "uuid": "53a8ba09-1b47-4b8c-aa4f-2a46c4b84829", "value": "T165252317EBCDD072D8B56374A8F225870B35BC514975932E3B525B9E4CB2284A832B3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524294, "uuid": "77bbb021-1de0-429a-a014-140e5bcfcb3f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524294, "uuid": "5abb9e56-efa6-43a9-bff7-cd33b984d1fa", "value": "24576:r3yAEO8ztakdGyRnsaNHMaqtz/5/hpz9Ra:rCvv5dGqsaNHrqtT5RR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524294, "uuid": "4689ce64-a7fa-406f-9926-6abe679064af", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524294, "uuid": "e76c394e-4e1b-429b-bfba-a9747c17cabc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524294, "uuid": "c489f4d5-b1bb-4f57-8f82-87a2cc1536a1", "value": "35352.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e58aa69-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684500042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500042, "uuid": "6e66fe59-f631-431b-9442-de0ec7bda11a", "comment": "Malware payload (GuLoader)", "value": "c5acd0ab299e2bae11acdf6aa3b5aca2", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500042, "uuid": "baab475d-be17-47e9-a365-52cebee730b3", "comment": "Malware payload (GuLoader)", "value": "a535b755546cf4d4a159c7edfdafe7e1e243447471c757cacc02b65662a20f97", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500042, "uuid": "3b3fedd6-8752-4aff-aaa1-88e91bac1de7", "comment": "Malware payload (GuLoader)", "value": "1fa587650771e9209102c1b0a75ae5c853bbb5f7", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500042, "uuid": "85e9cbf9-ea60-43d4-9058-3de34b1c26a0", "comment": "Malware payload (GuLoader)", "value": "5c5d8371ebdcb1e69c743c51775218be9511b04fe9f46bbac1cdc1eabd1bb835c531570d60b9d62e33aff99f313309fe", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500042, "uuid": "ea507a87-b103-428f-8f80-88437d4dad35", "value": "T119B423B579412BA124C3D171DB2759C6B9D93D3B1D78DEA5A11F0C8892B903AFC8F232", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500042, "uuid": "0703e4dc-6363-45f1-9408-4e3f7376d288", "value": "12288:ogb1ebU1bQHSM332/hNaaoaTLN4MyLs6g6OY8YA5nEDyjXULJ:PUbUiHSMn0Q5YN4fxvOuGnEDws", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500042, "uuid": "2b0fd28c-3cf8-4f36-a7de-2cdc5c978950", "value": 515731, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500042, "uuid": "b9f154b2-6a39-4591-9e99-dd45326b4548", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500042, "uuid": "aa23348d-94a1-46cb-84d0-217126f5c14d", "value": "66234.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "744ee08c-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684515971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515971, "uuid": "f76b8d3c-0439-4386-ac79-babf6078422f", "comment": "Malware payload (RedLineStealer)", "value": "929eac506d412c90522b91d0ddd2a589", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515971, "uuid": "400b567e-c48c-4aef-a084-b370d8a64805", "comment": "Malware payload (RedLineStealer)", "value": "a58dc30120e730b89a810c1a929415eed3f33c383c0326cb17f60b2d478ea138", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515971, "uuid": "2e60805a-a6ac-4c22-a32f-493090d9a578", "comment": "Malware payload (RedLineStealer)", "value": "47df1dd9484c4697f33a21f4a725938c946b421c", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515971, "uuid": "27beede9-bf6b-4088-ac1f-fda249084cb2", "comment": "Malware payload (RedLineStealer)", "value": "f0c179c885dbe355d5c3bdb21609c9dd795c75ff455c7e5c30088f5599505ec1e25e5f5608a2ccb5c9547f1ec14900de", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515971, "uuid": "b0c7c115-5af6-478f-a227-bb2411aaa028", "value": "T15EE3D424279F8934D6BB4E3D6CB19CC076BCEC12A542D74A4ECDF15A3A33B809B116B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515971, "uuid": "36d7213a-f9d7-442d-ac9a-e08bcb490429", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515971, "uuid": "6d3f26af-8baa-4f96-818b-11b71083aa40", "value": "3072:FV+m5c/QmRSNAwMqLza9nDEFth2ZG8e8hR:Fj2FD0IQth2c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515971, "uuid": "7f25654e-a7bd-453c-81a0-81e6b57489cb", "value": 149128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515971, "uuid": "38038a41-3f63-40a4-8922-ea93bfcb44a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515971, "uuid": "a3e1e8ec-f441-46c4-9e2f-b4a504dfa849", "value": "62263263.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a45c203-f617-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684481487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481487, "uuid": "bc9d530a-16ee-4a0d-b65b-fde10ab0f749", "comment": "Malware payload (SnakeKeylogger)", "value": "6cb10f53add5ee1bfbf0928c9a8412c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481487, "uuid": "e9549ddc-e2f4-4b5e-808c-dfc2fb76e733", "comment": "Malware payload (SnakeKeylogger)", "value": "a5daa13bcab440154c01d336ff4a9dbf4ff40ece572ce781557a47641fe01de4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481487, "uuid": "7889bc1d-c979-4cc4-a0e7-9d2d9fe5cb0f", "comment": "Malware payload (SnakeKeylogger)", "value": "32d9db653054f39c4af19d9cb45a092d42abed6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684481487, "uuid": "5221d8dc-01bd-411c-abde-ceea2a848a76", "comment": "Malware payload (SnakeKeylogger)", "value": "255823596f3cee1ffcc5e452ffe8dc9a861e9d7c62c97a51ecc86b3eeaf6a854be0a485fac1aafb245709696f2dc9a61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481487, "uuid": "5136434e-9c7c-48c4-ad89-1b10677c7ddf", "value": "T1DBE4D02023B48B46E5BA43F45DE0D2F017FA9D99B02AC61B0FD6FCDB72A9B610750917", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481487, "uuid": "58ac1c32-8a3a-43bc-88a2-422022e8a122", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481487, "uuid": "74967eb9-52c7-4f33-af3b-3a7cff6ceb36", "value": "12288:hqB6dwaYSON8lSEkw5PjRGJmGDpZS3apK5HjhTI61N7:hq0waqNAewtjRG9pK5HjhTI6X7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684481487, "uuid": "df689432-34c5-449e-bcbe-7c9e48c62939", "value": 666624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684481487, "uuid": "5149d4e9-1b89-4c21-a8be-a72cbe51f9a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684481487, "uuid": "c5d10855-acc1-44c8-b590-777dee3e7221", "value": "Cfoc 00109839.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8b52bf4-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497590, "uuid": "afb175d9-c7a0-41dc-851e-83ca5e5cc166", "comment": "Malware payload (Amadey)", "value": "a296236b4cae082d5d35f0f725e42681", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497590, "uuid": "f4b1eba0-a964-4635-a865-44e03998a1e7", "comment": "Malware payload (Amadey)", "value": "a5f3b7b70470ed75e8bdcc9f2db015f4de4784352e53d7259aaeb0cbfc25af1b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497590, "uuid": "588b08df-a3d0-4f23-85a9-ffd721927ad2", "comment": "Malware payload (Amadey)", "value": "922ef0ea11ac7a7a4d22fee04207ff0793ab65f5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497590, "uuid": "a272923a-3eff-4080-bd25-b4c9fa0afab5", "comment": "Malware payload (Amadey)", "value": "505be2f615e35fd660d68178541e5c683c30e93e0f22a3b44153db2226334348d52f475927b915b92b74d73959147c4d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497590, "uuid": "c598f4e9-3e1b-4beb-99ed-486dd0a3d494", "value": "T1D5252322BAE48076EAB01770A4F707C71B35BD912679931A37C7B5A70E726C8B530772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497590, "uuid": "0d5ad050-3ea3-48bc-83b8-1f2af8b189af", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497590, "uuid": "8a064595-04f5-435b-a646-e7151fd19741", "value": "24576:DyajQcJVGdY9PxNkjbu107S8yfTmzVQhLhu22ejPZlWy:WajQc7nNkjbg07S8yrmzYjPZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497590, "uuid": "a0f1f49a-093a-4900-9891-fbe6354f6b3b", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497590, "uuid": "1792f8ff-b778-46fc-a271-7b550c14f4ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497590, "uuid": "2269e9cd-c800-4ddc-a05a-e62acbff95ea", "value": "config.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b045a9d2-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684473981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473981, "uuid": "e1dc3476-426a-4a21-99c2-8c2a46f9cbac", "comment": "Malware payload", "value": "a203d52471287c0decf96b4fc1a59240", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473981, "uuid": "36776518-d9d3-4d62-906d-cfc0760569c3", "comment": "Malware payload", "value": "a5f9e311fc6beb139fa99c553c940bf8f1c8fd77a9cb5cfad6b98870bd8e86a6", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473981, "uuid": "c3937416-541c-48b7-a727-570a03949f88", "comment": "Malware payload", "value": "fdd4cf62dc62b18e79fbd440e9de53286834423d", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473981, "uuid": "56bdab44-4515-43db-8d1b-f1c8c3e40443", "comment": "Malware payload", "value": "650841c14346221da648f2f2140b5057e7eadba17ecdd2b594f54ffc6c4fd45eabcd82f7d2038cab28c5b9cea9039917", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473981, "uuid": "db91516e-227d-4e11-8067-8da25c284d32", "value": "T176E42355958A11679B6D92AD0388B6E20CCD3BFCC0BFAD03B33208D8B85F5C8B7D6595", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473981, "uuid": "8154cc67-7cc9-43e8-808b-1358895b8366", "value": "12288:1GjnT6DcNa0TDJ5+COASMiQ95aiRqjEmzh/5g0xh0H+vKDX6JcgYz0P80QZW+rKJ:1SnTyOvJLrBvqjEmzvg0D0HuOOgz0P2W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473981, "uuid": "5763322f-b7e8-4aa1-b935-142c086ae43b", "value": 688100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473981, "uuid": "5faaba34-e51a-45bc-8d1f-1a2dc4e0b65b", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473981, "uuid": "b54d38c0-1b48-4760-8c4a-60299f37a727", "value": "Purchase Order hib17052023.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dd8adf4-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466863, "uuid": "f0c13a5d-b993-4e81-85fa-43f0b43b1bda", "comment": "Malware payload", "value": "feac6c725e9c1bd3f9ec3ecab7cfadbf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466863, "uuid": "dac5dbd0-eacc-4dfe-aecb-9f87ad446641", "comment": "Malware payload", "value": "a620773a1118170d8af3063954e24a598e26fb10a9549014c540886effb9e50d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466863, "uuid": "c2ab6c76-ff16-477b-b374-90fc84e2dc95", "comment": "Malware payload", "value": "e74467f2648e89ee96cca5c8971ffcd3153cc62a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466863, "uuid": "cb15f497-d1d1-4a7d-b3bf-fc5a3b8444ec", "comment": "Malware payload", "value": "65e5ed094d2302a1d79e02ea0499663174ea85ee8916dec74e44edc269c47a8109109c676a2bc7b0d1f107ecf393bcd8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466863, "uuid": "94e28bda-3397-458d-becd-e7e601623efe", "value": "T1BBA4AE3B38D2903BE5DEC0F1195296375E6B71100379A4B3A754EA55F92297C0B3B3B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466863, "uuid": "ffaf89dc-5c3a-4f02-a3af-81ac20ca5d4d", "value": "768:HNxKjq1TXHH5a9whIfflMm/hIvbTPo5Ik9ZqkSA4ul9byMC9t7rvm:tEjqtXHZa9wGff4TPo5/4kS6fC3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466863, "uuid": "a830b5de-cb00-409b-ac06-933f78acd533", "value": 458752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466863, "uuid": "137c5837-de98-4a67-b5b2-c0b1fc1b4c21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466863, "uuid": "8f61a3d5-8c52-4107-9bf0-6656d31b5b53", "value": "SecuriteInfo.com.Heuristic.HEUR.AGEN.1344324.27744.3727", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d770220-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (LummaStealer)", "timestamp": 1684512899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512899, "uuid": "a2b527c4-f2c9-4afc-944c-1d93dafad31f", "comment": "Malware payload (LummaStealer)", "value": "c3359aec2c64c031a1e9f65c6520ed0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512899, "uuid": "a7a550c7-44da-40fd-a6bc-c5cf04d7c8e9", "comment": "Malware payload (LummaStealer)", "value": "a6251f51d44ab470d9fc81e3049f19d9f672f9ccbb5ff69d7ba0fbd60448cb65", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512899, "uuid": "5b8a8420-6ba4-4f63-ad10-ab44e69012b1", "comment": "Malware payload (LummaStealer)", "value": "6622de6febcad538af46df353149d24283938140", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512899, "uuid": "95ffe5f4-f6c4-430c-b7dd-9caedc43e6a1", "comment": "Malware payload (LummaStealer)", "value": "2a487bc440f4dd55414e9ea4c80eb67310cff58b832a7330f9f0f72e05a26d4002c1bbaff606e5dc09337e62599bdc60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512899, "uuid": "a7b870f8-6da3-4282-9247-de60051e92c1", "value": "T13416EF926E7C9810F945883C1AAC8137E57BBBDCB38F551768B06ABB5763B89410C733", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512899, "uuid": "ec327e23-e02f-4710-9ebe-e0a580dd6a46", "value": "5faa37f4bad9873b25a888f671e84d3f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512899, "uuid": "0f0d4088-58c2-4d19-a484-e6b4a301f30f", "value": "98304:M8HR14YADpA+XgwpmMOiHpAXse+px/rL1Gdgfl4dQ/SEnelnsXUEUt:M8H/Avv9qst/FIISEnehsE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512899, "uuid": "0c922415-76bf-47ad-a919-9725894829d1", "value": 4161360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512899, "uuid": "8b88de31-79ec-426d-b5f4-141cf56189b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512899, "uuid": "e9f41fe9-3f5c-417c-8092-7ea0e8629126", "value": "c3359aec2c64c031a1e9f65c6520ed0f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c954edd6-f63a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684496786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496786, "uuid": "159116c3-e2a2-4845-bbb9-574dea4ffe0b", "comment": "Malware payload (RedLineStealer)", "value": "0341cfaa6d637f2a096f0ebc014f94b6", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496786, "uuid": "230a83a5-a9f2-4f70-b717-33324342ef8e", "comment": "Malware payload (RedLineStealer)", "value": "a7092f90c3b810100af52f74bf09c8ba64f455bf9b8615b366f083b2f4e74410", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496786, "uuid": "fc92aa77-25d7-473a-8961-cac39d54c667", "comment": "Malware payload (RedLineStealer)", "value": "11d0d5a4597581df29c76b607b68459880311538", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496786, "uuid": "4f3fe603-e046-4236-845b-d890e183c562", "comment": "Malware payload (RedLineStealer)", "value": "8b7977438f0077383458db1ab07a932a25f1f4ae2c84c586996efa53755a7542394248287d0101c562d70ccd129f1478", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496786, "uuid": "f0938e45-0851-4aed-8666-1802ea999166", "value": "T1DB252343B3DD9079E9F51BB169F722830F31BCA14C7897AB2B81A9574CB76E05130B1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496786, "uuid": "3702077f-188a-406d-a8ac-a1c07192f0c4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496786, "uuid": "4be627d5-329d-4d00-a92c-6c7bbe8e362f", "value": "24576:PygGdVEDPFQQu/TgoZJZL9DPYoccfm+Lp850++CQf:agQQt39odm+F8e+x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496786, "uuid": "4875d492-2b68-4615-a80c-08b553a39ee8", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496786, "uuid": "a7368ba4-359d-49e7-8e74-a0fa8970ef17", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496786, "uuid": "2420f4ca-6a21-4e92-b7af-48c0afc44996", "value": "2332324.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c194d83-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466887, "uuid": "2b277506-6518-4479-9670-d75ff6af98ac", "comment": "Malware payload", "value": "3173b1884255cef2daad53527ed5a2ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466887, "uuid": "c891ad04-f425-4fa4-b25c-15c738b61bb0", "comment": "Malware payload", "value": "a7187d2443a1998b3c095c494d5af97030747e7d946f6403b5b17143d498bbbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466887, "uuid": "344988b2-e904-4423-980f-d2359c2d0aa6", "comment": "Malware payload", "value": "54fec34eff835960db82d6122987f23e6068ec40", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466887, "uuid": "1734fe8a-c2cd-4805-9a6e-367932d8fbee", "comment": "Malware payload", "value": "720c3829c55ad7a2012eda1ae9132539c87ce790cab968ac2aa89b493e9ed22e7eaa426537b1a070ff9aac0672997c4d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466887, "uuid": "462f4b96-a98e-4e8d-a187-60ff13189059", "value": "T1F9457D91F2D245D2D54631310EA72B396F71EA873F30CBEB21A9EE38AD737605923152", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466887, "uuid": "e462557f-9276-449c-877f-03defdf5f2d0", "value": "12288:8wWuO+pgl8kcf0qlcrx1TRuWxs4b4XeshBAXp8p:8wWuOpqfP8ToWG48BhB7p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466887, "uuid": "73ddd2e6-3722-4f89-abc1-2036c2878b91", "value": 1179648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466887, "uuid": "6c42ea5a-fc9e-4f22-928a-89b69fde093b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466887, "uuid": "cf31de5b-fe11-485d-84a2-95e31afc1d73", "value": "SecuriteInfo.com.Win32.Trojan.PSE.QP57SD.21117.25763", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fd8362c-f5ed-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684463484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463484, "uuid": "220805a3-22f4-4491-b774-3daf97cc849d", "comment": "Malware payload (Gozi)", "value": "435cda02cc6c4667a023dacc47441dce", "object_relation": "md5", "Tag": [ { "name": "BadInterop", "colour": "#34B4FE", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463484, "uuid": "71b1ee05-c871-46e3-8065-3d002c613eb3", "comment": "Malware payload (Gozi)", "value": "a78095181b1dade620344a5f1667821bc68cbfff4828b85d8cf438b427324008", "object_relation": "sha256", "Tag": [ { "name": "BadInterop", "colour": "#34B4FE", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463484, "uuid": "804d44bc-a7df-43c2-a08d-f396ec7fa79f", "comment": "Malware payload (Gozi)", "value": "9651fe67e5b8351d2daa77e9deabde3f80d28077", "object_relation": "sha1", "Tag": [ { "name": "BadInterop", "colour": "#34B4FE", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463484, "uuid": "521c7946-8e25-4174-94cb-87cb01c6f815", "comment": "Malware payload (Gozi)", "value": "929c5674653aebb306876328d728c17a8f25b7a4092379c313dfe9c178b93ef05029983f7cfa22479344b0175389278e", "object_relation": "sha3-384", "Tag": [ { "name": "BadInterop", "colour": "#34B4FE", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463484, "uuid": "fb157660-e040-44e0-b581-a31a47dbf75f", "value": "T19E71F11A97F8462BF47307385EF3831667B0FC609FB3975E49811219BC612545E32BB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463484, "uuid": "e3e3c519-af5f-4ee5-bf90-089e6703ce4e", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463484, "uuid": "b83d9f31-a71b-46ee-8d6a-a5d8244edb53", "value": "48:6wXcb5Bc/kBic7KL9WYUFJ/mEH1ulrYa34Xq:qb5BcZL49fyJYK4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684463484, "uuid": "2e87ca2a-98c6-4b8c-8ee3-f59e0afd88b9", "value": 3584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684463484, "uuid": "790602bd-9be1-427b-96bf-4a48ff611ffc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463484, "uuid": "1b376caf-4a39-4da1-a944-a469e7ba2968", "value": "yfeshmfv.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73dbcad6-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497502, "uuid": "8de4645e-f187-4f24-b9ec-6ba263151416", "comment": "Malware payload (Amadey)", "value": "785b0609537bb06d43ea22eb26c7640a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497502, "uuid": "e758a655-17c4-47de-9e69-400fc69bc362", "comment": "Malware payload (Amadey)", "value": "a7aa32c37e862f1b0bb24532af2e4fda742161b6274f92f866650784467944bc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497502, "uuid": "4a3179d0-39d2-48ee-ad0d-c764abd0e99f", "comment": "Malware payload (Amadey)", "value": "87ece15f2a937ed216577821e09f4de82d2cfb03", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497502, "uuid": "6987fa99-ad49-47af-839a-5a153abe160e", "comment": "Malware payload (Amadey)", "value": "13443d11cd4920cd17daff81556815e7af5a838f7679b5ad11fe8e9a39ad15a83c0146a2ad70b56195341d2fab2a402c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497502, "uuid": "11fdcead-fe15-4e97-84f5-14baddd246f6", "value": "T1B125231177C994B3EDA50B3068F362570A35BCA248BC824D6B972ADFAC637D1D074B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497502, "uuid": "13fee4f9-0e70-4b57-b45e-b5625ef56cb8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497502, "uuid": "299ee612-afff-41c4-a567-bad28edd35a4", "value": "24576:tySpuuYsdq0ry6sK+Ja3En1FSUa2A1D4UrO9j6s37PV:ISpxK0ryZJakURDjC9Hz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497502, "uuid": "24b85cbb-6372-48d7-9988-be32c55f94e2", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497502, "uuid": "263d603b-cc6b-4c45-ada1-4faf94fab27a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497502, "uuid": "b2bc390b-1efe-40da-959a-e8422ee830fa", "value": "Startup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23b72322-f600-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684471597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471597, "uuid": "aa534586-4ece-45c3-949e-6b0979e6a813", "comment": "Malware payload (AgentTesla)", "value": "bb2f0b00c8f80175b251b995fefe5b4c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471597, "uuid": "6f6073c1-88eb-4126-9096-a22c12cbba67", "comment": "Malware payload (AgentTesla)", "value": "a84f7bdf41c1273cdbdf44b053849635aaace6d11ae6143a61f13736c895234a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471597, "uuid": "c60970ba-b819-4263-b61b-c2022326a506", "comment": "Malware payload (AgentTesla)", "value": "ee7a00a7111deb724b6ef637a0d17c0726f2af22", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471597, "uuid": "8d09ac22-cedf-4a4b-a828-f5baa148f1fd", "comment": "Malware payload (AgentTesla)", "value": "853e1f7946a0d6e6eef2be4150972bc70c6a723361ebd4ea6db02ec12bcc59d6778975f71abfb86f7f0cd81b56d96610", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471597, "uuid": "51307880-0994-4ae9-91e1-560c5d4df816", "value": "T15C34E1063B878632C9058572E0D7163543B6A3CB6773C3C67E8846A92F427D5BE8BF58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471597, "uuid": "577cadf7-415c-433d-9ea2-a740c2fc2f4c", "value": "3072:mBj9YNKqp/t1OQhfwyP8ZUX6gE67he6nY8E4+Q4q//otI+xfuIcWGMqWwqQWbdf+:mBjyFp/XwyPKZgEiLTEk/oZfuIrqwn4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684471597, "uuid": "6be3afe5-e0e8-48f3-afa8-5bb3a2424475", "value": 238664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684471597, "uuid": "a228ad06-8c8a-41f6-ab52-04404efa3b9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471597, "uuid": "588d4339-543d-4c29-afd7-1389c37ae30c", "value": "Freight Payment Dention Notice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31d8a0e8-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684489230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489230, "uuid": "2ce5b2a1-b0a6-46f9-9730-fbfc07c0763c", "comment": "Malware payload (AgentTesla)", "value": "1596a831e5017be9baae97625eb6f83d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489230, "uuid": "69c4d544-ef57-463f-902f-6ddfcc357ce4", "comment": "Malware payload (AgentTesla)", "value": "a907c4b91d636f9cd26d83b87d50633f1848f9c4c5bb8c5c83b50f0c2dcfaf35", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489230, "uuid": "e5e52550-0e9e-4577-bc7f-39f38d1d95a2", "comment": "Malware payload (AgentTesla)", "value": "c13bc70a9fc4524641defd3cfb85cdde76f7f197", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489230, "uuid": "1cae999a-6487-42e1-8513-d26ff773aeac", "comment": "Malware payload (AgentTesla)", "value": "0929730cf7ad05029b3021ddb13b5609e6819fc5744f08c6504a6fe0193f627df533810ddda58e6f60ce86f11f935683", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489230, "uuid": "48dfa537-72d7-4876-a40d-9110c039f5ee", "value": "T1BAE4F0302BD5C71AD06A0339D5E1D3F06776DD84B1B6C7834EE9FC8FB28A6A66351212", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489230, "uuid": "650b24e4-0cd3-480b-b6d8-47a4478c27fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489230, "uuid": "137e87f0-0d58-45f6-be62-82b1d19d8ac7", "value": "12288:etIgG2jo7/vUQKc4FlPATWtvPx4IlR6Q2LjnJwQR:eOgUjJPnWtHx4wR6QkjnJwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489230, "uuid": "72a8daf7-f3fa-409f-8b35-e24fd9278ab2", "value": 660480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489230, "uuid": "70ed2e99-f445-442d-9b78-2c0bb0ffab4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489230, "uuid": "67dc83ee-5b61-487a-a12d-592714de4205", "value": "GSPmed_IMP014 New Order 2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e207f4bc-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1684478359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478359, "uuid": "e7147a16-7eca-4510-bf3f-2415384875d4", "comment": "Malware payload (STRRAT)", "value": "82e61805b6bd6214db04bbf58ac257b0", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478359, "uuid": "4b9fca06-5658-4518-ae92-6d763951783b", "comment": "Malware payload (STRRAT)", "value": "a9569438b284141b9667eeea76cfe8fa7f1b42b39ebb374bc0342da8f0773285", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478359, "uuid": "822fff9c-d502-4083-bc1c-c3365aba295e", "comment": "Malware payload (STRRAT)", "value": "66e8f28b57312e236fc4d216872534193d9d1cde", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478359, "uuid": "8bc59cae-5df4-41a2-8ca0-34623b85b76e", "comment": "Malware payload (STRRAT)", "value": "8f49842387f81a1eaef03014d5c7a5d34526514f4084f18b549553e7aeae93adde95a26e7ac3e3f3c12e83fd1a840f53", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478359, "uuid": "4d47785b-3b96-4fe1-8982-3f9bdbfe6e8b", "value": "T1A824017F3EDBC0BDE1138471181AD222BA4C026EA550952F52ED2A898C35EFE1B41DDF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478359, "uuid": "417a3fb4-9bf7-4509-86d2-4589894fdff0", "value": "6144:g++f6Yl8bumbayIlmyhDjaylHz3LLls2KPbzOqm:/+f58bumbay4dam3LLlKzjm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478359, "uuid": "51abb250-96b8-4728-9f62-8ac6c4c41097", "value": 209847, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478359, "uuid": "af629ba6-722e-4d75-a1b5-cc12904ded5e", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478359, "uuid": "b1c74903-6686-453a-9707-d2aa5edefab3", "value": "Maersk Advisory(CHKLST+PL+INV #928430024).jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "451e852d-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478096, "uuid": "91c08742-829d-425b-a49b-c12cac3a5228", "comment": "Malware payload (AgentTesla)", "value": "e34b451fcfb6e90a0c5b53132d2f09c3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478096, "uuid": "e81b5a46-6605-4f3f-8f3e-9af36959aab7", "comment": "Malware payload (AgentTesla)", "value": "a96e05074cd3acbf563b6e88b123197a89260f2c6898f488b2f486c95892a3f5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478096, "uuid": "efb62eb4-544f-4462-9985-e2316607b64c", "comment": "Malware payload (AgentTesla)", "value": "9456ad171e703f1f92b69adc6fdb3d10eac76a19", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478096, "uuid": "cdcd97f4-f008-43d5-89fb-405d241e89e0", "comment": "Malware payload (AgentTesla)", "value": "129ba4f725b89ad9844ab6a4359aea4eca4db18fef3490665e54571a8cf6ce9ffa95e0afdb7d17b79d97edf8bf8546d0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478096, "uuid": "46902dd5-6261-4b8c-99d3-c8c80f4217be", "value": "T151E4F0202BD6C70BC16B0339C4D1C3F0677A9C84B876CA835ED9BD9FB68E7A65351246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478096, "uuid": "6db78cd0-ec1e-4089-a31a-8aa40153f97e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478096, "uuid": "ede09160-04c5-4eb9-9cec-c8d4097a6f01", "value": "12288:D9pg0N/uSfadqd72aFLTeAzjKBQh10Y7Lrd+qa+:Dj7nfJdNFLTDz+aH0Yp+u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478096, "uuid": "ccfc3927-f6e7-480d-9420-c6c08f108bc9", "value": 662016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478096, "uuid": "20dcdc06-9538-42c4-89fd-1f5b9c37fe95", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478096, "uuid": "55c13206-52f6-4b27-a7ae-fde21430d99f", "value": "INV 121-USD-Fortune ocean.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4dfd90b-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684488591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488591, "uuid": "159c5348-1a92-40ef-9b4f-c68d752fe43f", "comment": "Malware payload (AgentTesla)", "value": "a9e1b22f060e5c749e0e7494f7b7060a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488591, "uuid": "7aa0a621-12b6-415b-8d25-d62a6a025375", "comment": "Malware payload (AgentTesla)", "value": "a9c9e0370fb2f43eca748b7b3ae730a1d7ef09cd0d61641530b998576c6ab5a4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488591, "uuid": "724ed2e0-2edb-4449-8229-79e5ee4f723e", "comment": "Malware payload (AgentTesla)", "value": "4989bfe308aa3e6991a614ddc5795f700d047444", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488591, "uuid": "e7f40957-24f2-479b-9b02-7dc552b5aed1", "comment": "Malware payload (AgentTesla)", "value": "283ee91bd8e3f5dcff92d6d0a8ffcf893749075f37f22bcce70ff2fb01413416325b88a468037933230a685768723df0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488591, "uuid": "cec4e972-fd28-4426-bf57-9a53f62e22f3", "value": "T18805CF90A2A48746E9B987F45DB1D9B007B76D9EB435D20F0ED9BCDB33B7B920211903", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488591, "uuid": "38136b0d-d215-48c6-b53c-19de948bee4d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488591, "uuid": "0ecac271-0791-4787-98ad-ff40bc83d7fb", "value": "12288:MVqBj7AKzx4KG0djBO1fwfUlhDYrusXShQSZahcnu15YaAsjTaZ:Iq97AKxjFBO1fwMlhDYrshQSZ9ubmZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488591, "uuid": "a2fe5f70-71a5-4326-9ab8-07852b518d24", "value": 848896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488591, "uuid": "a6e4b6ec-aa81-412a-80ac-77b14626e082", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488591, "uuid": "1fce82ce-1ad8-4231-b07c-a56110fb4a66", "value": "update.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed048c4b-f645-11ed-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1684501570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501570, "uuid": "51fc9bec-7c0f-40a3-a641-f14c8e016be4", "comment": "Malware payload (CoinMiner)", "value": "e80264156b7c26f7495709faa23ffdb7", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501570, "uuid": "f08a3ce6-09b1-450a-bad3-9bacee12b028", "comment": "Malware payload (CoinMiner)", "value": "aa4bbc0296b28232d20ca66e74e55dea3f82ca212db912fbc0825c93403654a9", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501570, "uuid": "db70d1a8-a65c-432e-a710-69246959fbcb", "comment": "Malware payload (CoinMiner)", "value": "5d497c936ee71cc18125793bba524e4832a10789", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501570, "uuid": "e1cd3139-1309-47e4-ae17-26f91576fc3e", "comment": "Malware payload (CoinMiner)", "value": "b41e9c06bee698ce8b365433f10faafa42dae10362bbeeb775e3637453d2516c0f60984cb36849d5959cd3fa4dfd1897", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501570, "uuid": "ea93e209-4929-49bb-9f57-8e27cd9e5c20", "value": "T1789401AD725076DFC86BC472DAA81CA8FB6034BB931B4207906715EDAE4D997CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501570, "uuid": "9eeac8ab-9e57-4d95-9a0e-360246d70a86", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501570, "uuid": "4a47806a-bbba-4f2e-acd3-ddd16cb851db", "value": "12288:9+cpD7KsRbSQ82gxVB5mSNDtdLCXZC/QuQ/g+LjQRohyqBoHCK0iOEfoh4c3QCNo:HpD0b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684501570, "uuid": "cbd1a1a7-7217-44e5-bc3f-25adb89f8a36", "value": 419840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684501570, "uuid": "c9c67d95-00c6-4865-8401-bd06dcf78ae5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501570, "uuid": "9238c2b1-b929-47a7-82e2-fbe2e8f1853d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "971f40a6-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684488971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488971, "uuid": "5fad41da-65e8-4ac6-be61-7250b6ca284b", "comment": "Malware payload (AgentTesla)", "value": "20c6d415aeab1e62493462da5dfb1e19", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488971, "uuid": "a0884225-3764-41aa-a592-e0dbd17282da", "comment": "Malware payload (AgentTesla)", "value": "aa70db95993135d2c03d7dee5e84d027074ddb58310b4f5147aaa52fa0ff14dd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488971, "uuid": "8c120c7e-63b4-4e39-b18c-fed097cc2ba8", "comment": "Malware payload (AgentTesla)", "value": "a69987b7ce01c6d8e58a53aa36034c0db99ca95b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488971, "uuid": "0951c847-3938-4c82-932f-631864db1904", "comment": "Malware payload (AgentTesla)", "value": "a54c079fe05fcbe08c98c3f7ab6652b5f084a871e1d5676bb1ba668ff1cbf94ec3dc9d085faa95aa65492c1e4c3a93ed", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488971, "uuid": "4829d565-1e5c-4518-8d84-d40056c173b5", "value": "T130E4E0302BD9CB0FC06A8374D5D1C2F05776DD95A876C6930FDDBC5FB28A2A62321296", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488971, "uuid": "d2739dc8-5ae1-4ae5-9153-e5f0c4db5967", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488971, "uuid": "f489c627-f41b-4ef6-a95a-48b633f952b3", "value": "12288:G+sgYasNMjMyZtdwAMhjTbRkjBZxY87pPhLhvhqO:G1DTCMyJwDhbOjBZxY87pplpv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488971, "uuid": "df2515af-d734-402e-ad1a-fe115332c591", "value": 662528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488971, "uuid": "45a5a6de-6059-401f-809b-8b53744bd554", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488971, "uuid": "0525ad9a-d5af-4541-92f6-ec329eab3bcd", "value": "Swift Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "249ece87-f63e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684498228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498228, "uuid": "825895e3-7e1c-43ef-bb42-36f1fc19f951", "comment": "Malware payload (AgentTesla)", "value": "0e06a0f67647db74c0b6719b6c892f2a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498228, "uuid": "f1627580-b445-447a-b48e-f4b81170aac9", "comment": "Malware payload (AgentTesla)", "value": "aafc668d03f2fa59132b86a640f41eac2d2221053152524d99fcc61b7a56c5e4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498228, "uuid": "1ed893cf-ced4-4400-86b4-c8022598b321", "comment": "Malware payload (AgentTesla)", "value": "da7c7f0abaa2044c031c3916154fc19405fbcc74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684498228, "uuid": "2f2accab-7b93-49c1-9ba6-0ceeaee07a2d", "comment": "Malware payload (AgentTesla)", "value": "bb2361549b07ef2543ba61a34d8b45674b73d5324c0b98247249c01c836e5d67b61d1916d57699e5b2e61cdfb675c75c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498228, "uuid": "dc9f30b7-eb35-4727-bd17-91a11f93cbeb", "value": "T10D441224A6CCD627E9A707317D7509B6BFF5AA199065874B13806D8AB433382DD0F363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498228, "uuid": "9469673f-c922-4d6b-bff0-b7843d54e730", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498228, "uuid": "fa4e326e-5dee-4e9a-aeb2-f7cb770f21d8", "value": "6144:vYa6C8IkNwFnB8Qc4wa25gd+iwzSp4nxs+fcTws3R:vYk8IrFnTc4b25biCSWu+UcmR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684498228, "uuid": "d9510b40-d28e-4ef4-a896-1932a8b37642", "value": 272656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684498228, "uuid": "fde81b35-77cf-4464-9af6-04ac5babfa76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684498228, "uuid": "888ba365-9636-40d4-b620-7a5438aa9c02", "value": "watcher.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00a61539-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684488289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488289, "uuid": "f94ce207-6261-42b3-b1af-51302612e6ab", "comment": "Malware payload", "value": "2a7bd91cd742426a77c9c744b449ee84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488289, "uuid": "b24fed84-2afb-4606-95f0-bdfbd6e9b1e4", "comment": "Malware payload", "value": "ab08b3b1fe0ef92d0f112ab2d85303ce7cb12f1c06cda7e288c403e6d9c6312e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488289, "uuid": "c34f79c4-5e05-4261-9e6a-2ac46878da35", "comment": "Malware payload", "value": "ef3bea6519980767b272ec5baf79d153ff0c0a7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488289, "uuid": "05715e19-0f9f-4cf1-9160-c802e2dda53a", "comment": "Malware payload", "value": "d2a3bb5434cd1d00cf1cc1ca2a05b832a3530d1e33ab949d4d8a458fae0b9fff17d213772b1229a264960190b92df73b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488289, "uuid": "15d2ee88-d43f-46cd-86e7-3a47fa97e03e", "value": "T1C14538243DFA502AB173EFA98BE475E6DA6FB7733B07645D10A003864723981EDC153A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488289, "uuid": "90c8dadb-2ba3-484d-bdda-58329a7c9c1c", "value": "12288:VLhIlti7/gmmAPanezgj9SliYwxA/t7CzSAx7dVREbmf+XXGG57qY4HW0RDLvql/:VLhhaeKcidG5IMJilsnsp2xp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488289, "uuid": "4788257d-6323-4ea9-93db-70c3963034a4", "value": 1246208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488289, "uuid": "d17bc485-2850-40eb-9854-eccf31f6cb5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488289, "uuid": "e5d799b4-fb79-4d42-b778-48ab30668d0e", "value": "new_order_list_1805020230000000000000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c29ec13-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684533996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533996, "uuid": "290d3436-ee70-4a0d-a2db-d46bb9cd51a3", "comment": "Malware payload", "value": "759ea752b39a25d62d35bb517ceb6e06", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533996, "uuid": "d0744a87-4107-43e7-93ae-2ff07fb1fa6c", "comment": "Malware payload", "value": "ab1854be16807fe37a5958677871926e35f6e4fff9c13a532f175b23aee30aef", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533996, "uuid": "1284bf6c-a534-4d50-ae16-e3081cc529d5", "comment": "Malware payload", "value": "071acb09cb7b6b5343d339d7dd5aa7ccf8779911", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533996, "uuid": "b1fbf876-d222-474c-8bdb-38d20362a9bf", "comment": "Malware payload", "value": "0fc287f259fbf8db42500de333f679c219e2d2e2dc2b307817c61458d7d86fcb3c309e7d7eb4743b8cb7e86521b6bbb0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533996, "uuid": "31b126e2-1729-47cf-bba3-e9b5f154be3e", "value": "T184364C87B8924682C4E4367ABC7D41D473B34EB99B9713666D04FE3C3ABE1A90E35314", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533996, "uuid": "1e166a17-eb77-4d9c-a400-130479ed6b36", "value": "49152:94hW9DuzBB1Lf5bQN4m9Dk3Lkmopv1ktVI1h:94hW9mB1Lf5j6kc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533996, "uuid": "a9d31482-fbe6-439f-9a3f-70d9d7db14d2", "value": 5242880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533996, "uuid": "8d8c5475-8d67-457c-a1f4-5dfffe752c07", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533996, "uuid": "b06059bf-f47c-476e-934e-aedbf1b2095a", "value": "759ea752b39a25d62d35bb517ceb6e06", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa5f5f5c-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684486856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486856, "uuid": "980fa1e5-c23a-48be-80bf-1c37b9d36c70", "comment": "Malware payload (AgentTesla)", "value": "22a173e9aed6e33c070a55b7ac78f7dd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486856, "uuid": "6592445d-58e6-4563-ba9d-45a0d50fd5c6", "comment": "Malware payload (AgentTesla)", "value": "ab8a0181d0835a210e35819cd3e2220e5d683e67eb5678d574ae8f168bba965e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486856, "uuid": "cbb031d1-295a-4ab8-8c21-ba94e67061d1", "comment": "Malware payload (AgentTesla)", "value": "8b2e76995034a4c9691817bd870d8a18bc0baae7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486856, "uuid": "d53355fa-c902-492a-9284-b99cfb86c416", "comment": "Malware payload (AgentTesla)", "value": "5c31fd165c15ac8a48e8cd751506a2cbd43479a2ee84cfcec4c8b48fa1034021508e43701daf63b0d73b87cd5d6dd8d7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486856, "uuid": "b26585f7-2329-4ccd-b247-47414615aa31", "value": "T10815E05126A88F05E276ABF952B1E53443B63C11F726D2195DE02CDB3DBAF813B01B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486856, "uuid": "32683485-b664-4904-ab3c-63480e2b423e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486856, "uuid": "4e62e876-df8d-477c-adb4-56745a327dfc", "value": "24576:0Dj8P0HeHSoreI8d5mOQXIZPsIMTfOs+5d6a+op6L:JP0+HSNIo5mOQXICI5sVo0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486856, "uuid": "9ebe488d-abfe-4781-a81a-d369860fde56", "value": 911360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486856, "uuid": "660b5711-ec03-4b03-9827-93ce1a10f3cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486856, "uuid": "6b9da9b0-42fd-4f8e-877d-ba2a4cce3574", "value": "DB_DHL_AWB_001833023AD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fe65517-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513789, "uuid": "e4f4f2d9-fdb6-4154-8bbe-e98690e66ef1", "comment": "Malware payload (Mirai)", "value": "bd1825b6ca7e4a667dd663fd5f29e8af", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513789, "uuid": "88a803d8-7113-4359-9fcb-4b1e1a2348e3", "comment": "Malware payload (Mirai)", "value": "ac692e886431e30567b24f77298a7d5e914d219d0ddfe64b73fe44923f303881", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513789, "uuid": "68115b70-86b5-477b-b257-c648dbd00c78", "comment": "Malware payload (Mirai)", "value": "1e5100b27a593520713f3e46cef103de5ff7a51f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513789, "uuid": "94fdc39d-830f-4ca2-b66f-b1681b2a1767", "comment": "Malware payload (Mirai)", "value": "d05cd941122166f3d962aff3d9d93b8e86947b59767d068d68fafb691827cf8e7fa91880d735b9ee8ba2aa3012ab2ecf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513789, "uuid": "6c399fdc-5f48-42cf-9777-99d3291819e7", "value": "T1F2F33B56E6818A13C0D6177EFADF42493333A75493DB33069924ABB43FC67AE0E67502", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513789, "uuid": "981a1bc4-4cee-482c-a711-cd35f3c71f1b", "value": "3072:vICXhqf5QGj3vzaBV4dxG0Xhj9sWn7Rwrq5SM/9kCnRUR8mPp86nX:nK2GLzaBV4dxGih5VwrqIM/9VRUR8mPB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513789, "uuid": "f6efaa40-0ad3-45eb-a397-f433f5b541b1", "value": 165391, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513789, "uuid": "bd623ad9-b3fe-4c8c-9106-65f915710968", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513789, "uuid": "501df7de-8e56-4171-bd88-186c6d0c7b7d", "value": "bd1825b6ca7e4a667dd663fd5f29e8af", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fe8308f-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475671, "uuid": "b311acf1-9805-416f-89e9-8e009f3ca35d", "comment": "Malware payload (AgentTesla)", "value": "bbae0c7d0804643a5d710131e629a519", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475671, "uuid": "141d7a7c-6097-473b-8cb3-5773db52a0be", "comment": "Malware payload (AgentTesla)", "value": "ac6a849b971dc3d473ab5599971709c1e49cb12e0419388f4cced946d8d66d65", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475671, "uuid": "ef71cd08-2ed4-4500-9048-fa5f311e612f", "comment": "Malware payload (AgentTesla)", "value": "6f8a278f4268f123f592d66f3ebfce1b17de4fda", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475671, "uuid": "24451922-789b-4ec2-91c7-75ed51c0a366", "comment": "Malware payload (AgentTesla)", "value": "9302a7d4f6928f2e01a9ecce0f99ac6450527fb5ca1c087d1a724c3955be7ace80786fa83d73167381cb36d23a1dd5d4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475671, "uuid": "9977cec0-c63f-42bc-8f13-83cb88632438", "value": "T1D5D59EB10A93EEC7E37F2E74D02415808C74543FAB6DA71CBCC5299647D8798DE892B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475671, "uuid": "a7713834-3cc9-419b-b76b-6124ba2d0f44", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475671, "uuid": "0d5f3242-9caa-439d-89d7-bee65b27747c", "value": "24576:yYMbPimFLFMPan6d7niZayr4SKX9Ot09OX7l348A5NyTmHax1MBSW1z3Pj+6QKOY:gJLA7niZat6xKBTz9qHiZDbBxjO4tE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475671, "uuid": "ab5998fd-924a-4c07-a398-10967b3a4293", "value": 2996736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475671, "uuid": "82248148-69f9-4397-9923-957d7af42d12", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475671, "uuid": "2899510d-ba8b-4aba-b36a-2265f3da0976", "value": "ORDER-231703.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d384b2de-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684528156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528156, "uuid": "06ba9078-e785-4312-b8e8-3fe2d282c6e6", "comment": "Malware payload", "value": "5c50aef6f552ec3fb35d14103ed3e852", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528156, "uuid": "a8fcfe03-b791-48f9-9454-92c43de79d1d", "comment": "Malware payload", "value": "ac89fbb04bb88ce48ed68afc5671eae51c26dbf15f6a34b41ab2ee0812abdfd0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528156, "uuid": "fd05c957-1578-48ca-9130-98be9e888247", "comment": "Malware payload", "value": "1a8b436ab5784c2a753c8c78a9844acc2c7b967f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528156, "uuid": "af083a27-888b-461a-b6fe-07c36d881d5c", "comment": "Malware payload", "value": "3c00812686feaa34db3e1e689256dc6db150ab9f866a00614e32efabe0ece78c133312a03ffc3dd005e8f0e092179f0e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528156, "uuid": "7a2b19cb-ff77-4572-a784-3648f4fa2784", "value": "T128F232593D229FFEF6ADC6304B738A306698339126E0D588F65DD6081E7030E656F7E8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528156, "uuid": "cafd0784-a990-404c-9685-c72b797484ed", "value": "768:ltgqtsgNlkiLk7Zx1R5lQ8/WPipN69rPCK3QGM5+f6G644ex6TeqrkD:lvaiYlrR5m8/WPiitCji6cx4wD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528156, "uuid": "a7572857-53d7-421f-8b34-38df00d5f11c", "value": 35304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528156, "uuid": "406b5ef7-9ea3-4ede-a3ba-1117d61de61d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528156, "uuid": "8f1e73b0-dd56-4979-8392-73946ca91642", "value": "5c50aef6f552ec3fb35d14103ed3e852", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18dc61f2-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684525696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525696, "uuid": "e96cc4a9-f0a1-4e2f-933f-054099cf6e2c", "comment": "Malware payload", "value": "02db9d3c933c3ae9b2dffa011f6b910d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525696, "uuid": "7baef636-33fb-4c28-a33f-934c16c156bd", "comment": "Malware payload", "value": "ad0f3bc3df818fae7aeb848f9ca270d8c124ad314922b7a0d8f7dc33c6434ea4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525696, "uuid": "423dfbaf-cba7-4f96-a78d-b88d65d1ecb7", "comment": "Malware payload", "value": "d23f594435b0118d769b07d1ab5073ceb2437e24", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525696, "uuid": "16e2e53d-e93c-41ef-8ac8-d6375199e8f9", "comment": "Malware payload", "value": "8b3a69a343c02985ce08315010960b28d7611518d1178a11a07869fc01bfddf2b1c500a4ec3daae60cad79b4c3588ebc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525696, "uuid": "5af756c3-2808-4d97-8e4b-f86ccb8428f0", "value": "T13E358F07FF90EDABC05D8E744DE7C31612C5D1965941032F73648A8CBFAB3A98E93698", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525696, "uuid": "ceef5f4e-aaad-4205-8705-e482c908840b", "value": "12288:v0gZjw/mGyri7g8Nyllxm+KYCy1aPrfWf47b/d+qdeaQklaHhmM7tL+GSPlXJZru:VETLPAFHcMJ6l5ZZVtKAi3YKhAxtK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525696, "uuid": "e28f5e8d-6c43-41f4-b85f-b66a1f124f5c", "value": 1156461, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525696, "uuid": "3b02cbae-058d-400c-ac5d-5b0765e02b54", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525696, "uuid": "21a45332-4ead-42be-a277-e16df792dc24", "value": "02db9d3c933c3ae9b2dffa011f6b910d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dead9df6-f65c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684511425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511425, "uuid": "1e6ceaa2-404c-4abe-b88a-ef963ff7cfe9", "comment": "Malware payload (Loki)", "value": "d2a3484ce07b75a18c00482bcd33a4d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511425, "uuid": "6dca4ef2-76f1-4d08-a7a6-a2efbf8c6d69", "comment": "Malware payload (Loki)", "value": "ad3713bf3d97944f7a58efd8469c7c1a55c7e43350deb98f18761b74e62dfbbc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511425, "uuid": "f1ad73b2-80ee-4ff8-a9cf-bda574739b43", "comment": "Malware payload (Loki)", "value": "3221d4ff6592fbd65197467524158d1c76f96126", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511425, "uuid": "d73ded43-ae3a-4367-bbce-663a23f8e39b", "comment": "Malware payload (Loki)", "value": "11c2c21c09701e0551438a66f6a4ebd1447397b3ebdd442c8d1f918c6a6bd55a6e538c54b8060d6cb292ebfc5754a921", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511425, "uuid": "6e28387a-18ce-41fd-9b21-f569d73be722", "value": "T116C4CF2832D0E29FC417C635C5E0DEB0A720ADA6A317C60356DB6D5FF64E5EB8F211A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511425, "uuid": "5dcef4af-31cc-4aa5-9b23-5a18c8515883", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511425, "uuid": "ee037505-bf50-4d57-9a06-1dfda6332b27", "value": "12288:jf2pBI2jsScxurtOJthGmE8gxH3Kntfm3YM/Y+bEZ:jObJcxucLoKk3L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684511425, "uuid": "c7ba3812-4146-483c-9f1a-dcbabe12cbe0", "value": 592896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684511425, "uuid": "56966680-6fc8-425a-8233-9b1dea218c78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511425, "uuid": "42c62f2a-8919-4c1c-a3dd-e0a89787db87", "value": "S8XO18BYFuyKcjo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd3098f5-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516147, "uuid": "d3c7eeae-25ca-449a-92ba-6920e67fbc44", "comment": "Malware payload (RedLineStealer)", "value": "907f387db102346c5552e50cac7fc208", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516147, "uuid": "9e6a3a0a-359c-4b41-bb61-35d3f5caef12", "comment": "Malware payload (RedLineStealer)", "value": "ad48a93aa8e8f74fec35a9db4a01791ededb4854cab71d98557fb3ea08a85206", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516147, "uuid": "812f25c8-4d1c-4acf-a8e3-ce0af0a90af7", "comment": "Malware payload (RedLineStealer)", "value": "90cfcae828185ee88a021dbf8db51825bfeb525e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516147, "uuid": "310f1b28-9ba8-46bb-bdb5-8d5a007b167a", "comment": "Malware payload (RedLineStealer)", "value": "ff8cc18bd3c173e66c0a707cdad4c80b1949b34067cd527d32c53cbc1e58e367fab529db86036218bfa03b8c7d27f45b", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516147, "uuid": "5f3d058c-ac65-45a9-b3b2-515a4f15ca97", "value": "T12C252393E3D9E073DEF11B7054FA13D71A7BBC620825925B278A64B61CB1280B53633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516147, "uuid": "ec44cd8e-93f4-429e-8ccd-8a7957303bbb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516147, "uuid": "b91adc4f-1153-46b3-b79a-ce7d4e18741c", "value": "24576:TAylIxllcL0J/x4wph1gg9YxI2W1chnskF:TH2zc08wV2Wb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516147, "uuid": "78f2083f-11fa-4dd1-a0ed-623c452ab241", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516147, "uuid": "bf15bf1b-f7c3-4a3e-aabb-f2126b9d5b8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516147, "uuid": "b6b4c6b3-9c06-4121-a42d-586ce12b2d29", "value": "translator.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ed8e295-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684486809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486809, "uuid": "78866213-1890-4b2f-b4ac-5d0579438ef6", "comment": "Malware payload (Loki)", "value": "4d05c10b6ba4bf4e4db1c49232f2e144", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486809, "uuid": "45d8dfe0-05c6-4388-89c9-79c47fcb0195", "comment": "Malware payload (Loki)", "value": "ad4b09d5bd45cb28e02d15b16313813aac8db083363be6aa81d2d6e53ed97a9a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486809, "uuid": "68d659b5-8f15-4ad5-8366-9ea322b1fdf2", "comment": "Malware payload (Loki)", "value": "5fc04dc09b48b73e0aad744d8a511a9ca3d06e7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486809, "uuid": "df54744f-e002-4795-aaa1-7f3412f909e8", "comment": "Malware payload (Loki)", "value": "c0ed78c09bed8879b1b37a0be853f12c6a85a8442e848b696b15d4ce8fe99c86c07d20b79c727211174340824edcd8cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486809, "uuid": "08a9e9cb-7cf1-4614-9c58-e43ab14ba6ff", "value": "T14305D05036A88F55E1766BF95272E13883B12C25E72BD3185DE02CDB3D76F822B01B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486809, "uuid": "4f000ab9-dd72-44a0-af5f-06e7b91933c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486809, "uuid": "5ee21982-01ec-480f-a243-d4aea205b9d6", "value": "12288:L0oHJLpNaPn0YPX/N8j7rtQirUu8/hs97oo4gJNgzNqAAvXHdWXXkGIqfn8ySTLF:woH8P03fpFA/yCBSgcHv82mnbSTL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486809, "uuid": "09516982-9d7e-4856-a579-bab7eb49e2b4", "value": 846848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486809, "uuid": "b9ae44b6-7bae-4cc6-b95f-84eb4a6aea79", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486809, "uuid": "fc9c402b-9964-4eda-a5d7-558c1656f569", "value": "Kimball Electronics PO NO4503269204.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1fec2da-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531643, "uuid": "6a330ebb-0dab-4594-9f9b-b7a0ef8fc6d2", "comment": "Malware payload (Mirai)", "value": "b14f0874c327d910a4d8627256553e5a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531643, "uuid": "c25d30bb-66d0-4ed3-a326-0efbf2da1eda", "comment": "Malware payload (Mirai)", "value": "adda10be82d33ed836df4db9118dec7ae1cfab357e26f110828c5c1ded30265e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531643, "uuid": "7154c814-e20f-4819-a905-28a842299b07", "comment": "Malware payload (Mirai)", "value": "627fd2a89ba94f89dbc24946a20f61b297bfc0b9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531643, "uuid": "309c0925-47d9-4d14-bedf-29a9cff53180", "comment": "Malware payload (Mirai)", "value": "5269c786ddaab5d4c7a73ce73b4ad27ff04de3f147d1c67e4a961d1944422f11556b822968a090e54daa0834228c0832", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531643, "uuid": "966f71ed-2524-44b7-94ca-c7227b7a53d1", "value": "T144E308D7F900D9F6F80AE73708570809B230B7E649926A737257343EED3A18A1577E86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531643, "uuid": "d395847c-1ea7-4a2a-9085-c7a7d2756801", "value": "3072:ONMBlFcZoVqaIpKoyjILZsrQF4bF2fVFoFVqjbiOLp5gvtxJ3q+HQV:OC5klvyjqZsrQF4+FouLcvJ3q+HQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531643, "uuid": "1a8256c2-5c95-494f-98be-11243c85ce69", "value": 152280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531643, "uuid": "5a1cd622-2cad-4cb6-846b-656afaa52d98", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531643, "uuid": "f244d9c3-2403-4757-9e50-5affe186bf0c", "value": "b14f0874c327d910a4d8627256553e5a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06dd39b1-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684477991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477991, "uuid": "d888a169-34f5-4a4a-8341-59d867e31132", "comment": "Malware payload (AgentTesla)", "value": "b5962dc2702381a0dd0b1a313573d43d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477991, "uuid": "a7f91f97-bd54-4f01-941f-af571427b051", "comment": "Malware payload (AgentTesla)", "value": "addce3e25d10951bed21ec5f58d1e5516ba9adaa62504e06fe981026159c0c64", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477991, "uuid": "882c770d-e968-4325-813d-e411ea5dd12c", "comment": "Malware payload (AgentTesla)", "value": "6eb8416225d40f01c052c6c4e7a6444a57598a48", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477991, "uuid": "84b4c076-083e-45dc-ad33-fe22ea87c231", "comment": "Malware payload (AgentTesla)", "value": "46dce55de4731b349df532ffe4528254393acf8d7a8130d8b30c91826a7390aafdbf4c4a83948316ef732b4453935d1d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477991, "uuid": "fd3414d6-5222-48a7-b3da-ce73707ed707", "value": "T175E22B5EE79F02A48F511376271B0E89AABDB23EF3505571386C933433D9C390666ABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477991, "uuid": "9430de56-4e9d-4da9-8dfc-537802ed8568", "value": "768:3bFx0XaIsnPRIa4fwJM7Czyy1P6Bbh4dGJz:3bf0Xvx3EM7m1yBb2dG9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477991, "uuid": "d34ee230-0c67-4419-a4db-2a88daa30bf5", "value": 31784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477991, "uuid": "c3455677-b8c9-4255-bd4a-bfea6da7bdec", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477991, "uuid": "bbf499c1-3535-40b9-a435-43377ca984d6", "value": "payment.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3296bf5e-f649-11ed-b3cf-42010a9c0076", "comment": "Malware payload (WSHRAT)", "timestamp": 1684502976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502976, "uuid": "ed4b9e0a-0302-49ae-a4a3-4b5f0052c3f5", "comment": "Malware payload (WSHRAT)", "value": "0d9dbbce1cc0b89b22225bd6cdc6a67a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502976, "uuid": "7b470df2-9272-461d-a00a-1fa461b59c4f", "comment": "Malware payload (WSHRAT)", "value": "ae401add3e6d11019f5bb30c106b7a8fa4d1a93bce47208e4e736e09d1faebdd", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502976, "uuid": "70acca05-874d-46cf-b90a-72d7593b3ae2", "comment": "Malware payload (WSHRAT)", "value": "04223db348fe531a15a961cf0e26f9b8257af986", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684502976, "uuid": "baec6fdb-5399-474b-83ab-68d69b327020", "comment": "Malware payload (WSHRAT)", "value": "69e6aa987697d35f54c451318182a907a7ee98acb334d761f783a7fb568321696806ee4b3b976e4572bbabc29f79cf47", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502976, "uuid": "a483f43a-98dd-4691-8f99-05bb9ab60349", "value": "T1DD2506C0A9E9662EF7E3E42DC351BB32F47070231D929E487E84D7459F67C509DB8A22", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502976, "uuid": "8a7162c1-0f1f-4778-b904-fd8ad848b68b", "value": "3072:QQO7VS2G9XYK9oMvjNvyi+xf2yEoal/Wjzy94CDd:QQO7VS2G9XYK9oMh+K3l7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684502976, "uuid": "06abb37d-a361-4c02-a514-31ee5135c2e2", "value": 1037813, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684502976, "uuid": "bc72bd05-d99a-4caa-9faf-cca1652e6f20", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684502976, "uuid": "327692f1-b8ba-49e3-8ab2-a8f7b0c51a5d", "value": "Purchase Invoice.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cfecac5-f650-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1684506053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506053, "uuid": "7b053a1f-f780-4044-92d5-6f19106886d0", "comment": "Malware payload (NanoCore)", "value": "8d3b86cd2035fd3054f808b5624a1abb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506053, "uuid": "8a3d5fa4-a2ab-4026-ad12-f1f7d2f109e2", "comment": "Malware payload (NanoCore)", "value": "ae587b9866ee9e04f89c0280b50a7fd993425f8d37bb8b97eef8a88fe1fe9910", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506053, "uuid": "bf9ec76e-87e7-4178-9f09-56a9dbf55047", "comment": "Malware payload (NanoCore)", "value": "760b93fe709a4ab2f8cf4742350446a3383e908a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506053, "uuid": "05328c2c-c332-4bd3-ad48-e8c22a402155", "comment": "Malware payload (NanoCore)", "value": "b79dc7cda4b094f6f90af1c089acd67296d5791541347a0be36b9ee3f345c0b39ef039284ec5704e0d8df5c283568aa3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506053, "uuid": "e2e208ee-56ca-45cc-b8b4-721d901ce361", "value": "T16CD4F165A1FA1BA7C3B983F505A426410BB475E77C27CA3C5DDE24C9EA43F0118ACAD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506053, "uuid": "a57b7b09-fc03-4356-98c2-b305e046edcd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506053, "uuid": "84dc7487-3b94-4092-b431-d10fc4ea6bdd", "value": "12288:IcysSd++oh6vnru5bcbADrIKg2OcJBra2ZDbeuDkH49hiS:G+svnack47KU2ZDx3+S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684506053, "uuid": "26887847-18d0-4f94-936c-123709daa184", "value": 645632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684506053, "uuid": "9d390880-af95-41c7-9235-0819021c1f5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506053, "uuid": "1d6ce676-b089-4844-a702-6797776278b9", "value": "8d3b86cd2035fd3054f808b5624a1abb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70a13c1d-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684515965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515965, "uuid": "965b0662-ef12-495b-855f-5147b0b7b14e", "comment": "Malware payload (Amadey)", "value": "1dca176ed8fa27fa72e809c1619424cf", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515965, "uuid": "2421654e-06fb-4392-ba89-64f4a94b8a7f", "comment": "Malware payload (Amadey)", "value": "aed453ca13a4384da3ca62bb1eec4f3f6ec9927e1e5ff538d50f2bf055a6d9b6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515965, "uuid": "db3baea5-161b-4b74-8851-4c7aa4a8576e", "comment": "Malware payload (Amadey)", "value": "2945b4c3127b4e7bd561492dcf5087ab39547047", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515965, "uuid": "749cf1cf-03dc-49bc-8999-e9fe6c2a20d6", "comment": "Malware payload (Amadey)", "value": "1bc7575628698d3f0c01874b6fe8e49f8da04128c10ffb25ccc8f6952ca64964baff1e459ca23f9c32709b69b2b08e32", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515965, "uuid": "7e9272fd-2fb3-4ac1-9ca1-6992587f7eb5", "value": "T12E252393E7E49461FCB65B7058F616D70736BCB19D78C36B270258AF0973280A87271B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515965, "uuid": "6217a3a5-5114-4764-96b8-a695c6896ee4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515965, "uuid": "422e538b-3405-413d-985d-7d0a72f31f70", "value": "24576:8yYAtiSfaVMtJPwU2YBBLJJxKbSjbELC43fM/t1QbTpRyZYy:rDiioEhwU2kLJPKb4EW67bTpRy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515965, "uuid": "9bbf6aca-c236-4813-bac8-af51a0a74b4e", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515965, "uuid": "8cb5d52f-471c-4b3b-8f7e-767e5da657c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515965, "uuid": "cc71d6fe-2c5f-4623-aaa2-14430241a4f8", "value": "526.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9de5e1c-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684488626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488626, "uuid": "79f42a17-8ceb-49f5-a36c-72321d95b46c", "comment": "Malware payload (AgentTesla)", "value": "82cec3780d5f8cc4387cc869bc497c32", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488626, "uuid": "46ad8a34-b521-4cf9-937d-8adeb5b81432", "comment": "Malware payload (AgentTesla)", "value": "affbd34bdaf31dc32de0d83100925f880bea333c43dcaf0646cc5bd57e17066b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488626, "uuid": "927fdf6f-2c64-4d31-a7dd-0187bc0723bc", "comment": "Malware payload (AgentTesla)", "value": "ae221d9d0cd8e21beb73a7dddcc293115073c2d9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488626, "uuid": "a42a8038-0d60-4fc1-8122-de42185161d8", "comment": "Malware payload (AgentTesla)", "value": "143bcee8e20a7a0952209e2c0b2c1064728986e8d814fbe00df9f0055f548bedf61c758968d7e32cadd14dadbc16c22c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488626, "uuid": "1db2eae9-acee-4f30-8a27-47aa4461a0ff", "value": "T1A2E4D01422F49B46D5BA83F45CE0E2F02BF59D99B43AC24B0ED5FCDB729AB910750A13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488626, "uuid": "4b6c7731-33bd-4db3-8654-929382adcd09", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488626, "uuid": "8cc3d3b6-45f0-40e9-aecd-8e579e9eb180", "value": "12288:bqBldtutNS96DQ3EQ2QZ2Rmp1qe+FhC0o2r7d2ze2p:bqbUS96DQ0Q1Z2Ra1q3Bfd2D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488626, "uuid": "ad17e329-eddb-40d0-bf44-bb9a8478ce22", "value": 707584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488626, "uuid": "d3dc844f-4042-4ebd-8ec2-56c3193fdcaa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488626, "uuid": "0a9ea447-ce06-4919-b1f9-e7f20ccec602", "value": "Invoice and packing list.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d189a2f-f630-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684492229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492229, "uuid": "3aeb90de-fbe4-49d4-aeee-5ca736a8d195", "comment": "Malware payload (NetSupport)", "value": "17c5a888be9683cb470eb74a3c32f1e8", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492229, "uuid": "cdeaab45-17a5-4505-b09a-d2baa655a660", "comment": "Malware payload (NetSupport)", "value": "b08eaf005a4b749c56569cbeed98ce721676fde4763a147bbe3ad0e5d4be4327", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492229, "uuid": "b9e392c3-ac5a-4d39-aa40-8dc70f4caa5f", "comment": "Malware payload (NetSupport)", "value": "0334edd38ccf557929c37e4cbd714c09aaa94a08", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492229, "uuid": "8735c551-35d0-4d33-9a7c-6b62e3c9a8b5", "comment": "Malware payload (NetSupport)", "value": "38401afd1634e2beca15e85113126ea7871fed775c31c86c9d58596f55bd8fcefd1b70221713b1379cd696145e18191d", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492229, "uuid": "0cdfe916-58c0-4901-9423-0cc46e56d124", "value": "T104A533262F8203B3742794AEE5707F110408973DB2BE787366263DA7787B375A345AD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492229, "uuid": "315629ed-da0e-43c4-9719-4dc2c92321cb", "value": "49152:6Q6J3WM202p5GutgAJuIxyxWCIZsS85PWZ5FvcBv:p89i7JDmWgzP+Uv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492229, "uuid": "3a117f72-b000-4135-bf75-f684cff25437", "value": 2265763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492229, "uuid": "96985b32-e191-431f-bee4-aed18c8e36d8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492229, "uuid": "0403e706-c946-4865-b398-946da323c020", "value": "6464a1ad4e9b8.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5704a595-f657-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684509050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509050, "uuid": "5f473d10-4693-4815-9228-46a58b64e5a4", "comment": "Malware payload (Amadey)", "value": "a9837a1c9845842996fbc5d579c8051c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509050, "uuid": "1a955516-6d97-4d58-895b-4acb8670e766", "comment": "Malware payload (Amadey)", "value": "b0bc783e23acb38ad8bf6a556023e44488a076cf468f536d20271487a0ac3816", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509050, "uuid": "1ebfe69e-7475-490c-88f6-c5ba075d98e8", "comment": "Malware payload (Amadey)", "value": "387463cd8dce0c6f16193d2cbb12c53e81910568", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509050, "uuid": "520de9ed-1a61-4b17-9bea-9c473491ce92", "comment": "Malware payload (Amadey)", "value": "9322b6abf206c6f9c2ff22ef50fed6b4fa5625b03351499a08a30170f2bdf7125a6f87970adb2dbbb5f4efb7c840d9a0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509050, "uuid": "966f3058-f0ab-4322-b91c-14df26b457c6", "value": "T1C5252313BBDA5021D8F517B264FB06871B347D129CB853AB278A6D4E0CF28D06576B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509050, "uuid": "8456afd2-9e3b-4144-a3d4-da20df35193e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509050, "uuid": "63032144-2c53-41eb-a2b4-5cf23d689500", "value": "24576:syyQCB3HbEhf6V71YED8nhkkpfw7ZuVb8/5rRUvN1yQCa:bQNjV71YE8nukC7Zu6hrRUVDC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684509050, "uuid": "af3799b7-3baa-4390-85cc-c5517a4f6165", "value": 1044480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684509050, "uuid": "b3864db5-529c-49df-ac26-03521b188c7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509050, "uuid": "59c92cf7-e731-4842-8ef0-eb90fbe676d8", "value": "a9837a1c9845842996fbc5d579c8051c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fde0dc59-f68b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684531663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531663, "uuid": "9e6681db-d30b-4030-b0ae-11108293bc8f", "comment": "Malware payload", "value": "7e4722db2c4b1fe1087c70fe75a4d823", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531663, "uuid": "c9ab42c2-77e3-4c45-ab06-11b08767e773", "comment": "Malware payload", "value": "b13d692c6b9ec960505a38bc0e21aa6f03162016dff6d996e22470c617c425d0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531663, "uuid": "b59700ec-3f17-4866-9aa6-b003aa0a7e7e", "comment": "Malware payload", "value": "314eee0b5172f3eac990ae5772e0db198344b5b8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531663, "uuid": "d514e66c-1645-4e5d-8160-f7a13e813749", "comment": "Malware payload", "value": "2d65e01704cf975cb2b1ffc30f43125b6d4fc4157e9909e49b0e050478633aa37b2c3bae889eb7e5f08e615fb765a834", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531663, "uuid": "eed3c0f4-3d55-4535-8156-3ad9030eda06", "value": "T101436B84E643DCB2D8171670147BAF37BA76E2E91224E746D3A8A736EC51702E017EDC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531663, "uuid": "623783ef-772d-4f09-9892-0c697c77dc92", "value": "1536:BF14yTUx6AhcHIOROP1vEqRaSblcMUiBVFrVcwbZnm:B/4yTUxdaIOgP1sqRt5cMlrHcwbZnm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531663, "uuid": "f6885520-2747-48b8-a949-a452dac5b89a", "value": 59088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531663, "uuid": "abf81272-514d-4f44-9f8e-5b4e4bcbd08f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531663, "uuid": "3a5a22e5-4b6a-45bd-86f1-72a67011a6ba", "value": "7e4722db2c4b1fe1087c70fe75a4d823", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3962c609-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1684488384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488384, "uuid": "0b23cca6-c1cc-4d2d-b2a1-9c0e0845fea5", "comment": "Malware payload (ModiLoader)", "value": "4e716d0e8ada759403d79c9d9c5de4c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488384, "uuid": "164b0e81-51db-40ea-ae5e-dd00e718f509", "comment": "Malware payload (ModiLoader)", "value": "b1aec011f8cf2219852c6094d67063dbaf74640e9c0185097e1f0cb59ae3ffa2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488384, "uuid": "53642d94-11e0-4c06-9d55-a11164cdf45f", "comment": "Malware payload (ModiLoader)", "value": "69b6cba3665603a4b9ab3be81157502015c6a14d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488384, "uuid": "12558fbb-a368-4101-9309-3088e55816a5", "comment": "Malware payload (ModiLoader)", "value": "166ea4cb65505afe439ea308c69d565ff79c5666309dcff3fa53fdd84b97221159a1e992cd2e5dffb1acb9a4164ab272", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488384, "uuid": "5010ea45-01bd-4a8e-90e4-7b231d441924", "value": "T15405AE1AB2D29933D0A3673C6C269704641CBF24197BF95A37E9BA6CCB326433D11E17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488384, "uuid": "033b1fc5-f598-455b-a468-11cbbc253255", "value": "b994e2b35fac0eca9b95949a165480a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488384, "uuid": "bdd180b8-bd6b-4477-be57-a3dfe5e8e0ce", "value": "12288:IEaSIJxsS4ISFSs417nXbaGBazVb8N0K1Wqf:/F0mcSFS77LaG6VIEW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488384, "uuid": "43083e6e-5dfd-4bf4-96d7-04ea726744bc", "value": 860672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488384, "uuid": "48980229-2b7a-4184-9aaa-53aa8df42fb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488384, "uuid": "00f772e9-853c-4ed7-9c67-dca2d7b1f359", "value": "PURCHASE.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "633d0b27-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684475569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475569, "uuid": "112aa7f4-1d79-4298-b3d5-871968c51b28", "comment": "Malware payload (AgentTesla)", "value": "59004e0e3c1a5b349e4d34e01f097169", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475569, "uuid": "ab4a040f-d44b-47f9-930b-b1b02a719721", "comment": "Malware payload (AgentTesla)", "value": "b30b7ec067e7dcee1269608d0e3860ab0a4fda87b9c7524df6472e0b8d246a47", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475569, "uuid": "5cf93d2e-1fe5-455a-b238-cb71639c7dde", "comment": "Malware payload (AgentTesla)", "value": "78fc221236051187569d59472611d120f37ce6c3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475569, "uuid": "9f4eb8f1-db0a-4e7f-93aa-6f0a63666244", "comment": "Malware payload (AgentTesla)", "value": "bec9fdebbb62015e4f09da99a10c364d167d119c385a44bf70755da2eec7773117c1bef09e49270634b6eefa6ec0c446", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475569, "uuid": "5d0b0534-fde5-4b52-93a2-f55ccde98dca", "value": "T1B275CF3439EA501AB173EFAA4BE479EADA6FB7333B07645D1091038A4723A41DDC153E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475569, "uuid": "7bbc29dd-0d87-41bf-929a-8fdcf0edf757", "value": "24576:tFpT8FW1Hp7zo7eaKuXzrdsGtSug5HgZS5q202WpWfgo:1gi7zo7eZOdssS/lL02Zl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475569, "uuid": "c6b0b3d5-049e-40fc-8514-abbe9b0166e6", "value": 1633136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475569, "uuid": "567e1ef7-3c79-42ff-8d2b-ea67d97cdab4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475569, "uuid": "6a098e84-4456-45a5-a5cd-4c4519b9e001", "value": "New Order-PO#Yw83901.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef202f9e-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684524337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524337, "uuid": "d07cf83b-2287-4b43-a7fe-aaac56a2db77", "comment": "Malware payload (Amadey)", "value": "13eb9f354bb427016e8a845ea872ad4e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524337, "uuid": "108784f5-06b7-4992-9535-8f490e8570bb", "comment": "Malware payload (Amadey)", "value": "b35239a7b40c1e9e4f2cc2fb2447a42eb894885837502501be44ca1ed9cff7fc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524337, "uuid": "d46d9c8b-4ad1-4486-8ae0-b467f7ed975c", "comment": "Malware payload (Amadey)", "value": "d518cb0560693e1bee892fe2c6630c6a4eda3f23", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524337, "uuid": "a33d2d85-ec27-44a0-ada1-67192632137e", "comment": "Malware payload (Amadey)", "value": "4f43fe3e7b8a90747fbbd52ccfce4640b067a6a81e281e792f9b323ac861a57b363bb88ef207f01bb09e5371fbf13918", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524337, "uuid": "85245c27-ecf6-4bd8-afa3-546f0cde0d7c", "value": "T1A62523137FD80836F9B4173049FB26831B75BCA29ABDA6231B42691F5DF218491327B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524337, "uuid": "7ea61187-9b65-4948-a9da-cdda9160801e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524337, "uuid": "20e59ce2-5933-4271-9a14-30d05b18798b", "value": "24576:+YyXffM8ZbTq5yw0KUjU50FnUe7nd8DdMTD5U/LaS+:+fvkg6yJ7UmUQd82TD5UT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524337, "uuid": "2ce3fd58-9950-4061-b4b3-0cb92f58ffdf", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524337, "uuid": "776661a9-a883-4a99-b0b1-40f8afb664b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524337, "uuid": "7c7152c1-b09a-4804-b741-9c9124e17183", "value": "converter.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2979f94-f65b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684510948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510948, "uuid": "a573cb8e-a700-44f8-b3bb-81cade4e1a8c", "comment": "Malware payload (AgentTesla)", "value": "241d2a0238c772314f2e25ef43419ca4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510948, "uuid": "a29bd794-21ed-4032-9271-a0636527aa8c", "comment": "Malware payload (AgentTesla)", "value": "b371c4e92b3ae57c6c00f9b3c4bfa10758a8b8a3d9547d81b143bf86143d6209", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510948, "uuid": "3961463e-ba6c-445a-8ff9-f1eaabf18fa6", "comment": "Malware payload (AgentTesla)", "value": "d157543fde79d5bca35e6fc7c125fbeaac09967e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510948, "uuid": "568d4288-4fa6-4191-8d1d-8d3ba37647ae", "comment": "Malware payload (AgentTesla)", "value": "9393f408500c4379c882e0cb63e6083e4c1c4c703e753b88c49cae2d7e8899193897ed2b258a2e6f86b7ac2199d67122", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510948, "uuid": "81da09fa-691b-47c2-b5bd-bce967fbd2ff", "value": "T1D3A48D2BB66ACD22C3CC5337E1CB490477B169417753EA09798D13E64D033BEAA4A6D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510948, "uuid": "7fab24f7-f5a2-45b5-8ec2-20553f6b7d15", "value": "6144:X1EEp9VfjcMdvLqCimqGQpEr1oWWrgO8zZV8MznfvIkW5Yd2n4:f9l4JIqGQpYOdrgfNzn455Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684510948, "uuid": "cfcf5b85-7c5c-40ac-acd1-f3d2991bb174", "value": 467528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684510948, "uuid": "5c4a6399-68a7-45bd-938c-801e154e59c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510948, "uuid": "dd4d1795-c17d-4af5-b502-7934a10a2beb", "value": "HHGGtTtT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d25aa87-f624-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684487129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487129, "uuid": "fe9f4ced-caab-4b58-83bb-81edfceb35f9", "comment": "Malware payload (AgentTesla)", "value": "348f5e144926b7a7d879bf271a724a2d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487129, "uuid": "b773faed-58ce-4b3c-a4b9-e078cb89b0bf", "comment": "Malware payload (AgentTesla)", "value": "b3aee144224e71f1fc04084d7dd130bfbe1005b23df2c619085b25c8a4daa941", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487129, "uuid": "ff5dac25-92f9-47ce-825d-998985c44046", "comment": "Malware payload (AgentTesla)", "value": "3a7ea539c83c477a8b726412d784fc9372a89049", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487129, "uuid": "2e80aff9-8f13-411b-b5b2-e8790adaa006", "comment": "Malware payload (AgentTesla)", "value": "939fe066d355fcb3c2f32c7c8ee40477deed9181090f9d0167bfaed3393e61fa3ea8b97c5aa299ce8c5ddfc3d81746e2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487129, "uuid": "f6b9c33f-1f8e-4368-afb5-66e5c5dadeda", "value": "T1B6F4AEF3682B2D7CEE6A3CB4C88A391211B1505B0558E91DF7651DEEF087BB0F24916B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487129, "uuid": "1c699996-5027-47d0-a338-1c0a17b57b9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487129, "uuid": "7922b259-f918-448f-b7e0-92817e3dd075", "value": "6144:EiK/fTphszm59OXCWJIQyLNy1yGiGwpMhSz8yc0F6hRlYT8b6VwTx48yQTO2BzDa:rANhlDWd9YSrb6VCe8U2RPbwOxKhf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487129, "uuid": "0e9d180a-9458-4c28-9b3b-e4418d4d72d1", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487129, "uuid": "f9d9aa6b-000e-4732-ad5b-c0153912cb65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487129, "uuid": "3f498e33-6cbc-4748-b2dd-4d7ef31ec3ba", "value": "Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "602601e6-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539989, "uuid": "469091ce-7c93-46e3-a1cc-b3ef9efaed68", "comment": "Malware payload (Gafgyt)", "value": "8cae3dd01494f6c5fe941781a54243b9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539989, "uuid": "c307a0f0-ad71-407c-afa9-cea66d64db09", "comment": "Malware payload (Gafgyt)", "value": "b469902e7cad7c71b6eb219d43fb7093d284c4d89545e36f5ac0d8f1e491ad51", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539989, "uuid": "68f198c5-d958-4494-972e-b34f5bbefa21", "comment": "Malware payload (Gafgyt)", "value": "e52bcd9c8bc0215180aea9f5530fb557d69bea99", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539989, "uuid": "f9f8fe84-6061-4e9b-a180-f6ebe5bf436f", "comment": "Malware payload (Gafgyt)", "value": "e232ce3f68df7fd3729eb61339e5b9269e1bf55744a28c4c318320bf87de4236a9a7b98a9cd163a21afe6a381807bddb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539989, "uuid": "3fec18c4-bfb4-4916-8034-9f7fab7f62f6", "value": "T1B4B318436B1C0B83C49B99B02DA737F18769BE7112A351C9A90BFEC04773AB81527F95", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539989, "uuid": "3518b373-1026-4399-9a96-4c235df6a974", "value": "3072:eDzhqL0vbKlnvZ0pqu99TqsFh7tm2pgYMidIP1W:eDzhqL0vbKdvWpqy9FFdtm2pgYMidIPo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539989, "uuid": "f34e6bd3-e864-4ff4-aeb2-87b37c9140db", "value": 113186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539989, "uuid": "87100b63-edb8-410f-bb0e-346675a8c25f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539989, "uuid": "6a890724-cd18-4824-9433-88ad453409c5", "value": "8cae3dd01494f6c5fe941781a54243b9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7932dcf8-f679-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684523710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523710, "uuid": "1804664a-d8eb-4dfa-8636-325b03faf7b7", "comment": "Malware payload (Mirai)", "value": "1b513fea29e61cfc0c855df16f92f152", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523710, "uuid": "8b505d3f-2fb9-4eeb-a85f-08e3750b9338", "comment": "Malware payload (Mirai)", "value": "b6c075cf7afb6189764c59ed02dfa9b520127adcda048964c0985f451b84dc0a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523710, "uuid": "d1a3941c-0e4f-496a-ac79-6966ba22c89c", "comment": "Malware payload (Mirai)", "value": "f56e5847f98b44b3706576e8270173bfadc5f404", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523710, "uuid": "dd363c97-daa1-4397-8278-99be1bc6a293", "comment": "Malware payload (Mirai)", "value": "0f76bcc67b5e70f48663077b3b80863f3c2fdbbbb4b1954910aaefcc845360c1380f2d72f5fc3663a140e9ae38c71b3f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523710, "uuid": "f02a3fdb-c0c7-4b9e-b95a-62ad7a1bd958", "value": "T142A2E1217D05C1DBC531AA3C8A69FBD410C1B971E17CA95A6BA0C34FF9F37649031E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523710, "uuid": "3a8cb2bb-61f6-4b5c-a191-95c9ba559733", "value": "384:M87Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZksavICMZDA5YqqUTwNIZT1n6Epl9zpj:R98o08kxofBE+ZksatoA5wUT1n6Ep3lv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523710, "uuid": "c04c2785-c1ce-4af3-a242-6ab453e275c0", "value": 21484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523710, "uuid": "ced73384-9a18-4b57-ad39-9c4f2924bce7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523710, "uuid": "c2bd09fc-26cc-4d01-9089-833d1e6d96c3", "value": "boatnet.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4210699a-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684473796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473796, "uuid": "5e2206d5-b96a-45fb-85a6-093181e919eb", "comment": "Malware payload (Formbook)", "value": "d2990163845bfa27e27d1d05830e7aac", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473796, "uuid": "630f5daf-8ce7-48c1-a9bd-2e3b8a44792e", "comment": "Malware payload (Formbook)", "value": "b6d32d75d7fbc40febd353387a6ce2e4b511ca9bd4468ab7bdffd1811906c248", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473796, "uuid": "1da11f34-68b5-4437-9910-225f0942c795", "comment": "Malware payload (Formbook)", "value": "e7a9dc104295237db0333ef76213fd28a10c8983", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473796, "uuid": "82b2599c-28c7-4159-8f7d-97972421ccdb", "comment": "Malware payload (Formbook)", "value": "e333f452800e86d9a24ddab798bfc81003b0cf93074db9faba18a12c551d7147881e3b6d547635d13d728c61b028b026", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473796, "uuid": "502d76cb-ce60-4eb5-9c04-e5b86f620269", "value": "T1F0B42359E09215ADE50AF052CB82D40F09F92D7F7938A80757301903C97637E6EE6A8F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473796, "uuid": "6a3b4376-acb4-49c1-bbe2-4d442b5e4850", "value": "12288:6KSkF7teaQfuN735mUTcu4v8Vi6ejuZnJUC+v7:ykRteaQmN7pfI70VijjuZnJWv7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473796, "uuid": "b35284bd-a005-4b6f-a60d-a30aad9097b7", "value": 522457, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473796, "uuid": "c3f22012-70b0-4cc3-bd0f-14c94d2339f3", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473796, "uuid": "61efd661-fc56-454d-8a50-0fa2dc88d553", "value": "Documents.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2339f674-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684532156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532156, "uuid": "dcce03ba-a8a9-4efd-ae23-8d4babcde872", "comment": "Malware payload (RedLineStealer)", "value": "8ad191c8b1f7b6c1370b512374673f60", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532156, "uuid": "d93897ca-ee7e-4ee0-a6aa-8642e6cd07e4", "comment": "Malware payload (RedLineStealer)", "value": "b70f89306092f9215ad0d2c6b6ff07527cab9d08b521813127d8086a62309b45", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532156, "uuid": "e07aecdf-f033-42e4-87a4-e25e8db7f8f1", "comment": "Malware payload (RedLineStealer)", "value": "aee091aabe2492dcf6326bea685292870b7a6bc9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532156, "uuid": "e934eb5b-9d5f-4754-b027-e5f8d772b9a5", "comment": "Malware payload (RedLineStealer)", "value": "de937e47e3b89d62d8fbc1bef67e904a5c3039536743c526d21683d47ebb39ebecdd49444bf9057be3ca8f59fd06cefa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532156, "uuid": "62b40248-ca5d-407e-ab14-2e300e446ac3", "value": "T15025230696D94173DDB04B3044FB43831B7A79F09A74835673CEAE1A0DF25E0A9367AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532156, "uuid": "38448f39-7d8a-4f8f-84f9-568e825ac65a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532156, "uuid": "d6ba7650-961c-4caa-ab68-149bc675ca38", "value": "12288:EMrKy90beNaDd+vktEcRHpniyABYr2RtMfhZq6mQet5g4NXLukFCqsEsERGfrEpN:eycJQ4E4JiyXr2RtMViN75b5RGmsO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532156, "uuid": "57c5c73b-7883-4a72-9025-8ecaf414f96f", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532156, "uuid": "b9d0a243-504c-4853-8925-9115fbc29f54", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532156, "uuid": "bf1ee0d7-0d67-4a4c-80f2-d4b708f5a5b7", "value": "8ad191c8b1f7b6c1370b512374673f60.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "462a1a7c-f650-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684506015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506015, "uuid": "16fa4528-09f7-4914-b3c0-a0a788f00d62", "comment": "Malware payload (Formbook)", "value": "4e4ab114bc265d06c15042a9110e9d18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506015, "uuid": "6e0134ea-68d7-4f94-b84a-d5c0dd8c36fe", "comment": "Malware payload (Formbook)", "value": "b755e080b9f6705b088275a44a96251bc547ad58b4f63c9988d90e1c97bf283f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506015, "uuid": "be6a5638-0584-4773-b0e4-ce97c61d2b9c", "comment": "Malware payload (Formbook)", "value": "672b54f60b341279ca50c11ca9b8b2223cc1674c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506015, "uuid": "c2f34db1-3245-4e13-8b37-0337ba5ef6a1", "comment": "Malware payload (Formbook)", "value": "f530e8d079f6d067476019c87a88cb0aac34a38e7696ae75c5e557da522ff8cb69123de8bffc8fa42ca05d45c2e4e702", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506015, "uuid": "7bf9b612-140a-42f3-9ccf-84f707a400f7", "value": "T1B735ACA87650F8DEC8178C72C6C1DCB0AB112C7A935FC64349E71CEBB52D8D6AA150B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506015, "uuid": "70846e74-7fef-40bc-b3e8-bf5e8ade4322", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506015, "uuid": "ba221f55-bd61-4e98-8672-56a7d4d91086", "value": "12288:mq2iNfUFotEvZ41wkLzBRDhPlINrdxwTS/u7+c3Q3z2lXA5wXE5s4mlbhNLjBGZK:N1Bs0qZ4qkPBRDrIBDuD3UgAt2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684506015, "uuid": "fe6455c9-6b66-493a-9198-cc19f37e8156", "value": 1061888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684506015, "uuid": "55b343b4-74dc-4f9b-b96d-75621e631655", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506015, "uuid": "8848450b-69e5-4273-a5ab-e342c4f2d641", "value": "Swift Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08bb3920-f69e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684539413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539413, "uuid": "9e9bc2f2-b34d-4e5a-ab09-629cb39b3c7a", "comment": "Malware payload (BumbleBee)", "value": "93109f961da821196788175d9186bacd", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539413, "uuid": "e0eef26e-966c-4454-bda9-e04682953e09", "comment": "Malware payload (BumbleBee)", "value": "b76c73d7486fabe746d7cf79969c930dbb9e8892778101ea2ebded5d0c1d187c", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539413, "uuid": "c35039b1-e954-4e45-b06b-fbfb3fcd3775", "comment": "Malware payload (BumbleBee)", "value": "d0b69e11f03bd92ba19a1f40cdf7f929c6c5597a", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539413, "uuid": "a3eaa98b-ff9f-4e3f-81c5-2b9781dce895", "comment": "Malware payload (BumbleBee)", "value": "1a86e5c52b1edf739d58940ac23a4e3eb685992748e17f61e060d1c804b246b2bed25f8e65cfb13885f7fdcc6c991a0b", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539413, "uuid": "70b5f63b-49ae-411b-879c-3971278beec1", "value": "T18F45F111E6921FE8D476917680AB252BBB307E5C0325D3B7ABC0C3377D927A45F1A7A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539413, "uuid": "6d24b263-3f56-4006-8d8b-d1c4b83a4dde", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539413, "uuid": "160a0df1-d2ef-4b1c-952d-90cc46421c13", "value": "24576:M/kSJKPlJI73kGeg/3Lnh/Guc8D6npAT/5F4x5us+fZ6nGpms1RNQVWp:20c2Y9zVjTox5uks1RyVA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539413, "uuid": "a8bc5df9-c974-4742-8c14-b797c368738a", "value": 1225229, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539413, "uuid": "e701d397-5d72-4f3a-94f0-bb30c9e77605", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539413, "uuid": "74e12ae5-a230-4094-8271-9886b12ce98c", "value": "SecuriteInfo.com.Win64.DropperX-gen.25778.17761", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abc8964c-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684478698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478698, "uuid": "de4e0d33-5edf-4b18-acdd-aacd22d169b6", "comment": "Malware payload (RemcosRAT)", "value": "d5e3e9ec4faade0ce02a6357c0579bc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478698, "uuid": "9e0c9eab-e9cb-456a-859a-d605b9ef9f41", "comment": "Malware payload (RemcosRAT)", "value": "b795277d105f23e54cff675b26437ccfa26dd597aa6475978e472843cf994e5c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478698, "uuid": "a282e303-c8dd-4ae2-8282-735507a2d500", "comment": "Malware payload (RemcosRAT)", "value": "f1e13b6d8d3860bd347a18a32ff6060a4cd170ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478698, "uuid": "8a80199b-9daa-48f0-8dfd-8ead76b4fee8", "comment": "Malware payload (RemcosRAT)", "value": "c32cb8e88d0aa70dbb3053eda2bb93213c4263e6a4d27b9747f6721b64b198d6eb1d6cb38d9690fdbf0d88106efe581d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478698, "uuid": "5f5ccc62-ab2e-415f-8a7d-417d791e2be6", "value": "T11F15022027E69707D22A437891D2C3F06736ED82A466C30B4FC9BCDFB56E7B56351216", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478698, "uuid": "7946ea05-665f-4495-831e-b4dd09b85878", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478698, "uuid": "f743f808-3336-4ab9-af5c-024ddb3385ee", "value": "24576:8Zb/WxoevEbDzMtr6grhSh9v3wwna39Ubd:Cb/WxbvE/8+vgwna3O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478698, "uuid": "082a8713-71fa-4be4-ba65-b8f35a6c4cb1", "value": 946688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478698, "uuid": "507eca54-faae-47a8-ad4a-b0cb1c7cfbdf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478698, "uuid": "3a53516e-0724-4b2b-a2b5-6b3259194501", "value": "d5e3e9ec4faade0ce02a6357c0579bc6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddbd16f3-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478352, "uuid": "13cab597-e4fb-4f9a-b26e-8ee377bae5a4", "comment": "Malware payload (AgentTesla)", "value": "89b1c7884d5ec1bfc18142f725fde3f8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478352, "uuid": "88485b02-5528-46a6-b5c6-90cf6dfc841a", "comment": "Malware payload (AgentTesla)", "value": "b79d1da91f9a15f6bc930bd5b4bf714c016862f04052c3dd5cb79c3464e0f775", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478352, "uuid": "31dd565d-fd36-43c0-bafa-5a672443f264", "comment": "Malware payload (AgentTesla)", "value": "e95ab3a5eca60dd08fe4703abe420a29cf357a2f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478352, "uuid": "e6e2936d-e882-45d5-b220-7ac409a239b6", "comment": "Malware payload (AgentTesla)", "value": "9ac6972063dac6a4a984eb9764e756cd83aa6db16ee6ec101849962763071b3c64d69efebd8bdb649776ce37a200da74", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478352, "uuid": "890037e7-52f0-44f3-9432-78fa0a072150", "value": "T16E4523CD6CBDF96C962418ABB87630488B69C18CE409FF34C6C88DA92D62447A5D5F7C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478352, "uuid": "8c230348-f59e-440e-a90f-e453aa1b49b7", "value": "24576:EoOQtokLVRpJOemLmrq5OI5HR735U09kLVRpJOemLmrq5OI5HR735U0C:EjkBRpXrq5nHR779kBRpXrq5nHR77C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478352, "uuid": "dcb374ae-23aa-4ea1-9523-926ae86b0ac6", "value": 1202761, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478352, "uuid": "b913f3cf-fc55-4749-840b-30a7b827382d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478352, "uuid": "a65aa3e8-61aa-4579-8dbf-3076dca444fa", "value": "R09876556789000G.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56f4ba55-f67c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684524941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524941, "uuid": "ba0e239b-94d8-4741-bf26-2e79ceb91424", "comment": "Malware payload (Mirai)", "value": "2888ffd4ffc082313f782a5c7db8e802", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524941, "uuid": "3fed0dd8-2d9b-4709-be18-746f607ec2f5", "comment": "Malware payload (Mirai)", "value": "b8294955f748f52d758276a43af57b181ea449645b2bef0b58d4cda6d2ccbfbb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524941, "uuid": "e7c9dc60-d979-4fb9-8c85-e9186e2819f7", "comment": "Malware payload (Mirai)", "value": "66bd74d8e69fdb25d6a993b1d668db7e52015827", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524941, "uuid": "a8d7d217-0777-4947-ad51-d2a26bc55644", "comment": "Malware payload (Mirai)", "value": "22b7e8145603898a684845b5eddd5db1774cc763ffeace19dd096910c72f970f31f58ed963244bdb3b743b7a89b96766", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524941, "uuid": "02431667-d340-4979-8fb8-e765566351bc", "value": "T1F4D2E01CC91D7A44C65D3EBD94CEA5B6358CB0C0A35AEA8E0762C418EB57F4BFC470A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524941, "uuid": "7e85cbd3-f861-48b4-9c91-1e8e8bda1ea4", "value": "768:K1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KN1o/bJbpWGPOe:KbDs06t4BEub4sU/MbU1OzPF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524941, "uuid": "c625a8a0-4490-4f12-9d76-0196ac36c454", "value": 30548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524941, "uuid": "4954197d-90ab-4e7e-b6a4-d580c53b5337", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524941, "uuid": "7fe67923-d75b-4d2f-9bc0-12cce37c9ef8", "value": "2888ffd4ffc082313f782a5c7db8e802", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74dcbbad-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "6626fe73-312e-4d45-b11e-88be8d428eff", "comment": "Malware payload (Mirai)", "value": "6f5225fbca643e2709cf26b9056bbb37", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "8c9c60ab-27bb-4c3c-ad84-d46d613f017c", "comment": "Malware payload (Mirai)", "value": "b830b83d65f1ccc9995ff24b236407437695f83b769bfaffcc966fe102b5840b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "893caaed-0a67-4af7-a851-a605919a64ad", "comment": "Malware payload (Mirai)", "value": "d32137277ebf4bc89b1bff9c1d150580337976e5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "19f0f6d8-1d83-4c29-86be-d05b0a8aa2e7", "comment": "Malware payload (Mirai)", "value": "c5215edbe5bb90ed6a330bb0a417a6b23e7a5090baec78d3d82db0cab6dd4b96d173b93f1cb7a528388f42b0d48e22df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "575fec73-af35-404a-ab83-e6d2c101088e", "value": "T135631956F8814B22C5C5027AF92E118E332317FCE3DEB2229D216F6077C696B0E7AD55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "fad49ded-58d1-484e-99a3-521ab7bb873e", "value": "1536:hpnSzfzQZTJxP0CM9L8qRVC04F18avynAZzKIJoiCfAv+DfPp5mYoQB:QfcZFuCohHajsfAv+DfPp0BQB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513824, "uuid": "b7fad81a-587b-4385-b11c-e99baa01bba8", "value": 70964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513824, "uuid": "03c84a1e-1242-4ae4-9a45-513076f75242", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "224e31b2-89f9-4160-a668-e890e6d098b1", "value": "6f5225fbca643e2709cf26b9056bbb37", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0183d7e-f694-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684535506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535506, "uuid": "9eaba215-13d3-4c5b-94c2-189ccff6807c", "comment": "Malware payload", "value": "8dfbf5e81a5058730c3631d7ccad4c2e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535506, "uuid": "8519c384-16f5-4703-b246-8bc4bacb2d7f", "comment": "Malware payload", "value": "b871cbb939a4899df32bb4f2b2f894b8090891f1da944ca1954b3827c3e00e23", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535506, "uuid": "01b38503-b4b9-407c-a918-292a93631e15", "comment": "Malware payload", "value": "961faacc6b80c0f59990fc38257cd0093a689a7e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535506, "uuid": "9797cfbd-a324-4af1-b848-0c66cecf4c57", "comment": "Malware payload", "value": "b178fd9665cbe8aae9487ea20187cf48113a41a4ba397d28a9ce867519ae9652f5011a48116d7f01420b4e66bc33ee4a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535506, "uuid": "182b9748-7680-48fc-b94b-38e50f24a437", "value": "T13AA2E8C1F9919A03C9D40277FA5E42CA7F265358F2EE73036E162F913A96C6B0E3E541", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535506, "uuid": "5596154f-9d0c-4004-9062-3b88a8ac4091", "value": "384:ggbjnqMEkunqJm1ZJ2LgBKfbX0UUzBNoZh+YII+6VyGgFx4e:gl1vZJarbqNoZhKB4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684535506, "uuid": "17ec29d1-9483-4d94-b8dd-daa7341c692a", "value": 22444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684535506, "uuid": "d7f4e06c-b343-4237-a606-bd12f54a8d7b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535506, "uuid": "2399a9be-43fd-4c2a-8853-3401344f63e4", "value": "SecuriteInfo.com.Heur.20230519222829480313063", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8ff1328-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684488705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488705, "uuid": "78ab0b65-0c75-4fd3-a128-0b0757bcc3e0", "comment": "Malware payload (AgentTesla)", "value": "4e65a82edf5e63901f9ab2dac77838a2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488705, "uuid": "4173fdb8-579b-49c1-b508-0c4cc026c91e", "comment": "Malware payload (AgentTesla)", "value": "b892195f52b3894bf6b79b67c3c58688ce736c14739de528857e518e654bbb67", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488705, "uuid": "c29502f2-2d9d-4942-bfb0-fbe18241137f", "comment": "Malware payload (AgentTesla)", "value": "9d1bd5aaa1ea2b0b66cf81479b07c4ba19bce0de", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488705, "uuid": "34cc5598-a7b9-4b64-b2eb-b826cad9b9b2", "comment": "Malware payload (AgentTesla)", "value": "9e48851b830a51dcefdd87a660ac552fe15f45c16d1f836b4aca04dcf2769c16ed2c5e4417c6d78de4e31e6e88a8767a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488705, "uuid": "8c54b06b-984d-4a0d-96b0-c5a0a5f8f213", "value": "T17EE4D01423A58B4AE5BA83F55DE0E2F057F59C9DB039C20B4ED6FCCB32A9BA10711617", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488705, "uuid": "4661aa33-038b-47f8-8bd1-ecb216d40bf0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488705, "uuid": "a5eaf38a-2a60-49e4-bd50-1563bed923c9", "value": "12288:cqB37YQm5p0TcKs2BHNjjF3Ik99B14BTvBnT:cqlnmucKC2BW1JnT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488705, "uuid": "8965ef8f-4508-4f6b-bb1a-8dcdf42d9f8b", "value": 704512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488705, "uuid": "c9b9e554-e074-4bf8-955c-b619580eb426", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488705, "uuid": "84176959-f53a-43e8-b6d6-8754ae39d9dc", "value": "REMITTANCE DETAILS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "218b4fc7-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525710, "uuid": "8fd4afff-06e9-46f9-bab0-72d1f690ecaa", "comment": "Malware payload (Mirai)", "value": "a17aa1fb4624f1fa1e7b5cc31c935409", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525710, "uuid": "14f472f9-5f17-4882-ae97-9b11ead51b58", "comment": "Malware payload (Mirai)", "value": "b89b2fb232d46e69f3afa00c81e17ffccf8b18f8f2d31d837537371aad03f541", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525710, "uuid": "3b5ffb77-3101-40c8-b1e1-8ef03a9ba54b", "comment": "Malware payload (Mirai)", "value": "3c5daa29ffd03a04cb410edc59c3f9b7289a446d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525710, "uuid": "1c978274-cfd1-40c5-86a4-683398c25dc3", "comment": "Malware payload (Mirai)", "value": "e0f8aaedec93d260722bdba0ef1e7fb4580e759533268189db82e36c0e2445d460a08c0e4b1d997b9ee3f07a11f51209", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525710, "uuid": "111dc4f1-92da-4efb-9328-6805bbcdc4e8", "value": "T13A539FA5C5ACAE58C71441B8B654CD398723F408A5A76EFBD646C796800BEFCF0187F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525710, "uuid": "845b1ff4-6ef5-421c-bb77-86f3d269aeb1", "value": "1536:PaAtVnz1/mUUNztiYmW6ihiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN0T0f+whWONEJ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525710, "uuid": "b874d5be-0971-457d-8618-37455d1f7266", "value": 63772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525710, "uuid": "46f926b6-21c2-458a-b6d0-17e2ef99d3e0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525710, "uuid": "d5588d77-9ea8-4c49-9fba-60f46eeb197b", "value": "a17aa1fb4624f1fa1e7b5cc31c935409", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7a5ff9f-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684512648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512648, "uuid": "3faa1764-f8ed-4b1c-bfac-8b11823941b4", "comment": "Malware payload (SnakeKeylogger)", "value": "1399672eac436f765b8bc980d53c1d1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512648, "uuid": "e758728a-f770-4da2-ab92-4066ebb104ff", "comment": "Malware payload (SnakeKeylogger)", "value": "b9898a0817f9176be00846dd5c37234d9e8631b148d137df6950d57af6681abc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512648, "uuid": "03b1100e-f154-4866-9923-8c3f28442df8", "comment": "Malware payload (SnakeKeylogger)", "value": "86c630effc282e0db311fd544159a68cfd0913f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512648, "uuid": "e28ff5ca-4539-445f-a281-1d48debcb894", "comment": "Malware payload (SnakeKeylogger)", "value": "f4799d0a299a36872dd8259f5cb06e889f8681e7a5a92ce12e3401bb92755d9459ace2f5dfe065bc39abbe6a812112ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512648, "uuid": "3ef25f69-09d8-4ebb-bd2b-0b120d9a4160", "value": "T14315D08122F48F45E67A6FFA5272E13443B52C11E627D2185DE16CDB3DB6F822B02B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512648, "uuid": "26b34772-4156-4d40-a008-b83ab970a753", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512648, "uuid": "22d3b920-bcfa-4a5d-bbcd-8ede4cfc4d36", "value": "24576:hTU8P0hNDM+cIVKqEGGuWXALZe1/2LDRS3rB5N+:zP0hsf6ZW2fR+rLM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512648, "uuid": "3eb308bf-94df-4b4f-824d-f1d80fa44019", "value": 885248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512648, "uuid": "41895382-e3b8-42cd-a327-bd1d073e3b23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512648, "uuid": "2a8e70d1-ce93-4bc2-9a8b-8c99e24c2246", "value": "53060033570_20230519_08055750_HesapOzeti,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07feef45-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684512353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512353, "uuid": "3b793b65-fb5e-4e48-9ed8-0ffb48c73aad", "comment": "Malware payload (AgentTesla)", "value": "876093340f92ebe042899d26086ead26", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512353, "uuid": "75c77e70-2b08-4eb7-9cba-3d1fc6494ef7", "comment": "Malware payload (AgentTesla)", "value": "b9eef3caa6be71a2a745055198dd0243a792b8faf6314554e050c037733c7588", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512353, "uuid": "9fcd6a43-11da-4199-abd6-5665c7c63091", "comment": "Malware payload (AgentTesla)", "value": "c4460d045f4fd72315284c985a52d4a8920be6d9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512353, "uuid": "784255a0-58be-4698-afc6-28a554fc80ef", "comment": "Malware payload (AgentTesla)", "value": "7a308240667c4805d5cb235eba7b7434b31807b5dd5259364b6cfa33e6802a176a173a02a400aae632af227d6db9632e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512353, "uuid": "72ba4524-f88b-4e17-93ae-d978245e9b2d", "value": "T15454121526D4CA67FD970F36AEBEAB636F7D251E2434438B17102B2CBC46217881D36A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512353, "uuid": "09a03fb3-dbbe-48e4-8bfa-071b562e1ae1", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512353, "uuid": "697aaf24-42ec-4c27-a0cb-df46099464d0", "value": "6144:PYa6YcQZd6WoBZij9PY59lGcwGMrarVDxcKxXr7T/pKe4/NS5r:PY2/E+9gXGq9cKxnd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512353, "uuid": "eb15c96c-efb2-4c19-85e7-3646c4fc145b", "value": 304130, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512353, "uuid": "844bc098-ee39-4f53-a75a-ab4b3c95df77", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512353, "uuid": "07f4c9fe-723b-4d81-a595-f57e6db4410a", "value": "\u0436\u0430\u043b\u0431\u0435\u043d\u0438 \u043d\u0430\u0446\u0440\u0442 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u0435 \u043a\u043e\u043f\u0438\u0458\u0435_docx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70a928ae-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684534003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534003, "uuid": "970760b4-508f-48c5-aea3-2335d66b1c97", "comment": "Malware payload", "value": "d46f7c127737245367ddd59020965f2d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534003, "uuid": "38935412-a661-43c9-9c54-d078e0a26d82", "comment": "Malware payload", "value": "bade655c3fbc781d32e99a729769c7e714e26eb310841de45b3c5c454fee26eb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534003, "uuid": "2f8215aa-ab5a-4c0f-bec8-d645460b9f92", "comment": "Malware payload", "value": "f74264b64b4392a9ba8ae8ba91c2df33a680f6dc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684534003, "uuid": "ea7d5bdd-63bd-489f-9b2e-9aa5df3e96e9", "comment": "Malware payload", "value": "cf8e964b336b80f5767f8ab8197c57f9b217788ad0dc06e08072b48d7810abac9e4258d5c3eb5862fd472ace53a7d8eb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684534003, "uuid": "e822934b-5b48-4f25-b7d8-024040f5aedf", "value": "T147362A87B8824682C4E4367ABCBD81D533630EB9AB9752576D05FE3C3EBE1990E35314", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684534003, "uuid": "c9460990-21b0-46f2-94c0-9870a9ce170c", "value": "24576:f0hITSaxCsmLTRScFkLwYgib6kEVtQ2gLApZf3vrTXKWXDReUHxeR7j81v9oT19e:GsLSjzCX1H9qzaiKRFjIIlkK1VI1V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684534003, "uuid": "da1512d2-8598-4aa9-83a0-998098d0c9bf", "value": 5308416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684534003, "uuid": "4229d847-4c69-486e-bbe7-4fca7d486d44", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684534003, "uuid": "413b3cff-ce1b-4e5e-85a9-0d21ac6957aa", "value": "d46f7c127737245367ddd59020965f2d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7afc6d7f-f630-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684492360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492360, "uuid": "f23f0495-0b4c-43b3-9d3a-3186cf518865", "comment": "Malware payload (RedLineStealer)", "value": "3697f42ded285a927b4f4b4e8be1e792", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492360, "uuid": "0c2de04f-62ce-4a4d-8752-5bd4bf5938bc", "comment": "Malware payload (RedLineStealer)", "value": "baeaf04706b138445bb7faa9401f428d4f114e8f9a4e7ce84e4064a3b6428402", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492360, "uuid": "15e6f1ed-94f6-41e3-9043-60e47a2271bf", "comment": "Malware payload (RedLineStealer)", "value": "5e7895791277089accdc9000f2bfe7428111ef01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492360, "uuid": "d42b1f2d-ad4f-41b7-adfd-933ab379a93d", "comment": "Malware payload (RedLineStealer)", "value": "a4ea7c61ba03306d42fc66ff20bdee7b7cb4335ac19a08aa3f43412015c6bd29b83a0f8ef0942f855bd38dc93437ab84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492360, "uuid": "316159f6-7f67-4102-8c8a-70b348dc54e2", "value": "T1B8648C231088543BF467BA75ECF28B71967CBDB7131F76D367C8311A471A1E62AA900E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492360, "uuid": "d56a68f7-68d3-42d8-a8e1-71bcd9c201c0", "value": "aa13816afc0cf283e1c2ef6f42b98abe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492360, "uuid": "3432d99b-173a-40f9-b192-1782772e87f7", "value": "6144:fT/GU59rXfd+QHFaqmXE1E1whxUHSsFYUrTdYB:qU5VXfd+QloE1E0xU5X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492360, "uuid": "d30cfa96-ba08-43e7-81f4-b28f678b52f5", "value": 336152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492360, "uuid": "6853edbe-c0ae-4f7e-a74a-b1140268a524", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492360, "uuid": "286602d0-fdc3-477e-a2f7-c63e901e1bed", "value": "SecuriteInfo.com.Variant.Mikey.147104.10356.22166", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfa09dbd-f65b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684510970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510970, "uuid": "0765e66f-fac8-4be0-9317-80d8e55322e4", "comment": "Malware payload (NetSupport)", "value": "adb66e73a13ba740e41fb5a0071e92e3", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510970, "uuid": "72de4816-c0d0-4756-b386-bdffa88afb33", "comment": "Malware payload (NetSupport)", "value": "bb8565f31a6b29de61c9c1b7e43455c1c15139dc9ccccd9da6e326d75bde95d6", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510970, "uuid": "91a802db-2941-4e25-9ac2-b6f2d271642b", "comment": "Malware payload (NetSupport)", "value": "5b9d2c96c28f0df5c2de419aec9cb89342ff7d6e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510970, "uuid": "9260ad76-5b42-4441-b4bd-c1bccb0899b3", "comment": "Malware payload (NetSupport)", "value": "0ab942bb7d4609ad12f980398e92781c53b0b386ce1f8ac1b64f3144d703b759eb46e5fd8a61fef5f0912d3afa5e76ad", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510970, "uuid": "1ee7c9d6-e608-42a0-918d-e1ccca9b6c01", "value": "T12E3361C636E2FD1A695713B63B5765BAE23D9C40919998CCF0007C98F6ACD3CB6F8484", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510970, "uuid": "13c6615b-ed2f-4488-93b4-1ffbc6b9fc01", "value": "1536:5AK0id2D9A/W2uzcef/qbUYtVf61rS8hTNsZhc:5bQaWjAFbb6MmAhc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684510970, "uuid": "f530df5f-3725-405c-9658-9d35e4212b3a", "value": 51158, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684510970, "uuid": "1b8a9dbf-c4ea-4398-a7da-5a288e79b59d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510970, "uuid": "49c29754-5f44-4bc1-8314-03ab7d547fbe", "value": "rechn6859419.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3de1eae3-f68f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684533059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533059, "uuid": "2fef3323-2a59-4b08-8aed-801c795bda1e", "comment": "Malware payload (RedLineStealer)", "value": "1d3bbd9ba6717b5f50a30a044944aa74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533059, "uuid": "8cd328ae-0abe-43a4-b9c2-99397af3bd8e", "comment": "Malware payload (RedLineStealer)", "value": "bbd8aa9922966e25df27643b728d5d7a0416f4b08318990edeabd73b2a4ede53", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533059, "uuid": "4c53bffc-c3bf-47a0-8613-aa9df143c596", "comment": "Malware payload (RedLineStealer)", "value": "c4ed398c9d68ce2a5a31e08eb736908f7b197033", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533059, "uuid": "4bae28dd-1c7a-4d2f-8ad8-c6150ae9dc0a", "comment": "Malware payload (RedLineStealer)", "value": "417f92049f7529c053a74ca1969e878d3324277e8df1467893a860ea259d37ef01309a196248cc8584ca5983eb8b17ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533059, "uuid": "f3905a9c-0f00-42dd-a67c-640833ce6462", "value": "T1BB948D039291BC64F5254A728E2ED6F8761DF9D24F5937EB2218AEEF14701F2C53231A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533059, "uuid": "1390e61c-3afc-4a25-8a37-defbd6f46f1a", "value": "d3185d759d0419b7cf5b47864af3fc7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533059, "uuid": "ad02553e-bf9d-46c7-8543-8c587d9aa594", "value": "6144:72MuVmWgZgc1MPvTnjGNe71gplurAQ4d4lCfzGmdb4mKqP4d6kpRqT+88:+gZgc1MjnH6XusAgGmZjKq0H6+X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533059, "uuid": "b43208f6-35a6-478a-a7ef-6aa015c0ea06", "value": 431104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533059, "uuid": "a042ea93-a9cf-4eb4-9472-745f0f59f247", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533059, "uuid": "f5fe65c0-3390-4c06-9cfc-d9b3b1440e40", "value": "1d3bbd9ba6717b5f50a30a044944aa74.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "336f3014-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466899, "uuid": "6d236504-6d36-407b-a3e5-a4366dac2810", "comment": "Malware payload", "value": "d0b6723b8d4a7f37d01d1ce834cf7a59", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466899, "uuid": "bac847a5-05af-4bda-ae55-bdd2d49e3747", "comment": "Malware payload", "value": "bc4dd8c92180c46b6448cd53ee5e0a05c9f8013ddaf8c2e28a331a77f135491c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466899, "uuid": "685abbab-ba50-473b-b38f-88c80542a5e1", "comment": "Malware payload", "value": "56f575eb9649d6d51ba02181a6228038065fe168", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466899, "uuid": "f61220b8-8419-4ffd-b7be-ef4c29a5af91", "comment": "Malware payload", "value": "773a1051ae9b25c0dc8fe5c2631fd3e3f9a50257aa9d534350e413ea710d8d6cef613c8078c412afb08d24c7980631b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466899, "uuid": "e6612d3d-e38c-4478-8cb2-7168a8ec5c3d", "value": "T129D59D20B2054473C4A326386A1FDE9CE764FF904A246657ABF5AD4CEFF06417A27393", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466899, "uuid": "bdf4ca86-84b3-4ef6-a526-fcd644040458", "value": "24576:LEzz2Sk9I+G712R1MYN2sN9amyeVsxLirkgDXDsbohAYu7wlPXo7pDjYJgYfZ:LyjmRLP5VKDoS7pD6Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466899, "uuid": "e385722a-cab2-4bcd-bb58-6606deaf1fef", "value": 2835456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466899, "uuid": "9b5fd9d2-dc7a-4787-befc-dd81872211e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466899, "uuid": "b437e5d4-7c2a-4d17-8ec1-e2eb50773dd9", "value": "SecuriteInfo.com.FileRepMalware.5600.17424", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4f54b92-f5e6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460755, "uuid": "ab94586b-8566-4559-aaaf-fbccdbd94be3", "comment": "Malware payload (Gozi)", "value": "846dbf899645abb88a61103170dd6c5f", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460755, "uuid": "0dc9455b-51bc-47c7-8012-d1652881fe46", "comment": "Malware payload (Gozi)", "value": "bc5af652808a7a41406b22f148a9e6bb8f45bbad9e2b8e13679d6c545c00b63a", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460755, "uuid": "24e9504f-61e4-4665-834c-a48645a78d8c", "comment": "Malware payload (Gozi)", "value": "cc83b0374801f7f1868ffb992e1a04c7812195e8", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460755, "uuid": "8ebc285e-24a9-4039-a8dd-dbb374ac7df9", "comment": "Malware payload (Gozi)", "value": "3cb5750e56bd36bbee542cae58303c278e1b31be74806df1faa4343c40a1e1f76f2a5b2781f4cfc29fa0694d700b1819", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460755, "uuid": "d90f306d-10f2-40db-9715-a80bf50f502c", "value": "T1BA4363D62BFAFE56516712B33796C2A5F4198C81C6D89CCDF6407C64F4AC600BBB848E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460755, "uuid": "967e9ee7-51aa-492f-9b43-eca8e883d385", "value": "1536:e5T+JD5U4Yi3iDxlOJQfuvlHY6/6DekJlLy41xqdvFJ1T9pQ:E2UQ0o46/6De4Pez9+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460755, "uuid": "fb84f709-6a12-48f1-8740-ddac81912bc4", "value": 60286, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460755, "uuid": "fb489018-b8e7-4768-b2fb-b3f92105a4dc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460755, "uuid": "13fed497-70e9-4ede-8ffb-adb19dcf0cf2", "value": "1 Total New Invoices - Wednesday May 17 2023_1062.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "281b53e6-f638-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684495656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495656, "uuid": "a78904a8-c374-4b1a-b337-25407ceb410b", "comment": "Malware payload (GuLoader)", "value": "6921966b0378fe2e4daa77173448d034", "object_relation": "md5", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495656, "uuid": "4a9e38e8-766c-428a-8b73-91b22dd69a86", "comment": "Malware payload (GuLoader)", "value": "bc671169f3b7f158b63c97be59f23c2319b1cd35a12275a10caf9c0bc753f378", "object_relation": "sha256", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495656, "uuid": "85ac05b8-6a4c-4647-9192-aa423d47ce9c", "comment": "Malware payload (GuLoader)", "value": "4db627cff2af5de1f7ceec1ad1125a4a9dcefdab", "object_relation": "sha1", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684495656, "uuid": "16216a3d-3d6a-46ce-bb28-19472c28c8ab", "comment": "Malware payload (GuLoader)", "value": "32dbe0a0cdc3732de5635f70868dddcb90e93653e20efd8c888e37c258ad4e2f1bb3a18e4cbea4a2d400d6a0562937c7", "object_relation": "sha3-384", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495656, "uuid": "313828e8-3547-41d8-8af9-9eba3c4661da", "value": "T10574235DB65572AC366484B204BFF187F227FD4B0A30A24D21711C83EBB58F5E8F616A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495656, "uuid": "07dfc10e-4355-4bec-8a43-7e8cfd60c5aa", "value": "6144:PfZhluIc4qHV3e2SuoWtfYUR1flKM9ufvMgxZtE61PnoPFHGLBCEumgGJ3:HzMCqHV3eJuoWFslEgLa6WyaGd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684495656, "uuid": "e08cdbc8-4f96-4454-acb3-ab90908f4757", "value": 345513, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684495656, "uuid": "aa5b6af7-ed91-46b0-bab3-e2cb91743cf1", "value": "application/vnd.ms-cab-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684495656, "uuid": "e01b8b61-b673-49c9-9f8c-0617a40b2f81", "value": "nRFQ-945730101-B0000005023019.cab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8d274cb-f5ff-11ed-b3cf-42010a9c0076", "comment": "Malware payload (LummaStealer)", "timestamp": 1684471472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471472, "uuid": "3d1dc573-2216-4985-8b13-4964318b9b1d", "comment": "Malware payload (LummaStealer)", "value": "d935841277b3b4522101cc127c4e2ee1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471472, "uuid": "7e2c28dc-0ee3-4106-857f-581d5ec4e5bf", "comment": "Malware payload (LummaStealer)", "value": "bc7225119107bcfb0e358f4fe910adb81b23890ce2ed924acb0a7482eeaab59c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471472, "uuid": "ef7ed635-50f3-48d4-b8f6-8ab8a9e7117e", "comment": "Malware payload (LummaStealer)", "value": "fc23ae76d9ee274313787e15bb3d9d04819beafc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471472, "uuid": "4893fcf4-5e4b-4aed-b7f9-28290c8feca5", "comment": "Malware payload (LummaStealer)", "value": "ffaf48e404c3570216e94211f8842ec5a6c923fd8bc5dce6d1dd76563701ec2a4890198e916412567935375c40cedd90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471472, "uuid": "84161496-9862-4966-b862-4f61cefb90fc", "value": "T18026338364E6D9B2E6250939A889FB65397C7C302F32E127B7E8057CC535290E925F73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471472, "uuid": "077ddd80-dc37-4804-b159-cf8b75fbb4cc", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471472, "uuid": "5cbf975b-49ed-4977-a8bb-a2005d235a29", "value": "98304:V5SVT7lWSbmaQ2MRiRJsXmFb55E9SRoy6bmPCTEzEruZCrdGAPCZ:VYTzmaQ2MaVFbZyHbloEruZIi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684471472, "uuid": "cdffa2cd-b2da-4b52-a621-c1fc010d8507", "value": 4584543, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684471472, "uuid": "d8409f0e-5f5a-4a46-96a5-6970bf958ee1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471472, "uuid": "8cb2f3f7-d37e-4467-93fb-9538cb5f3cc2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be20eaff-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516095, "uuid": "2676409d-75b7-4166-8cb9-b1e232c48a8a", "comment": "Malware payload (Amadey)", "value": "676cc3a04d5a43ffe10da1386cbdc4e1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516095, "uuid": "f04246a4-c650-4a7a-9a1f-927c5f763405", "comment": "Malware payload (Amadey)", "value": "bc85ba29db1cf3bfb61946638b8096047ac39c80290aa13c23d93574447fc11d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516095, "uuid": "33a67411-1c40-4e5d-a443-3e377175ed5a", "comment": "Malware payload (Amadey)", "value": "68326297b727852d2420d1f44565c496d0aead1e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516095, "uuid": "d55ed746-1b48-4b7a-80a3-8b418bd2443b", "comment": "Malware payload (Amadey)", "value": "d059e397c8630d82504fde7da5a53691ae25e8a83070642a57e8847d77139c62c03287923bbd76b0b4796cddb82e492b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516095, "uuid": "57c19d38-76f1-460c-9586-8030aac00550", "value": "T131252323F7D66873D4B927729CFB07431F363CA16A64C2A73481A8066CB2780557277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516095, "uuid": "5fca85e7-a352-4f59-9f3a-e19230b47b3a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516095, "uuid": "e362942b-1af2-4adf-acec-7164a44bcd41", "value": "12288:sMrby90B/zruwjHR5qdH8YoJ2h+o1viwR51eZQ6Ohaybg/nTNAIsTB2TGXnKLQV/:3yKrvXBY+o15w3gC+MTfLYeTd/+TCe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516095, "uuid": "ed2199e9-34c7-47d6-ab9f-2e8f7565c133", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516095, "uuid": "25a6d8f0-7c42-402b-9484-be98e817d23a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516095, "uuid": "3d7b929f-5324-4cf8-ace2-366c9df146fc", "value": "handler.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5226c8d-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684477049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477049, "uuid": "54a0941a-eaac-4a54-9397-795c10dc4f16", "comment": "Malware payload (SnakeKeylogger)", "value": "0fc7bca144605fd1371bd39fb9478488", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477049, "uuid": "91c5d14b-dc13-4e04-95b9-e96deeed8583", "comment": "Malware payload (SnakeKeylogger)", "value": "bcf0d3bfb639d1bb1b53420da701822f3a95a5cc658ca0fe13e0201563334ef7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477049, "uuid": "d282d440-4cac-407a-95ed-4163d4fc5734", "comment": "Malware payload (SnakeKeylogger)", "value": "1930540b22bae1c42af3bb7c263b4fc928da1087", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477049, "uuid": "5ac3cad8-3093-45e3-9cf8-247a374c5059", "comment": "Malware payload (SnakeKeylogger)", "value": "b63d4ef66f1d874d6b50293b928c2e10856c63a01351166740aa66b3fbfb5e062b7cb9323b26c8467e0621a4692efd22", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477049, "uuid": "5809f358-720c-4509-9528-5d7a9d3af8ca", "value": "T1E0633B39375C5E06E9BD0F75AEA301548FF9EE039903E32F688938990B7D35605E21E1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477049, "uuid": "475540d8-c14f-4746-b02a-4cfd93d0dcb3", "value": "1536:ovG/i0p8Q5kAnSKWEE4ujqb1Z7BcCEsOKoAcfgfF:Xbp8Q5kfI1ZtcQO1AcYfF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477049, "uuid": "93c482b1-78dd-4dbb-8938-5892b4ccd39f", "value": 72192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477049, "uuid": "3807fc17-cb12-4b75-b3f3-6b7e3c886d63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477049, "uuid": "e33863ee-ac71-4201-8a5c-802b38493ce3", "value": "Ezelgl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c992fbe-f64e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684505113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505113, "uuid": "506a49eb-8c3b-46e4-b03f-2c3c1685a1c5", "comment": "Malware payload (zgRAT)", "value": "a5c83c6ebe289f10bc234898385e889e", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505113, "uuid": "18a24284-e318-450c-8468-a0429e8d8233", "comment": "Malware payload (zgRAT)", "value": "bd176aba121ee1111813afe94594ee38b7773dc660833775dd289060db7fe6af", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505113, "uuid": "27fcd2bf-5bc9-44d1-9cb6-911deb83b47d", "comment": "Malware payload (zgRAT)", "value": "22d30090942fc7b1f266028450cf05c72d82f4c5", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684505113, "uuid": "f33a6e76-d25c-41d9-bb9e-6600f22d7ae5", "comment": "Malware payload (zgRAT)", "value": "697ef7a29f02ee73e4207fd2b411c0c63e25b5a3c66be2f1cf4c31205d8939b568e6b347c3451dae7558686a4231c1ad", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684505113, "uuid": "5d43aa4c-0af5-4d95-bc45-f88fdd0c5b55", "value": "T1F834DF0A3BE05B0ADA8895B4D0F3293116E3A1CB3D72E7853B4446D20F427D5CE9BB9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684505113, "uuid": "611b4efd-804e-454f-9849-d1a0a28b8c63", "value": "6144:2MMEA9YT6HlpvxlktuwpWJe21UZpeo1ObSFRXXpvj5:XYYWFvlauwpnbnIyRXXb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684505113, "uuid": "80ef44f0-d138-4e49-b9a0-eadb190c923e", "value": 244288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684505113, "uuid": "512fba7f-949a-44ec-a314-352549d14e16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684505113, "uuid": "46e05c26-c9cd-4c68-8f7b-0be43e9706aa", "value": "a5c83c6ebe289f10bc234898385e889e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94b68667-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684488108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488108, "uuid": "eca37f1b-f1b9-40b2-85fc-96b053b09bbe", "comment": "Malware payload (RemcosRAT)", "value": "9d17cc4a91ed5769766c497bc6b9c2b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488108, "uuid": "5b3c5661-bfcc-48ce-b887-721069c02e2d", "comment": "Malware payload (RemcosRAT)", "value": "bee07b4c4a6fb401181ad650b848f3bcf2eed188a057f51103d7115c3b00f419", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488108, "uuid": "2dbe237c-34f7-4533-af52-e1882c9816e9", "comment": "Malware payload (RemcosRAT)", "value": "1e07433c9e8c845d3e7684a4307aaced7ca7e576", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488108, "uuid": "e6d45675-c355-4e28-b713-3aae90a2014d", "comment": "Malware payload (RemcosRAT)", "value": "f5a8547398f8313fdea27a86f3684f0c3eec332ba4d9ea5b50253758127258fbab9107f78d61848f28fb6c4396a7bb09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488108, "uuid": "5eccaf1e-2ecf-4721-a935-1e9869d50e9a", "value": "T194C423903BB39973DBED1EF61F723660F768A811136185AF5790278138366C6CA3E2D1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488108, "uuid": "175a9d72-6348-4e8e-af4b-b5fe93d6b05a", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488108, "uuid": "21e1055e-36e1-4431-a9b5-2cb5e3d43eb0", "value": "12288:ZLf7vtrbPRiwMZ2zT/OP9tleoSzZchCqmLkW7+xqbtCAl:ZLf7vND8wfCP9eo+ZrlLaxml", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488108, "uuid": "5aedb03a-432a-46fb-a871-6a66eb36ca92", "value": 562605, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488108, "uuid": "a43ee62d-392e-42bb-870f-96661b8b9b83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488108, "uuid": "84dccd43-bd3f-4a98-a82d-a9648083733e", "value": "Order List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dfd930a6-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524312, "uuid": "d8499f68-72cd-4cac-9d1d-d68165fe3503", "comment": "Malware payload (RedLineStealer)", "value": "08e70ec729eb3e199d3fe8d2dfa8a3bf", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524312, "uuid": "c79ccdcf-3224-433b-998d-86d0ef945e7b", "comment": "Malware payload (RedLineStealer)", "value": "bffdb6a02070a9f7a166c3bd0827f7388d6de8e9580b683c8b86724a5f2df7c7", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524312, "uuid": "d4d602e5-b295-4513-a6d0-999c54ab848f", "comment": "Malware payload (RedLineStealer)", "value": "761db0eff6ee02dd4eefbd99adb9b8aac583d503", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524312, "uuid": "52b9a0e8-7da7-4c3b-8fd1-ef2208d6735d", "comment": "Malware payload (RedLineStealer)", "value": "5b7fcd84024b4ab12c7087b45052119025df97feccaf7eda9e13b894c9b7fe968951d106e929d0de87075da19684e538", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524312, "uuid": "408dcbfb-71e0-4c0d-8811-6ba38d71c6d2", "value": "T1BAE3D424279F8934D6BB4E3D6CB19CC076BCEC12A542D74A4ECDF15A3A33B809B116B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524312, "uuid": "f36e4b9b-40d6-432f-aed3-070bce407e24", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524312, "uuid": "30fbe1f4-7bb8-49e4-b0b7-b579975ae25b", "value": "3072:FV+m5c/QmRSNAwMqLza9nDEFth2ZG8e8hR:Fj2FD0IQth2c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524312, "uuid": "bfe132d9-103a-426d-a60a-5b68476362a3", "value": 149063, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524312, "uuid": "dd7c390a-ab84-4ce8-b0df-cc2e3ee99445", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524312, "uuid": "b21490f0-a7f1-45ff-8d08-eef9bd7bd6b0", "value": "AI.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b8ef91c-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497810, "uuid": "4ab2cb55-b298-4fda-9db9-1acfe244577a", "comment": "Malware payload (RedLineStealer)", "value": "9fb5daef038b4f27390504db1a7115df", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497810, "uuid": "b15c459f-b46e-41eb-8c9c-e238c0883042", "comment": "Malware payload (RedLineStealer)", "value": "c065a2b4cad68a19034725733fbb22496c47caf6d76210973283619ed83650f0", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497810, "uuid": "c189c61d-1c35-454c-8c83-ded02807385c", "comment": "Malware payload (RedLineStealer)", "value": "625c416aefcc40240781462031748739791093e7", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497810, "uuid": "4247205a-a2b1-4a3a-a96f-f12aebdea4df", "comment": "Malware payload (RedLineStealer)", "value": "24cc3be2c35a40c0da3a74bedb9bb0857d930a3bb6c9fdfef6a968dafdd33128b0cbf0346fd859c6d3aa1b0f321f4468", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497810, "uuid": "ee2b64d7-3c7e-4f69-b1bc-a31a7a624f11", "value": "T1B2252211FBD890B2E8F15F7199FB11432E357C8298B4936B124A68672C33F94B83576B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497810, "uuid": "e93c7879-a8bd-497f-aa91-b168a1b4ab8a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497810, "uuid": "0a9cd3c8-7d8d-4c61-be58-180ad8481892", "value": "24576:ByKnZ8bEgZNj+Q6eMJeyYqgZdYSTY8SLHXs1wbvUy1q:0yyLj+Q3ilgj1yHmB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497810, "uuid": "46717c0f-7152-4737-ac87-93b0ca8c74d1", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497810, "uuid": "8bd636c2-5051-4d74-bc86-8c2f69b3018c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497810, "uuid": "24faf732-f44c-40f2-a21d-96a76b452282", "value": "monitor.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24ad3e39-f666-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Phorpiex)", "timestamp": 1684515408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515408, "uuid": "b110c4bb-2050-4878-a587-e8e519672edd", "comment": "Malware payload (Phorpiex)", "value": "0a5a449696a973efb9a2923e73329426", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515408, "uuid": "730113dd-f430-4bb6-a8db-26e12807270c", "comment": "Malware payload (Phorpiex)", "value": "c0d0c774fac8fc0e7e4eb31c2298cf43ed1c40f9bd26cb2ec7f6e2e3bbc12ced", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515408, "uuid": "94ac5efd-571a-4a39-baf1-2b3d0a6ea3d7", "comment": "Malware payload (Phorpiex)", "value": "bee102a7b40922efe2ed4a571ac9e90dfae90bce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515408, "uuid": "65079613-f53d-44d2-96d5-b44678f1b091", "comment": "Malware payload (Phorpiex)", "value": "39f7e41976432fffc9499949ba9049e4c9bd8b3360c3ce69e86cf295c58e5c127afe2c48f8b89b7d74651cd6a92d1d71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515408, "uuid": "bb2407f4-eb08-4d56-bc24-d4931469d9d8", "value": "T164E56C13B2C4503BE0A61B395D7BA394583FBE602A26EC8B6AF01D4C4F752436D3A757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515408, "uuid": "6ef5cb75-77cf-41de-b246-d0bac31f222b", "value": "2907307a55d83d0cace7bbee8a50a613", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515408, "uuid": "f74a25bb-f157-4e3c-a7a0-fd5aa30d6508", "value": "49152:sQx7JMowj2S9He7RNqyD2ZVVTHve9iZ/Tf1usE0rsACWLqO1y0GFTdrtU5:vFGq2ZVte9gUjLACWM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515408, "uuid": "f144bb6e-4844-4f42-aa48-2275265c0e54", "value": 3251848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515408, "uuid": "114c9b20-37f5-4a1a-b8cb-7032753d4ee3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515408, "uuid": "aa9318b1-ae57-4f79-a18e-871e07bd3e53", "value": "0a5a449696a973efb9a2923e73329426.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b480cc2d-f611-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684479142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479142, "uuid": "8bf75aac-a342-44b3-b7d8-c85c193281e3", "comment": "Malware payload (Amadey)", "value": "0f2668a03478f7ee1f36b19ca2e8182d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479142, "uuid": "8a3807b7-af10-451d-a10d-1584af871300", "comment": "Malware payload (Amadey)", "value": "c117868bcab5d84ff5d3305619ecce988e1ada6d83e6102023f919c30817ffa6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479142, "uuid": "156e6337-ef94-423e-b94d-811ebc50e16b", "comment": "Malware payload (Amadey)", "value": "d9ff1a21f98efbb96bdab3cf0f785e33c73b43a7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479142, "uuid": "e016a220-96b8-4314-8a03-b676e874bd5a", "comment": "Malware payload (Amadey)", "value": "7537e2bb0a62febb3423f141a835acc85bc978cf115b381b8e015fb29a9f551539de7c8e9a282d692fa188e0d1e6791e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479142, "uuid": "e9729212-b874-4113-8705-44b8e9ea2245", "value": "T1E8252307A7F98432E97067B09CFB23C30F397CA299B4832B27465E539972294717176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479142, "uuid": "1f57ecef-67fb-481e-9106-ccf784fa9e18", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479142, "uuid": "fd6645c4-a142-4edd-b15a-7416164b654e", "value": "24576:7y5GUgeWws+8AiLGI0I9hOT1Ar6CFBrbIwWP2ZmC2nzuT1tcS:u5xgHweKI0I9WEzrbm2ZmjzuT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479142, "uuid": "e06f012a-f168-4731-8f33-b2673950b88a", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479142, "uuid": "2b54a932-a878-4111-a53a-36b7bac65c37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479142, "uuid": "7e71b1a8-8327-444a-af4c-fb27608007c6", "value": "0f2668a03478f7ee1f36b19ca2e8182d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a483129-f610-11ed-b3cf-42010a9c0076", "comment": "Malware payload (WSHRAT)", "timestamp": 1684478427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478427, "uuid": "269a9c83-fcd8-4c25-aab6-368b5745ec76", "comment": "Malware payload (WSHRAT)", "value": "caf0b9b20362d1d503ede2b73907584b", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478427, "uuid": "e38a1aa3-9871-41a3-be45-cd4d71d9f6ba", "comment": "Malware payload (WSHRAT)", "value": "c121c9e47a795e1a614708fdbc9da50031623e115e7c2f25ffbdd7534da8106a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478427, "uuid": "b7d9ba7f-cce4-4833-9363-9fb01cb13814", "comment": "Malware payload (WSHRAT)", "value": "e1474ab56c34ec4e13a899aae72fe095e3f54484", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478427, "uuid": "af936467-c8d6-49f0-ba09-4b00c722ffc9", "comment": "Malware payload (WSHRAT)", "value": "889734fde5b6af9d7d00b7e179167396395766b7e73a30a11ea4840c14746177632d65116b7982ee1aad575cc9769973", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478427, "uuid": "7000aef1-84ad-4f03-8ec8-d23bf26cd6eb", "value": "T17C151DC62A787906D3B3EA20C311D623BC74E8232DD715D67DC07E46AE76C545EBEA20", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478427, "uuid": "cb4372b5-286a-4c7a-8647-0685d1b3b1b0", "value": "6144:QQ3My8GgW0/CSQK1Ap2H5xv5vjPudGSDWs5DjS/svvT1rpoCDzY9pDxaD2zXK1X5:TH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478427, "uuid": "2ab60e1f-5314-43d1-afd9-36397a6ba505", "value": 921837, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478427, "uuid": "ce74fc1c-6a85-48c7-83e8-dfa7bc97dd20", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478427, "uuid": "eb18bd63-39eb-4477-a241-85eb10fed2e7", "value": "Tax Returns of R58,765.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55d18757-f62d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684491009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491009, "uuid": "a6f979f1-24fc-473d-aa29-307a96a1698d", "comment": "Malware payload (Formbook)", "value": "88f4d678b79d16820bf90404170118c7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491009, "uuid": "cf9acf3c-9042-4b65-9257-af2c674988ad", "comment": "Malware payload (Formbook)", "value": "c1548f41733077975fff5009b326af53e7b3d52d48bb44002ca88fc69f710a18", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491009, "uuid": "deb0cc80-a387-4466-b97c-9b59732621b9", "comment": "Malware payload (Formbook)", "value": "3f646a5f01639d990184ae7cb443fe5e6ce38683", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491009, "uuid": "8a5a37e9-3668-4ede-aab3-7c43e334dac6", "comment": "Malware payload (Formbook)", "value": "f452e43b7ef32945077272312ba26b80005469ba59cb9f4904c160f40ecfc91343b40867011edbee4470e21316b30e4f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491009, "uuid": "b004a947-47f1-4771-bf08-3ae4c5ba5f1d", "value": "T1A215F1D059A45821F1ABAFB946B3F23853796C91DB63830950E02C9B7C7BA927F017C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491009, "uuid": "4a124124-3095-4599-97d3-7e48c404d2b6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491009, "uuid": "9523a105-58e5-4ba7-bb2c-c5945aabd82d", "value": "24576:tP0t5TUUkC7S+d1Ly8DfAaVxN4BfwlkFh1:tP0EpC7S+dgXe8Vw6FT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491009, "uuid": "a74ae083-5572-45c3-81f6-ce278da1747d", "value": 929792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491009, "uuid": "6db4dfd8-3c0c-4823-a19a-43714854e5b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491009, "uuid": "4579d02d-f57a-4029-8e61-29082256ce40", "value": "88f4d678b79d16820bf90404170118c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ff273ee-f603-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684473094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473094, "uuid": "daf11e77-1483-4281-a517-5a6c301aa871", "comment": "Malware payload (Amadey)", "value": "785258c5f385f20f97417ae41f14824c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473094, "uuid": "d38fc1f0-052b-4799-a470-919e22b35e41", "comment": "Malware payload (Amadey)", "value": "c2ce63c80412c11d696692fb8095584f84b61f05eede292b9c14e156bc2a9b9b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473094, "uuid": "02fb7e86-d62d-4b59-bde1-68a1cec357e9", "comment": "Malware payload (Amadey)", "value": "57676a0fb984bab0ba2975ba26cdc1d8be92f835", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473094, "uuid": "0d5b46c9-7b83-48ea-bd74-36b0b5f4e374", "comment": "Malware payload (Amadey)", "value": "ad8093d3b40a5ec7bf92eed314e4ee641b15f5f5ce88a049f04066aa443798dd8967daccc24ca48f329f22b23f41e16a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473094, "uuid": "02aafbdf-92a2-4df4-bdd8-e2238f44e5da", "value": "T1E8252312F6F44173D4B91BB098F613C31F79BDA2687C462B2344B80D5CA3AD4A9B635B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473094, "uuid": "95052cc4-4e28-4767-bd9f-63b00a8f692a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473094, "uuid": "0f431605-c3dc-43b5-bcac-ed12c89d8a52", "value": "24576:cymCMcUXwu0ymt9/UhNAWfu0Fpo+a350o+M:LvMXH0yM9/gN3m0zC350o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473094, "uuid": "d81d57b2-27ea-481e-a16a-fd98af2743ba", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473094, "uuid": "dbd81c75-e21c-43bd-b179-fa4996ea7edc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473094, "uuid": "d0bf6afc-92ce-41ca-949b-9426ca0768ac", "value": "785258c5f385f20f97417ae41f14824c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06acdf52-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684512780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512780, "uuid": "8481fe94-5833-4171-b01d-e9b092836f21", "comment": "Malware payload (Formbook)", "value": "1d4a97957790389d66e1b678b08e9d1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512780, "uuid": "03b9630a-96e4-495d-90e5-77df1ba8e6e8", "comment": "Malware payload (Formbook)", "value": "c370659751fff9888445826997052a9a734c3619098c05347774ab4d3f7e1e4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512780, "uuid": "d0771329-14d8-4274-821f-b68f71c60363", "comment": "Malware payload (Formbook)", "value": "c00cc01b1d6e38dd98341eb218b166515526139f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512780, "uuid": "97cb2594-9de2-4584-98bf-2e4c1532fee7", "comment": "Malware payload (Formbook)", "value": "5086eab71756f69322d201868b67fd81476ced7592285af59909d8e636fd2424289d7b4229e398ba734cc7ec1b7049ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512780, "uuid": "36e9ef44-d524-4215-bffd-c7b44116b9af", "value": "T1A4F4DF2022B58B46E1BA83F49DE0D2F017FA5D9A743AC21B4FD6FCDB71A9BA50710513", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512780, "uuid": "caee9034-a7a3-4382-a5e9-4e9adeaede9d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512780, "uuid": "fcf99f07-54a2-4473-80a3-8a9752817c63", "value": "12288:zcqBkaxuYb/Y+p4UcOj+NllxH81vaYOkHNkrBjdSytNxb46H5ANtBszGOh:zcqzuYb/t4Ur+/OCYtIgwmDBsCM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512780, "uuid": "4850c99b-c5ba-43f9-9407-b360f97e207d", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512780, "uuid": "c0ab6d0f-4aa0-46fd-bc86-01f58de6a2c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512780, "uuid": "2a4390ab-9e64-4fec-a690-9592068f6db7", "value": "kredi Karti Hesap \u00d6zeti- 4508 0519.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92130722-f64d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1684504854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684504854, "uuid": "c47d8806-709e-4f1a-bd1f-01e721c8f125", "comment": "Malware payload (NanoCore)", "value": "5e9a2280ebd121390cd03583540665ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684504854, "uuid": "a1b43bbf-c368-4269-b2ea-59e650c9b152", "comment": "Malware payload (NanoCore)", "value": "c3c85bc2d59a9560763e241778e5989dfcd2f3b41e94be6e4fcb352c42f6aa0b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684504854, "uuid": "b5fc573d-152b-41cd-979d-7ec45661892d", "comment": "Malware payload (NanoCore)", "value": "6096c7fb75a64409ae711d0d783aa8f6eb5db7d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684504854, "uuid": "b23046e3-4136-4d1f-bfa2-e5c4a292ef65", "comment": "Malware payload (NanoCore)", "value": "a793d04b9b51e3347c54cd56da05e803b0d09cae2970a228de794df9b469cc8d264429acc034bf671a02f4419452fd67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684504854, "uuid": "7bc0e03e-7027-43d1-9136-5561a11636a6", "value": "T13465BF32EE699D65E2B8DF32DCF314006FA8BBD3D121C1C9384A22D9D5D3361BA51627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684504854, "uuid": "59793eba-2e13-4b00-8dd6-48706cfaa256", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684504854, "uuid": "c6d23754-e2fe-4288-9c89-4d51bc1d1216", "value": "24576:dW44Z2lx1HfZX2eWISgGCKx2iZ7YgQSs1BCl4XkYz7xkObTmeY/diadzuv:gIN2eRSQKpZEpfXBz7VmeSUa4v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684504854, "uuid": "b87b101c-f367-4bfb-96f4-97dfacb56d76", "value": 1537536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684504854, "uuid": "a2b110c9-1562-4312-88d4-7ca28c204373", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684504854, "uuid": "7cc4fe94-8ebd-417e-b8d1-cfbffa9c76fd", "value": "5e9a2280ebd121390cd03583540665ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb6253c3-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524250, "uuid": "c66c0462-aabe-4109-9ce1-9f8065979cfe", "comment": "Malware payload (RedLineStealer)", "value": "4be62ea2cc03e48b00f58136cf11a91b", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524250, "uuid": "1c63e346-21b9-42fd-9869-5b2dfddd38f7", "comment": "Malware payload (RedLineStealer)", "value": "c40239e7667dccadaefdadc226f5cb5674ebde2c2b66e7b6b96a41228fddba7f", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524250, "uuid": "2d70df4c-c301-430a-9dec-6b3f0feeb630", "comment": "Malware payload (RedLineStealer)", "value": "be330bff2e6a3453fe315d694447760254c2ae62", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524250, "uuid": "28b2e248-7843-46e0-8d66-671e85e3078c", "comment": "Malware payload (RedLineStealer)", "value": "3518bc1a2998662f985fd0e914ddf84f0acecba0ee03df741c0c620db2bea85fb2f7451b79434240d51f6377e90135d8", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524250, "uuid": "ce1a8a46-43b5-4e76-bed2-560decd1174c", "value": "T161252302E3D460B7E5F85BB058FB46C32A3AFE92A53857AF1395A9475C71A84247033F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524250, "uuid": "c54d4cfc-2c6c-431e-aedd-4c7063f5f8bc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524250, "uuid": "1a50e7ae-c8b5-4046-ad96-b554fc55048e", "value": "24576:YycJntFDW3XaTaGcL/bD0QfhM5DNc8RXoETPb1pBTulIAOXUunIGY:fUtJaNGcLbD1MVNlRYmPZDTulIAup", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524250, "uuid": "365473bc-35ec-48bc-b2c0-9032db86e4a3", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524250, "uuid": "8aeca4ac-bdc5-4846-9085-35aec753030d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524250, "uuid": "a2257a62-f7f3-466f-9f9f-c92a9535b9f2", "value": "21324.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28af2e3d-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466881, "uuid": "f369e639-b198-4624-9751-f985ea84ff36", "comment": "Malware payload", "value": "f8037fc36a2b014e897be4153750e630", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466881, "uuid": "d7e54add-f59b-489f-9b5d-ff32481b279d", "comment": "Malware payload", "value": "c4275c883979d69d63d877002f516e2aba8a87daa164bc91a10da309ecdb59eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466881, "uuid": "4c29d108-559a-4288-9823-d097643f1c95", "comment": "Malware payload", "value": "d25ba535c705b332a8cc210d927f9c1ddd079983", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466881, "uuid": "b0b78db8-804a-41a6-9f47-630e034ab4e8", "comment": "Malware payload", "value": "a09d6db43e5c888ebf591b616e56d8ad56056fc67ebf20794f33b38ca6afcc3c1309b640d2cb0ee7fafe4046ab332ea0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466881, "uuid": "782ac3ca-8a8b-4911-ba0e-1e0a36dd7c72", "value": "T1F6532A07B54240B2CEDCD77A27A8273A12FE150A0DE29843D629EFE51C761F1E4DA34A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466881, "uuid": "ff7c2b65-1cc9-463d-872a-fe3efbd55be3", "value": "768:mcA7sqlXg5KPZ7IfzorgjeT6lupVT1UQF7208HeNyVmYoFfsjJm:mcAAkezoeeT6lupVT1UT0hkoRsjJm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466881, "uuid": "11d1f9ac-66b9-4a1e-b8ed-51f6bacf0a1d", "value": 66560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466881, "uuid": "f685da64-7a74-4741-93be-e4cfbf550e21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466881, "uuid": "d038f161-1184-494e-be87-a6aae0a57114", "value": "SecuriteInfo.com.W32.S-909ca299.Eldorado.28538.20065", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60ab84f4-f675-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521951, "uuid": "dfe20651-88f2-4d2d-8024-a915ba7b1b33", "comment": "Malware payload (RedLineStealer)", "value": "efbf8719c0db0d1f7fb40df974f0f71f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521951, "uuid": "a87df6a6-87f7-4101-a274-3be93f59ad92", "comment": "Malware payload (RedLineStealer)", "value": "c45d9ba24cf0bfa06a2d725ab02811c96025418d7dab9e7644310e512f98ee2c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521951, "uuid": "c29f2dd6-22e5-4782-bc5d-e6b5615ef981", "comment": "Malware payload (RedLineStealer)", "value": "034690e2d27041ca4c9f47a1ca11b61342d7393e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521951, "uuid": "bcfbb8c5-4c4f-4459-8a70-4db54a7b3986", "comment": "Malware payload (RedLineStealer)", "value": "60ffad5e55093fa77d467fd58b31eab0da4b30ab690c390a8f90165900288ccfc4b1c71185960967dd8cbf8a2ec112db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521951, "uuid": "74439a09-8269-4717-ab57-0373849d2a31", "value": "T153948E039291BC65E52556728E2EC6E8761EF9908F1977EB221CAEEF18701F2C573307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521951, "uuid": "84d82936-7ace-49ab-9ce1-2bf2ff9887cf", "value": "b8e0cca9c8daf9ab8d5b3be250b7f319", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521951, "uuid": "f7b4a8bf-ce8a-4b36-a72a-1ddb676c57c1", "value": "6144:BfucdsN71NLLkJiqiXxIr7Iq+sTP39ZCcPs7+nS6H23xqT+8F:zsN7DLQJu27IOTP327+ux6+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521951, "uuid": "bfcd900c-946e-4f59-82a2-242e8ba02bf5", "value": 428544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521951, "uuid": "bbaa005c-96ed-46fa-9060-9c401629cc90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521951, "uuid": "561aaf86-dd07-4135-9608-c7afb5f43800", "value": "efbf8719c0db0d1f7fb40df974f0f71f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59462523-f657-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684509053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509053, "uuid": "21941c72-4ddd-45df-9c9b-f8109e82aace", "comment": "Malware payload (RedLineStealer)", "value": "477e3394a4378e8f7a9e28a9bc0bb9ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509053, "uuid": "467a3a91-dc1d-4b05-8faf-4facf75c1fa1", "comment": "Malware payload (RedLineStealer)", "value": "c4f487d44a5fb1a8e5c78b335d7b82c4e53bd5938ba0c392bd6aa49f6cf03781", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509053, "uuid": "b064463c-6d7e-4ea8-a331-13b6dc3e65a0", "comment": "Malware payload (RedLineStealer)", "value": "6034868eb3999b792cda0ca5dfa5b3675cac47e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684509053, "uuid": "8b99af4d-9d1f-48c7-a5d0-b24231a77844", "comment": "Malware payload (RedLineStealer)", "value": "46a06b352485ee632bbe0a4878737824dfe0f969b59c229497bd3625216c87f4e4ab23ae03f79ec1c2a4d3e10973dd99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509053, "uuid": "24344852-b6bb-44dd-a7d3-7da8d8e17f31", "value": "T12C252302AED88075DDB15FB498F712930E39FD61D87997A73381A92B5CB3194B27032B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509053, "uuid": "5acafa90-4120-4649-8ad7-92888199f997", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509053, "uuid": "f477a66c-6680-471b-9e85-fe9e73afb84b", "value": "24576:pypDm9m4nZBhbEKAvgzl6ihd9gxJ+k0Ty+YE8j6D:cpDm9pnZfqgzl6i39Wp0Tyx7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684509053, "uuid": "ba1fd3c0-f018-4e9a-ac91-9b8d7ccc7514", "value": 1044480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684509053, "uuid": "a7d11818-e254-4d37-922e-a72e42b19af3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684509053, "uuid": "b8bfa6d6-2d45-42fc-b698-a243e85fd63f", "value": "477e3394a4378e8f7a9e28a9bc0bb9ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99970881-f66e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684519040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684519040, "uuid": "b541f466-bfbb-460c-bea2-3c9867ef9453", "comment": "Malware payload (BumbleBee)", "value": "37cc38ede93ceea4cf2d46233853c7dd", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "mc1905", "colour": "#5EDFFB", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684519040, "uuid": "0218b350-d453-4b71-963c-ca54bd461870", "comment": "Malware payload (BumbleBee)", "value": "c5e1089ccd97a0c10fe296a313a5f0731bc883ac5e0d6309164ab8f0bc7652dc", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "mc1905", "colour": "#5EDFFB", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684519040, "uuid": "7cbc16b5-7514-44d4-99e5-25d2c2778847", "comment": "Malware payload (BumbleBee)", "value": "5297393a0c7b91b028f38662289b26cf6bcacecb", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "mc1905", "colour": "#5EDFFB", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684519040, "uuid": "39785aac-c985-446b-97c6-726a2e30f502", "comment": "Malware payload (BumbleBee)", "value": "1cf9c4b77a0bdbf8d3461cb6191b274523a348ef7888c0929b1ea9492f10b0bf605e59d858206a9046593fa877ef8491", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "mc1905", "colour": "#5EDFFB", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684519040, "uuid": "4c7eed7e-cf0b-4870-90ae-98a7605262ae", "value": "T1F313F1B8ECA11706FD4816B33481EEA989BDDB520BDD9E1A7C1ED790C300565F1348BE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684519040, "uuid": "4affa3cf-a69f-473c-a100-ed0d34d71c77", "value": "768:CCPUY+0AObVhbFh89Peix+iAqn/MPUTYewnlPNV1REkjrr4T9l3Z2kU8AR:BAi3zuPeqvn/MPUTmnl1VEkjrrml8TR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684519040, "uuid": "96ac0192-49ce-4376-ad5a-1a74899a47b5", "value": 45070, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684519040, "uuid": "9bbca677-0bc8-43e2-bb51-8110bdd68dc9", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684519040, "uuid": "bd750276-53ce-4612-bb47-a7ac8ecd0907", "value": "Contract_Copy_05_19_83.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eedf72cd-f694-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684535504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535504, "uuid": "b5d09f7a-15bb-4406-9c56-419398225893", "comment": "Malware payload", "value": "8feb027f7f576305f86ff60fb666eeed", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535504, "uuid": "25739a24-5e6c-4c0c-8404-f01b0cd14f93", "comment": "Malware payload", "value": "c71a4e12fa53418a1c169b268e93fa9eb49c6c4ce3479c840ddddf06b917eb54", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535504, "uuid": "fff7b461-1170-45f8-8df8-3a1bbf7a0212", "comment": "Malware payload", "value": "6612f7cbf5949cc18dc577e81b8cd18c54581fff", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535504, "uuid": "8fcae781-a90c-4841-a227-8e0c24dec2f5", "comment": "Malware payload", "value": "3bae1272c7aa3b5d45e03ec743b5d327ad59ea89a1f7e308aba85476bce5f095885c02da307b2514e58795ef3db69dd6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535504, "uuid": "a5b5b2c4-4458-4096-a055-e68b311d8d6c", "value": "T145A2F8C5B9819A03C9D40277FB5E42CA7F265358F2EE73036E162F913A96C6B0E3E541", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535504, "uuid": "dc730e46-a8ed-415c-995c-f017922c1753", "value": "384:egbjnqMEkunq1vm1ZJ2LgBKfbX0UUzBNoZh+YII+6VyGgFx4e:el1A4ZJarbqNoZhKB4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684535504, "uuid": "fd61d7ca-30ea-4e39-8ea5-750e77b2e524", "value": 22444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684535504, "uuid": "36201de0-e3d9-4e4f-83de-6d60595dcc9a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535504, "uuid": "11c0be1c-09fc-48de-a735-b172f733ac52", "value": "SecuriteInfo.com.ELF.Mirai-CCG.19291.30528", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50d26337-f69f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1684539963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539963, "uuid": "f5f894bc-5e35-425a-879c-19381e561ca9", "comment": "Malware payload (Gafgyt)", "value": "3574d5a0a777b6be4655cf1ceff5eecc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539963, "uuid": "6283702f-71d9-4dee-b91f-6fccabcd57cc", "comment": "Malware payload (Gafgyt)", "value": "c76c4e0ec70fe14cac73e0f961d3e2a64fd9f6d82b1f6f820a5362240106e59c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539963, "uuid": "022418ac-e700-4ef7-b87b-6dc792b93067", "comment": "Malware payload (Gafgyt)", "value": "a567e0b460709b48ff6029e0c187a2fc102c7ba8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684539963, "uuid": "6285bbd9-466c-4644-878b-b6ced5c01c27", "comment": "Malware payload (Gafgyt)", "value": "39006211a25aef08777e3d8b9fa270f50cabaea8531e54ecc561e5209ec6d5b9385ca311786336f372ccbb1e5c36abec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539963, "uuid": "377bff6e-acd1-44bb-9a71-9143453f256a", "value": "T1F7D31905F4608757C2D217BAFA4A425D37221F7893CF33256A28BEB42FE1B981E79531", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539963, "uuid": "b0972729-f49c-4d99-88f7-ce12bbea9067", "value": "3072:CdHpf5wyawRCzQArASotpJy3kpkYzftmCQA9FX9aH:yHPwyawRC6pJy3ezftmCQA9Z9aH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684539963, "uuid": "680b6455-c944-47dd-a960-2af96094d3e7", "value": 139577, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684539963, "uuid": "49a7f2d8-bf6b-49d6-9fed-0102773e8b1a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684539963, "uuid": "3ea22347-89e9-48fe-bcd2-b9d0b0c6a95e", "value": "3574d5a0a777b6be4655cf1ceff5eecc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37f8651a-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1684516299, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516299, "uuid": "383fd558-ddba-4230-afc1-d7c2a148cc99", "comment": "Malware payload (Smoke Loader)", "value": "d20d31a0e64cf722051a8fb411748913", "object_relation": "md5", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516299, "uuid": "18a3deba-fd59-4ae5-8017-aa236bbfed02", "comment": "Malware payload (Smoke Loader)", "value": "c78bc4fb8955940b3ac9b52cb16744a61f8bdaf673fd64fc106465241c56cc6c", "object_relation": "sha256", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516299, "uuid": "0d1b3817-ee5c-4a1b-8c56-6d0e2442d16f", "comment": "Malware payload (Smoke Loader)", "value": "6a38bf745dea8818ee00891231878b2a27a93293", "object_relation": "sha1", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516299, "uuid": "99001975-188f-4786-8e28-fbb8fdc29b88", "comment": "Malware payload (Smoke Loader)", "value": "1e0065ccb67f4cff2978723b43bd2a7c634942b49b24f2e7dbe63c9dde74136a127f1b7829be455c7122b0f917dacc22", "object_relation": "sha3-384", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516299, "uuid": "aeeeb49d-b1c0-40d3-a8fd-d541864d2d9d", "value": "T121644B03D691BC61E92646728E1EC6F8761EF9604F4977DB2218AFEF14701F2C5B2326", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516299, "uuid": "919c7257-9b69-4eb5-adc7-4891602d91d4", "value": "b8e0cca9c8daf9ab8d5b3be250b7f319", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516299, "uuid": "0fdbfc2c-ec98-4e1c-9cfc-ee0b01ee8622", "value": "6144:GAvSVEiHRUTuLcYWWxAYkhLSxjKX929JqT+8F:SEiHRsuLFWUAY+LSxjJ6+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516299, "uuid": "43821b96-dd62-444a-9a13-b4c77c8a6034", "value": 333824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516299, "uuid": "84eb6c1e-899d-40d3-a32f-e78c55908ba4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516299, "uuid": "49d50b52-fda1-4225-a0eb-7478daa2b23b", "value": "cumloader.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50809eab-f668-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684516340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516340, "uuid": "18961c42-fbda-4c00-bd11-fa20fb3d73fa", "comment": "Malware payload (Stop)", "value": "2435d98b76df06b4bb6ab37ab0fd5c44", "object_relation": "md5", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516340, "uuid": "c011d21d-eb71-4990-8ac0-7349c5e33f19", "comment": "Malware payload (Stop)", "value": "c7b100a41efd1967947eb511df59cc1ca3d05ec34c9dea2ca3a6865d69599d3c", "object_relation": "sha256", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516340, "uuid": "1cb599a5-4af9-48f7-b45b-65ad9b2e129c", "comment": "Malware payload (Stop)", "value": "9efffa5217f7fc525683d7adb4cd6c7a73dc017a", "object_relation": "sha1", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516340, "uuid": "05b26f50-54c8-4698-9c39-564f68dc791d", "comment": "Malware payload (Stop)", "value": "dac99f68b4aacf950193fddafe359309636be65de51773ef905d79a35f5f04545f9eae34575b059e4d99d1029c9855f6", "object_relation": "sha3-384", "Tag": [ { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516340, "uuid": "4900e6b1-ffe9-4a0d-aa90-564b0c0a8916", "value": "T19405D083A1D1BC53EB164672AE2DC2F8769EF9504F493BD722146E1B18711B2C97E332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516340, "uuid": "a328fda0-722c-4f87-b8ec-b62a1d09f74a", "value": "33ad97a6371f251a2ce2085c8f9feaea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516340, "uuid": "b6e6cba2-30a0-4b88-b698-21bddef83789", "value": "12288:LuantS8Vw3pyz4xEwSwwRQqo/TrOgxokzWMAZaxbO7+UatBTa+LDlRMCGaUuDu:LTS8CXx/SwwKqo+EzPIaI2N3nfl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516340, "uuid": "8c734e52-a5fb-4220-a444-eb251b66ab05", "value": 843776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516340, "uuid": "66e82d56-2570-4358-b2c1-c2a2aac4667c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516340, "uuid": "1c5ade39-4846-4b43-997f-98c9e816c17f", "value": "report.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ce8b943-f627-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684488497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488497, "uuid": "9b47237e-ecaf-4880-87d5-81613be6a0ea", "comment": "Malware payload (AgentTesla)", "value": "0f97e6964a7665e6d757ab2b24927188", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488497, "uuid": "481fa541-d927-4a9c-aa58-00db5c09f5fc", "comment": "Malware payload (AgentTesla)", "value": "c807db0db1f00afd22edc9e2d94cfa77434cb54493699bd6e12eb76566405ad2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488497, "uuid": "d729cb03-5c0e-4ab3-ac4f-c2eb9e678f20", "comment": "Malware payload (AgentTesla)", "value": "4f52f78772a1e6c5656712b1d2c84716c27cd62a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488497, "uuid": "2a5253e4-1821-422c-97cd-9e9ddbc493a1", "comment": "Malware payload (AgentTesla)", "value": "629ffefd5367f0c24d2bf5ec05ab3fe7fa537ccb1cbccbc33a9038ff1520339ae2f99ece64ff4ab75370a125c4e2e3c9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488497, "uuid": "3120e440-7450-473d-8f68-7468183d0524", "value": "T139E4E02022E48B4AD5BA83F45CE0E2F05BFA5D99742AC24B4ED5FCDF3299F610750A17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488497, "uuid": "c716a0a3-74f0-45b4-8459-369a1c15fc13", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488497, "uuid": "c26dd7fc-74e4-4ae4-87f7-f5037116baeb", "value": "12288:GqBjiezagTLki+LMrcCMS+9rZOKyFz/k+GDdW9pc6kKZt:GqJIgTQAw9S+9dqfUdWvcNk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488497, "uuid": "23a5fcff-1f72-487a-824a-25fc5f5ba39c", "value": 702464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488497, "uuid": "a73f58ba-3efa-4bc1-ae30-f9ae40f10003", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488497, "uuid": "b19e63b1-21ea-4b7c-aa42-459724b6da05", "value": "invoice_nota. n\u00f801 Modis.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2ddedbb-f639-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684496426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496426, "uuid": "06071531-cbd1-44f0-9b08-3d19462300e0", "comment": "Malware payload", "value": "2c47621b0f82b7e78a0071a1b7e254f9", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496426, "uuid": "2352a146-0fa1-4ff0-a5b4-71c30b8e9afb", "comment": "Malware payload", "value": "c8cfa3e673e416e2e973f82d5e0862d9b832f34d5736662a64fe0572a7d6c17d", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496426, "uuid": "26667d55-df68-4206-bce7-b1520810a05b", "comment": "Malware payload", "value": "b52f58c71e93cf23d61af46534f05dad55c28111", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496426, "uuid": "085fc3fc-a960-47cf-8d99-693e3a3fb523", "comment": "Malware payload", "value": "7d0c64eeb14e88ad413f9561e3b16ccba00363ee76ed491ba156a8403d96fe0df997ff14514f6ecb1949af6625d5e18c", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496426, "uuid": "5907d979-ae3d-4abf-8f08-43424d75219b", "value": "T14BA2553EB147909E4BEB4C7A4D7E0E6239162607C1065A823376B3F81CD4FD9E7285AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496426, "uuid": "57771638-580a-4189-8a1c-63085747b556", "value": "192:w4Yk4EVe9g8heKAuDAlg46M/kZgFe9yVq2fPWknkd9yj3Przr5tmCar7qKZ/vwF7:wTgkAuDA5pe9ylkPI3Pr4vwXrOOTEy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496426, "uuid": "4a4608f0-9a7f-4327-a396-098355228710", "value": 22561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496426, "uuid": "ee102c34-6a75-4f00-ac49-3713f96a8dd3", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496426, "uuid": "287edea8-6016-44aa-8a11-86f4aa21539d", "value": "Multiwool.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98949d09-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476947, "uuid": "4b49b98d-d602-4314-b416-df5e87e7893f", "comment": "Malware payload (SnakeKeylogger)", "value": "7635f02f9acbe9edcd9cf3812ce43288", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476947, "uuid": "c1d6288d-3ac3-4fe7-9e93-ff035285b954", "comment": "Malware payload (SnakeKeylogger)", "value": "c8e5cb57dae2f793b69092899e0ef525127ce2a75d93eb2be4d6d88e520cec67", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476947, "uuid": "02378527-6691-4a14-b23c-455f3b32fda4", "comment": "Malware payload (SnakeKeylogger)", "value": "b685dc10021896b0f67534cc360e65d98778a559", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476947, "uuid": "c52a04ca-5b4d-4bb3-8c65-20b16aeba62c", "comment": "Malware payload (SnakeKeylogger)", "value": "ce1918aa7eb91a7f19672180d66ee34ea346d35fc82c96d7c8d8d861056166f921496e2d5dc2deaad0db700787b90fa4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476947, "uuid": "23ae8b83-3f8b-4e66-b235-538e1e15e222", "value": "T1DD74AE31A6FA5A18F6F69FB9AA70114057B239D064A3D38D0EC034DA4E77F128B17397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476947, "uuid": "eb9c3223-14cd-4ee2-a9b7-5642af2db65f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476947, "uuid": "1968bb28-c937-4bcd-a887-7e655915f510", "value": "6144:zTFBekEYjeX+nsL+4phL6EgBJXWt7mDs66DSl4gGhQxTrhhBxRYy1+aePTFIfmeC:HekEYjeX+mLaJXm7mI66ul4NQxTxxRYl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476947, "uuid": "b5223e6b-0928-4a9d-8173-7b52152627c9", "value": 349696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476947, "uuid": "76883cfb-93c6-4e49-b725-9dc85f2bdc68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476947, "uuid": "708aff91-267f-4b76-966c-e3d6d7ddf65c", "value": "5456789FU.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c6af0d2-f62f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684491798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491798, "uuid": "327fe4d3-08d2-4ddc-bcd3-f0ff0f5dffc2", "comment": "Malware payload (RedLineStealer)", "value": "2c621b72dbcda5a4d4376872fc2f0362", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491798, "uuid": "1cdb79c6-889a-4204-ba44-ba764ecf6a3c", "comment": "Malware payload (RedLineStealer)", "value": "c9157fe5a43123ead58fc8acd7ba1b6b031b81b23f451bceef5d8368b580dab0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491798, "uuid": "332af016-1427-4c44-85ed-74bc08b59124", "comment": "Malware payload (RedLineStealer)", "value": "146fc7791f234d67eb91dbe890b7ffd5101b8399", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684491798, "uuid": "746e828b-8a96-436e-ab7a-2d70055b660e", "comment": "Malware payload (RedLineStealer)", "value": "4ae71679b11851ac60e34d80be79d63a10cd1e29603c066880256116db676f45c076c5053711fa0a67568e0028f92131", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491798, "uuid": "bb21cfe8-61f4-4487-af15-eefe83adc5f9", "value": "T1BF252313F6D99565DDB617B014F217C30B367DA54ABD83EB2B449A6B8C334A8B030727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491798, "uuid": "2a4515c5-4943-4861-8d4f-717b8c2b0549", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491798, "uuid": "28e3c089-9871-4c47-b4d2-9a6f56523874", "value": "24576:RyuZaolXqRctnf9M0V2Z86XYWmep9Q/7k:EsXqUFXV2Z86IWr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684491798, "uuid": "015826be-bbb8-4ad4-89c7-60c7a78645d3", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684491798, "uuid": "e49d36ec-d2b9-4a15-b35f-7fb9e0868958", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684491798, "uuid": "43378b3c-3f09-4f3c-84e4-ed823d63919a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc293e2a-f679-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684523876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523876, "uuid": "58e05526-96ae-4433-9abf-a8314823aae6", "comment": "Malware payload (Formbook)", "value": "1d26b03da3e4bd504c8173286d084646", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523876, "uuid": "bc55bba0-013d-48a5-b2de-229b0bd1d386", "comment": "Malware payload (Formbook)", "value": "c918d1ae4c1635db9333c72fa06a6b04afa4a2ab37f494cd24c5e3fbc6963ead", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523876, "uuid": "ec078975-3c98-4872-ada6-ffad0bcef483", "comment": "Malware payload (Formbook)", "value": "c566919ad41c290b2b40748f4e4ef49431fb6f0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523876, "uuid": "6f9de0b1-e047-44ed-b239-5dea83eed57d", "comment": "Malware payload (Formbook)", "value": "f7fb55255c7338a1a87e6ed26a67264b8481a9f86230648d366e44e9d1712680ff32368199d0b60394894263158f73a4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523876, "uuid": "76b08f31-7c49-4c3d-9935-fab70f03b349", "value": "T1E615D060AAE9D7CDD4240BF492D2D4F0076A1C69E1F9EA574EDB2CCF30B6A44312653B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523876, "uuid": "901ada19-2cb1-4877-9532-3e874560e8d6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523876, "uuid": "6ea79b23-32aa-4bb7-bae7-a94b156c384c", "value": "12288:X2iNfUFotEvZ418WMSx7MiqZoTErgnk8VnkYn7i8QB6QfI85:X1Bs0qZ4aW7/IrgnkAYv5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523876, "uuid": "9bd719e2-6449-4d0e-9590-768a85bf8ce9", "value": 922112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523876, "uuid": "a39951a1-1a40-4a2d-88e2-d89be4de4c35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523876, "uuid": "83911ff1-a975-458a-8b38-31390824c572", "value": "RV099278372-0288.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55355989-f661-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684513342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513342, "uuid": "ad0d8be3-06f1-40d9-b5dd-b17daca36b5f", "comment": "Malware payload (Formbook)", "value": "18efc23dae895465215abd13c1c86038", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513342, "uuid": "88b456a2-69e7-41e7-b449-e69e9ea1f3e1", "comment": "Malware payload (Formbook)", "value": "c955c4f58223f8e72a6f1d7f7e0090fdb849996784f225c38fa427709e1272dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513342, "uuid": "60d914d1-081f-4dcf-b9f8-a7300cd9f611", "comment": "Malware payload (Formbook)", "value": "902c3b537cec4821b0ffa9b57c06d241dd3d4064", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513342, "uuid": "aef5f63e-19ca-487e-980b-e27c6655fba6", "comment": "Malware payload (Formbook)", "value": "1074ed8da62fd9abcc00bf3eb065781afb24754eb2fb0decdf07a55cb042c98118bfa60f909b2b07e93e29f69f96e299", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513342, "uuid": "b35c21d6-bdca-4635-a8ce-127955f660d5", "value": "T165D4F13427D9D71AC02A837980E1C3B1A779DC42F462C7474FCDBC4BB28F6EA6660199", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513342, "uuid": "c0a4dff4-0092-4c4f-9153-a51c20153150", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513342, "uuid": "31e178b5-5b93-4d60-9999-f1e20452242b", "value": "12288:v22gMy3+pfE7Zr5stBlqr31vVd3JtDqX7Q4Wfs40Y:O3+p8SWrFXZtuXBWP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513342, "uuid": "38700a75-4014-4962-8579-af1a35c4d56e", "value": 656384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513342, "uuid": "1f422b5f-16a6-4a19-ac22-d4561d244eeb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513342, "uuid": "8df152a2-8dc8-4901-b17a-7021d2f79ad9", "value": "Overdue Statement of Account.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c8815ce-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497570, "uuid": "7e559278-bd0c-491c-a331-4202edfa1458", "comment": "Malware payload (Amadey)", "value": "127d3ee76fe21309282bc3e30897b962", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497570, "uuid": "484e7c0a-78ed-4961-a705-31c9e29a4517", "comment": "Malware payload (Amadey)", "value": "c968620ec8b779964952fc4808a1403b681ef1f1df1ed4fab214df507bf38fcc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497570, "uuid": "6ff8dee7-b8ae-40dc-858a-a39c2e3e6c33", "comment": "Malware payload (Amadey)", "value": "8e82b2a8b4e91e92921d1d898899917231a53f42", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497570, "uuid": "1c7e0fbc-5055-4708-ba09-9a291d24ca19", "comment": "Malware payload (Amadey)", "value": "7265aada37f60c184d2065bbbae60971e2bd8c8cdb99906074da3a25000be00770260b1eb38dd47d5c6e4cdfa0c00868", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497570, "uuid": "721877c7-6129-45de-abc9-dd4e5d6e359b", "value": "T143252213B6E84877C4741FB09CF613830B39FC119878D61F0344AAAE9EB3A94A576767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497570, "uuid": "2525aadf-28f3-49fe-95d2-26814b8901ca", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497570, "uuid": "031a02e2-94a2-4a0a-841f-c0a3aa793a4a", "value": "24576:IyGr5wW0t5YZLXJ7r9M7OhxIce8X6ph4q6Fywd+Ri:PEw55YZzJhIZphMFy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497570, "uuid": "cd057c0e-7089-4dd4-a95e-9a989e6abbde", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497570, "uuid": "f88871ba-b845-4b49-b89a-967d8913b4fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497570, "uuid": "98e4eee5-7315-413f-9928-7b6c6dc1fc1a", "value": "client.py.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "731d8271-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684499648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499648, "uuid": "1be9dfc1-2995-4a2f-b1e5-8513ade15599", "comment": "Malware payload (GuLoader)", "value": "ee003d5904c76e48228192c1ff786e47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499648, "uuid": "7aa3fcd2-c5df-4d97-a5e4-0d822ee06b40", "comment": "Malware payload (GuLoader)", "value": "c9e9fc3a10a439f7e685f46ac95a28c291c8586f0302603f2337547331ae7c29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499648, "uuid": "6a3090a6-cbb3-4409-9366-a787b0424462", "comment": "Malware payload (GuLoader)", "value": "91baeb13d806e934d9bfc91be5ea5b6eb0d75f3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499648, "uuid": "0d2f28d7-5309-4449-b764-33e6c9e81cf7", "comment": "Malware payload (GuLoader)", "value": "d2e581b68893d593dbdea483b482d344765ac74ea4ec8eae5cf9de12a1c5d00b209acb4a8e932e91628084058befd4b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499648, "uuid": "ee3a433d-0b67-45d5-adcc-9e5fda6e986f", "value": "T17E742355ABE1993FD1A9CEB40EF6AEBBE331401D40567803471CFFA61D378260F4AA85", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499648, "uuid": "ad78292d-59b5-4c69-af63-e28d5dc8f7e4", "value": "e160ef8e55bb9d162da4e266afd9eef3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499648, "uuid": "74777d25-3559-4113-a89a-0583e819a403", "value": "6144:h4SUjhtXAqTvkWqOs5PC+c5H9ByjuGHK2Tb+w/fw7FtbSJPB7A9K7:6XAqQWqp5C+c5HHyjO2nHHQFtbSZBMq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499648, "uuid": "356bb817-8ca4-4b2b-873c-b0ec49ea8b65", "value": 362995, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499648, "uuid": "f8a68f87-5974-4f61-b4b9-2768dd396758", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499648, "uuid": "e5026b4f-1681-4bc7-b8b9-30217d4ebdc7", "value": "SPL9015280.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26118575-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466877, "uuid": "4ddc6f16-51c8-4ee1-848d-7f6544195f47", "comment": "Malware payload", "value": "5acf1f9479c0bb5c8a79251d582cfc08", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466877, "uuid": "c7d5780b-452d-437f-878b-e0fd4c30e2ea", "comment": "Malware payload", "value": "ca49990c3bb94760ec2314969ca303e588df57dac23423a020f856260c193fd0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466877, "uuid": "ad2ed89b-1620-4734-9966-c253f29c470c", "comment": "Malware payload", "value": "9cbf7a55dd7d2b6618699b911fa846982074e664", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466877, "uuid": "de05cb8e-ac64-4417-a643-3aa08ff12e0c", "comment": "Malware payload", "value": "7e2238738c4020eac48d6b973757ac9e56ec8b517313d64d86a7d0343b8ee73f2c24dd1b1b1aca9befb3f52a72d42d30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466877, "uuid": "35aa3108-8fa0-41a4-aee9-842bb9f9e613", "value": "T1C6268C81F9029427E2530A75927AC732363DBBAE03163B97FFE45A2D9FF42453909643", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466877, "uuid": "d5930f51-0e94-4184-a4a3-449fa9c0a84a", "value": "24576:axJyr//5R5fFHzxBvSNlTwbAd8krRFqMpraobM4NjoyKOpZqe7+Q+QlXaK4E8m1U:3r//5dtZSdrHDpHJf7ZkQ+QlWEFgsGb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466877, "uuid": "5c0b785a-dacf-49f2-835a-8a5915f55528", "value": 4841472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466877, "uuid": "1801f2ff-0edd-4a90-a55e-82bf04d62406", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466877, "uuid": "c2d4816a-cfb9-4a1a-86b3-2b46c2f3a6bd", "value": "SecuriteInfo.com.Trojan.Win32.Rbot.19675.32005", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04032ddb-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684525661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525661, "uuid": "64980d07-6680-4fda-8f4f-23d98cd62b78", "comment": "Malware payload", "value": "43e28fa8e01ca00024d19039e639ba0d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525661, "uuid": "ca40b6a0-e1c7-40e3-bc62-aaf079fd3526", "comment": "Malware payload", "value": "ca75eff2131aa901821b65a12a90f2bbcf9b3fd3d09d57ef1637cc69c6bb02f0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525661, "uuid": "44f8f21c-a5d8-4dfe-8f6c-8428aa8b94ee", "comment": "Malware payload", "value": "2688abfe56023ff77b0cc26fc0fcf4a4c18e6f0f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525661, "uuid": "ce7ce3d7-b35c-495b-9e55-b16db921a8ca", "comment": "Malware payload", "value": "c1c8edfbcaa02cf0ee42040aecada9b300b486751a8a57ee8fd757b038b2417ae64a68b64b9fc6a29c4e47fb1ead6e01", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525661, "uuid": "36466b61-3b7a-4c64-bdfd-bb34bd428347", "value": "T161357D667F12EF61C058C3364DB38724C2E526A30F61015A765CD72C6E2269B9ECFBD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525661, "uuid": "72312821-ad2c-4be0-840c-e4c6bb393342", "value": "24576:qsFkPsgRseqq7s7L23vHkF/CZ5lfwNjcpzdmMqMSjG2oedCp/mpyS15FhextK:leLsL23vEF/CZ5lfwNjcpzdmMqMSjG25", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525661, "uuid": "25bbe90a-e904-4234-adb3-04352e8a932a", "value": 1156895, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525661, "uuid": "cdbdde76-78fb-41ce-86d2-3c7be8782928", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525661, "uuid": "acd97cae-4bc8-4352-8b33-4b8a5cc22049", "value": "43e28fa8e01ca00024d19039e639ba0d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "962f16b0-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684486822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486822, "uuid": "a5e7335a-2c65-4075-9c17-39343c34bd57", "comment": "Malware payload (Formbook)", "value": "87c9a6e50e504f802a27a0978c0b343e", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486822, "uuid": "43a7f4a1-6c61-4eab-a039-211e3d1e5c0b", "comment": "Malware payload (Formbook)", "value": "caa486affa4a68f61ed0f1d1a6faf1f2fb0238e7a23b5016aa3df4ea90808808", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486822, "uuid": "a3720ae3-066c-4be1-9b21-62b2f861a3c6", "comment": "Malware payload (Formbook)", "value": "6f8f2ccf921359fe30b560ffba0a851d041773c2", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486822, "uuid": "59dced73-78e6-4322-8953-b01e5ee1286f", "comment": "Malware payload (Formbook)", "value": "e28d6e594c693316373d820159664c0f4d710bb59fb36af42da684a3bbef273b8cd6c4a3e87986352f91cd6a1c663e49", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486822, "uuid": "c3b4cbf4-47b6-45d2-9c58-fa57fea049dd", "value": "T1C255F112D549AC4FC60907B16B4B7898A31E7E72BAC91A46371CB75F0FF36A8A503D0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486822, "uuid": "c926efb5-1d65-4616-bb7a-df235c8b2dd2", "value": "24576:qLK2/Ls/Gs+MXUz+MXUQd+FCIFikD8XyvO9QXjTnZkG:qLKAaZ+MXQ+MXR0Fp8Z/9QZk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486822, "uuid": "cb7b8614-e005-4269-8910-66a381986226", "value": 1355776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486822, "uuid": "2f9e1c9c-320f-40a3-b5fc-4541cb16d1dc", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486822, "uuid": "0b82e180-e352-4b24-9e60-23c2f237346e", "value": "FANcourier E1299785673758735.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa39abcb-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476977, "uuid": "f77c411d-e305-4732-94e7-aeb812001e32", "comment": "Malware payload (SnakeKeylogger)", "value": "640ff07ae1c9925f97ef18cfc66200ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476977, "uuid": "6063c31e-4a5c-4802-8007-ef93924808fe", "comment": "Malware payload (SnakeKeylogger)", "value": "caca41ded7766e3062137410ef48196855ed19f6f6f5acf7fe5a2031aea52361", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476977, "uuid": "2535cc89-9374-4998-b132-79de3dab5466", "comment": "Malware payload (SnakeKeylogger)", "value": "2a586f9175a5a1881874315f5c45833aca7a0639", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476977, "uuid": "cdb9204c-58b9-44f2-a719-3db5c9be52ea", "comment": "Malware payload (SnakeKeylogger)", "value": "c7b4e4aa1469c13fc6ca735cb8e7de434673fa81a271d36f72be194125a978ac3a8e00fdaccf17c1faf6f7020fb4a61a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476977, "uuid": "1dbed94e-2ebf-4ce3-ba30-7bde79db017f", "value": "T19D153DD0B1908A9AE97B07F16D6AD53016A36E9C5464C10D5ED9BF9B32F3342209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476977, "uuid": "fc329e91-091d-4547-8b7d-3336b4615ce9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476977, "uuid": "3cedf2f3-57c6-4b86-8032-bab05579b979", "value": "12288:IqBy4tCBMcUctKonxV4OxDcTygcp6huYwTxr:IqIBMcU0DxDwuTTl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476977, "uuid": "9adadbc4-4fe2-456b-aadb-eaf124a682f5", "value": 961024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476977, "uuid": "6b9b4689-d90c-449f-9bf6-8f238518aa15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476977, "uuid": "27fc460f-5313-4ac8-8e0d-029f43bdf4eb", "value": "Packing List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a6e194f-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497862, "uuid": "ad384bc0-efe1-4099-82fb-4ac1cf9435d2", "comment": "Malware payload (Amadey)", "value": "81b926cba8d234c4ad09a88801463005", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497862, "uuid": "f885b39c-740a-420b-9ce0-ed7a55a25b34", "comment": "Malware payload (Amadey)", "value": "cb4ca4a0ee89ad3049fe936c9970ff6b07a808e361a96de0d5ba95a5211f66fe", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497862, "uuid": "ce9b847e-b5e3-42f7-82ac-9052d7e3fc27", "comment": "Malware payload (Amadey)", "value": "4bece2478944bba79ec81ef9e252b336fd7c907e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497862, "uuid": "c1a06d88-07a1-4799-8279-3a5f995e13c4", "comment": "Malware payload (Amadey)", "value": "c1739ab97a39b4fb19d760ff7f1f1c97ec5388946862677fdf6461912f9f97602bbf07c782815c27b73931595bfaddb9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497862, "uuid": "ef618128-09a9-480a-8013-ea4e11235d0f", "value": "T17D252363EAC48473D979637454F702930E3AFD817E28C36B27918A8E4CB2A957835377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497862, "uuid": "ee4abd95-4f7a-494a-b171-2a7d553a9d22", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497862, "uuid": "12e43549-a393-4097-af97-dbeba2d261d3", "value": "24576:xym4wevVO62bXZFOOO7uHJoaCIcx+TZ9Goi:kTvVO6mTOOO7CJoPIpTGo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497862, "uuid": "e80d5802-648b-4f29-84d9-e66dc3fc2627", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497862, "uuid": "655df440-d8ef-4ef1-9158-d3357a0d2b75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497862, "uuid": "0bf3f92e-a359-4193-8c6f-54b53a3d425f", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fada4c4c-f632-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684493433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493433, "uuid": "916e4fdc-1ef8-464a-ac58-e2b72b195217", "comment": "Malware payload (RedLineStealer)", "value": "f15a99443b1a76a9e4b9c27975a37f98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493433, "uuid": "642ca529-bcd5-4aee-b978-34d9da530c8c", "comment": "Malware payload (RedLineStealer)", "value": "cc7a51b9b10a55377cd73bf6f3207eb5856e475ef30135b842d667ccb1df55bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493433, "uuid": "b51a9574-1eed-4a00-b487-6ae4aec0a57e", "comment": "Malware payload (RedLineStealer)", "value": "1ab182274552d63f4420d4ff7720a8f5899a3313", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493433, "uuid": "2ccc4574-290a-46f4-9d7f-a9dcbf372f0c", "comment": "Malware payload (RedLineStealer)", "value": "022b6b4082603a2cdc6c4b58a4ff0fdbe9815e93a9a487dcb32880aa25fdf41dfa5fba8c35b5948a31622fc831169a85", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493433, "uuid": "670c7c25-286d-446f-808a-125ca1cd77a3", "value": "T1F7252357F6E84033F8B117B05CFA1793273AFC92A8B9632D3A544A5F1DB2691603532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493433, "uuid": "5b40f7ac-3cfe-4213-af4f-751d79f94e0a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493433, "uuid": "9a945a4c-589a-405c-948e-30df431bc425", "value": "24576:Vy8XPNU+oMz+Bzc944IY4xOyxKapwWipLqW++:w8XPNPoMz+Bzc94nYQOoKaAq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684493433, "uuid": "d49bf5e8-faf3-4eac-88ed-f0cfabd9d76a", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684493433, "uuid": "1eee4e97-0450-4935-aeb8-ecbddfa763bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493433, "uuid": "b6703ec9-8f4c-4e49-8a58-e86f973480f7", "value": "f15a99443b1a76a9e4b9c27975a37f98.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2597b894-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684487921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487921, "uuid": "b366935a-e76d-44dc-bf58-789092be1f11", "comment": "Malware payload (AgentTesla)", "value": "e15fce57d8180b568e6e27bb06ddbe23", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487921, "uuid": "f28b2a01-2ac1-4113-b896-6002870de19a", "comment": "Malware payload (AgentTesla)", "value": "ccb7f3c0b4ca7addbcb2025f46fb9ea42c1eca54bd19a728ca81046cacf3fe0d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487921, "uuid": "55e50ac6-bae1-4256-ac00-5e2d4f371d41", "comment": "Malware payload (AgentTesla)", "value": "952597bffe6b064d30ab3bed69282d0ac0aad344", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487921, "uuid": "0336d424-737f-403d-816f-711db8a5fa3f", "comment": "Malware payload (AgentTesla)", "value": "08678e288c9534d10e3aa68b0ec3aa625aa6080e4f9064e864caf879cf25322919755a502c034dbc6c9a78e436f27641", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487921, "uuid": "e3c552c1-d019-4c40-a1c8-2bcb1d1766c0", "value": "T1EF15E1D03560A86DE16B9E794AB2FA3493742C91D717830A60E21DDB7D2EE936F013D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487921, "uuid": "119f5782-ba82-47ce-87be-a83bc6442ba9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487921, "uuid": "37d5db2b-29e8-4483-8e65-1e395a9efe23", "value": "24576:7P0tfLJ3Zphu0bqmXY6cnBtWiyldLr0TeJ:7P0BJpnu0WmI6E6ZLr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487921, "uuid": "30575fc3-b9ad-464f-9ec8-3f290ac560fc", "value": 892928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487921, "uuid": "e61b4e49-11d7-4e45-bb37-ff8b6e83a983", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487921, "uuid": "d5558dbd-df2e-498d-8d83-a1f4b7b28dca", "value": "e15fce57d8180b568e6e27bb06ddbe23", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f5ea464-f65b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684510782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510782, "uuid": "9efeb425-8be1-4919-b711-8dee764bbf42", "comment": "Malware payload (GuLoader)", "value": "56bdf07712e038fe95da768b9aed18c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510782, "uuid": "86988d31-da49-48c2-9678-4b29784f9b42", "comment": "Malware payload (GuLoader)", "value": "cd19232ea99f42148af7c54edf2cb43542aa03368cf36c582c716eeaaf6381ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510782, "uuid": "2c093f06-a160-43d1-8dcc-0bd8ff6ad1f2", "comment": "Malware payload (GuLoader)", "value": "4a1b85723a81ef2e941508ad746765e07889b7a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510782, "uuid": "e1a6a7fe-f59a-4509-91cb-872c8b4c3104", "comment": "Malware payload (GuLoader)", "value": "ab6b0f96cd1fa59f1c5e37f54bb2761e6a056432667ffccafb6fab5c377c2f688b9df42bd4ac12b0b13b4ce5e6c4870f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510782, "uuid": "3d41d533-34bd-48ae-be6a-83cb3b2aab2a", "value": "T16F059E62A94449C4F6A909F590AEB87442DF7E1A88B4B11D3E447122FFF11E20C7ED9F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510782, "uuid": "1fd1f7cb-3597-485f-9d85-b5a21df6985e", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510782, "uuid": "3acdf87f-e0b8-4006-b0a2-986604daf962", "value": "6144:4pQKBooKJJpcFHWuny++QGWocLhSMcniIoXujffqGJvaJFBitdAUvkDgq5w3j8RN:BX/cFHV5TGj2aBqGJvmbo8sTi+cduRY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684510782, "uuid": "46270e6a-35cc-41d2-be4b-b00573598b0d", "value": 832280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684510782, "uuid": "aff31ef7-043b-4f8d-9c29-7678fa8b9320", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510782, "uuid": "b7ceaa68-8f1c-4aa8-98c5-1100e49a63fc", "value": "MBL _ONEYNB2IG7895600_sw pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "232b9845-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466872, "uuid": "14e06334-cc06-4a49-a585-c8873ed18242", "comment": "Malware payload", "value": "bf0ecf57a08cdcc62242a5ccf54a28bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466872, "uuid": "b88a3cb7-6522-48b6-a806-6e61c2446495", "comment": "Malware payload", "value": "d008de640462f57ee04e051f297fb2d881df8746aeb7ce2ec0c88d6e7b97ad7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466872, "uuid": "a6132559-4ee8-4dc8-b997-53870ba4f677", "comment": "Malware payload", "value": "abc2052706f9feec93511facc90b0e9bb690061d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466872, "uuid": "c1b13d5d-2a3b-441a-bee9-0b40971853b9", "comment": "Malware payload", "value": "a00585fc292b0ef91a68e87106afee7075344b3f0255917890539dac102cf0af96c6bfc20c25c79eb67ec30e20d18988", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466872, "uuid": "5b8b0dad-b5e1-49da-84b0-ddc647e1bfbe", "value": "T113D48E12B2F34057E1DB2A719C6F46D4AB4BBE512E2768EB28D47F0C1F74251B920B87", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466872, "uuid": "5fd2de79-921c-4cc0-957e-b0173c78fc94", "value": "6144:JUB6pRQBk0cQrf5VrtdgOyn7BU2yYsiYu4q/e8mRtqcjP35VlB0BvK4yqktqiG5T:tuuCnrtdxyS2O68RrP3r0Bg/tazbhT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466872, "uuid": "453708c3-f5ee-4a60-9f2c-d60dca22c774", "value": 643072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466872, "uuid": "55f2d2b4-8002-4fde-bc71-765a05ddc408", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466872, "uuid": "e820e799-1808-440f-b4bf-3a1c4cf20bcd", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.7197.30087", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8617bf4e-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684486795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486795, "uuid": "a0f60d46-9c82-474f-9845-cae2af582657", "comment": "Malware payload", "value": "ecc9dd4755c01776671cb34d0bd389da", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486795, "uuid": "380d2623-0c4a-447e-a6ae-345979d0f57c", "comment": "Malware payload", "value": "d0396a9fb0adc7b3a5e6f47e813f50358f81701fbf420c1668a484b36611674d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486795, "uuid": "406eb5f4-0929-4193-8b9c-1d7f0174e4bf", "comment": "Malware payload", "value": "ff6998469ac2a3341de3de71767c3c1652cd1ba0", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486795, "uuid": "591d3cf6-0909-4c89-a2d7-5c530699322b", "comment": "Malware payload", "value": "ea0e7168d0e85f3caf816cf863ba5ade350f369a940718f71f50f03c0901a1011feb997d058fb5a403d0310f7796d686", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486795, "uuid": "417acbaa-1c70-49dc-a143-10c807ad99b7", "value": "T12A45F012D648AC8FC68647B16B4B7888621E7D32BAC85647370CB35F1FF36A5A917C0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486795, "uuid": "ec1a18ce-6651-4e37-85c8-a2f9968c712d", "value": "24576:aLKA/TA/hQmQmz+MXUS+MXU6NsawDuxoNXXXXXXXXXXDXUXXXXXXXSXXXXXXXXhs:aLKqud+MXp+MXBNs6cBQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486795, "uuid": "322d146e-6150-4d7f-8247-06d74493128d", "value": 1189376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486795, "uuid": "2d774388-3b52-4393-b904-cb2945577d61", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486795, "uuid": "d32a492c-d88e-4755-9986-6c934828328b", "value": "Productlist.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e7cb8f9-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466864, "uuid": "ae30cf99-336e-4855-a255-2a331172b510", "comment": "Malware payload", "value": "52292b2b7c6ca95c7f1fea466ea40990", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466864, "uuid": "d2a0bcf3-3ef0-4e34-a4e9-085f20abfd02", "comment": "Malware payload", "value": "d0c0c799c8ea0bd83afbe53ba8b6b194308a57135cc477c75f70e5a5fff84657", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466864, "uuid": "887bb479-3cc3-4a2f-b452-7d03c549ad53", "comment": "Malware payload", "value": "cda605b078d8aa0fbe6a8ae0401010c4bb224721", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466864, "uuid": "396c1c59-c577-4ae6-9b36-5bf49b93e4e8", "comment": "Malware payload", "value": "92e1083d179e739b5ca333ca5d750f8c7b06ed5aff343eaa1486ae942809fd642fbac45cabd61fa1ebcc264e5f26d929", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466864, "uuid": "9a3cb39e-7248-4530-a429-0686ed0cbe0c", "value": "T15FE4126E7B34D993F83C10B0B4E3C205AB20EC1991DA9E9764B3BB6F94B96511D0A06D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466864, "uuid": "5c43c669-60f8-4c8e-8cfe-de7dad7efe2e", "value": "486407cd87e568c954adcb1276175de5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466864, "uuid": "52195759-a5d9-4045-8bc9-117e650c87e5", "value": "12288:lJ93mOD372jLxG3sEc1bset/hBEB/5htiM2xoXFhE24rZxEZe9R+TT:P9tCPA0wet/sB/XtD2IFW24rZH9R+T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466864, "uuid": "0bebd24a-35a0-4596-836a-07953ace18ec", "value": 691712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466864, "uuid": "26ae3076-f758-453e-9bae-7b83b234321e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466864, "uuid": "98a62712-7f86-47d5-ad8a-ae645497d4fb", "value": "SecuriteInfo.com.W32.Risk.VYTY-6141.16160.27422", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e4a5eaa-f65b-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684510753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510753, "uuid": "8fdfdbfa-e04d-4dc6-b378-b41c799c7e1a", "comment": "Malware payload", "value": "3b085d7984aca314d99dd56151162101", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510753, "uuid": "357e7246-2aa7-4234-9348-216e41177170", "comment": "Malware payload", "value": "d11e5e0dfcb48aa4d26102b57e22ce5e4612e78e7df973cafd32e60def57ece0", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510753, "uuid": "9058a9fd-0518-4e05-a365-5e7c70ab9d3b", "comment": "Malware payload", "value": "2981dfde4544ada15d7b372e4e7b9616749da88a", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684510753, "uuid": "8b193e88-19f6-4c0f-8535-b4b8eb204763", "comment": "Malware payload", "value": "9f81f9ae1ea47dafa029e677a12adaf057db2b6957873a10405a30ca66fb6f01cdf6257f42700fec9cb318e5ca9c7652", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510753, "uuid": "32e17b4c-2a88-4e66-b296-11744e9d9952", "value": "T13545E003D648AD8BC24587B06F477898630E7E26BAC42987360CB79F1FF3664A947D0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510753, "uuid": "8b59351f-b70a-4833-aafa-c226dc62cc98", "value": "24576:wLKB/8LLKF/irmQma+MXU2+MXUD4YfaqNoTNXXXXXXXXXXDXUXXXXXXX6XXXXXX5:wLKxYLKdi+MX1+MXO4YnU5d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684510753, "uuid": "17771e4d-1357-4f23-9bec-7ed394f78e82", "value": 1257472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684510753, "uuid": "88d175b4-baa5-494a-9f43-27d30fe24f74", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684510753, "uuid": "cd4d0214-2943-4c08-aa43-d8b082986d32", "value": "swift.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a82cd786-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684516058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516058, "uuid": "a824afb3-5e78-4aa2-be60-1ae0990b3756", "comment": "Malware payload (RedLineStealer)", "value": "483e75e2927d6d22aa662bf18f7994ba", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516058, "uuid": "14233f7d-d083-4ec8-b52a-65fd355dab19", "comment": "Malware payload (RedLineStealer)", "value": "d1760389b88d25a81155092b1e83e5d674a1e11257276bc8fce720fd62320c58", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516058, "uuid": "a37fcba3-2bd5-4a43-96f6-7a70486796ff", "comment": "Malware payload (RedLineStealer)", "value": "26fcb4e58113254b495ebcc52f3048378958015f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516058, "uuid": "2a2b65ac-b10a-4d10-8a7b-22b1c1f57e5b", "comment": "Malware payload (RedLineStealer)", "value": "23dfe58c3f311aa54501f993e39460d8b8eb808eb594da0a6496ce776a9b5e696fefdd6ab6ced50a2deb7f101a85e6d6", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516058, "uuid": "34a92f16-7054-4c24-af10-8f42938db646", "value": "T1C82523126FD9C073E8F41BB018FA12930F36BC619EF9D2162756996A0CB2AD1643573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516058, "uuid": "fe9a812a-6519-42ba-a584-a29233465685", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516058, "uuid": "43f86b6e-5f0e-4d3b-83ae-fdd11ff934b0", "value": "24576:kyBTuTAA1bqf1LN8MFRBe9yQoE/CuYuruHZTU0v:zVukA1EN8MFR+noAprcZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516058, "uuid": "0d7d7a0a-4186-4f02-9174-a492a4c6bf3c", "value": 1044480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516058, "uuid": "3af5adba-474d-477e-a513-e14173bc8e83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516058, "uuid": "c1ef49e5-bdd8-4770-b13e-c8502435893d", "value": "config.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e754c17-f65c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684511156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511156, "uuid": "358d6bc3-dbf2-4307-8de9-4abec05009c6", "comment": "Malware payload (NetSupport)", "value": "3322a1fea785bd812c61bd9c593d7b02", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511156, "uuid": "e4f3a5b5-e463-403f-85d0-61efa334ba3f", "comment": "Malware payload (NetSupport)", "value": "d22b9a0e596a4adb33eed9449d98feb975af2694e8b3e3827641b4e7a3bdae62", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511156, "uuid": "00fb788d-3e15-4747-8268-7176dc78c05c", "comment": "Malware payload (NetSupport)", "value": "256c5e4e01614afaab9c13dc629b492714cd98f2", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684511156, "uuid": "9ce5cd49-2ad6-4043-9d66-f4a09a6bfc19", "comment": "Malware payload (NetSupport)", "value": "4fc2909454ff9ea701fcd3066300451626b52e99d09e0641c74e704ce48743abc67b8dfd49b8167922b55c7d532525f2", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511156, "uuid": "f03018ed-615f-41e0-ac9a-c81826ce3dd6", "value": "T1DCE2119926D3B051961BF07E675F9C84E1AD19030BD5A90FB80D2278FF96C3CCAF4668", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511156, "uuid": "e3801510-8d33-4df9-aae0-476b0a40bc4b", "value": "384:cX25zxdJImtiw+eeG4kC31R1avr+Ef877aDLGH98rGO6Q5YtmsjUCYO3VqMJVZ1e:cixQUMG4k+ax06DLGHZQsxY681", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684511156, "uuid": "80b5379c-9684-489b-9531-7756443d078e", "value": 32143, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684511156, "uuid": "c38fcfe7-b91c-4863-8f89-1640767abe16", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684511156, "uuid": "f120b7f7-a3d3-4488-9e80-fd3509308d5c", "value": "d22b9a0e596a4adb33eed9449d98feb975af2694e8b3e3827641b4e7a3bdae62", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d3ca91b-f60a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684476096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476096, "uuid": "50c91ae9-0aa4-4b2e-9e2b-5af71b213af9", "comment": "Malware payload (AgentTesla)", "value": "5ab9315993cc2f7702def6d68b914904", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476096, "uuid": "0051c61c-9ebb-4cf9-ade6-9c81b3e64b76", "comment": "Malware payload (AgentTesla)", "value": "d24df329d033078fe1321949347b5b42cd126e4c3cf9169b63509c01ab908410", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476096, "uuid": "97926329-50e2-4260-ba56-4158b8eb130e", "comment": "Malware payload (AgentTesla)", "value": "68c81e12e7b1ec92de8f2d039e1eac17c477e4c4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476096, "uuid": "07af445d-cfdf-4acc-a896-e9fa39c42df9", "comment": "Malware payload (AgentTesla)", "value": "1b45c70ec5a8afd651e0d63d48ab2ad37fbf278c99820e89cb71d1d9bc27ca46f24741aabfa5581c980fe39af67b84af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476096, "uuid": "cea85d71-1482-4bdc-a360-698c06a43713", "value": "T160C433ED697B932CD067761E0BAF700E021CC7A3617EF65C997AD1CAD9D09090899C73", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476096, "uuid": "fe60a576-e7ef-402f-8075-fbdac0a83658", "value": "12288:04cQJbVwDXDUCY038Qz+EiXVhf47xyNCbK7MKQ3QOL:04VjoX/3jqE03fpzTQ3QOL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476096, "uuid": "eb7fe967-cc30-400b-96be-d39c5c982672", "value": 556796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476096, "uuid": "db14dd7a-07b5-4295-9c00-36b3ab70e281", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476096, "uuid": "65e714e5-0daa-443c-a11b-228e17b057ba", "value": "kind request for quotation.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77f48b07-f623-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684486771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486771, "uuid": "f60b5dfb-d80f-496c-b997-2a9e83050119", "comment": "Malware payload (SnakeKeylogger)", "value": "aeafbfa54f931879923632bbdf62892c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486771, "uuid": "5791f102-ee1c-47fb-8501-b74389620a3f", "comment": "Malware payload (SnakeKeylogger)", "value": "d3066c2afadce04f3170a237a4891fdf15bf2abe277a1153b0ee7e750a101420", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486771, "uuid": "92a8f808-d29e-4194-b44b-621c4be1fecc", "comment": "Malware payload (SnakeKeylogger)", "value": "b91cedb64b23ad5c1db391ca53d4e3471ad88bcc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684486771, "uuid": "76a8ae7e-4ed3-4042-8c3e-60cda54fd250", "comment": "Malware payload (SnakeKeylogger)", "value": "5f3fc4f95df79dd7cf5eecc18c50b28b34fa5b88b9b0b3181d2ba745fa2f191f5af7d4cd01de9b8ac81b469e3bf32ab9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486771, "uuid": "4b0b4281-efcc-4656-9a95-c83b2d11de4e", "value": "T1F874AE31A2FA5A59F5F79FB4AA74115013B239D0A5A3E38D0FC130DA4EA7B028B47357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486771, "uuid": "76e2b25e-889d-4af9-a0f6-fa398d7e61f7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486771, "uuid": "aea6276c-625d-4c01-8583-a54b38bbd564", "value": "6144:DTFBekEYjeX+gpsL+P0DB68jFbGM88KPtUlojUeJ8a9rvQeo1WrhhBxRYy1+aePH:XekEYjeX+C0DB68jFbGM88Ailoj7xvQH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684486771, "uuid": "204dfed8-35d7-45eb-8529-078a573e7315", "value": 348160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684486771, "uuid": "d60cabd3-cb8f-4fd3-a4d6-c05ca7925c4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684486771, "uuid": "2bb6f50a-37bc-4766-a318-ab57c94bbb82", "value": "SKHG00000900I.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "842f6d8a-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684515997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515997, "uuid": "50e97cfe-7b90-40f1-be6e-eba29b6fcdfa", "comment": "Malware payload (RedLineStealer)", "value": "d8b1cb707b7a831f8a75443e17954494", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515997, "uuid": "0782ce7b-0516-40f8-964c-9150e1b8b1d9", "comment": "Malware payload (RedLineStealer)", "value": "d314b0686cde84b6e9afe80d4df369230799030c95ddaf1b9e823f471df80973", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515997, "uuid": "54a819f9-6997-4583-851b-13afa724c221", "comment": "Malware payload (RedLineStealer)", "value": "8b11e5e7ea8383715f29fb5009223f9b13907b6b", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515997, "uuid": "961b6eac-08f8-4066-bf4f-309b75fdb97a", "comment": "Malware payload (RedLineStealer)", "value": "87add3fcc7f4568777a50a4bf95a4a4ef3e1a71ba563d2a1c930bef85a44e87c493d778b95b8b7f97ee87ca5efcdd4cc", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515997, "uuid": "f7194fb4-4575-4831-82fd-cc0153b6d145", "value": "T1E5252302A7D88072DCB69BF428F642C70F35BDA2E578D27A6A17991F0CB36818571377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515997, "uuid": "5cc608c0-5d61-475a-bd5f-e466e64a3d8c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515997, "uuid": "8ae2b29e-a3b4-4f35-92b3-9a7c88b49a07", "value": "24576:syYVT4ZV6heCIxdyiYuI8fI8jIS+zC2zJGlAMFe93u:bYVT4G4CIqiJfI8HfWJGlA44", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515997, "uuid": "f6018c7a-087f-47f5-9059-26294e350761", "value": 1053184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515997, "uuid": "2bb53713-243e-4447-9df2-2bc76bedb96d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515997, "uuid": "5815c66a-b665-4309-b40e-b9abeff4d784", "value": "CloudCheatsSetup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8565e82-f661-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684513481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513481, "uuid": "45c879e9-0e55-4546-b2d1-cf90eafd5972", "comment": "Malware payload (Mirai)", "value": "68107547560ec7ad0f66244357ec69ab", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513481, "uuid": "38eab496-137b-463e-911f-f6e5bed1dc02", "comment": "Malware payload (Mirai)", "value": "d3f343e0c1023aba918c44a978aae2c4637f1ed7abd61cdcb5ea4dd1ef2de54b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513481, "uuid": "a2b811d4-92a6-47de-a4ad-aa50ae81fced", "comment": "Malware payload (Mirai)", "value": "72e1d862871d0eacb4eac8a0d8470edd0ff04fc7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513481, "uuid": "bfceb4dc-55f7-4009-8a7d-0a9f58ffa036", "comment": "Malware payload (Mirai)", "value": "a4a516a02a7d295f2cebffa3728baa93569fe0746b0b639c8b0bbe5b889d91060004f78b254d845d37f2f69d7f23a572", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513481, "uuid": "92caf438-2568-4529-bbea-8fed87a78493", "value": "T1A7433B21BA760E17C0D1A4B621F74B25B6B147DE26E8C60B3DB10E9EFF71A406503AF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513481, "uuid": "ca80d92b-71b6-4f1b-aca9-979b6612f3fb", "value": "1536:tilA/JV3p2kCWDbTg2SSQsY75jt9VyKeX:wl2tVJYV8KeX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513481, "uuid": "6d11268f-2d67-4018-b434-944878e77b54", "value": 59464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513481, "uuid": "92b997de-a53a-4e5b-9ce8-7a1793845bcc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513481, "uuid": "3d820994-c2c2-4ed3-855c-14744f7741ee", "value": "68107547560ec7ad0f66244357ec69ab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36b7ec21-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684488809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488809, "uuid": "7b2d5115-cded-4429-894e-c76c77ca03db", "comment": "Malware payload (Formbook)", "value": "63112d0d242aab991c1c929b21de9743", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488809, "uuid": "6f2fd795-f942-4545-bd2a-2a44eac6be71", "comment": "Malware payload (Formbook)", "value": "d47b09aa20047a24da4bb05c726b29200b0803e350d0d51b2f63162d1fd0e66f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488809, "uuid": "90be85c4-73e3-4f3e-96ba-d5a3da31d29f", "comment": "Malware payload (Formbook)", "value": "27229e0ad32cbc7cce0864f6ba8bd40afc70964f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488809, "uuid": "9abc0ea2-362d-4879-aff6-f311eae5ec74", "comment": "Malware payload (Formbook)", "value": "ee811735975febccde049a4c7beee062965c7cfe93b8cc86e3c8b169669be2886692b10a18c1bb42dc02cb4c62cc1b84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488809, "uuid": "b8f350ba-6821-4f6e-a0bd-53a1148a361c", "value": "T18EE4F03036D9C71BD06B4279D5E5C2F0137AAD80B476C7834FD9BC8BB28B7A62721256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488809, "uuid": "4ab40321-43db-43fd-933e-412f3bce32a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488809, "uuid": "db170270-45e8-4178-9e8a-a3a81c326a4e", "value": "12288:g7g/VXX3tcMY5iu1zB7uVk+R9AnB7JPhj2a6:g7WVn3RYt7uie9AB7J5jF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488809, "uuid": "69f7f7b6-bbae-4f41-9d0f-cb2aa976871d", "value": 685056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488809, "uuid": "3858bb44-9695-4a21-934a-7ec5efccea66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488809, "uuid": "ca8258e4-5c76-4962-ac3c-61729c71c621", "value": "MT103.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "606d68ba-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478142, "uuid": "7f9ed351-6612-473f-92f6-100ac3b9719a", "comment": "Malware payload (AgentTesla)", "value": "489b13ed5b0cd2cb9294bd5551344b31", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478142, "uuid": "6c6d6807-1237-492f-9ef1-4beb903deac5", "comment": "Malware payload (AgentTesla)", "value": "d4d4ed1ea92ab223a23ad02bbe5b1986a765943185a60848387dd24142afb04d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478142, "uuid": "55972566-f79c-4182-a0ec-2ef8707b712e", "comment": "Malware payload (AgentTesla)", "value": "e37b195b7506f17f22b49884d5617e962c28b254", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478142, "uuid": "034e89dd-fdd0-44c0-becf-6fc06a57afa8", "comment": "Malware payload (AgentTesla)", "value": "de777e0a033dea4a2fb2e73f82634af826c515ff887856150e2027a9bfd5e02f7d11e32df3de1a2dac0162f6ebcfb318", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478142, "uuid": "7a61a26e-5c5b-4509-aaf4-750c17c018c7", "value": "T161B423F4708F51019CE4B631BD335270025ACCF95655206223EF25A7D2AC9AEFEBF6A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478142, "uuid": "2d38ace6-14fe-49c7-89da-a9d74c24af71", "value": "12288:zykMB7u019kqMgQE9zDFYbVOy4eNuKyYoEg8klx7mDyrCoe:+kMpBkhs9zxYkNeNuHnEg8mxgqU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478142, "uuid": "2ea52fdb-2deb-4396-afeb-93ee251bd36c", "value": 542008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478142, "uuid": "7a6d7d68-3204-420f-b06f-94e91a11c3d0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478142, "uuid": "acd616f3-0682-4caf-99a7-5d38681dd4fc", "value": "PO#88224.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bea9a5d6-f683-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684528121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528121, "uuid": "bd96b776-9474-4632-af68-a084fc0a82fd", "comment": "Malware payload (BumbleBee)", "value": "cc0038d7bbfe6ff51668f7366d75f346", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528121, "uuid": "f5e11638-e8c7-4efd-90cb-ecbcf9c4a8a4", "comment": "Malware payload (BumbleBee)", "value": "d4eaf1e515482cd249f3c821400f76a7baf343addd9db78c5663f6e65268c315", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528121, "uuid": "98f56015-a542-4488-bc47-3d35fb69a8f2", "comment": "Malware payload (BumbleBee)", "value": "09e8de9f2b76249f0e760d17baf1cd40668205ee", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684528121, "uuid": "cf3903a5-8279-42d6-88a3-f59a310a4ced", "comment": "Malware payload (BumbleBee)", "value": "5eaf708af77aa528e7297419062385d525dda76b68146893acd9451529017dc33fe50dea246dc12b4f66e9a2bdad832a", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528121, "uuid": "fd156abb-d784-4f70-bad9-4b4898e2d1ad", "value": "T19A45F011E2921FF4D47691B681AB292FB7303E184725D37BABC0D23B7C927D49B1A760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528121, "uuid": "3d70de7e-26f0-4741-9488-c230d50f1290", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528121, "uuid": "83dcd907-c025-46c6-b2bb-45347749996a", "value": "24576:fJfVs+vlFcRBf5krWJ9XG9EYLcCoOcruMsDh6QiYtyTExA:jqR6WbyOsj1A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684528121, "uuid": "360e0e62-38c3-4c19-92e7-bc963ab13794", "value": 1223690, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684528121, "uuid": "e9bf3a57-88a8-4d63-8f9e-f07e06e686a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684528121, "uuid": "ec2b844c-d7bb-4964-b071-73362d892ed7", "value": "cc0038d7bbfe6ff51668f7366d75f346", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "316b4bc9-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684475486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475486, "uuid": "43caa8ba-bed0-4238-843a-ac5cf9ecd8de", "comment": "Malware payload (Loki)", "value": "a1d3e7d0ecb80b47259ac1222c821090", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475486, "uuid": "a4119ceb-e084-4b4d-8525-449c01ebfe7f", "comment": "Malware payload (Loki)", "value": "d51b7a58525789f5d7a0eed7ae9aba9e8c146f741f36289f805b2e00fa09ea54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475486, "uuid": "a6a56295-b715-4a01-a1ca-8b0530f6082a", "comment": "Malware payload (Loki)", "value": "325f4fc4960b2fdd4b58226ac11ef94b1f0796bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475486, "uuid": "fc80f756-7960-454a-a603-dd0cb5b1f73d", "comment": "Malware payload (Loki)", "value": "2778acca21be6495c8fdc338b14c49170e2960f739970c916a56f2a87eb7743c06949627e3e11d7ba262f71b425c5673", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475486, "uuid": "d4e9ebc4-ec97-4d22-8fb3-51c297e6921c", "value": "T181B4CF74109F8A90E41FCBB165BCFC72427270E3D9E9C9750769A284CE6BF146E88D4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475486, "uuid": "02e18e9b-b014-47c9-bf56-9b54299acba9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475486, "uuid": "021680bc-08a7-4b86-9ccc-b13fefc079f4", "value": "12288:lWhnsv5Cgw6rF0hKq6miXu/ibL1TtMew6dwD6eA9:s9ogQrF08xmi0KwewgwueA9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475486, "uuid": "01e8cbb3-f9d1-4e4e-9857-a41981bf42d7", "value": 533504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475486, "uuid": "75f1c9f6-9732-49bd-8b88-93761a8b71c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475486, "uuid": "ae2b673d-9581-4f36-a1d2-fecd7e04cd17", "value": "Request PDA_MT Tanker 1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5b3ec03-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684499813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499813, "uuid": "d298cfcc-02e1-4fbc-905e-77d2de878024", "comment": "Malware payload (Formbook)", "value": "e8b1562034c0c6cde0669d4c5135a136", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499813, "uuid": "146ba41b-4fc5-40a5-8e15-4f8d61c24c2e", "comment": "Malware payload (Formbook)", "value": "d5620e317780ea9daa8f2236dc8dc6890896f239e7c5ffc74e3f20b3f38a5aa3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499813, "uuid": "131defb4-9a2b-4b40-8f9c-3457b4aa8911", "comment": "Malware payload (Formbook)", "value": "e60f817cab60d9f9f60966d4f24454ece92ca8b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499813, "uuid": "268f37c5-fdc9-40f4-a5fc-274a7c6fa399", "comment": "Malware payload (Formbook)", "value": "1d3f6d463f77f083de2dcd77e43a8020a8c8bc5dfeb6a9b15f4093a19eaad4b2f5361dc86fa190f070eeb49263134cb6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499813, "uuid": "e3f80c18-7a4e-4ff0-81fa-90a43174aeba", "value": "T1FDE4E03027D8871BD12B4238C1D5C2F097B6EC90B872C7938FDDFC4FB58A6A6566125A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499813, "uuid": "7ca78699-f1fa-48ab-8116-4653f4fd9f7e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499813, "uuid": "b023bd18-a978-4b7e-9f6d-6e3dce5ce7fc", "value": "12288:kFQg02B1NZwnF5UH/MD5leAeJ4HtuUf9dY1nA+t:ki1c1DwFWf0leJCuUf9dEPt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499813, "uuid": "ca2272d9-0da2-4027-82a9-0e2c08093bcd", "value": 686080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499813, "uuid": "d070c612-35bb-4e7c-8828-6d6e6bd3894e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499813, "uuid": "75223be0-73eb-4484-b03b-9391e42fc56c", "value": "Quotation-pdf-.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5345ad97-f67c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1684524935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524935, "uuid": "cf6c019d-46fc-45d7-92c6-166b9bd52ead", "comment": "Malware payload (BumbleBee)", "value": "feb051e7caec0f8bd66deeae54d016a3", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524935, "uuid": "8a16b393-4daf-4745-a487-ea9a7f2c23f4", "comment": "Malware payload (BumbleBee)", "value": "d5f0a275463d5c31d8921951aa94f0733e97271a881732512bd104a818455b0b", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524935, "uuid": "edcd4b20-4ae7-459e-9b7b-b194835f0add", "comment": "Malware payload (BumbleBee)", "value": "4d62b1de1bde2eb6ad735c7c6539598a8586dbb1", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524935, "uuid": "bbb1ff0a-f985-4387-888f-fc1e43b3de32", "comment": "Malware payload (BumbleBee)", "value": "0af98ec1852d59547d7105aef41b8a5967a3522092bd8e69b848deacba0b77d84a69739467cff3640e9339b777242f77", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524935, "uuid": "f18358f1-205d-4fc2-9e5e-4712d6a0443e", "value": "T1D245F121E2A25FF8D476517680AB252FBB303E6D0724D377ABC0C2377D927E45B166A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524935, "uuid": "e05664c5-66af-489e-af7c-af6513d33c78", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524935, "uuid": "6c307a34-a8d3-45ba-a528-ee876676af2e", "value": "24576:N+mCtzPnhINJR1anNEDf4iKOosHu5Yl1qaZ+f7avUp0or:mmrdT4iKn5YnZAV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524935, "uuid": "24a01b74-d13e-4378-a942-fb45283076ec", "value": 1223696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524935, "uuid": "2840acb8-1c3e-4003-99c9-71714bb09f38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524935, "uuid": "dbf2c415-9e46-4e09-83a4-dfbee7a64ec6", "value": "feb051e7caec0f8bd66deeae54d016a3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05dcda37-f652-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684506766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506766, "uuid": "f2bb4936-19e9-4c3f-b0c2-59f16723fcc5", "comment": "Malware payload (AgentTesla)", "value": "156b35481f6cf3561d358b8fcd67333f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506766, "uuid": "e8be4909-ffa7-4e80-a722-c57ebf5859f9", "comment": "Malware payload (AgentTesla)", "value": "d63f3bfd1d9356906b66380f6a1b6153ba5d8e950b3b24bddaf47b01294186a8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506766, "uuid": "23acf63f-1d18-411e-b687-8d4b0ea236d5", "comment": "Malware payload (AgentTesla)", "value": "25c0fb7f2e72322c293451bc959fc7eaf3d64f23", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684506766, "uuid": "568bbf97-87bc-41da-ae9c-49d86bed5ff3", "comment": "Malware payload (AgentTesla)", "value": "8f35d69062a7de6930b4fc23afd4b9dfd977641c0dbaf933cbd76a244907881366f3b1706b705fdc3684a418524ed517", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506766, "uuid": "0f111662-ec62-4abb-9d89-768350b8cade", "value": "T138E4607C8AB50AF6C037DBE0A7C58897B94F6D73F00B5A6341D2435DC267A7124EA42E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506766, "uuid": "65f379ba-a195-48a3-84f8-8d231d239428", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506766, "uuid": "df8cd86b-710c-4d43-a79c-43fe28a7ad64", "value": "6144:DERyiHfJTLIDz2hMU3XjM1uBjaFqs/L2uHUUklpgbt/08kKeGZSd4Qj9PZtIYCPg:DkyiHUspXI1+e2cUUkJKe4QjtZtIYu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684506766, "uuid": "32442b67-2b1c-4bb5-bc53-ca7f314a5933", "value": 697344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684506766, "uuid": "c42336da-cddc-4730-a467-c1e1e7a37d23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684506766, "uuid": "b95af82a-9db9-4038-b573-3633523723ad", "value": "URGENT ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "516dcb04-f5ee-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1684463943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463943, "uuid": "5a2814e7-0251-4bfe-8a1e-e4730bddb03c", "comment": "Malware payload (ModiLoader)", "value": "18208e0856f3d79dee8eae1cff26760a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463943, "uuid": "5be5384c-30e1-475d-a0fb-3a1b0015fba0", "comment": "Malware payload (ModiLoader)", "value": "d6e1ec6046b91260ac0f967185f236a7ab5f740252af7928485e655719f769de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463943, "uuid": "43e3383c-d28d-4467-b11a-7b4696aa2e00", "comment": "Malware payload (ModiLoader)", "value": "e0ede37f8be34e680e8d90c0e751f9f085d050b3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463943, "uuid": "0d0cfbc2-359d-49c8-8e44-6a2fbb0321bc", "comment": "Malware payload (ModiLoader)", "value": "bc8ec2902071947944604ebc2a8085873945406f048bca9dbd999b9bd4ff8f991ede5095ec6d7a98a289cacc42a8a2b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463943, "uuid": "2cfc6b87-1925-4bc7-b6f9-64b6796e9d42", "value": "T188059D1AB2C2A933C0A3A7386D278754641CBF241C6FFA573BDA795CCA36A433D01D52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463943, "uuid": "9f7cf22a-0d37-4212-8645-7534fa7365cd", "value": "b994e2b35fac0eca9b95949a165480a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463943, "uuid": "ee2b0dd5-9008-4b75-963e-4ff71f191d3b", "value": "12288:IEaSIJxsS4ISFSs417nXbaGBazVb8N0K1WqJ:/F0mcSFS77LaG6VIEw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684463943, "uuid": "eb6136f6-861e-4b2b-b20c-d8434c77cd33", "value": 860672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684463943, "uuid": "9c62ce13-70e9-4050-92e4-b1639bd5c930", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463943, "uuid": "f5b58bee-d4cd-4ba0-bb19-6186a2a2dd75", "value": "IMAGESCANDCOEUMNETS88383UEDHE7E63TY46455EEEDFEWS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d2529d2-f67e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684525703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525703, "uuid": "b45a628f-a1e9-4343-977f-c91bdf3029a9", "comment": "Malware payload (Mirai)", "value": "1ebc027d9fb2b992b91a03a74e3ae52a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525703, "uuid": "72c102a4-f0de-4817-b7cb-8c01f60db14a", "comment": "Malware payload (Mirai)", "value": "d6e5ff8c6150e6449088891495c22424762a0839c3b9b69b687111f40d966357", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525703, "uuid": "96a0aac0-bb68-44ae-aedb-ec1ba93a4ed2", "comment": "Malware payload (Mirai)", "value": "8a3d23a7f469b56595af0f286f77ba7c6a89ca9b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525703, "uuid": "0fb2b369-1cd5-4d6c-b132-a08b7e5e1b63", "comment": "Malware payload (Mirai)", "value": "fe5f491e197b7b5e5848abb0224bc16768ba46a99e9fca2e5190d9043ab8e8356b9f01abd8d49f1be384e401083053eb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525703, "uuid": "36b90c4a-4d8a-4443-8ee3-6f1853e1e2af", "value": "T156535B25A9792E26C0E8A5BE11F7C325F5E6220D36B4869D3CB20E5EFF1470068573B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525703, "uuid": "35cdc12e-8d34-4a2f-8f9d-2b5eb50f6535", "value": "1536:D/1qOlnXZSFnmoSrfI+9VswrnAvkOi4zjOkLzOS:LpXgE1I+4eAvktELOS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525703, "uuid": "8332f3e8-3ede-4d44-94d9-92ba7ead8dc3", "value": 66452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525703, "uuid": "f14fbb6a-ea46-46f3-8bef-cc6f5035321d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525703, "uuid": "465f359e-b528-428c-82f9-9b41adc4794d", "value": "1ebc027d9fb2b992b91a03a74e3ae52a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7538797-f68d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684532458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532458, "uuid": "f86945db-9b41-41f4-908d-3eec2a6a49d6", "comment": "Malware payload (Amadey)", "value": "4f5be49b63ab5aa3789f22639380992c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532458, "uuid": "97c9c8e6-acbd-49e7-9c3f-dd029710629b", "comment": "Malware payload (Amadey)", "value": "d78dc99ab3b2ff457fe906fcb0135e372f7679c4387f8e065ce1a142cc4ca94c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532458, "uuid": "475265f3-c4dd-4cfe-bf1e-d733a61b5ae5", "comment": "Malware payload (Amadey)", "value": "a9633c546221aff9a1a42221335d76143692c4a3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684532458, "uuid": "5e1188e6-111c-4da8-a022-3d53b0c8fb88", "comment": "Malware payload (Amadey)", "value": "7201cf8876e70b8f02e279bb7cba9dd7765ccb8b184ab5a9943c7a3d764b28c7b2a28fc738caadc40929d265a1f9f4c8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532458, "uuid": "f15e987a-5984-49a3-8d61-f3907b4d5fee", "value": "T1E3252361A2E98032ECF223744DFB22831E39BCD19D7C93872245895E1D716E5BA357F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532458, "uuid": "8aa2f717-a091-479a-adc4-948f4828bc62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532458, "uuid": "68eaf7cc-7c03-47a1-9135-e44ae8c11ddb", "value": "24576:cylJ66EUjLdcrkxwmXcOqjTfuJW2nPPqgvudikeqm:La6l9cyLXwTfuJLWC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684532458, "uuid": "3277bb50-a83f-4b95-b460-f376948a47de", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684532458, "uuid": "c79a9870-8198-4dd2-8262-bfc270b2f7ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684532458, "uuid": "b77ac283-a44e-4a9e-b5fa-e55406cc0cc2", "value": "4f5be49b63ab5aa3789f22639380992c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9db2cc3d-f61a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1684482969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482969, "uuid": "0176b51e-9007-43a6-a53b-4f5672a66fed", "comment": "Malware payload (STRRAT)", "value": "58f8fcd9baba50e4a6f1e42c2b0bd99a", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "sansisc", "colour": "#AA15AB", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482969, "uuid": "c8497113-e00c-4bea-af2a-ff5d6b2b4535", "comment": "Malware payload (STRRAT)", "value": "d7b24068f673031c8c27271bf36790f9468b8c27ec08c51a348fc08c34ff6881", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "sansisc", "colour": "#AA15AB", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482969, "uuid": "572d754c-85c5-4768-b338-960f412d988e", "comment": "Malware payload (STRRAT)", "value": "0681e155c0de2fd793ac4cef006a200e04c11aac", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "sansisc", "colour": "#AA15AB", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482969, "uuid": "e6ac619e-25bc-4ae0-a52b-27dfdbcef500", "comment": "Malware payload (STRRAT)", "value": "1cfb9acfa7a85055f133dedbb27e116cde1b9396a11f13502e7aab9d64b302079b00466325d2aada39cdead125a79692", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "sansisc", "colour": "#AA15AB", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482969, "uuid": "533bceee-c56f-47a1-aeed-dadb96962b8d", "value": "T14F941A91D557BEE1FF5EED73620CDF65589168ECDB07D00A42A02AF0D881678EBB0C86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482969, "uuid": "cd82de6c-90f9-4a77-80e5-aaa95bbf725d", "value": "12288:FVVnbO/pEJDom84cjoD+C7m3PjFnbhcs5RUWMz3C7m3PjFnbr:FVVnbO/WcmhCC7m3PjFn9csgWMz3C7mx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482969, "uuid": "40f9fdf7-2a03-438b-9f35-1fd0ff5b7dee", "value": 443785, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482969, "uuid": "6665c766-27db-434d-abe2-a6b22b81451c", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482969, "uuid": "8ac7819b-f6ba-4b5c-a736-c80d4be6a282", "value": "HSBC_PAYMENT-SWIFT_COPY.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23d07ef5-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466873, "uuid": "933a10d2-13c3-4c35-8758-70d97007bffc", "comment": "Malware payload", "value": "b33960392680ed86015178ef878d17bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466873, "uuid": "25d06fc1-f071-4d7d-9564-3158c7fe2dcc", "comment": "Malware payload", "value": "d7fab5c884c610575d19a8c8f9c07e07fd70ffb097efee4b556b1a6c9414ee94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466873, "uuid": "776e11af-aa16-444e-8b58-52ba7f27e319", "comment": "Malware payload", "value": "95a44d0c2363563d44391e21750d196c01676aca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466873, "uuid": "4dc37f52-0cf0-49ae-83f7-743af1471a87", "comment": "Malware payload", "value": "93d4f5e43370f1df8bfd0d5d09cc69283ad72d0638e7747721063f85783b11e6d73d7c908e83b02ced3a381196e627a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466873, "uuid": "57fc1758-2a15-465d-a0ed-d782b29b2228", "value": "T13FE417867DD1EF22E7555031CABACAEC3655BCF08ED456432230BA1E5836371FA2A317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466873, "uuid": "229ed7d8-407e-4b17-8d9d-ac7580e0718b", "value": "8ed4e4ed9fb52d6a9d261f213d796c1a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466873, "uuid": "a71fa454-565b-4dc0-a691-7ad4e84821ef", "value": "6144:1ka6p16RXtzXutcZ0IhQq5sfJdc+srOgkw1Vy1sa85tDxxh7GSKtQNWI0:Wag16RdutcZ3hQC+svC+atSN0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466873, "uuid": "2c2ba079-82a3-43da-ba91-6c725ebb9578", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466873, "uuid": "d0946d1f-d34c-4c77-9e79-e20e32c1389b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466873, "uuid": "858fac71-d99b-45ae-9c10-e8f5a2a71592", "value": "SecuriteInfo.com.AdWare.Win32.MasterKeystrokeLogger.25072.25518", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74992f87-f662-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684513824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "ebf834ee-c569-40e4-9d1a-c6baf0db72c1", "comment": "Malware payload", "value": "43607abe9ebf5214f35d2a87b18fd0f5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "e846c2eb-96b4-49e5-906b-1bcc2b7a505f", "comment": "Malware payload", "value": "d816c7ccdb90ec7d80aa1700a5133bdfa368e10f6d634bb3c94949feaa99fee9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "273a3873-16fb-4a81-819e-868a3f3b9cb4", "comment": "Malware payload", "value": "362b925d952504540f35685356122897ca8c6156", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684513824, "uuid": "a3edcd45-df63-42d3-8d7e-481625bcf23d", "comment": "Malware payload", "value": "b8c1ec030c8020ec40dfda9dd57df9004d8045572f7a5b3924625f2654468a29aa05661172fc10d0e3f0c9e8e061ab2a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "7d8afb50-0c76-432d-b97e-85988533fcc1", "value": "T17135120A77A47151F2FB27748A7B429C0C367C45BD22DD5F2220388E58F5E51E9BA32B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "4f69f7ff-267b-4491-b638-91e6d9dacf54", "value": "7e7d2a887eef55a74fdb37e36a104f6f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "33fbed47-bf72-470e-b232-d2f8bdd82b57", "value": "24576:/o12SC4Ci16ujMi3ohlU5pzvizKfcKFxou:Q13y9ujMi38kpezKN/ou", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684513824, "uuid": "543afee5-8e7e-4ed1-959a-d1802d23257f", "value": 1116486, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684513824, "uuid": "b0ef1cb6-7ba7-43b6-8285-b8571f39c8d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684513824, "uuid": "a3419bd2-b63f-43a6-9e20-9e4d6906ccae", "value": "SecuriteInfo.com.Trojan.Heur.eL7a7xmdRFbQ.10219.3612", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db328f6e-f60e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684477918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477918, "uuid": "3c6c1c86-70d3-488e-9005-fe74f7b1bfc5", "comment": "Malware payload (AgentTesla)", "value": "1891b37e40e28914fa9179f9e467994e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477918, "uuid": "bc0851cc-50f9-46eb-8787-0ce8449ec195", "comment": "Malware payload (AgentTesla)", "value": "d8a3ca1b9c29e9c7126d48e6805a9e5e1fbd0297b36a24521a7edff90c8f045c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477918, "uuid": "c7edbe68-53ce-47b5-8a2d-ef647bc962c1", "comment": "Malware payload (AgentTesla)", "value": "e45be17cfcb9d7467378eb77f24641a5206871d3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477918, "uuid": "0d026d79-135b-43e7-8505-6057aa1ab311", "comment": "Malware payload (AgentTesla)", "value": "7e0f0ed93c59577d3fb7c61b7450ceb5ac1a2446fa8c8da50b037961813a56aa1da35dff5f21707edbf940776a9ba250", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477918, "uuid": "259e12f6-2cba-43af-9683-b646bd3ae513", "value": "T1C8B423F4708F51019CE4B631BD335270025ACCF95655206223EF25A7D2AC9AEFEBF6A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477918, "uuid": "5e8f253e-f121-48e2-b623-8aaa25805a80", "value": "12288:gykMB7u019kqMgQE9zDFYbVOy4eNuKyYoEg8klx7mDyrCob:HkMpBkhs9zxYkNeNuHnEg8mxgqN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477918, "uuid": "0c147651-f910-4eb7-8501-5cc68f4ab5d2", "value": 542008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477918, "uuid": "03780b96-07d1-46ba-b10e-00db009c5c3e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477918, "uuid": "c76e40ac-81ce-432b-bf78-60b1e7c766d4", "value": "PI160256.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63230058-f691-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684533981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533981, "uuid": "fc833478-fb3e-4e8a-ac8e-676ac9690cde", "comment": "Malware payload", "value": "10f3b2556027848e861bdf1fa3fad046", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533981, "uuid": "327a81f3-7d1b-49b6-b70b-e6d2a48bb11b", "comment": "Malware payload", "value": "d934a1bde6bb75936d223426e64497e92526b8bc75a4f8a59a87f1d25ed1a0d2", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533981, "uuid": "f5e7da1b-9533-421b-8a19-f4a75435e48c", "comment": "Malware payload", "value": "6a9012a7d600aa432c70ade1aa36cebe04e7ee51", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684533981, "uuid": "71cfccc0-cac6-4633-a182-608945b2bd8f", "comment": "Malware payload", "value": "5f99fd51693858f0a91acd8901166a328c087a47941d32e4dcf0d1e20d1853b110162b30ffbf2840f65cb6caa683aed7", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533981, "uuid": "4026842c-1da7-431b-9780-0e3c4f4ffb0c", "value": "T1BE36336389DB2973C472FB393777C00E8BD8E22E11194A11271E9C9BA5351C9AE753B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533981, "uuid": "cc0f153e-7ee2-49e0-957f-8a87a02f4084", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533981, "uuid": "d631015f-f8fe-40d1-a3a8-326cb81f944e", "value": "98304:vX/Imor7g5wbbTD3wnzbLLDgOCis1SwVz+vqNsFwSOX4kdb9:HIDOqXjwzbYt1SwVz+vqNjX4kD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684533981, "uuid": "9f5e8847-14b4-49f0-a8af-946c6bc67317", "value": 4869120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684533981, "uuid": "a61732c8-cfcf-49c5-a851-dcefc466505f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684533981, "uuid": "cce498d7-472f-414a-9c93-e05055a8000b", "value": "10f3b2556027848e861bdf1fa3fad046", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70727187-f628-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684488906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488906, "uuid": "fc6e80bb-def8-42f4-b436-3d11f7a17328", "comment": "Malware payload", "value": "3b65e95f9a43b837254ca66788eb0bc3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488906, "uuid": "f72ad0b0-e546-43db-9e7e-f0ceb4aabbbd", "comment": "Malware payload", "value": "d9811e872a9ca7c1677b003630980c86079da627723497363920e7870d103246", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488906, "uuid": "2b296a37-773b-4346-b15b-0d81e7244ae7", "comment": "Malware payload", "value": "c0fef342d4398cb7656c4723e7e4f88341aa3996", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684488906, "uuid": "ed66e849-46b2-4253-a041-ce0bbe536818", "comment": "Malware payload", "value": "ce138dc784a532264ace9a3e5715ea3c29a1b342abd67ca148c3d8715b3b2dc7ee61971d0fc66062f01d1bcaa0a7fff8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488906, "uuid": "870cc746-0e80-40d5-ae51-510cc318fed4", "value": "T12745483439FA501AB173EFAA8BE879AADA6FB7733B07645D1050038A4723941DEC153D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488906, "uuid": "463a400f-9450-4d77-b075-ff58df80ba1e", "value": "12288:Pe2EyN+Mm/A5uWjTdnWY8Xw3R7aw5+V3E00KfLZvHrIKX2uc7htL9U8pVThyvdlw:PiWd/Lb+3B2McisHy759/yOwZoc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684488906, "uuid": "c95f172c-a663-4ff7-92c4-b66e1805b3b5", "value": 1252184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684488906, "uuid": "6bcada4c-231b-49f3-9066-c3fc7236cdf7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684488906, "uuid": "ecdb34bb-8863-4d5c-a723-28b4f77cbc8e", "value": "CAMSCANNER-1805.2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7abd9425-f629-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1684489353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489353, "uuid": "f1ac66d3-d2ba-4bcd-9cf5-13c868c9abaf", "comment": "Malware payload (GuLoader)", "value": "8c660f7068a61435fd33fda89b782fe9", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489353, "uuid": "831eff64-2ae5-4af4-989c-ed17f206992e", "comment": "Malware payload (GuLoader)", "value": "da44651798699558a5a9b6a127268042378b2c70aab12fdd6618be560e7e48da", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489353, "uuid": "b904c2b0-13c1-4598-b045-1626a7945d82", "comment": "Malware payload (GuLoader)", "value": "a099641b40813f318237dfc15f609e36d487b240", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489353, "uuid": "1032a71e-ca74-4dec-a7c3-09fed7402da4", "comment": "Malware payload (GuLoader)", "value": "036c69924304e13eef844f5925d9c765436facd990b9aa6b9795285e457cca8b3c744bd83db9636fb97ac85be0ac11d3", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489353, "uuid": "e802995d-c676-47c6-af43-76f42b5ddf82", "value": "T18774123935969326CA936E70C9BC776F9DF5E2251111A50AE32C8FB43BE23C0E65C325", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489353, "uuid": "4397fcc7-56d7-4e9d-bcfc-5504225c7ad9", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489353, "uuid": "942d0c57-5fd3-4456-ba25-babcbb3da4c1", "value": "6144:zB+pqUhcvTiBPFuQ9qS0HTHG3F9CIW36K359xaGOYiWz22mwmbkYm+HUtqMPR38Q:zgLcoPsQ9qfzHG3jCIW3625aTU1+HUsE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489353, "uuid": "5fed4c14-a4fc-4a80-8ec3-828c72e89e3d", "value": 361096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489353, "uuid": "7ba4e4c9-2965-4c9a-a256-1549c5d381a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489353, "uuid": "6e46037f-c644-4105-bd5d-b0d8c53bedd2", "value": "router.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "121deacb-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524396, "uuid": "9db4c3b5-4f1f-4690-9d43-364fb29c47c0", "comment": "Malware payload (RedLineStealer)", "value": "40af7a3067c46a86b09a5bd8fbb31563", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524396, "uuid": "9c768032-77fa-4362-98ff-22d99c6b7d6b", "comment": "Malware payload (RedLineStealer)", "value": "da585e1fc7761888291b3e285fdecd6419985ce8e881eb9d1e2358d20415a5e7", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524396, "uuid": "9570309c-2b6b-4515-9c46-8b972f45717e", "comment": "Malware payload (RedLineStealer)", "value": "377edc1c7c71e206b30e0c65c0d77b44addf2c71", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524396, "uuid": "0b4d8bab-253c-4b57-91f2-0e9824cd4102", "comment": "Malware payload (RedLineStealer)", "value": "4bdffb65cac0b3689ada1963bd0428d9efe2e2862836bef23e28b66f6f2211642a5dcbaaa4efa59b8671077c6f89c7de", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524396, "uuid": "d7159727-67eb-4367-b062-8b0d0ec152a0", "value": "T1F4E3C524279F8934D67B4E3DACB19CC076BCEC12A542D74A4ECCF1593A73B809B116B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524396, "uuid": "a36e9c03-3344-4488-901b-4254342a382e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524396, "uuid": "d4e956e5-e687-4962-a5db-0016ef316bb0", "value": "3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524396, "uuid": "b450c802-9716-4db6-b43a-0262a70e8065", "value": 148659, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524396, "uuid": "7174e9c3-97db-4aa1-9865-3f9988bb6e82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524396, "uuid": "6f9fcb28-43cf-4264-9f89-373c9bed0461", "value": "handler.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ff83f94-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684478007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478007, "uuid": "61410205-220f-4db1-957f-3bdaa23864e5", "comment": "Malware payload", "value": "7070d18ca1903f05900a43939c938785", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478007, "uuid": "45e28b01-16a5-4674-81a1-79ae57102496", "comment": "Malware payload", "value": "da929d3cebf06137777f04cf0b6ff4595ece40722e382ec7e9e6f4b59c128e57", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478007, "uuid": "e6df0363-8c0c-4660-b1b1-fc9ca6927d20", "comment": "Malware payload", "value": "b63df5757bdc14a7015ce47b51ebc4bc4b2652f5", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478007, "uuid": "fdf7694d-fae8-4805-b1a3-259233300a84", "comment": "Malware payload", "value": "33c01ec859765a094bc770c7497ca50c7bf58eb40e6f768aa48c8be19fe40089eb68c93f88296c671d66e656d3213bed", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478007, "uuid": "e1aa94b6-6b7d-4637-829d-5744c1582d55", "value": "T15054BE136548DE8BD245C3F07F8B7C8D364ABE22A9C536D6326CF74E6B3015A988714E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478007, "uuid": "360af1b3-a443-40cf-9d9b-5c84dd0fc3d1", "value": "6144:uHaFJkKXiDU7w5cT/qG9s7DRekzmA2xIURQqmH:uHaFiKXK4/q7DBURRm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478007, "uuid": "92d84d39-e95f-4a31-858b-e649afdbe901", "value": 285184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478007, "uuid": "fa7750de-b57b-41cd-99f4-edb31647639e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478007, "uuid": "b355f266-d88e-4446-8867-f2cad6553a8c", "value": "Swift 57,473USD.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03d196c8-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497743, "uuid": "bcaa59cb-eb8e-4ff7-8497-07bc3c303169", "comment": "Malware payload (RedLineStealer)", "value": "9993d450e68a32d0139132fd6adb8b62", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497743, "uuid": "3c7e821c-2632-42b4-9d8c-41f875302d8d", "comment": "Malware payload (RedLineStealer)", "value": "db721796fedc80682f2069eed503ec1631ad3b4b4a36ce1ce545b03759f0b377", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497743, "uuid": "84ef73ba-fb85-4e10-9207-f28270769b1e", "comment": "Malware payload (RedLineStealer)", "value": "33063c92805804678fb8acf4e96eee7b74f3ad93", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497743, "uuid": "134dd2bd-e136-475b-aab2-4cf1bf74bc15", "comment": "Malware payload (RedLineStealer)", "value": "f6e612bbfce517dd3b46f798295bcfdfaf6f881e448532931e156810547183c697cec748b6e162a319807fa3eb924bb2", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497743, "uuid": "65e1c4af-a3d9-4339-8311-711c8182bb7a", "value": "T198252302FBCA5137E9F22BB018F502430B7BBC6769B499BB2979559249F7DC0503633A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497743, "uuid": "37c28c30-89ec-4fac-b843-e764234280e2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497743, "uuid": "f220d1fa-a4f8-4d5d-aea3-d1726c963676", "value": "24576:Fyj4yoLk59rFa/pzXmVU7V6hT2Vkuqht0ExDm:gj4O9utoYk7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497743, "uuid": "124f4f16-7761-4d0d-bd86-a4311316f3e9", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497743, "uuid": "0349582e-d577-4f3b-8ba7-30076c1ceb05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497743, "uuid": "8df24d76-a442-45ed-bb57-5b0f31a1db4c", "value": "injector.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75f245b2-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684500082, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500082, "uuid": "71efe6f4-9e72-4ca0-9012-3d0ffa29a607", "comment": "Malware payload (AgentTesla)", "value": "c50b8d3c9fbba85fc73a587fe5fa31a3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500082, "uuid": "8263b7cc-df2f-4bf8-966c-d060c46dc38e", "comment": "Malware payload (AgentTesla)", "value": "dcc8f01c079ede8b283839c41ab3eb1668d7a37183d3af2dce5d962ef0835e05", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500082, "uuid": "58ec58c8-9ea9-4893-812c-4ce20785de25", "comment": "Malware payload (AgentTesla)", "value": "363f799188e2c640bfa15fa27f96e902692f3125", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500082, "uuid": "8b99e39e-54ab-4834-a828-7a2d92a0133a", "comment": "Malware payload (AgentTesla)", "value": "39768eb2e69b0a62b419f54a28d746db691bcbae409b9ce833ba695f9de04d143e45c401e82f3ba560850adc9443f96d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500082, "uuid": "f84d2115-1250-4d23-beb1-bdbf4cd00a6a", "value": "T10C15F19156944811E1A76FB946B3F23493B96C53EA63A30E55F43C933D3BA833602BD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500082, "uuid": "54bc0f63-04ec-4934-b523-989ba438ffd3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500082, "uuid": "f6941a2b-003b-4641-a8df-cd3c729d505c", "value": "24576:/P0tmy3ZuMVBdcx2IhTFZNWLoMducoDc0b:/P0vuMVBdc5h5ZNYr3uj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500082, "uuid": "c8cb3cfa-ee59-4a83-b1c4-be3bd1bcdad0", "value": 925696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500082, "uuid": "112eebbb-67bf-479b-8657-d0cf59712d5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500082, "uuid": "3d84bcdf-14ed-4012-b4cb-61269285dab6", "value": "NEW INQUIRY #20230519.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15e8c869-f62a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684489613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "2a1fae30-09b0-403b-a0b2-7131a312c858", "comment": "Malware payload (AgentTesla)", "value": "9cc65457e669c954d8f04910da9fafb8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "343cba30-9abc-4475-b82e-22483acd4f1b", "comment": "Malware payload (AgentTesla)", "value": "dce5cc1b0218e1f354e61012d9c5ffe4ff9f3c99e986faaf3d6386e5188b6fc6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "814429d3-a106-45e3-a77d-4e5a0255b6c8", "comment": "Malware payload (AgentTesla)", "value": "fb7cf0cf0d6237de681df9cffd7901be48f71abb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684489613, "uuid": "7ae2eccf-a875-4505-abc8-f9e50d491fff", "comment": "Malware payload (AgentTesla)", "value": "938e76128ecc52d9692decae42d9ef41fe4a49aaabd5e7601d3fbb450b722a70d9f3864f3323306cc29877b95f15fa69", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "40ab5315-678a-4a20-8db5-12945b482295", "value": "T19F15CF60AAE9D6DDD8250BF0A1D2D0F0171A5C24E5EDEA570EDB3CCF31B6A443152A3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "6505ce97-5382-411c-9347-53110dbcb435", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "5a4c559e-2583-43c9-a96c-6396b271ed3c", "value": "12288:92iNfUFotEvZ41+VfaZnYthXNdeNUd7TzUZuWlm+M5jPndttjtZ0eNa:91Bs0qZ4UVSENdlpxWl/IjPdttjt1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684489613, "uuid": "e2fb14b1-9618-4d78-b1c7-f5c4b6d9350c", "value": 893952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684489613, "uuid": "533a08b5-085f-4f80-999a-f7b0088f65b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684489613, "uuid": "39e71a02-6d19-4ca3-a0bb-3c24a81b6457", "value": "Shipment Document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f0da7f1-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497923, "uuid": "01c6348f-343e-4e2e-bacc-197abd9eb033", "comment": "Malware payload (RedLineStealer)", "value": "1210e52ed4779910ac599e817eda5df7", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497923, "uuid": "dc8a7050-7c2f-4d38-9946-d8f49dc33989", "comment": "Malware payload (RedLineStealer)", "value": "dd4e958f7d4a15f46bd5f2b7495cb1ea9b3fdd4921e380cf98f2631b6b96d8a3", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497923, "uuid": "8c271a34-674a-4ffa-9c44-8c26c5644fe6", "comment": "Malware payload (RedLineStealer)", "value": "c55af0940b15c030a89c09e82b8bec9f508c75fe", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497923, "uuid": "8b05d1d9-d80c-41ff-97a3-5d430144420b", "comment": "Malware payload (RedLineStealer)", "value": "c3481f9108635fee26b79726af1fa91b6284042f5a629dde24721ee8b86471ab009b75c68bd590dcf839c0af6647b678", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497923, "uuid": "e464636e-0632-40f2-8c2e-fd4d60aa02a4", "value": "T114252323B6C56463E8F51BB02CF702471B317DA489798B6B2648962F0DF36D2B635336", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497923, "uuid": "d1953b4c-3e35-4a0c-89cf-f0b2ca960bb1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497923, "uuid": "167736a1-2fb0-4603-a04a-8c8404a12ee1", "value": "24576:ty5KZVH4SlQbUfLGnKDTdcr2aShjjtlFqK10zJtSdheTu:I5KPETnKDyr2aShHBHizJtFT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497923, "uuid": "73a7482d-08c8-4c5e-8902-152c99084f51", "value": 1044480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497923, "uuid": "b0978b8e-c62c-4e26-b335-207bf434218d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497923, "uuid": "a5b57191-74ea-4dda-a9de-286071dcb2cf", "value": "starter.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af001b9d-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684531102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531102, "uuid": "82e0701c-0d8a-4733-bb65-f69ee6817d07", "comment": "Malware payload", "value": "17ab860d2bf282ef06b93f6789e45b6f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531102, "uuid": "66de2907-82cf-4d6e-b166-aba0037ae98a", "comment": "Malware payload", "value": "de3007c7f075984be9fc5167e9b73a1c3463aaf7c2d412a2a34c99f252250715", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531102, "uuid": "32ddd5ce-675b-49b5-a721-e32f66e3e71d", "comment": "Malware payload", "value": "0b028ff0bbfa972ae870f4ebf274d45312fd915d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531102, "uuid": "1483afae-fbc7-4f8b-82d3-2aef95bfb0bc", "comment": "Malware payload", "value": "342a16eecef24a787cb70a8d423936ceeed3a3815d7c20e4df4bc6b35ea161086821e262ea94a11fc5147bda1f8d02ef", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531102, "uuid": "9138ecf1-3bad-4c7e-a83c-9a209c6b39be", "value": "T1AA635A32BA721E27C0D5503A21F74B15B6F153CE25A8C62E7DB21E8EFF24A4065479F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531102, "uuid": "e45b5f35-107c-4e70-96c3-246e112603c0", "value": "1536:Gaz5Bxzwnq3wTHFEwDe9f6575jItjNwbZn2jV:FG4yyi5VmNwbZn2jV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531102, "uuid": "c968e153-f65d-4636-ba76-dacfec0dc290", "value": 70480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531102, "uuid": "0273b47c-4bc8-461e-a177-f3f3dd1fae3a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531102, "uuid": "d6ccc579-7ed2-46e8-9277-467015eec857", "value": "17ab860d2bf282ef06b93f6789e45b6f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38165b32-f5e8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1684461324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461324, "uuid": "10e1a2f0-e3c0-48fb-bddf-1c2f04b92f95", "comment": "Malware payload (RecordBreaker)", "value": "dfab68d449fd2d569da2cfa53d81b21b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461324, "uuid": "dd7d883c-639f-4f78-85f6-e2aeb64d11d7", "comment": "Malware payload (RecordBreaker)", "value": "dffe5eb5f7ad23381ca99fadfd47eae45fe555048bf50e2603d267d8db90f9d1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461324, "uuid": "ba5d34bb-1fbe-407c-8638-f3815115e4b1", "comment": "Malware payload (RecordBreaker)", "value": "9e0b0f032b9f5830d5c03d8a0d797a3559196748", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684461324, "uuid": "0746e595-1958-40bd-8b6a-70810dbef73b", "comment": "Malware payload (RecordBreaker)", "value": "8e657eb047dac79cae462779d499f71db255e3e137168cbf6ea17fdebe42694becde16e11a046f900157c301a128fc92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461324, "uuid": "693da868-012f-4d28-b0ee-c59327e1ced1", "value": "T15555D01177A5C510F9FA3B31C8BF06B88775BC629AB0D7DFE650346E2D32A01E811B66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461324, "uuid": "0b99b179-56be-467e-9ce3-4bdd73bb715d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461324, "uuid": "07454b7f-0b96-4e67-a582-b21506ed0347", "value": "24576:/okQxFPJnSsoWFJ5U1SL+zDjm2QAuRpNcs12VZWyqIplLFWbZkO4Fa6rI:/ok3NWHuQCnjm2IRr1oWxglobZDwBE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684461324, "uuid": "2d87a034-2de5-4656-9a06-70a9cac17ea3", "value": 1288704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684461324, "uuid": "0ea24117-7909-4331-b48c-759c358274fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684461324, "uuid": "bc619c44-3b8b-4601-b608-d2905ca574e1", "value": "gorilla111.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2ad3960-f67d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684525524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525524, "uuid": "b1cc12e5-42dc-4efd-9151-d9c6361eed27", "comment": "Malware payload (Formbook)", "value": "014fd08cf75e2f36af9791407f6e594a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525524, "uuid": "e9b711e4-5ad2-418f-8a95-2c2dbc89c42b", "comment": "Malware payload (Formbook)", "value": "e0b295c6ff8b659d36af3e6b48ce997d4e094d8f50bd14ec71c309a46024dad5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525524, "uuid": "6a249c34-2671-41c5-b167-11a9ae620ccf", "comment": "Malware payload (Formbook)", "value": "ceb869f29d15b56f718aab5aec7b17cb335e26fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684525524, "uuid": "e1498b6d-1ba1-4382-abfc-5b7e591be459", "comment": "Malware payload (Formbook)", "value": "0c39c8cf49291de2997b961a09214e9d080bebb8b080c8dedca48a035005eec19d720614903a374cce2179786ef4c854", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525524, "uuid": "3c01f2d3-9e25-4007-82b4-01c2d3e0e502", "value": "T1BC15F19159A48C11E2A66FB94AB3F23443796D52EB23D30924F02D977D3BE827E053C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525524, "uuid": "07654774-a6db-4af3-90a6-69f7f0f80dad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525524, "uuid": "95b6784e-e824-4308-b657-ad82aeca380e", "value": "24576:NP0tzSf3OaM8uaRl/X93m4LXHVXOKaAB:NP0EfeJ6f93m4LgKa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684525524, "uuid": "01cc72f3-f4fd-4fd5-9ee9-66b2735a079b", "value": 917504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684525524, "uuid": "c061844e-3ed8-4678-8b1e-9eb44cf556cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684525524, "uuid": "3febdb37-a686-4d6f-afdc-d9d177a698c4", "value": "PURCHASE ORDER_RFQ_PDF_______________________________.............exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3886ec3-f630-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BluStealer)", "timestamp": 1684492562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492562, "uuid": "0869bd1b-fdac-4d81-afe9-bc8a9460841b", "comment": "Malware payload (BluStealer)", "value": "00ec65f5667134941484ca7ef40ef167", "object_relation": "md5", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492562, "uuid": "a5548a68-102f-433e-93da-a5c53a701b5f", "comment": "Malware payload (BluStealer)", "value": "e0e677d03d49bc27c8575e7f2a4816aaf10cea4d624671292cce7e2eeec67497", "object_relation": "sha256", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492562, "uuid": "cd74a198-a7df-4c37-a68e-7757aff99d8d", "comment": "Malware payload (BluStealer)", "value": "e2aa6f59e21c3d69fe09e036a0db32249739874a", "object_relation": "sha1", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492562, "uuid": "98cd5f01-b7bf-46ab-84de-e03ef368fda8", "comment": "Malware payload (BluStealer)", "value": "d7048d8c8d857501123be3847d10a2f6ef21d31ef530e735c25b210864eb3cca79e7b38c4b798737f79881cc7e26b77f", "object_relation": "sha3-384", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492562, "uuid": "f4962517-98dc-4a73-a82f-16b9413e7b65", "value": "T19765123467D6DB0BC11B83B890F0D2B0677A8C56F076C65B0EDDBC9FB29E7A11642252", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492562, "uuid": "551add18-0cde-4dc4-81e4-9b227680d45e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492562, "uuid": "56ed5096-d59f-4015-91fe-ca4a23b6be6a", "value": "24576:X4Ze+gp1yI/aLxE5HY9qzZyQ9HHgefs+LbeFgEC/fGKhQ8mI5EKq:7G1E5HGqzMCg3geEXGk+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492562, "uuid": "4b2082e9-ceb9-446d-aabf-2bc27713000c", "value": 1501184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492562, "uuid": "efc182e3-aa6a-4a2f-8dda-b8bd8ae8aced", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492562, "uuid": "084ddbfe-a5a5-43ed-8656-1eb0e207a99d", "value": "PI-12042023-02.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bd6c332-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684516010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516010, "uuid": "4170badc-2957-4018-aee6-f76c854f1612", "comment": "Malware payload (Amadey)", "value": "4b25f6c336e1353dce07ea8465f6a402", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516010, "uuid": "62d9320c-2760-4a6f-a08f-74ecd810e436", "comment": "Malware payload (Amadey)", "value": "e131109319e95f8eddbcaa79aa53a15c27fad55b15da835a2adb1a308f6cd7fa", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516010, "uuid": "4489a3d5-376d-480b-9dd8-9c12512beaf3", "comment": "Malware payload (Amadey)", "value": "230ea22e604fc69d7f9f20292f9e777f86bb14af", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684516010, "uuid": "1b0f78ab-b0bc-4293-937b-acec5739962d", "comment": "Malware payload (Amadey)", "value": "4292d9b839daec13fd9bdc491aa2c4fabec41722b5d061370132847d97a0e0f2a3c6db6a6c22309c1430e7ebe036b74e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516010, "uuid": "00ff385f-9b56-4d33-8a5f-d3930be8d0d4", "value": "T14D252342FBE45022ECB51BB09CFB1343163ABC51ADB442366786EE471DB26E46A31727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516010, "uuid": "69f385df-eb18-4cab-a018-9d2a09da540a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516010, "uuid": "3ac9f576-9841-4133-b3f4-a8459e54e309", "value": "24576:TyXyvsbCfngyKgxxBPelDQtIS2l3F+J4yjbg:mXh1yKgxfE6Qc3b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684516010, "uuid": "75508604-626a-4671-98f6-9cad1c10b5d6", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684516010, "uuid": "0ea286ba-3792-4dce-9b30-7c2dfacb825e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684516010, "uuid": "8e7f474a-23b4-49fb-ac77-114aa95fdb0d", "value": "Doge.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62047295-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684473849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473849, "uuid": "96aec5fd-0588-4d0e-85d4-83eb6a501734", "comment": "Malware payload (Formbook)", "value": "2f10e089d44959bb959a752301b6edda", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473849, "uuid": "b6150a3c-faf1-4d80-a7a4-f314e70f1ddd", "comment": "Malware payload (Formbook)", "value": "e2022f8fdaec009f0a0cbf8cf3b248854c065312c43a18ae0bb61113b7d8f66c", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473849, "uuid": "e9b5eb9e-c21f-4232-a220-d3ff4a7d20b1", "comment": "Malware payload (Formbook)", "value": "a01e1ac45690b839ec30fc45d01e9cd6880579a4", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473849, "uuid": "27b091fd-ee3e-4fe9-95bb-ccddbdd94740", "comment": "Malware payload (Formbook)", "value": "d596b59b78c8a0d913d913ac4c72a5520a28e7c8fea6a4e7208c30addd43ad216f09e2601459c441a10ce94a691e4bd2", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473849, "uuid": "620f3324-9213-428f-b5b6-5184aca59172", "value": "T1C0B42359E09216ADE50AF057CB82D40F09F92D7F7938A80757301903C97637E6EE6A8F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473849, "uuid": "263dcc38-9ec8-4589-98b6-00a2b45d6f10", "value": "12288:LKSkF7teaQfuN735mUTcu4v8Vi6ejuZnJUC+v7:HkRteaQmN7pfI70VijjuZnJWv7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473849, "uuid": "ed7545ee-e109-40e5-91b3-2886d456282f", "value": 522450, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473849, "uuid": "50af0d30-905f-475a-ad59-08d826818ca7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473849, "uuid": "34b58e34-bf90-49f8-90e5-1cc5236bd115", "value": "PI.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "400a85c8-f619-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BlankGrabber)", "timestamp": 1684482382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482382, "uuid": "8aae9ad8-d902-45ca-8f19-fff8bbf84461", "comment": "Malware payload (BlankGrabber)", "value": "c8386a4c276538ef46d637c629e47fa4", "object_relation": "md5", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482382, "uuid": "c0353289-a0b0-4d9a-910f-7313c2ceceeb", "comment": "Malware payload (BlankGrabber)", "value": "e274063b7b6fc1e3646ffe18975060ec8c5aab36c7cc2c87ea991499995d22f6", "object_relation": "sha256", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482382, "uuid": "10752ccf-d7e6-45e2-bd3f-2071116d265a", "comment": "Malware payload (BlankGrabber)", "value": "718236990015e18150ddcd54a544a773dbb4d77e", "object_relation": "sha1", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482382, "uuid": "5fbcef67-de0b-4cf4-a8ac-81c555f6e635", "comment": "Malware payload (BlankGrabber)", "value": "a82cef38e60eed2d6c3be3f1b0c26cd7a38024bdc76f42d51c7496b17fa588824d4de83bc64290f83699520345be0c71", "object_relation": "sha3-384", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482382, "uuid": "c596d7e6-7c7a-4463-a8dc-0007e6d42066", "value": "T1D09633A5A6F50EE1F6FA2236C882D016C6B4FC675324CE8703E4456A1F337662C3B795", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482382, "uuid": "de70f2a1-9673-4fd3-a6e1-e1e0442dcd96", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482382, "uuid": "dfb40a12-374f-40f4-a84a-a44a0c38d98d", "value": "196608:sDdafMj8SOtQp6bmJPeNQ9iBq5qumdtS+TDM:0afeOmpOKMprTD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482382, "uuid": "bf9c2865-6d5b-4a1f-9b13-55ba75df9930", "value": 9334485, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482382, "uuid": "f17ab3f7-9196-4de8-9c8e-a9984d97e0f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482382, "uuid": "f2e3e10f-367f-4fd8-ba24-a47b39dcb24c", "value": "c8386a4c_e274063b7b6fc1e3646ffe18975060ec8c5aab36c7cc2c87ea991499995d22f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6082e6f-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1684512672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512672, "uuid": "0cc15f23-546f-4f02-ad7c-aa1ee3867a6a", "comment": "Malware payload (GCleaner)", "value": "bda86cf3a5cfdd438ce424256d7ca6b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512672, "uuid": "739762c5-66c1-4c7d-818f-56e19630fd4d", "comment": "Malware payload (GCleaner)", "value": "e29ff3b2a901941f9b51de181a18a7730e01fbab155392d8c319002a88a116f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512672, "uuid": "4e452514-a7ea-4088-a7ee-94c93b236505", "comment": "Malware payload (GCleaner)", "value": "b728175db904ef8e0cd6025fa55529bb00e863ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512672, "uuid": "43ebfcb6-a3a5-474d-a953-0e849b6602cd", "comment": "Malware payload (GCleaner)", "value": "a28bb534f463e2f93755deeecb8bec8a76ec246b75b67c54d7ba637f2122d5770f1637497b1c7129015959b4721b04d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512672, "uuid": "6fa8fe38-de66-40af-860c-3dbce2094c68", "value": "T1D4848E0392D17D23EB2546728E2EC2E8769EF9514F0937D762286B1B18711F2C97A372", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512672, "uuid": "0aa4e2a1-46b9-43b0-9d1c-aa5393001363", "value": "33ad97a6371f251a2ce2085c8f9feaea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512672, "uuid": "f807b588-8418-46d1-a89d-1357abbfbd02", "value": "6144:2hDUZ20Q1sGO5ZGMnHcJhF4qzhRcwWbGILdp93Tu:BZ2/FOPPHSFvdgxpDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512672, "uuid": "3a20d53d-af97-4cd2-b2ac-911871a528cc", "value": 404992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512672, "uuid": "1c6e8a5a-b794-4001-8563-66bc43c0f932", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512672, "uuid": "7cc9f04c-1184-4a74-ba30-f84c65ae2f9d", "value": "bda86cf3a5cfdd438ce424256d7ca6b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8baea67e-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684476926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476926, "uuid": "9910bf05-c6ef-4024-b8fa-426f1dde3f06", "comment": "Malware payload (AgentTesla)", "value": "24ae13d96ddab4c31b95deffe552af61", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476926, "uuid": "6f128f76-eea9-4a5c-9b40-2c8af7376b25", "comment": "Malware payload (AgentTesla)", "value": "e2f6657290cd9791723c57288291bcb3cd53b60ab8e258610ff73e4453446763", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476926, "uuid": "6fb1f177-f4b2-42b9-93b6-20a8bbc1248a", "comment": "Malware payload (AgentTesla)", "value": "76d905afd48b804ceedbced8cdcb66ca2c4124ef", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476926, "uuid": "e66369f2-9bd4-404b-b10a-e4efbcccb780", "comment": "Malware payload (AgentTesla)", "value": "025922c2c253d837d5726bfbc82ff5963851288e945d80ebe30c01475afa984984ae24ec01869e3523bcdba6a6d81f9b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476926, "uuid": "793c2eab-8792-4154-b0f1-457932b3bf93", "value": "T13FF4E02422C7E61AC519C7FD84E2F2B057B6BE476032C6470BC5BECBB646FE94651283", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476926, "uuid": "2f3ed9fe-ed28-472c-8a0e-a93a04710435", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476926, "uuid": "eadb57d5-b68f-4e0c-9e9b-feeab8bfa447", "value": "12288:FZxC0Ox5bYX0xEsOCDCXYns6lLeXh7Zvysdh9Y39MeZA:s0OuzrCuskh7ZvFh9Y3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476926, "uuid": "e83d7792-075f-455b-8865-85539c370206", "value": 722944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476926, "uuid": "5a5c049d-9098-4e6a-88fa-ae56eac7c77d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476926, "uuid": "83d8e576-79aa-4978-9bce-2cf54430de57", "value": "REMITTANCE DETAILS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "004013c8-f67b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524366, "uuid": "ffd8eaf9-e863-4d6f-a5a1-f3a05e008946", "comment": "Malware payload (RedLineStealer)", "value": "aa56e38e6166ce00e4bd67174aaca03a", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524366, "uuid": "a5ebc599-508d-4af3-a5c1-9be0eae99417", "comment": "Malware payload (RedLineStealer)", "value": "e30bee24cf702b20d990d77a85d121a3e6d97b50cad887d189dd5d29bb434970", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524366, "uuid": "b3f8cc54-0000-4594-b38a-ff0ed60a716b", "comment": "Malware payload (RedLineStealer)", "value": "29b295aff310f6ba8d93d114084b17f9d651efd2", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524366, "uuid": "ecd0f1ba-5c57-405a-bb9f-9614e235d9fa", "comment": "Malware payload (RedLineStealer)", "value": "9b8055ce617862d3a3e02ccb89a4fcb51dcc5d31022136b1b28990997ffeabe845970f5e05be0e84edf02a2e1a1d3222", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524366, "uuid": "02cedc76-e1c1-4d79-9f03-dc15353eaba4", "value": "T183252352DAD88062EDB52BB14CF706472E26BD522CB4536A3744F90B4C32AD4F63673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524366, "uuid": "de2fa10e-368f-43ea-a6a8-3385f09be854", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524366, "uuid": "05162f30-2c7d-4562-b6a6-ec63cc7877f3", "value": "24576:lybx4T+N91wRfcm9qhguvSoe857uYC+xA/:AbxcaA79qE8Sl+x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524366, "uuid": "9253f70c-0e29-4e4d-88e8-7f0915919fec", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524366, "uuid": "98582c16-5663-4376-b1ee-a8a8a1af94bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524366, "uuid": "f1fb2d68-8e57-4565-9f93-6ddc48953fe6", "value": "download.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8552c7b1-f695-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684535756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535756, "uuid": "4c2847d0-ef0d-4029-8ffb-db582c55b3eb", "comment": "Malware payload (Amadey)", "value": "c1a59ef0a9403536c544a3ee19f6c080", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535756, "uuid": "0e208d13-a7df-4b22-8599-790539a2603d", "comment": "Malware payload (Amadey)", "value": "e3394dcca26f93120552b5436558605fb32350e5905d5a2814a80147a611940d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535756, "uuid": "b139215c-118d-4e25-92a5-8e124b62bd7e", "comment": "Malware payload (Amadey)", "value": "b866bfdfb0f713018d9c85494b8ada824061e668", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684535756, "uuid": "c12176e1-5204-490b-ab8a-159ea9b14e47", "comment": "Malware payload (Amadey)", "value": "8253b003d4c0b59409e7f3ea8293e51a15193d664c8f1e1c7fbae57efb24106dd3e258a5781f050100266668bc78a81d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535756, "uuid": "cb05e72e-1e39-40c9-9363-622d55c105b4", "value": "T1F025221267EE4433D8B61B7154F622830E3ABCE24D71836B299B394F5C716C1B4727BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535756, "uuid": "00683484-bdeb-41b1-9304-4c7c0474ff06", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535756, "uuid": "c8f7eb5c-61d3-4756-bca5-a20b61bd6474", "value": "24576:CyICv+PbOJckxomLVMv9HbzAp8UlzeBQFjeViM1zO:pICvGOJfDLKlzgOoFM1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684535756, "uuid": "34091a79-1887-4793-9e4c-7b5034506402", "value": 1053696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684535756, "uuid": "470084bd-0b76-4ed9-8967-a2e453579467", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684535756, "uuid": "43376d0a-10ba-4122-8d98-131a79d8ab11", "value": "c1a59ef0a9403536c544a3ee19f6c080.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3298cea0-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466898, "uuid": "778c7120-e209-40e9-bea8-ed844af6ab9a", "comment": "Malware payload", "value": "31529d82ceb62ce632344731606f2d3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466898, "uuid": "4cd8e080-3b7a-4b55-b1a0-688959981aa7", "comment": "Malware payload", "value": "e3dbafae0e5f01192322b040d647933c8fc7a166b551ef11cb9a9a5ef925cfe1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466898, "uuid": "bc9ff62c-84c1-41f7-ad78-12c3aa497c26", "comment": "Malware payload", "value": "5868c323e4cf946d58a1175cf3ae5d5e61c41c37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466898, "uuid": "380b9501-448d-4aed-bc93-9a328043208f", "comment": "Malware payload", "value": "70dc4d4ee0c251923c45a4db4fc6a9863abfc102c04c0fb48c26067ac0754b3c0b69086007280e756053a496f1fb6e6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466898, "uuid": "f6c462d4-e244-4d0d-85e6-077bd90397ea", "value": "T1B1959E0272D240F6E7533A3004BA7736AA74BE454F349BC76764FE6D2A32182E537726", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466898, "uuid": "db7cd1a4-cbbc-4277-8d13-81a28e374dd1", "value": "24576:UdCbKBYVsnsLrOTUFTHb2Wm2DeW4w3qYqy2+ihyp+4cNNWadAGv:UdCfyE6OeKMhyVcNNWd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466898, "uuid": "7acabef1-a07b-443d-9bef-8496e0964da7", "value": 2012160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466898, "uuid": "ffe55480-a124-47b8-a5df-6369ec12ca31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466898, "uuid": "49a028fa-c96e-4f28-9e27-77d4d4411c6e", "value": "SecuriteInfo.com.W32.A-62389890.Eldorado.25892.27075", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d55000c-f605-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684473707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473707, "uuid": "a2507211-99e3-4dca-a25c-2c8bf6e46368", "comment": "Malware payload (AgentTesla)", "value": "4c0521b6dd50ac1445dd0c8770930742", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473707, "uuid": "d77e7046-7540-4941-b723-0affeaa38bc1", "comment": "Malware payload (AgentTesla)", "value": "e54105f242bdccb4ad022ab02f3b276217b82859d6046509cd783bdc4d62def9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473707, "uuid": "9cdfeaf8-a150-404d-96e1-fd7fabe62ee3", "comment": "Malware payload (AgentTesla)", "value": "fa2d3fd0f69b6f816de15d21c4a3df3e9515d557", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684473707, "uuid": "f9633646-2634-4f8f-aeb5-3a3b81432497", "comment": "Malware payload (AgentTesla)", "value": "80380aaebcba6492ec1a8fa23d9a9aa341da6c80587beb054367ffc2453a40371738f6a5ee8843308f5cf0e028954776", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473707, "uuid": "2eed48a8-250a-4093-a6d7-44add37c7ac7", "value": "T12AA423F71A709D562D6EDBE209F71DB28C54A1C0FF96859C0F6DAE88014933F629C613", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473707, "uuid": "b06e1113-d3c6-4359-b66b-5c5d6b76db19", "value": "12288:laNyhEzCurjmyS3jSIvfimkQ5Rfj/hNG3lk7:gNyhEFGTK85RfjZNGVk7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684473707, "uuid": "7f750977-d640-4705-94cb-1dca751a6c3f", "value": 479097, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684473707, "uuid": "338276fc-d9f4-476d-8908-87d9dc09473f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684473707, "uuid": "b29a7b65-0daa-4ef1-81ad-fda25177fe9f", "value": "SHIPPING DOC.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4edcfb95-f620-11ed-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1684485414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485414, "uuid": "9ff30f78-bf5f-4b13-999a-70e58de911fe", "comment": "Malware payload (CoinMiner)", "value": "af51381944f7b4b766a3e09f3067cfb5", "object_relation": "md5", "Tag": [ { "name": "Cerbu", "colour": "#E330E1", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485414, "uuid": "949a0732-bcce-42e2-b738-9a0ff9f2606a", "comment": "Malware payload (CoinMiner)", "value": "e5ec05d1f59933949c166e82457c251e49146bb42bc4b9017a9fc625c6a13dff", "object_relation": "sha256", "Tag": [ { "name": "Cerbu", "colour": "#E330E1", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485414, "uuid": "2573db98-af60-493a-b7a1-9251b8d6ec7e", "comment": "Malware payload (CoinMiner)", "value": "e836f4518e7c7063d21ab8376fb7d3391556bd5f", "object_relation": "sha1", "Tag": [ { "name": "Cerbu", "colour": "#E330E1", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485414, "uuid": "3841afa3-8688-4fcc-91a9-b497ffe670ec", "comment": "Malware payload (CoinMiner)", "value": "12d0a7bbbf0ab8c11d1426d7381a258055335dffcad43b74f3caf77d05ff6dedb0de24921a037a62d4cdd751fc1342cd", "object_relation": "sha3-384", "Tag": [ { "name": "Cerbu", "colour": "#E330E1", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485414, "uuid": "93721744-8e2f-4b30-845e-4c4cdbaeb268", "value": "T18956D0BC78D70A5DFBD92BF0A80D4FED80DD27AA447872BE2F112C844145538ADF9989", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485414, "uuid": "b9f9e354-3e0a-4fcb-8c99-07ed7b9e9e59", "value": "d3be2dc19ba54f7225d7679c3f791cf7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485414, "uuid": "ce6235d0-85a6-4a65-9aee-2f5c3c014faa", "value": "98304:leyQqQI5CkNGrzJcp5012NAfs3b+YoB9tXSk8kGmzwbb2w0EIA:lPQMZGq50lB9NoZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684485414, "uuid": "1063dfea-779c-4b0f-b53d-bac8a8f7d8aa", "value": 5981696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684485414, "uuid": "71da0245-f4de-4ea4-81dc-bd5ca23e97cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485414, "uuid": "b3ec2558-7c8a-4e96-be18-77e728e7379b", "value": "af513819_e5ec05d1f59933949c166e82457c251e49146bb42bc4b9017a9fc625c6a13dff", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0f5e148-f5d9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684455111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455111, "uuid": "aed22cd7-260c-4f35-9bae-878614611a9c", "comment": "Malware payload (Amadey)", "value": "5879d93d38706d96aa8de4eefe988e2a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455111, "uuid": "957980a5-9ebc-4523-975f-f2f7f64318a3", "comment": "Malware payload (Amadey)", "value": "e68f4b4fdf304d6d259e1284b859bf60f26822ef34154459e37fadb6f8657ece", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455111, "uuid": "25b4183b-f10c-48f2-a38e-5ce90b0a21ab", "comment": "Malware payload (Amadey)", "value": "71e313dab563bbe9f8d1dedb69850a4cc85dc1d7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455111, "uuid": "46f72be5-9215-41e4-8164-48922a8f40b2", "comment": "Malware payload (Amadey)", "value": "7d4639553b8f2d629a480d6d12715ec145513da620ea8e3db44466fc799771cb2c5990ebfca57c235475e0c43ff82aaf", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455111, "uuid": "23769a0e-ec6b-425b-98f7-dbd0186cade2", "value": "T102644B035291BF62E5264B728E1EC2F8B6EEB950CF4927D762997E2F04702B2D573301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455111, "uuid": "588a8a20-32d5-48cc-9fbd-0a52ae3e8134", "value": "7de32ae9ac35dca47df77c89a634ed40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455111, "uuid": "09a42835-d849-464b-9457-ca9f4bd9b24c", "value": "6144:VM3krGPkL8y5LxDUQS0crlwokdC5dqTUF:rrGM4yhxDUQqt5wUF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455111, "uuid": "37ca5b85-1c61-4f1f-8a26-a3f801359079", "value": 330752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455111, "uuid": "0de5201e-1d36-414e-82a9-a3b18ade9426", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455111, "uuid": "99610d90-de25-4566-9e14-f4e0194b1812", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4a8a227-f68a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684531111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531111, "uuid": "8f0ef9eb-d2c7-4989-aa99-3588d0668fe2", "comment": "Malware payload (Mirai)", "value": "df41b35d2755c5aa00113ad27d36ccad", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531111, "uuid": "c79ebc25-c5c6-40de-b18f-c68e836e1ffa", "comment": "Malware payload (Mirai)", "value": "e6b6bc6d53dc334cad8c8c45765ee1006f3500a4be67d7765059941d85489eab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531111, "uuid": "34020a84-2da7-4464-87ac-6b72ee377240", "comment": "Malware payload (Mirai)", "value": "2a52ddf1bb0d8bb0f18bc081bc64b9e6155e805c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684531111, "uuid": "b0cb891b-3dfa-4b9c-9d2e-0ed9e4184064", "comment": "Malware payload (Mirai)", "value": "81ebca84548f24a0633eceb6df0edf98bdedf29570dcac7e601de77b6c55ff2ad36878bddf266f5ef734af18b779ac29", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531111, "uuid": "15daf1fc-0f13-445e-be55-7d1c63650357", "value": "T142633A95F9815A13C6C612B7FA6E428C3B2513E8D2DF7203DD216F217AC781B0DABE51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531111, "uuid": "a0e863e8-1968-4b6f-81c2-47493581ca1e", "value": "1536:qnyorX4GaLAdVhWXi8/CAkffHHo5YrouvyTwbZnN:qnOuVhysAufHHFnyTwbZnN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684531111, "uuid": "b2393bf6-0096-47e7-a49e-00b060231446", "value": 70972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684531111, "uuid": "11e6e233-b3d1-49b2-b836-4617503b752d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684531111, "uuid": "3df2ba52-9f9b-4fce-aa1c-b9bad00e29ee", "value": "df41b35d2755c5aa00113ad27d36ccad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "503f8449-f67c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1684524930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524930, "uuid": "35e4cc13-e334-4280-a3ff-d8036948910f", "comment": "Malware payload (Mirai)", "value": "ee6de92a7c0684af227b0e8ca9e13600", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524930, "uuid": "79a2cc00-c08f-4feb-af0a-e568a9ca64ca", "comment": "Malware payload (Mirai)", "value": "e76f09c630fc390bcd5c874f4ea5e8fa4258840f215fde209001125a17724fc3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524930, "uuid": "753ed02a-77d8-4468-868f-30dc8daf2cfe", "comment": "Malware payload (Mirai)", "value": "e75d531ddce06404319d37309da3c1c3eb606182", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524930, "uuid": "601d5176-c8f2-40ea-9911-7b916c081788", "comment": "Malware payload (Mirai)", "value": "e72833b5bccaf7b389bf7ac0fc3913c9fb2a5d3006b6ffb871199d3c184cfff6a2310bfb7ce113561650cbd54e26127d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524930, "uuid": "118d35f5-d54b-4dfe-980a-17a3e58503bb", "value": "T1A733F2A227AE66E291F05773FC33EC19D2DC16E45CA7309A3CF0A615B7C18054BF6646", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524930, "uuid": "99410f91-fd95-4a49-bf80-2946d13347b6", "value": "768:AwqkrmTJaLf/ZRjOrMX9+xNy6IY3mhm4Y3UQwjQEkkBF+MauMBexo46hpKUa/v7j:49O/ZMAXIxNUk0cfPqF1aBexo4opKZbj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524930, "uuid": "18021520-c355-4da7-b8f4-27ced33f0990", "value": 52656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524930, "uuid": "bda2d6db-ea90-4f50-94dd-577ed6c8cdd9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524930, "uuid": "8d21458c-40c1-48ff-811d-6f5838e99855", "value": "ee6de92a7c0684af227b0e8ca9e13600", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63e4ef45-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1684499622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499622, "uuid": "b2de4e86-25a3-4dcb-a6f8-697e6b0bfcb1", "comment": "Malware payload (zgRAT)", "value": "3939ea9559c9f97eb10c969144ffcaf4", "object_relation": "md5", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499622, "uuid": "6b98ace5-e7bc-472a-9e37-2a259db49575", "comment": "Malware payload (zgRAT)", "value": "e7a15a9dea21cfe704bc001844135dfb5f490ea3c721fb82a3e9437489be3f1d", "object_relation": "sha256", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499622, "uuid": "c7307f0c-defa-447d-ab4f-9ceee153aa89", "comment": "Malware payload (zgRAT)", "value": "8ac6d8f60927f94eea6fd929dce7027a75f612ae", "object_relation": "sha1", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499622, "uuid": "13d74cca-2b97-4153-9e64-8102724d8834", "comment": "Malware payload (zgRAT)", "value": "f02ca889fe2aa06bd0e80e94079912b338155616bf4cdb2d8e125d259f8f93a36bc39bd9f8f0e87a09b64dd5d7dda58e", "object_relation": "sha3-384", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499622, "uuid": "632c4709-6433-4ccd-8215-aa9ca37cc969", "value": "T17F26E13302C7FCFBD3E23D78C54A2A581FC468F3A32C5294BD790ABA66B44549A954F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499622, "uuid": "72e55383-f980-4cac-a54b-9544aa913154", "value": "49152:2Bu128cffWtLs6KxbzGAYgnNkBIgYF4DroV6XBHScw4MSD8QydW4HlBeZVu:", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499622, "uuid": "bd6db6cb-ecce-4fe4-98af-143c85eeec41", "value": 4675584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499622, "uuid": "0a5a759c-edeb-473d-bae5-7a6d11e4f627", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499622, "uuid": "c0cb0c61-5084-466f-ab70-bc52696d2df2", "value": "quotation 239865_1.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "493c9878-f624-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684487122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487122, "uuid": "b2856754-97ab-451d-a8d9-069b459e1bf6", "comment": "Malware payload (RedLineStealer)", "value": "7954c5b6d7dff8d9e24d17ef4c8a5494", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487122, "uuid": "cf64cd58-de32-4729-b957-ad0928b2a5f4", "comment": "Malware payload (RedLineStealer)", "value": "e7e28f077f83dcfebf707111ec7bf00c7ce823559a62a4e17d89005662545858", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487122, "uuid": "333f13ff-f5be-44df-96c1-5f05c40829d8", "comment": "Malware payload (RedLineStealer)", "value": "d19184dc797b01450a28510eb2477d72c622c6da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487122, "uuid": "b6798c1c-cc90-427e-8979-da3ee22be2e4", "comment": "Malware payload (RedLineStealer)", "value": "5d9c5a23bd0e51e61f8e1ae1486d6729cabb8200b933361d0c7820d85e65af38aa8b9285f435390596e1294b21b807c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487122, "uuid": "58bcbccf-baf4-4a93-a2aa-fe76658aeaa8", "value": "T19B252307D9DD8136D8B127B0DCF715A34771BCA24D7A039A2789AC8A4DF2650BA3173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487122, "uuid": "85f46d2c-159a-4ae2-9f7a-e15d28093038", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487122, "uuid": "8f6db4ab-5647-4a48-aaad-b73a0ce8af9a", "value": "24576:5yCRMyNe7USDChK+qFox/IsDrsIocY5Zx+lQ0/T2b:sQMyNIXiK7mQsDrTYZx++Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487122, "uuid": "b8db7f56-7874-4688-a565-b5ec582607e0", "value": 1054208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487122, "uuid": "c15b1df4-4953-4f7e-bd98-1669d1337c5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487122, "uuid": "d1de5407-ab41-4b21-be76-3925df2dee06", "value": "7954c5b6d7dff8d9e24d17ef4c8a5494.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "086c5ec8-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684477994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477994, "uuid": "57f3ce51-c0bd-4b7b-964c-e789160309f9", "comment": "Malware payload (Loki)", "value": "98135099e7851eae5752ab20a70ab907", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477994, "uuid": "702ecd67-060e-4610-ac49-1943f202abdd", "comment": "Malware payload (Loki)", "value": "e82a2e71daee5793137e6746c8ade46e0ebba1dd4009c6a9e40355fa92071551", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477994, "uuid": "14e85b1e-690a-4a03-8e14-963f6aeac702", "comment": "Malware payload (Loki)", "value": "0b513e95b3c00895a95ffbffe467c7e7a1209d37", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477994, "uuid": "61028981-b43b-4ca9-b89b-ef773ed90d59", "comment": "Malware payload (Loki)", "value": "781548e64fbe015b5344594fbc3acb672b5be445baf1199dc0dc3f15bab61176583083965f3cbaaf2dc4e6cea9cb6ab3", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477994, "uuid": "56d4e100-b14d-420b-8a4e-a7fd18d1937f", "value": "T140F2191AE79B02648F4113B3271B1E895ABDB23DB35551B238AC933433EDC7D42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477994, "uuid": "73e79c66-2ed0-442b-a17f-0661c067e7fc", "value": "768:BFx0XaIsnPRIa4fwJMhzsquYwDVu9IGCxd2lPcqJ:Bf0Xvx3EMiquYuu9IGcU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477994, "uuid": "eaaa2801-d929-4229-a2e2-100b0ca1901a", "value": 36463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477994, "uuid": "46394f60-4dba-4499-81be-d32ca7d5dd5e", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477994, "uuid": "27aaa4f5-a370-4a18-a8f3-f0760a6a2ab7", "value": "RFQ.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5da40621-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684499612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499612, "uuid": "fe152873-545f-43ef-90ce-1da6287701e2", "comment": "Malware payload (AgentTesla)", "value": "60186bdd7343d1ec3f36fbb79e605edb", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499612, "uuid": "a4765422-f28e-4695-bf27-0a207ac9104b", "comment": "Malware payload (AgentTesla)", "value": "e968bd84f2b72b1d238b1eb28cc1cbc8eeb24d1db7acee8e8ca433ab5b28b106", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499612, "uuid": "b2722590-d45d-494e-afc2-cff5cd9ba032", "comment": "Malware payload (AgentTesla)", "value": "8a6ad3145b5f411a7d0b37aa227ec4f3da28bee9", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499612, "uuid": "73a31553-dc52-48e9-9b47-fca425b24e27", "comment": "Malware payload (AgentTesla)", "value": "a84fa59ff96bd1b089166e0b0ed46e364956057887f0421f566922c3c06ea8ef3b8e933f69024166bed967aa3aac596a", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499612, "uuid": "c0ddbae0-9aac-4ac2-9111-c6ef7b2168ad", "value": "T19344228B819B0148EED181E1938C7E7C9D5434DBCF018BA3764965A7AB731F18D8FA2D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499612, "uuid": "233fa6f1-03ef-4a55-bbff-543f392fa1ac", "value": "6144:fpzgOqMCUvbsQvpMymkq7XmHlPfSjWlz/RbwE0h1ECn:RgNMzfOymzmHZailRny", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499612, "uuid": "a30c0369-e2dc-4a34-ac2b-8bf30418610b", "value": 260732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499612, "uuid": "34012654-115f-4b9d-8b6d-8546d1a88ecc", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499612, "uuid": "5b10fe9b-de94-4b30-848e-66704d18ba75", "value": "AWB-18052023_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beaca852-f65f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684512659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512659, "uuid": "e5bc6d9e-7f1b-4e8c-a8fb-2dd6c0dc48d9", "comment": "Malware payload (SnakeKeylogger)", "value": "eea6dac7e88653e9ba892e3d783d9e0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512659, "uuid": "6682f63e-cb37-47c9-a05c-e88fa0865e79", "comment": "Malware payload (SnakeKeylogger)", "value": "ea01a1b0261c579b627b4925d2e227ff8ad0e1917a643368e1db66c32c262859", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512659, "uuid": "d3003cb5-3656-4e4a-a27f-8ec4fdeb8c35", "comment": "Malware payload (SnakeKeylogger)", "value": "0c08d44de61b949596ca06e7167432ef462775b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512659, "uuid": "6248eca0-7e82-4cb3-b9f3-5c07319d7b08", "comment": "Malware payload (SnakeKeylogger)", "value": "c6c2c984b31be507103f69d75bdc12c664e377407e48d066780b877140f088adc7c593291d6a5bd0ef11de675b17b14f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512659, "uuid": "ecffbdcd-a3f5-4734-ac19-cb31080691bb", "value": "T13415D05126A88F05E2766BF66272E13883B52C65F732D2195DD02CDB3D76F823B017A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512659, "uuid": "56ae5c8f-214b-4b65-8c47-cab89626772b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512659, "uuid": "e1b0a14b-e376-457d-b4e3-8f55e4fb01ce", "value": "12288:a0gJeJLpNaPn0YPX/N+VcOHvrWKc0DNUsGGZzRtKPbJrd7xM7:jgJe8P0JVRvrlv5tnZzRKrpxM7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512659, "uuid": "34dc7aac-b58b-469f-b476-cedddf6ca4e9", "value": 913920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512659, "uuid": "47489fe3-820f-4945-b0db-fa5d221a86cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512659, "uuid": "f5e9decf-8ae9-4771-b343-5bde745a36fb", "value": "Quotation request.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2b054f7-f60d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684477421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477421, "uuid": "7a4c2a50-d09b-40c2-a842-0c81c53df6e2", "comment": "Malware payload (AgentTesla)", "value": "21e0203ba3bd62043d2020f5f2cc1ed5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477421, "uuid": "bc640d71-0303-450c-b465-20fabfde5d15", "comment": "Malware payload (AgentTesla)", "value": "ea334a8065334c73ce7ab24aaf3aa8d2bf400bfcc1389b5859e76348191a43f5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477421, "uuid": "82f4a001-afd7-4558-b7ff-c0a4495f7515", "comment": "Malware payload (AgentTesla)", "value": "6e09e905e73a9aa1ff219867b5a0fc415b0e5c3f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477421, "uuid": "dc4a9c45-ad30-4cc4-a643-7363dccc260c", "comment": "Malware payload (AgentTesla)", "value": "9d1e9037e56507d524a6d328f88cacbe1c2fcb8c2c3cc48f9db73e95fefc351ee81a5aa1b533dfdaae82f4334100abb8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477421, "uuid": "633190fc-90b9-46af-995b-0fa76504a617", "value": "T12CE4F02023E5C70ED06B527981E1D2F05777AD84F972C7934FD9BC8FB18B2A62361296", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477421, "uuid": "5450da05-27f5-40ce-b5ef-b2f1de40d291", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477421, "uuid": "dca13c27-8131-41c2-bf8a-45d469ba1eaa", "value": "12288:ORg5/hHHL4DN+K3PKiTfK1yncmemEeiXTNFNTGLVZEbVgU6h:ORI5GNpCc7cmemwXTPILsbVg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477421, "uuid": "61d19063-a741-4a66-b395-4d7b8a6a52fd", "value": 662016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477421, "uuid": "23e0ff0d-62bd-40d3-bd7c-e9c11d1c0879", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477421, "uuid": "e1a9673a-6fe1-4359-9171-bec091958870", "value": "RFQ#ENQ-1885-23-TCR-Well Head.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb578cf0-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497648, "uuid": "08c988e9-1886-4b99-ab9b-8e789a5d1eb8", "comment": "Malware payload (Amadey)", "value": "506a5d196da6f754c3e95d6fe48dc260", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497648, "uuid": "f4891072-7df5-4c52-be98-79409e5197cd", "comment": "Malware payload (Amadey)", "value": "ea895a079f57829e261ecdba0a4e68c824c01642f1187291b13c1e540e111698", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497648, "uuid": "1ee914e5-e924-45bc-83c2-11bfa396fa63", "comment": "Malware payload (Amadey)", "value": "bd657bf456fc0f831f32c138ffb07491a1fe7d6a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497648, "uuid": "ff1df9d4-bfc0-4388-be19-e81fd8ce7de1", "comment": "Malware payload (Amadey)", "value": "436fb775e3750b228a5a62ecaf24bb2c4b57999824f46042ecf147457441de558e418494819dc95572e5dac0e705e9e7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497648, "uuid": "5f9baaa5-1f5f-4139-8717-a4f742e77d36", "value": "T1FC252321FADE5436D9F50BB058F203921B35BD1148B016A73744DEAE1CB3AC49971BBE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497648, "uuid": "b9c6529e-51ca-4b20-9dbc-2dfa03b7cc9e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497648, "uuid": "441e1fb1-2bd0-42ca-8782-8300b07257e4", "value": "24576:9yFU7o2z9vGRWADFPbQyWroJ489xhzK2wBODAmLA:YGDzwr5TQykoJ4xjBw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497648, "uuid": "ed31bef8-cbc6-4d7c-b591-8718366ace52", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497648, "uuid": "ef69b843-df84-4080-bef3-d737f613bea9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497648, "uuid": "62666c3a-94fd-443a-861a-1eab9d41041c", "value": "driver.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e1cf2f3-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684487936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487936, "uuid": "9168abc1-c09d-4aed-ad84-427c42c382bb", "comment": "Malware payload (AgentTesla)", "value": "b1599c23a2ec1356c29cf06a06da36bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487936, "uuid": "83768d73-f990-44e8-b970-4c62f38d17cf", "comment": "Malware payload (AgentTesla)", "value": "ec2832608abf213a2a622dba1ec894e80b2adfc3d0eb03ee783fa2df47dc6bf0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487936, "uuid": "588c841a-3743-47b9-830c-7ba0e86ae61a", "comment": "Malware payload (AgentTesla)", "value": "15f55f3b0158ee3827fb6bf0baa2957c90f5336d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487936, "uuid": "d79fca73-e83d-40eb-b64a-2a01f7842707", "comment": "Malware payload (AgentTesla)", "value": "0542fef37f070dc0f3c79d02f08ce09278c21d561073e4aa3d5be9dd9b54c8818a16b658396fb986b443e2e0dde09470", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487936, "uuid": "46296420-87b7-4ab5-88a0-575f9fa72a3b", "value": "T13E15F1D016A45C11E2AA6FB946B3F23853796D95D763D34A20F02C9B3D27E927F02783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487936, "uuid": "1501336c-53b3-47b0-90d0-adae58a4184e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487936, "uuid": "58319c87-d6bd-444d-a0f7-b2a196780da3", "value": "24576:iP0tQOEUCZFBm27EqNSF/uGTnVnSJtCVt:iP0rEUCDBmq14BuYncJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487936, "uuid": "9acf513b-09f6-44f5-98c9-eac704722820", "value": 905216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487936, "uuid": "b0ef2b5a-2634-4a60-98a0-ad94214c9191", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487936, "uuid": "713476d5-771e-46d2-b81c-3a459e6d6844", "value": "PO-34482_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30011197-f645-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684501253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501253, "uuid": "9e695d13-028c-4152-9144-20d0918936e5", "comment": "Malware payload (Amadey)", "value": "a910223a596d707632c404b4e1ac3ce1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501253, "uuid": "dc55d738-8bd5-4d93-b016-0b12496fc561", "comment": "Malware payload (Amadey)", "value": "ec8e9e94d99bbf7bbdb33b5d003b736a65f0446b5bde067857922eb7044c58b4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501253, "uuid": "41fda39f-8a01-44eb-8b8c-bf0fbf57dc74", "comment": "Malware payload (Amadey)", "value": "cc1481465266be2bf0d2d7469753c778d46603d3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501253, "uuid": "e10527cd-046b-40a3-a4e3-342059d7dd93", "comment": "Malware payload (Amadey)", "value": "c3e75e139ef26767e98a119f2403a7a5ba5946979e3987effa984ed770cd32e3297c1d8328516a0c1479363ed65478bc", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501253, "uuid": "35eee1c8-9b54-4291-a03f-3c8bf00ee276", "value": "T1AB252303AADD9033E5641BB085FB12A31B367C229878C6EB2755988B4D72F80B573777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501253, "uuid": "95392d55-ef65-4f66-b058-b40050abbd05", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501253, "uuid": "df844f8c-12dd-4101-a0fc-adac348afff6", "value": "12288:3MrBy90vNnbxZ7+Dj6DFrh0kZhwpU1dAZ2xWotsfGk51+6/pmsND5Tk4Pp2w1wL1:+yeNfSm9mCyU102yi6/pmsdTk4HQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684501253, "uuid": "7cebcf5b-3933-4b34-b2d8-2303852f92ea", "value": 1045504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684501253, "uuid": "e5db5c78-9f58-4b24-b482-4527977933f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501253, "uuid": "38d26859-88a3-4326-8ed2-ba79b508144c", "value": "a910223a596d707632c404b4e1ac3ce1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac58dec0-f680-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684526802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684526802, "uuid": "63b8d77b-b160-4057-becb-6e942a47c02a", "comment": "Malware payload", "value": "ce39fa2e89e5997065ca6f7f6f58a170", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684526802, "uuid": "e86aa9ca-c975-4914-9102-24d16ea426d8", "comment": "Malware payload", "value": "ecad7f662eef8b387ca73d3134c160dcaf1babce36f3abeca0a45307a32007ad", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684526802, "uuid": "61dfbdcb-6a69-4c14-9a64-a8121aa973fe", "comment": "Malware payload", "value": "84f79f7baa0cc170cd21a5109091bb09e5cde4c4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684526802, "uuid": "5ce2086f-2b32-4fc3-94fc-59abec7cdb6a", "comment": "Malware payload", "value": "1a2ea39c4d728326a022beb6ebaa55bdb825afc901deeb16687f1e49b46b5a0c84cb7d9a36beac8135a8815c27a0184e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684526802, "uuid": "75c43e59-a6e5-4a34-9fb3-4e198bcb9373", "value": "T105A2B6236655D0FDC87EC37046ABF6399623B43D027675BD37E4BA369ECA9112E2D400", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684526802, "uuid": "35a21aba-a5e0-46ce-936e-c00d44d8ec7b", "value": "384:PWGm8kuXgRR7RCnSCzXZbCLJfsLc7mYNZXklanLv8JYJ6GZI6/lPPPPPPPPPPPP3:P9cpRCS8bCf00D8JA6Gn9PPPPPPPPPP3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684526802, "uuid": "d9073a23-adfc-46a9-9d6d-c7fb43e4ef73", "value": 23232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684526802, "uuid": "def7d78b-110e-435c-be2e-3fc13ec8ebe6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684526802, "uuid": "f892a565-e0a1-4af7-9447-1230565a39e6", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53d93e44-f660-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1684512910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512910, "uuid": "5439742b-5f2c-46d5-b979-29b75b66e2e6", "comment": "Malware payload (Fabookie)", "value": "89d4d2f265133f2358d342107113b50e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512910, "uuid": "dbe159fe-c508-44a0-acda-49512fc69977", "comment": "Malware payload (Fabookie)", "value": "ecb908ae939550df6ebde6b56a6ff69ed71f440ecbc6f7781a557ae314ba8e37", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512910, "uuid": "f0d49719-d0f6-407f-bab2-2d2c53d748d0", "comment": "Malware payload (Fabookie)", "value": "d4ffdc488d84a82f55b8cdbe786939bb0d266790", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684512910, "uuid": "2841505d-8f2f-4204-9208-be1be1c1f6e2", "comment": "Malware payload (Fabookie)", "value": "f3b2adffeebd9a248db431d2dc154d914431379163d316f3d2c04a9dc3cf7af1b8250c9772aadd9c7be17d5381dd15d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512910, "uuid": "762d0c00-9a77-443f-8609-ed514e0265f2", "value": "T16FD4AE35A3D80C56D589113E448E43B19B203E287F2E87CB95E5B5CD0A723F0EB69EE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512910, "uuid": "6e93abe0-674f-4a75-a642-241dfa1a169f", "value": "a53b84419f7c4c2d994076e70a6910a8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512910, "uuid": "b9a00997-a4f4-41ce-af79-0375b2c2d917", "value": "6144:XfI7s1nzDI65kzJwz9OhcHQU8rATK/GHbI0/tGKP15Vuc7GHbI0/tGKP15Vuc1y6:v2E6tcHZ049Duca049Duc1y6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684512910, "uuid": "af84a808-e0a4-439e-832a-dcfb4d8c47ae", "value": 651776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684512910, "uuid": "c3ac660a-65cd-4357-b808-6d240564f7f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684512910, "uuid": "c1aa6f14-ec58-4d1e-96c9-e7579edab3e8", "value": "89d4d2f265133f2358d342107113b50e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e02e315-f5ed-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684463481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463481, "uuid": "f4fbc082-8c5c-40ac-a678-05e30c6bb83a", "comment": "Malware payload (AgentTesla)", "value": "02938d1dc8cf0c079c819a420ae9d8df", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463481, "uuid": "bdc439ca-07f3-466d-81c1-c1c51471fc26", "comment": "Malware payload (AgentTesla)", "value": "eccddacf0578f5a8f9540652ab9a0b4638533b445d5b9754619e21216a4cdd64", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463481, "uuid": "ab49b933-2c8b-40a4-95d1-26bd47f1b919", "comment": "Malware payload (AgentTesla)", "value": "2c31682688744e89ecb1a0d39cecd52e40680638", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684463481, "uuid": "b94ef091-2537-481a-abe7-3275b610f03b", "comment": "Malware payload (AgentTesla)", "value": "92770bbf2757b876736d31b4245109914b5cbf9a6e611e152609020677ccffdfaa0298f01f2c203134672b5086f02df0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463481, "uuid": "a0ae226a-03ee-430a-aff2-3de9d31b1115", "value": "T16F34F1897B870A03C9AA897DA4F3056917F3E3D72B77D7863948C1861F423D6DE4A348", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463481, "uuid": "a5167dbb-549d-41b4-a6d2-a5af22789548", "value": "3072:WfFdEN+HIud7LbQ/BGo11Fzs+eI32EyMZ+jB0MHo0NWk6zAp+0BW2RuYpKwL8zTz:WKudcz33FABbo0gR8+0BTR5pHo4n4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684463481, "uuid": "4121ea2e-9399-43dd-8bf4-4cec8f78f313", "value": 239176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684463481, "uuid": "a454dfdf-0d29-47fa-8ad9-f918764d43f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684463481, "uuid": "b4f81a66-8dc9-4dec-a5d3-5cb01f97efc9", "value": "JNuHhHh.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e970831f-f5e6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1684460762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460762, "uuid": "773b67e3-c5ed-42b6-8b55-1cb0735b87f5", "comment": "Malware payload (Gozi)", "value": "e4b75b0e578577c7e020a298a1a1e449", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460762, "uuid": "39d820d7-948d-468b-b2e6-2a70eac00b60", "comment": "Malware payload (Gozi)", "value": "ed72da56c92e39da96db9f91852481837c2e96f09cfb198c3b5671054ac0e45c", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460762, "uuid": "62795a92-7fd6-4b91-bac1-e571d6b916a2", "comment": "Malware payload (Gozi)", "value": "3322cd8e2bf7d03a7a2833dcd0f116ae9407b075", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684460762, "uuid": "a98b6637-bae8-4c72-b35f-14032f207f05", "comment": "Malware payload (Gozi)", "value": "1c0ce28b1ef6f63beeb33a1f51ec65e1ac6d7a37fbb16d40ed7a869f3f048ece0a8d361d0bbcddb1a730d117cb7ff84b", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vipbeed-com", "colour": "#871C48", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460762, "uuid": "562c2c24-4120-40f3-8a66-22c6ed5a766d", "value": "T17BA5124F45734EECABD81E9C1CB91FD91A98BD7135A4FDD19C3B20434A326B920B6827", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460762, "uuid": "e16af522-9195-4e3c-9999-d8d1c9bde543", "value": "24576:gcYPcYM6uT8itShWkSHr0ArZOGttbPWxnqWGlueDkZdc/xegxJh:m5iuWBJqpqPl/kDc/xNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684460762, "uuid": "4a1ef0fb-b13e-40af-8c39-ca71707eb260", "value": 2202949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684460762, "uuid": "dfaa4fe3-e5ee-4af9-b7ee-8a9cfa00d1c8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684460762, "uuid": "2cb59984-0d7a-4a8c-a437-7c2e2c3b9b50", "value": "servizi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e440fa5-f5f2-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1684465629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465629, "uuid": "6c7a195d-7374-4227-bc1d-01906618f720", "comment": "Malware payload (Formbook)", "value": "91a0a2586695b3cad24b6d5eaa83966d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465629, "uuid": "a31d9510-8003-45f1-9062-9cd9331f218b", "comment": "Malware payload (Formbook)", "value": "ede3876cdaa9f15dc9f49a080713bfc4e254d222d99c2a09b999d62d1d4f8c05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465629, "uuid": "e44e2a0b-a94b-4d51-b801-10cc3d67b691", "comment": "Malware payload (Formbook)", "value": "30c4f73da488494defb0843950f26afe37dd5fd2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465629, "uuid": "72e6792c-270d-4cd4-980c-34d0e8400acf", "comment": "Malware payload (Formbook)", "value": "47347ae4c6867f7e793309e420bb28749c06504b3617838a048c62488259fd20a3b996a27d86f83767dd903aea97c69a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465629, "uuid": "060662af-433e-47b9-b6d1-7b9b81c21155", "value": "T1C3D4E170309E8593E01B8AB165BCFD71037175F3EDD8D9B00B25A144CEA7FA46E8899B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465629, "uuid": "cc24e6b8-0f92-414e-b934-e8c69aeabfb2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465629, "uuid": "83ab4bb2-9185-4297-8c96-e0d5321a1b41", "value": "12288:1Jv5H3LV9EO/0gXfk2Ox7MDUhpICOpJAHP59nZNzvZ:bhEO/9XsrZ1IrJiJzx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684465629, "uuid": "58ce1a7a-5c06-4134-a1de-a7f4f7b61aff", "value": 623104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684465629, "uuid": "34aae1c9-e34c-4cd5-9d90-86b6a44cf485", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465629, "uuid": "37398b4b-345d-48f5-9d9c-c1eaa313aca6", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d76dbfac-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1684478341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478341, "uuid": "f6e0ff87-f51c-4f89-aae0-c51654762eb5", "comment": "Malware payload (STRRAT)", "value": "4dda7a35c524ea945ce48919b2fae409", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478341, "uuid": "d94b726f-923d-42ba-9a3f-7092a94e4ef4", "comment": "Malware payload (STRRAT)", "value": "edfbe6203a1498c0c14d3c3057f7e27c012eb7241a8c250215a27359edf97bdc", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478341, "uuid": "5d0748ae-2236-49d9-96e2-110db4ea25c5", "comment": "Malware payload (STRRAT)", "value": "5f25c21d3d9ed5ec35e994af66173ddf7e2e32aa", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478341, "uuid": "8cb28012-b994-4c85-b187-d708a8f746ce", "comment": "Malware payload (STRRAT)", "value": "99da2e3d08cbf61e645c6e33a8abad746ae05bf1195875c7507a18d09d2f38ec87a57606eec1ffdc31522e16604e439b", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478341, "uuid": "f05bd770-0969-484f-b008-2b2fd2f17c34", "value": "T1A824012F39EFD0BFD12390765585CA27A50C82D8D005994F66FD524B2E72D2D1B0AACF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478341, "uuid": "6c501a98-66df-4ef0-92a7-447439dbcd21", "value": "6144:uKyAZBwaEjpo5lLTS0ihmvfZmcZg6EpwVbF8EHH:/PEjpo5NTSlm3eIGEn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478341, "uuid": "a13a9e22-3ef4-404d-bf09-3bac1a5911b2", "value": 210010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478341, "uuid": "7cae7822-8915-461d-8900-57e03d220a2a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478341, "uuid": "7e9c3ecf-04e6-4b36-b623-ec1d84c91f96", "value": "PRODUCT INQUIRY.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af7bc8f9-f63c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497602, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497602, "uuid": "a61b85b6-c98e-4703-bfe5-4773d78454c2", "comment": "Malware payload (Amadey)", "value": "f2cbb85901b21fcf33682510968c22ed", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497602, "uuid": "600aac2f-e86d-40d3-bf80-0b962a1b5778", "comment": "Malware payload (Amadey)", "value": "edfed567f8f6190eb8020b451af55aec5b12f56292a148b534c21c1c83be0326", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497602, "uuid": "4ab45061-3349-48e6-b789-6462deb4d9fd", "comment": "Malware payload (Amadey)", "value": "c9cac28b63950eedfaec04771b874ddc7c5bfd7e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497602, "uuid": "6b153d51-6646-4666-a940-f48c603564eb", "comment": "Malware payload (Amadey)", "value": "d8562b4a9ae8ed2875d980daf9a809caaade0fc54b0ec4995c3245a4df841f0cc7c6314f75e4028a70588e69bafa4408", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497602, "uuid": "559c05cc-5545-47dc-99df-2b3aac2f6fc2", "value": "T11E252306B7E84432FDF21B74A4F201971A367C90A97C6B5B2742A90B1CB22D2F536777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497602, "uuid": "0d7d980d-d1b1-4dd8-8213-7519bc55c537", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497602, "uuid": "1c0db6f9-e7e0-4455-bbb0-6717b4207815", "value": "24576:AyMRdy9sNbEDpqykxMO/m085GuXEOQsUUqvfuJQFG:HKM9sNlykxMOdkGujQaq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497602, "uuid": "faad39e1-2207-425a-9176-2795195efe4a", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497602, "uuid": "b8d76b93-9552-4460-acf8-e7372df9c528", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497602, "uuid": "752c5f2b-bd8f-49cf-ab06-87d3a3dc16a7", "value": "connector.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20a4fc52-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684487913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487913, "uuid": "e241a4d1-66b5-4724-ad8e-49741d21d201", "comment": "Malware payload (RedLineStealer)", "value": "03fb5aafb88487f41ff652ced126159a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487913, "uuid": "a1079afd-e43a-4112-91c4-05f8052244a9", "comment": "Malware payload (RedLineStealer)", "value": "ee12011af51dbe7da5abd8f320e093f2f721bb1f9f1fabfe6a87a8827fdf9b1a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487913, "uuid": "8df47681-c44d-47ed-b510-d2ebeff51560", "comment": "Malware payload (RedLineStealer)", "value": "ee5b30e9a2e70c8c4119d00a83cbe82038d48a62", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487913, "uuid": "381cdb2a-af04-4fa5-a0b5-17cdc43c2bb8", "comment": "Malware payload (RedLineStealer)", "value": "9e3468a149fbccb10b95ea5211369bd5fc8141af4869cfdf159b2b405d0f06f2ad05d05efeb874dfc6ba2710ec7ee675", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487913, "uuid": "d3fe60b8-4544-4a08-92bb-e119bafa5748", "value": "T17A25230576EA0062E9B92B7118F766C3073A7C708C35C2DB2B59499A2C737C5B971B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487913, "uuid": "d0b2bb00-13e4-43c4-852e-62c9ca1e2a35", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487913, "uuid": "5f717575-db14-4da9-b415-30c7ba96bf7b", "value": "24576:UywItg2dUsUhw8IIEXnmjN9vwqDSVUS4+aHYe35t/sNUF1x8:jJg2SLAbXmJ9vR2VU5+0vENkx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487913, "uuid": "5b65acd6-a0b1-479b-9804-ab21c17fddf2", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487913, "uuid": "6dddc4a8-cb10-4cae-9495-47aa6b139bb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487913, "uuid": "64948610-102b-4630-a687-ffe4e681c93f", "value": "03fb5aafb88487f41ff652ced126159a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a352f8a-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684478051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478051, "uuid": "a3c36abf-3144-403a-bff2-90992536791a", "comment": "Malware payload (AgentTesla)", "value": "36e1faeb57cb683862b81277fc0aca1c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478051, "uuid": "bca58132-35a7-4aad-aca1-13a444360867", "comment": "Malware payload (AgentTesla)", "value": "ee215a3ddd28f9c0599ade58c8e18c1735abe7fd9883fe846ce480ced27aa663", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478051, "uuid": "128fc2b3-5807-4413-9efa-b92fe5a1314e", "comment": "Malware payload (AgentTesla)", "value": "7cd8cd522a7a5e142bbb88e6130fdfdf02ac74b6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478051, "uuid": "97d338ae-8825-41a4-bebb-bd56a23f4f3a", "comment": "Malware payload (AgentTesla)", "value": "d0f6ceaecb2bd445764d913cc99aefcf650c64f57835dcbe3401e92fb209ef94ae1de8eef9f216ccb6dbce77ce057460", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478051, "uuid": "25f11c90-1b0a-448a-a4fd-f9f2aad45501", "value": "T1043502D0EEA4C646CD6A43F1D99DD2B007A17D49A735DE0A0AE1AFC730A7B5DC6C01D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478051, "uuid": "6f302087-4879-4900-8316-5f20d967c9e3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478051, "uuid": "f4292bcf-dc55-4f76-a08e-3aa17c9c1202", "value": "12288:/qBIBBiYC1wNbqocwdT+jjTszSQ9bt76DdcKuQDhDGn3LdyMNC:/q+TiYC1wNb5d+U2Q9b4pcoqJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478051, "uuid": "bee6071e-d42f-4b46-8257-2d297b46f6e3", "value": 1120256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478051, "uuid": "0d099da0-22e4-4d73-a0ee-a505e741cb7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478051, "uuid": "6c1c70cd-99ab-48e5-be1f-21cdee3e790f", "value": "e-dekont-html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa601458-f632-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684493298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493298, "uuid": "64863c27-c6eb-4fef-9fd9-99f882c11ac7", "comment": "Malware payload (Amadey)", "value": "d65d1628780ba971e16acafc3ab196b7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493298, "uuid": "b4ebd89f-640f-4ac5-bd29-11ebfd7c72a6", "comment": "Malware payload (Amadey)", "value": "ee2c5a26d45ebf62efd5afd3c9e25e14d44658a7f0ddb9c522154e9eee18923d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493298, "uuid": "ea13ce83-dbcb-4825-85f3-a6731149c772", "comment": "Malware payload (Amadey)", "value": "07a28a8e37740a23c7a609fc3d5372e5821c91f3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684493298, "uuid": "644c7089-1923-414c-98a1-21c3786aae6f", "comment": "Malware payload (Amadey)", "value": "d38785d5ad08863bc700c72f65732d6876f1abb4f5be35c6117d409bb9343af4152e48a91b9004872dcbab221480787c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493298, "uuid": "ddc5e2d1-eeba-496a-b300-5b3d083c0cfd", "value": "T1CB744B0392D2AD63EB5546728E3EC2E8365EF9514F0937D722146E6B28711A2C97F333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493298, "uuid": "7a2dd221-7c3e-4187-a938-bb63dd7410d8", "value": "52052f823a75c3e49d6f33c06369892a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493298, "uuid": "1e11286a-e6c0-484e-a34f-da2304b26e8e", "value": "6144:T9Q/0rDCZCCyXPtHagrJHxjf/LCFKQGch3Cx6o93Tu:+0fPNftXrJHJLMlUDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684493298, "uuid": "5cb7904a-1447-490e-9f9a-6c145435a121", "value": 365568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684493298, "uuid": "aed58eb5-f3aa-49c0-b1c8-538b4c415fcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684493298, "uuid": "c3b33bd7-860b-4032-b5bc-9ccfe3fa308c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dc2e6d8-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684497787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497787, "uuid": "bed752b0-3fdd-4131-81aa-fa4ccf7bd27b", "comment": "Malware payload (RedLineStealer)", "value": "48baf3515b3939005bd4ab62764ffee3", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497787, "uuid": "43af12a3-f670-45b3-a3f3-8f644c5e78bf", "comment": "Malware payload (RedLineStealer)", "value": "ee6ce8c2777044d095bcea9e360343a0044bd2cd1c26c90d9a67e5d3a7b70d94", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497787, "uuid": "23b86485-5748-4318-b83a-112c22efcb36", "comment": "Malware payload (RedLineStealer)", "value": "b67b49b071b201b3753a649add0760748fc5108e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497787, "uuid": "139544cf-6d7e-4b3e-9eca-7fe772c7ab64", "comment": "Malware payload (RedLineStealer)", "value": "bc204adf4cee2cb98f6fd51bfe422067105533b75e6791c58d4faae06d47df4cef0c88eb231a76e00b527b574347f439", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497787, "uuid": "ba1a6bca-aaab-4ec4-8ccc-13c09d7f8387", "value": "T1A1252302BAD88433FDB4237014F303CB0B317D916EB8A6B71759AA5B1D77A91A0717B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497787, "uuid": "8075b814-7cb9-43ec-bdfc-cb2e14337ace", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497787, "uuid": "5e1b47e4-a1af-4cf2-8ff7-72438230f482", "value": "12288:pMrvy90QpyyZ39tLlL+PjUYjQpX3d0Jw8L4QKJkChAkG2lmQFk2FYJ3TBpAFtBq:OyxpxNFlnYMp+HLohG/puYJTXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497787, "uuid": "9f926a15-d1eb-416f-aae5-8c1c8613a189", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497787, "uuid": "dbc53511-2caa-4cda-99d0-dffe7b1ed61a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497787, "uuid": "7c20d914-fe9d-4b6b-adf7-e0209a7d3f1d", "value": "listener.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0237a777-f5da-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1684455220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455220, "uuid": "adfc2c0d-111e-47cf-b869-8f77ebe0a0ec", "comment": "Malware payload (Stop)", "value": "49811fcf2ae6548bfb6087c783aaf3a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455220, "uuid": "3170134e-7dd3-4ef4-bca5-1285948e3df0", "comment": "Malware payload (Stop)", "value": "ef2baff18e38c81563a209be46e0abf3bdc5e05da6c2a8872287edd64901af63", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455220, "uuid": "0dd5fcc4-e97d-4aad-8f71-44d617df72ef", "comment": "Malware payload (Stop)", "value": "36e7f1c518efc05e596ca065f9f38254c5f50769", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684455220, "uuid": "2ea91a13-607c-4429-983b-7f6ce6f666f6", "comment": "Malware payload (Stop)", "value": "f9803fdee1a15e8d42be2e5d51d279419bbb22d1524761e3718dbc2ed87acd550c704ee4bb6b016c0f8839f8f34a22cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455220, "uuid": "2243781f-2964-4df3-ae69-befe94f74ed7", "value": "T19605D00369D1BFA2E5258F719E1EC2F8F2EEB9508F482BD762046F2B05702B2D576711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455220, "uuid": "a3fbb071-05b4-42a1-9648-3d219d744a27", "value": "7de32ae9ac35dca47df77c89a634ed40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455220, "uuid": "5e6dcbf4-74f9-486b-bd57-4ca43167853a", "value": "12288:pu3+je3yt7za0/GNfTuHjv5vEJ+V18f41ObP+494IKv0lXv0jq1pLMUF:pCt3U3/Kf+vZEJ+Qw1ObPCv0VUqf4U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684455220, "uuid": "7881fa68-f1c4-4ca6-b1da-9daaa16d2e15", "value": 842752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684455220, "uuid": "d6c071dd-7d41-490b-8695-1b9f6e4ec24f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684455220, "uuid": "087faeea-42b2-42d0-bb10-3b518c5874bc", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cccc5e22-f645-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684501516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501516, "uuid": "2073fb82-86ff-4c56-9067-3ac32380211f", "comment": "Malware payload (SnakeKeylogger)", "value": "77c93fd578af652ca158688bfc430a05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501516, "uuid": "aad81744-acf3-4d11-8117-9be8fd863bed", "comment": "Malware payload (SnakeKeylogger)", "value": "ef32afc779d1f535f073f29dc96ca6cf8dc36c1835b66017c62c8428865eef58", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501516, "uuid": "58c8a1a5-f2e9-47e9-8fb2-e1dd3dd880b3", "comment": "Malware payload (SnakeKeylogger)", "value": "69cae48293094273c8989640c21cf573924ed7d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684501516, "uuid": "72243eae-8f1b-4b34-9639-3d9cbad2591e", "comment": "Malware payload (SnakeKeylogger)", "value": "bb6f4a2bf7f0619b2d9a2c2cae91707c4239599ada803ccae444865e9777b259f378ad3b5ae212645d751c6679e51a84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501516, "uuid": "1ec75ed0-d5aa-41a7-b3b9-d6e9d63e603c", "value": "T109354B91E1A0C9DEE86B0AF1A967E43015976D5C94E8C10D1EDA7E9B32B3341309FE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501516, "uuid": "b309761a-50e1-4aa7-af9e-1c99841ff540", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501516, "uuid": "bf1957de-51a7-4ef7-82bb-e89237ca319c", "value": "12288:M2iNfUFotEvZ415w8ACe22yjwueaQBnO1JIBKNFLj+Unl9ikq:M1Bs0qZ47HACl/eam9at+ys9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684501516, "uuid": "51db22d2-dda7-4c46-9aef-4a356dfd3fd7", "value": 1153024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684501516, "uuid": "7d8fe858-62ce-4ebf-8635-7663d47554d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684501516, "uuid": "449ebd46-fc0b-473c-b1f8-9974543b87d6", "value": "0372YT591445-22 -104500,00-USD-SWIFT MESAJI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c875166c-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684477028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477028, "uuid": "23bdfdd7-2be0-489d-83aa-a9701c585e35", "comment": "Malware payload (SnakeKeylogger)", "value": "8051f845af7b3a114df856751f8a243a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477028, "uuid": "a0d2bcf8-0169-4a58-b642-30f279a60d70", "comment": "Malware payload (SnakeKeylogger)", "value": "ef69f6c6a455e85a49ae3de65eb978f623436b0e0620a95f55ac165955288b85", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477028, "uuid": "aa5a5351-b860-4340-9770-1a5dcb32020d", "comment": "Malware payload (SnakeKeylogger)", "value": "a596bc631132511ddfea7eaed55c43cba8bd5a1d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477028, "uuid": "cad74f84-3787-47dc-b174-2c9a2c5f415d", "comment": "Malware payload (SnakeKeylogger)", "value": "a5bd9687e9a55f2b6b8616c582e48d918fb7942478dd59a1b778891758571888badeffe760ca746980ce9f5166161b8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477028, "uuid": "0d0c90c7-c73a-4a39-8235-860b7fd04ec0", "value": "T1F1155DD1B190C89AE86B05F1BD6BD53025A3AE9C54A4C10D5ADDBF1B76F3342209FE0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477028, "uuid": "1c4780fd-915f-4a5c-8520-ec70ed9a9d12", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477028, "uuid": "5d5e455c-3904-4af8-b956-72bff23ae485", "value": "6144:MObeBOz45yDwEtTasgNZVYMJBFL1n+f78r1/kcuBGGGnDXqiFVOtTmXXI57BU6GP:MOCggDZVXsYrPnLqsV7YBVG64FgIN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477028, "uuid": "eece4054-8152-4ccd-87e4-402e1f798704", "value": 912384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477028, "uuid": "6ffc6c66-db06-46a8-b4ef-8612ee3660de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477028, "uuid": "bf7b529b-1d3a-4b1f-8d16-81dcafc6428f", "value": "PO-202318.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2b0970f-f600-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684471837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471837, "uuid": "5509aab2-2fcc-4891-b5a7-cafdf45ea1c2", "comment": "Malware payload (RemcosRAT)", "value": "e550594dbf07c3a445d0ee6d44325c96", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471837, "uuid": "49be120c-c81b-440e-9fe1-854ffc8b8da3", "comment": "Malware payload (RemcosRAT)", "value": "efcc97c8dac23a0c8bc179fd3b54efd3594e71d5103f211bf468e2a6e550590e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471837, "uuid": "9c7e9534-9f0a-4444-8b0a-84e426bf7fe8", "comment": "Malware payload (RemcosRAT)", "value": "ac62125f63e40ed06e6b3cf7a4b180543894d797", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684471837, "uuid": "8da8f6f9-ba0e-489f-95d5-b227a7688173", "comment": "Malware payload (RemcosRAT)", "value": "526013e30b2c7cea6b0e9bc8e65eef06ec47e83af3cbc17e665b8516b6847587f179f542cf14c716018527dce8ceb480", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471837, "uuid": "f3b38a33-72f7-4f27-accf-ee8b4d0ecfa8", "value": "T1F6C4230E7660C833DA1B14B04BBE256FBADA72317140DF6BA39027D7BD6A3D7440B195", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471837, "uuid": "6c851ca2-e891-466f-8b59-64b3bd814ee9", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471837, "uuid": "e1f46a72-e318-4d5d-9e56-b60bbc2289d5", "value": "12288:ZLLsWrDu24O0XFrfiPfuw91uhQ9TaQX5eQ4L1NbRHgWAvHv3cIXsSlwjFh:ZLLTrfj9TaY5eV5N95AfUVSoFh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684471837, "uuid": "b0e7723f-9e9c-4b6d-92b2-33ab44317e2e", "value": 565232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684471837, "uuid": "56e57479-41cf-4ffd-b1ad-7d2457f0ac62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684471837, "uuid": "e5be1b19-3666-467c-b43a-2fd095c93347", "value": "SYN2023060702.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b6577fc-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466886, "uuid": "4949cae4-5ca8-4022-8ff0-27893a45d8a2", "comment": "Malware payload", "value": "09c60c6e287424a9dc088921925b8cb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466886, "uuid": "f40c44e1-5349-45a9-81e2-b89a7b498f65", "comment": "Malware payload", "value": "f04e0817208ede0dc3ff2e9a6283c84d55c6ffd8aa4e8370fede9929a4f2828a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466886, "uuid": "532b13a6-7afb-4aca-ae4c-fd65dd4eb29a", "comment": "Malware payload", "value": "aeb64553649ec0d3985cb06f031e6fca486b2aef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466886, "uuid": "dab7847f-6678-422e-8414-09ef0b3fb0f5", "comment": "Malware payload", "value": "9ff25b382e4d75c705a5cb1bb466bdae2b78d6bb875bc8ef154778145570952cd727df4db853f1b58d1f7ca51c1d1e4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466886, "uuid": "08d4a441-9a7c-42c8-b5ce-adf866e1f027", "value": "T15A8423D0E79E4E63C26FF2B2CD1E5B598F0D9019733DA94A0829B48C193838A5E3575B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466886, "uuid": "fc324e18-970a-4239-9d90-9d4c13bf7ece", "value": "29cbf45a75acaa7726e74590b9216aac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466886, "uuid": "33bc4bc6-95f6-4d23-9710-48b7a83d5037", "value": "6144:6noPNBBut6a21qttUUeq0NqFWhSSf9SIIg8sKuFy/tqjeh33LVCs4179NGfpDU:6oPNja2yze3kFWh/9XdKhtAeVLVY179o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466886, "uuid": "5945c17b-7446-4d89-bc0d-5143c3e4219d", "value": 373248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466886, "uuid": "f5efa3a2-7928-494a-a452-e3a51394d62f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466886, "uuid": "30df0cda-12b1-4fa6-9ab0-264ca8a1560a", "value": "SecuriteInfo.com.BScope.Trojan.Tiggre.26863.10949", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c754590a-f67a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684524270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524270, "uuid": "6c551c85-3d4b-4448-95cd-58236a5017f9", "comment": "Malware payload (RedLineStealer)", "value": "b0f93a83c6057b6b4a45087015f4d711", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524270, "uuid": "dfdfa8df-e523-4aa1-91e1-589d6041cbf4", "comment": "Malware payload (RedLineStealer)", "value": "f0d267d2707d494f6c91fd9f5d95a8d602aa4171044a47596849ffc3d05cb7cf", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524270, "uuid": "f677229a-82b5-49e3-a4e8-e2394144cbde", "comment": "Malware payload (RedLineStealer)", "value": "e2e00d1ce8d56273757e5cacbe8748c24588fc62", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524270, "uuid": "ccbe5ae4-4c23-42bd-950f-df39ca7178d1", "comment": "Malware payload (RedLineStealer)", "value": "c9cd2597aadd6229f8142703e3824d7615a9c9afb722891dfaffef9271029f01e8f7f669f312cea0be626f0985611cbb", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524270, "uuid": "e1914293-9a8e-45d9-8382-be0974962ddd", "value": "T15BE3D424279F8934D6BB4E3D6CB19CC076BCEC12A542D74A4ECDF15A3A33B809B116B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524270, "uuid": "13044584-2064-4806-883f-f334a986a976", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524270, "uuid": "a1f1b161-7c0e-48ae-8342-479e5236b5be", "value": "3072:FV+m5c/QmRSNAwMqLza9nDEFth2ZG8e8hR:Fj2FD0IQth2c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524270, "uuid": "f821784c-bbf4-45cd-96b6-7bd8554a098a", "value": 149032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524270, "uuid": "8c778a70-0677-4863-9429-eab838067953", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524270, "uuid": "6d78c1ea-9d25-4f93-ace7-8e752dd96561", "value": "245245254.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "155f39fe-f5f1-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684465131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465131, "uuid": "7b06ae47-7d04-4fdb-9552-c8254a62d8fa", "comment": "Malware payload (AgentTesla)", "value": "3cf1620566d33f79a0f9d69f51373617", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465131, "uuid": "09bd8eed-cf14-4d74-8132-c50d268071a5", "comment": "Malware payload (AgentTesla)", "value": "f1e9633b0dc59c7d95053c9c619d707beb29915bc26f965c0740c5eb42f65ae4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465131, "uuid": "ebb0fa94-7a51-4b88-8705-b52d9217e2e0", "comment": "Malware payload (AgentTesla)", "value": "3b931481287dbbb444281898c5e822120bc9ca13", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684465131, "uuid": "1557e375-67cd-49f8-bf6f-a53b4deef5b5", "comment": "Malware payload (AgentTesla)", "value": "ad4c2e2b3b975898265f104fbfbb0684b4cdbc8e385c4cb04de8b91f1557d40a1d625390555be496dbf981f45b6277d5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465131, "uuid": "c443ac6a-20df-4a69-8ee1-a36fad505a7a", "value": "T16AF4403D0AA58AEEC0BBD364A7CC4997FA73D817F15C9BA944D6034272436CE60C61DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465131, "uuid": "109d20d9-97a6-4569-aaf3-8cfa9a1724b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465131, "uuid": "5ca8f198-1a54-47db-82e1-f167a8bee685", "value": "12288:jfeZCSljS+AbOKa4X45okEnW/tvL1l9bFZiOk48:reZh9iOi8QkvLlbTiV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684465131, "uuid": "6417a874-3515-467c-ac28-2d75a6211bc7", "value": 727040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684465131, "uuid": "19d4d3e6-9179-416a-afc8-d9a856f6ab5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684465131, "uuid": "b1cd1131-6713-47e0-b443-184fd31cb511", "value": "quote.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74aaf7fb-f60d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (LummaStealer)", "timestamp": 1684477317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477317, "uuid": "144c8aa7-a19a-4247-bc94-3c9c05776001", "comment": "Malware payload (LummaStealer)", "value": "a1feeca49654dafe62b72623b20cd8bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477317, "uuid": "9906a762-7e64-42ae-8143-9ead7490b39d", "comment": "Malware payload (LummaStealer)", "value": "f261b983871017c3b616dd7d762602f5d8313c92981706fe587a02efbea23cc5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477317, "uuid": "8a3683ac-69c3-43b8-befd-23e5e793ae67", "comment": "Malware payload (LummaStealer)", "value": "aa7f03564e7d96b95dd10a44c5115bd760a81d83", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477317, "uuid": "21e573b3-d6d1-4a72-ad48-c6d507d7b111", "comment": "Malware payload (LummaStealer)", "value": "babfc46a74109a3ded38e8a2a50d2184ee4a005931c3ccb5fc94089115b0d1ca8d38a3c3a9a5dbdfdb609764c4b9030b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477317, "uuid": "843eb1f3-b533-494d-ad07-719e4874137f", "value": "T1DEA49C2069D280F1D473293105B5D6BAAA787A30DA32CDCFF7D41C3DEA36680971A75E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477317, "uuid": "44e9e5f2-374e-4906-aa12-13128a35af51", "value": "35ef3be2e1db54617ec4882897e31d4b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477317, "uuid": "a05b9745-b258-4c43-b9f1-b79ae631824d", "value": "12288:24LOMyTvlmerfing0sdcQwX3FpTry1af0:2rtTvDrfiU6f3Fp/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477317, "uuid": "76401e5a-4a54-496c-8cf9-9e8191fc530d", "value": 468480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477317, "uuid": "8cc4287f-fc32-4971-960a-928aded7c25c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477317, "uuid": "33e3e57b-447e-4f1a-aadc-0bf2ed57e335", "value": "a1feeca49654dafe62b72623b20cd8bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37d35cde-f5e1-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684458317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684458317, "uuid": "0ec35083-b15d-4475-9521-e95e21276e85", "comment": "Malware payload", "value": "4bd0b6e06c5191341bb7a86f41bbf893", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684458317, "uuid": "da53e424-7e7b-4158-a329-eb0f703f886c", "comment": "Malware payload", "value": "f2cc2aa737de8a58c4867eddeb31e64c41bfdc2054a0f6f9a09d86b5e06520f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684458317, "uuid": "91517160-e35b-404d-9ff8-b0386cfc2df4", "comment": "Malware payload", "value": "22e7474d46be4ccc31752ba1a9f2dc9d22437ed8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684458317, "uuid": "f413a2e6-4727-4d01-aed6-120e9a7c00db", "comment": "Malware payload", "value": "2484c17f94b1ae4d3b69db7d61a10f06f551a03f7ea36955a740bad6d7949481c4cad6685beaf892719950523a563252", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684458317, "uuid": "8afae551-9d67-47f5-a390-874b0f6e21e3", "value": "T16B633B1DABDC8677C75E26B66032474037F8D2857143EB4BCD88A0E6AD43BC91D246AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684458317, "uuid": "c54a1b51-bee6-4771-af6b-1f10941f1272", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684458317, "uuid": "68edd9dc-e5e2-4db1-a545-60f8142af5e4", "value": "1536:hRDUpvmlOYGIXwDwgyPxnqTm+CjnjD56yMwRd+e+u2:hh2m0YGIXwDUYTmF3/MwRIeb2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684458317, "uuid": "ec6ee688-a56c-4ede-8f40-6325350181f0", "value": 70144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684458317, "uuid": "fdb41f5c-1b73-4e11-84e3-ed31ddeb9211", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684458317, "uuid": "e4e21962-dc0b-4b49-af2b-ea56b32722e0", "value": "Xzcvl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e9e7819-f641-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684499640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499640, "uuid": "4668ec22-0103-4ad8-8da1-9a14791acccf", "comment": "Malware payload (NetSupport)", "value": "51054e2f97b96fadbfca7fe91c066968", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499640, "uuid": "c1c00a08-7fff-4ae2-a260-70fc5562ecfd", "comment": "Malware payload (NetSupport)", "value": "f34f3ea5f73a01dd0511e76093c4d49429915206b44639866a0ee98681ebe519", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499640, "uuid": "05044eb5-0b71-4c87-981e-461748aa13a0", "comment": "Malware payload (NetSupport)", "value": "f04d34cdcc93b649cc5d54aa83222ff6b6aceb27", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684499640, "uuid": "237a2f6e-77a2-454b-8558-e448d8dd92e7", "comment": "Malware payload (NetSupport)", "value": "0eb3decd0a0f5f80157ba558ec83fd6264040486edf3a3a8fa0b4c115737a870a83a148cd8b7aea8e15380b94e8c1dcd", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499640, "uuid": "5c50a0e4-4407-49f0-ae1d-42723ea45d03", "value": "T1CA72E1E6CBBF9322D22D28FC89FED7802FFF509A3C56E275934250054E51435659E88E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499640, "uuid": "e943036f-cadb-4676-98e1-b93169e575a7", "value": "384:0i7m0ycOSD5vP6nZXoREMr6Xjitn+MTVuHmwhPY:N7rAK5vP6Z4iMOq1mxhPY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684499640, "uuid": "1c3f6ecd-8cde-4510-9232-89863aed80db", "value": 16217, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684499640, "uuid": "32b89e76-d15f-4c4a-8956-fa2b7de673a5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684499640, "uuid": "7a4c15b5-e0ea-4dbb-8637-10f43bb5a502", "value": "rechrreco1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46309652-f67c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684524913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524913, "uuid": "cd99ad4f-0b5b-45b7-ad91-5e6ad0c6502c", "comment": "Malware payload", "value": "5c3421bcd02f1d171c4c99509c3c8f35", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524913, "uuid": "c58f77ac-89da-41c9-9a93-41b3a45f0942", "comment": "Malware payload", "value": "f449b174907161790b9485c611e2268f705ff09691123f893a65911b961a7d0c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524913, "uuid": "e590fd00-e5cf-40fd-a469-c482850fbff6", "comment": "Malware payload", "value": "148af1f64c4693a3fce6c6f5400eed1295ccf0be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684524913, "uuid": "f94ef2fc-bcc8-442b-aa21-aacda502824f", "comment": "Malware payload", "value": "a9448ea3bd84c817f45a9ddc8bea4e39301d5ae4cac2aef472ffbd4b621dea2089f318a9bda2e9e7a41b05a721fe8c79", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524913, "uuid": "e4a0222d-bd9c-4476-99a3-ea9ca14bc685", "value": "T13C369E13EA60E536D0A703F0218BC732D635E4B1165B898BE3D01E3C2D65965F76AF2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524913, "uuid": "2affd1ac-12db-4893-9e8f-ce01e8e850f6", "value": "24576:OjTY+ufmnFLLk53fRLLpipTBwLPwlrc4v6nka:OjTY+ukvkZfRLLgpTBwLPwljCn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684524913, "uuid": "1f74be13-ab30-438d-921d-f40a26a5a429", "value": 5100983, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684524913, "uuid": "3318095e-84c9-4013-a48a-e25a96b6c085", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684524913, "uuid": "f5705efe-8803-4f0f-91c1-efd780159f92", "value": "5c3421bcd02f1d171c4c99509c3c8f35", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27ff855d-f619-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684482342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482342, "uuid": "9925dc8d-aa36-4708-8339-11a32d6e11ef", "comment": "Malware payload (AgentTesla)", "value": "074cab54b3fbc0a10b3be85b0bf18c06", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482342, "uuid": "6237a0e0-f6a9-482d-977f-fb102f1dbb5b", "comment": "Malware payload (AgentTesla)", "value": "f55e0b7dfacb56c35938a63096d0381dacf410d7d72bdc154e4bcb3018a5337a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482342, "uuid": "dc5b4477-fd07-4e49-9241-1ca86a9d5ab6", "comment": "Malware payload (AgentTesla)", "value": "54c95c87526d30d2973502b68ee1e5c101102f3e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684482342, "uuid": "00a8e94a-bc50-409b-b3e2-09c1e24a358e", "comment": "Malware payload (AgentTesla)", "value": "9c759b7dee4598cb5ea5c84b3852fe28523c010320bc3417325d2ab2592c891453a73d812e62752d02b02184199863d3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482342, "uuid": "25cc470d-eef4-4aef-b63f-3ccee96a0250", "value": "T16EF423EF9C0496ADBFABCF1433990E4F570A8C6B611B405C95F8AD98DA678DCB41B40C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482342, "uuid": "2eea2204-4e23-42a9-a17f-dd3ece2a16e1", "value": "12288:DePpAhFHfOCkLMexfURWKaNb84qlEPYgXabnTaqdNT6B9h+uPNFv6:DipAhFGCkLdxfURWK2WleYgXinTawNm4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684482342, "uuid": "c7487f45-670c-434c-8d0b-4e9429d00f3b", "value": 753716, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684482342, "uuid": "102a3ab9-fd9b-4214-a530-7ace7896dbe6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684482342, "uuid": "0e9bd46d-aac2-421b-b9cd-0a419976a6eb", "value": "PI160256.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31d7be70-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466897, "uuid": "95cf557b-9317-44ee-901b-fc1dd2815c44", "comment": "Malware payload", "value": "1a4fc2bdc35bba7e1bbecd6a0b6aa024", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466897, "uuid": "810b5048-0bd2-4de1-991d-9fa35e671df4", "comment": "Malware payload", "value": "f586ce291a3cfff6bb66e2984d6b430aa5767b52356d4d7503858ef4aef17065", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466897, "uuid": "240a04c8-f87b-4301-b3cc-58747b5d4fad", "comment": "Malware payload", "value": "c84eb8d47b05487b5fb7741ea8b165a069cb624b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466897, "uuid": "1d4d36e5-afca-4470-b5bd-a5cc7729cb16", "comment": "Malware payload", "value": "30060d691897ec28edb7771a3b7e11bb6dacd4aa3b4d8e75b2405430fcd9ec501db00ff0b27ae92233325bd63cc65e85", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466897, "uuid": "691836c9-1e5e-455d-ba84-c44d552197bd", "value": "T135A49D46E7909C31C4C308B2D9275B76EAF3AE945822C9039BD8BC907C64593DB7B74E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466897, "uuid": "d3eea95c-61e2-428a-a87d-8deaeb66ea15", "value": "9aa9aa94e77cefd5528b19bfbd8ea683", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466897, "uuid": "f47e3b38-269e-4b06-b85c-ba8e346426e2", "value": "12288:U8v0YbHJNdktxKuc5thwu6vCDrGjw8NVsG35:U8TbHJNdWKuc5zwu6vCfGjw8Pn35", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466897, "uuid": "f2103add-b430-4d6d-8d71-41f9d9a7b069", "value": 462848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466897, "uuid": "e2acff5e-6adf-4513-9c90-b4d9602dae82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466897, "uuid": "5295417b-6072-44fa-affe-0b1cfc90cd69", "value": "SecuriteInfo.com.FileRepMalware.19237.5373", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ed5d876-f5df-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684457496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457496, "uuid": "402a8185-6d90-4166-8540-cc37f7a19916", "comment": "Malware payload (RedLineStealer)", "value": "025436c747c741e938f851539038c449", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457496, "uuid": "20b6f836-bd19-44fd-b8a5-a29467645363", "comment": "Malware payload (RedLineStealer)", "value": "f599ee5486eafdd2324bab9d66c175d4bfacfba7926747af78ef672691dfa38b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457496, "uuid": "2cc9e21b-d866-43cb-93e3-debc19ec2666", "comment": "Malware payload (RedLineStealer)", "value": "33d9a55bd70722afc69e40047e467d8ee4cc62ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684457496, "uuid": "cca94b85-daca-4352-be39-2c4e5c2ef4ef", "comment": "Malware payload (RedLineStealer)", "value": "de5ef6d0975295409d87d430eaf853e9d2b5f39de6f120cbece9acdae49ea81ec3dcce654d6fb56f2c30af4741e2d1ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457496, "uuid": "ae2ac6f8-b2dc-4cdb-97af-deb1921c1e65", "value": "T1CB2523C7A7F98073DCF11BB168FA13931632BDB15978C6AB2704A90A5C729D4E43436B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457496, "uuid": "ec7add63-54e7-437f-9af8-e58e42bcf947", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457496, "uuid": "54a1019d-234a-4c95-a7ac-31d7908a16e5", "value": "24576:0y0tl3UutaCevjheADl82SbiL1QYGfB4wmlg1Zlm6tTDEBi0:D0DUuJwe4C2CiL1EB6g1ZlvtTDE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684457496, "uuid": "a381e64d-4673-4ea8-9a53-44781b595e36", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684457496, "uuid": "2324eb39-f5ab-4138-866a-0ee0fe03131d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684457496, "uuid": "f6b76fd0-872c-467e-8fce-6985b0958714", "value": "025436c747c741e938f851539038c449.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "646c9f0f-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684500053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500053, "uuid": "21256c8f-6827-4681-85f2-3fe1805937b5", "comment": "Malware payload (RedLineStealer)", "value": "6ad2e318250671511218a436eaf4733d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500053, "uuid": "68651b23-de5e-4750-b16f-993825c2260c", "comment": "Malware payload (RedLineStealer)", "value": "f5ac59424abb1f1709adfe4a1b7e15f06c403ac15ed07e814eb55858ea6cb12d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500053, "uuid": "49d84fb3-59f3-4949-8886-5bcf06f1116a", "comment": "Malware payload (RedLineStealer)", "value": "cbe9779724f1c9da297bf092ade7ce69bdb57cd1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500053, "uuid": "e5ffa2d4-7609-4c99-b8ae-7cff8e171330", "comment": "Malware payload (RedLineStealer)", "value": "9e8fe3667251c00267741c392dd5542b3d7988c408f72e395f6d3e6fc00078c11a8fa799444a57aa896be82d3e38e8f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500053, "uuid": "7c048ebf-cb93-4e2c-8947-26c8e25fc6c0", "value": "T1FFD42F7C8AB50AF6C037DBE097C58897B98B7D73F00B5A6341D2435DC267A7124EA42E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500053, "uuid": "487d1424-6ae0-4cee-a236-0dd6ca87d873", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500053, "uuid": "6911a006-c7af-45b1-89de-66c4b7449cdf", "value": "6144:3byiHbn8flJbvb2VSUdaXNV+nKZSCRP24JpfGT7+iOKTLIDzQ:3byiHL+T4SUaKKZW4JMTK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500053, "uuid": "f5544dd7-2268-41bb-b05f-ca09715175c1", "value": 621056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500053, "uuid": "8925fb45-f9cf-4288-9f92-72f2ad2e2d77", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500053, "uuid": "337e3956-6c84-4230-a907-cafe848c3268", "value": "6ad2e318250671511218a436eaf4733d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0c2266d-f639-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684496342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496342, "uuid": "5e3a8a6a-47f5-425e-9bc1-1d71d0893ef2", "comment": "Malware payload", "value": "ab255b38dc540225fb0742f8f0d0a356", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496342, "uuid": "3c1d4fbb-96ec-4f35-84ef-95a3a0a77ef8", "comment": "Malware payload", "value": "f5be510c54858fc453c8a42c05cebf753a137994a9d2adfda353cc5270f507dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496342, "uuid": "ce5cef53-0624-4804-8269-30b52311ea58", "comment": "Malware payload", "value": "80f81c42298db56d8bd159496eb02c75a0752a97", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684496342, "uuid": "d2323375-d544-4679-a182-71d4d03d8ba1", "comment": "Malware payload", "value": "0361665b9df643e92b141c140297fa14a284ec32eb7d7bfc923b8dfdd89b9af4f1fa203ea28cb5719c02a91c25346b11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496342, "uuid": "35b9a1a6-5e65-447a-af2e-075dcf25c87a", "value": "T12CD6330B654312E8F539793CCB9A77C2823E64044311DDEF07E56FA9AF6BAE11D29708", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496342, "uuid": "2d306c69-da3c-4631-82f4-ed799da306fc", "value": "60155971d4feb74909c80fc08ffd9524", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496342, "uuid": "25892016-aed9-4ba8-9961-e8024abe00d5", "value": "196608:8ya08SSthNaQIiDPzwGTBSA5ZXRPN+GNqY7/K+jJRvdUpf0gzMPSzRt6cbbs9kSa:VaFrIQIiDt1f+nYDK+HFUpVjJbg9v9Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684496342, "uuid": "6237108a-0991-4339-9506-e2474729949d", "value": 13500544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684496342, "uuid": "d8a79567-2f6b-49f6-9c82-13c238ee7325", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684496342, "uuid": "273c3a6b-6f1e-4e6e-8426-360ef11e2f4d", "value": "WDCloud.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d7d4f4f-f678-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684523207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523207, "uuid": "729eb4b6-453d-4242-bee2-28f3f9508d3c", "comment": "Malware payload", "value": "640445fe6cb624eef02cf429f3e0f1b5", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523207, "uuid": "e116bb28-1daa-4662-9d40-300afb089d10", "comment": "Malware payload", "value": "f5da4bcac0cdef97f0172d7a9a4d602ed77e6c9ccf3e72fa499ec5fd8fef1ae0", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523207, "uuid": "5ec981fb-489e-4431-bcb3-644b5ecde395", "comment": "Malware payload", "value": "8ed7ac51eaf3b9daab244bd47e96c1525dbbb15b", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684523207, "uuid": "46bcc04c-a6b1-4d1e-88bb-71e979462a06", "comment": "Malware payload", "value": "77a92276a5c61f99e680aa5f2b7fb77d13532da0cd632d153dcdcc72bc9216ed6b7c09925dbbdac6bb193cb4dcd66007", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523207, "uuid": "3016ffaa-fa65-4d47-9047-fc506ece2362", "value": "T181C2E17FB2A95E2BFA59333CE422811B0374F218575E379B63050536DA9E45D7532CC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523207, "uuid": "f5b4f93b-a652-408a-ae7b-46f941363d63", "value": "384:Mt1DMwk8JPyGnT8WyopNEutTneSe3oECHjYlQ2NnE4+0o8tm3HWBKENAZHtQNvu1:YMwxdyoEUnDz+Y8tqHWXmNWGJnzk9FNY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684523207, "uuid": "a250256b-bd7a-4b08-8448-669145ade8d5", "value": 28272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684523207, "uuid": "b1bd5fe4-b051-4a7f-a2c2-9c6112f857b3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684523207, "uuid": "d6396e79-99bf-4d47-a519-d8ac92d3b15f", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67fc9d7b-f667-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684515950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515950, "uuid": "539b85ed-ac22-415d-a9ca-68d413c017e1", "comment": "Malware payload (Amadey)", "value": "449857ae17a6abf267fb85a48747b4e2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515950, "uuid": "009bd1de-7d9f-4e6b-bd84-8293a5ea2557", "comment": "Malware payload (Amadey)", "value": "f659f66a9ee0c36dd5dd7ee0d81f11039f22dbe6075b48d61ee2b6e37c5470cc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515950, "uuid": "d077b460-0779-43a5-a69d-2dba77bfe3ed", "comment": "Malware payload (Amadey)", "value": "cc0571bd64ae2d2eaf23a3d3b4863952fce9067b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684515950, "uuid": "a7e98877-8da6-4581-be17-56d9a738b42f", "comment": "Malware payload (Amadey)", "value": "c53a580ba3f1618d305b452be4194c21654ee9548c6795bee4bade66eeb540bfa360e0d1c067c325c7f8612aa686051d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515950, "uuid": "6dfd0beb-c01c-4bb2-bf10-766ef97f0988", "value": "T1762523566BDDC4B3ECB027B008F613931A327CE19D789727270748D748B2AD8693676B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515950, "uuid": "8c286f6d-6964-4448-9afb-2e854b191a55", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515950, "uuid": "765b18ae-05d2-444c-bac4-46b2bf937765", "value": "24576:Jyv8Y6q21JqMWvcFYgmm8rdKvnIgI/P2qUmKlqe+Fe60Juo:8EY6F1YlvwYgmm8InIv2hmHeme60Ju", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684515950, "uuid": "743c16d0-9977-4b60-a64d-251ba12c267e", "value": 1055232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684515950, "uuid": "e114c470-4cab-4d23-8db6-9b0ebf50c3c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684515950, "uuid": "f6b6da9a-a17e-4779-a193-a73ea2eaf33d", "value": "35352.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d617cba-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466889, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466889, "uuid": "b12ce8f8-d17e-491f-aae6-b16da292fb1e", "comment": "Malware payload", "value": "c50451955791cc2ea9c388822b15a991", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466889, "uuid": "60b82316-0ff3-4a7b-92fc-a0ca5559aa02", "comment": "Malware payload", "value": "f6a022ba2cdc3c960b745f4140c90f13b77b20a500ab16d876000172f0fbf5df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466889, "uuid": "06b18de3-839e-4877-976f-94f986fc003e", "comment": "Malware payload", "value": "2ec10be367cf5dcf4e21546664978b88362a99bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466889, "uuid": "cc5d1010-808a-485c-9a41-bd88e638a3fc", "comment": "Malware payload", "value": "157603b990a3895c069630730e5a572269fbe7edb87eadf995efe1c7e4892cf1b8161c11c2ed365bd2386cff50430a12", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466889, "uuid": "2c1d7808-17f9-4f20-aeeb-aa24cf6c546f", "value": "T1E1C37D02D6DB81B6EC818F70186DEBF612BFFF402738A19B838A1CA47564951F584F79", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466889, "uuid": "a3b1b6ca-8f96-400d-9084-59af70db5a30", "value": "1536:7pISOctZoXOo7AMh9Z8gkwXThbgJ/N7WLx6Tlo1ilLkrNKK:7pIheZo/AMlfXThbgJ/iH1MLwNK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466889, "uuid": "87886df7-69a0-43d6-8dbf-3420a753cffe", "value": 122880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466889, "uuid": "429a24a4-7a93-4ea3-9f37-7883897aae79", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466889, "uuid": "63c5e27d-dfd1-4546-82fa-9e56e7f0d07b", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.7883.23574", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afad2dd1-f674-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521654, "uuid": "6cc62bdf-afdc-401d-a8b6-ee0554252d1a", "comment": "Malware payload (RedLineStealer)", "value": "f5e0f414b41f4c8119ff2275527c8b14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521654, "uuid": "8e292a48-3013-4bc9-b635-f72c7d6121de", "comment": "Malware payload (RedLineStealer)", "value": "f74d1a038f0d9666f42bdd990d2c86446ed3e51b210c39cd2d701ee54d22592f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521654, "uuid": "11afc481-06e1-4dd5-a3bc-6fe4142d7513", "comment": "Malware payload (RedLineStealer)", "value": "0902d497ecaa7cba28eefa55a7102e9672c0c4ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521654, "uuid": "378c74a4-14cc-4e14-aafa-f1fbee5046e3", "comment": "Malware payload (RedLineStealer)", "value": "f2814949260a5669db0551993937a7186a3e24c5d45556b4b680ad233064d401f33e0a7fb168c7dcfc16fe6450167afb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521654, "uuid": "5f9a9154-8aff-4600-bcde-f1c1a66a5889", "value": "T133948D0392A1BC65E72146719E1EDAE8765EF9508F097BDB2218AFEF14701F2C273316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521654, "uuid": "7e440d9e-ca48-4bd1-a673-d0ff8917067f", "value": "b8e0cca9c8daf9ab8d5b3be250b7f319", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521654, "uuid": "f936bbb5-509b-4f48-af15-9e04a375e2fb", "value": "6144:aQy7prSNxo2M3ZJhu9P6En8FsqJBbp9+n7ORAGcJG9s0xJJjyO1mqT+8F:orSNxzMJJk3n8SqJBbrCSRcstBU6+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521654, "uuid": "12209253-f3a0-46e4-9b0f-75cf65a045fa", "value": 428032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521654, "uuid": "17eb8269-f77f-4588-a449-0ab02f17417a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521654, "uuid": "69b141d6-6eda-49f8-a978-bdeefdec64ab", "value": "f5e0f414b41f4c8119ff2275527c8b14.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96cd7644-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476944, "uuid": "4bd9a0ec-88bc-47f1-be53-a36d847f430c", "comment": "Malware payload (SnakeKeylogger)", "value": "dd6ff78964abbe54472d95ad045e081f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476944, "uuid": "9ad73c79-401b-4bba-b951-f7cbd02cde4b", "comment": "Malware payload (SnakeKeylogger)", "value": "f771caf756326463d2fcc74c944a72c872a6d409c94e0f7c9b619b0a968724a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476944, "uuid": "ad57250c-6815-48c1-a090-c53db3872c67", "comment": "Malware payload (SnakeKeylogger)", "value": "e2c2ce181f1e5cdffbd53b4408ffa53fe393a3a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476944, "uuid": "3f5f4734-8de2-4a43-bea9-2255854de29b", "comment": "Malware payload (SnakeKeylogger)", "value": "12d4cad7d113b845300857b9a3bf2c0aa277ec2bbe468f1d12180b7ee95ad11a0f158a9845706d6dc9c67ea2dc7bf445", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476944, "uuid": "1bce80d6-62e0-4c31-867f-0daa94689926", "value": "T14A05E7E225F983AAF02D8AB686307453EF21657B565ED444BC8F13F98F45FA0190BE13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476944, "uuid": "fc45ae50-8f22-48e7-8973-bd6aabc92b88", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476944, "uuid": "25f8f304-dba0-4af3-9cc7-2df33919b955", "value": "12288:AZPjocEILpX/dycnILpX/6zMu1yjgrgQ+ap:ckcEILpX/dycnILpX/6zMu1yjVap", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476944, "uuid": "be885361-d5ed-4e24-92ae-db013b2a7b75", "value": 795648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476944, "uuid": "6987f4d9-ff89-43a9-a23d-352fc0038da2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476944, "uuid": "8080e46f-1908-430d-9b1f-e49dcdb2440e", "value": "Overdue_April_Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a0865b5-f5f5-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1684466857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466857, "uuid": "99df40f7-1cfc-46b1-b8cf-4c69e5da84bf", "comment": "Malware payload", "value": "844ad5e16603b7847348f651dbc70d0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466857, "uuid": "0dffa954-e22a-4013-a2bc-f9a2ef74db92", "comment": "Malware payload", "value": "f7e0b7a3209a70c4772be664a39bd5841a1e126e4596511e7250d26767ff05cd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466857, "uuid": "bd9cf63b-3541-4e62-a003-7102530a27db", "comment": "Malware payload", "value": "327dce52718a403e58190285af916a32bfde15cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684466857, "uuid": "8d6fd79d-7982-4f88-b872-9802b6cd67be", "comment": "Malware payload", "value": "9581f18fab5511564f7e53cdd826ea243a81e573a80bf9fea098cdd7ba62837b3fba999a883b2a9366bdb39fc411281a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466857, "uuid": "6a971c24-cf26-4100-be82-4de7057d0ff6", "value": "T16FE4F1D1E2504861F98E4F31496F8DE40468BF127B35862E12BDFBBE1F3639268861DD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466857, "uuid": "40cac4a6-844c-4fd2-9ad2-44339f0e02eb", "value": "f66c9c21f39c76309e485505237a3910", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466857, "uuid": "9d2c8702-af0b-47f1-b03e-2a04479b1cc3", "value": "12288:iMhCzdE5226ryrNZhb1JnyJa+qYwroBSEr5w9IUWjDEnpA:iMhc6kAvX0aM9r50IDwp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684466857, "uuid": "934a4a01-1b74-4265-a45b-cc44fb708062", "value": 720384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684466857, "uuid": "a38bd02f-4303-45a7-a52c-fe58117a4eea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684466857, "uuid": "2098d998-1f29-486d-aef5-cf4d153c03c5", "value": "SecuriteInfo.com.BScope.Malware-Cryptor.NSAnti.Gen.1.29557.2703", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e931e48-f63d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1684497976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497976, "uuid": "84d6e897-b367-46d9-9411-6ed92ca0f470", "comment": "Malware payload (Amadey)", "value": "aaa8837c266db13060515cc059a791e3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497976, "uuid": "27efc869-d3ac-4015-98dd-baa506dedecf", "comment": "Malware payload (Amadey)", "value": "f9400ec0898949298782c2c39e827f17ea16948ed64453aee58ac88b5af3dd08", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497976, "uuid": "dcf96282-dd37-461d-b5fa-a89a87c5901d", "comment": "Malware payload (Amadey)", "value": "8041612524e05604b285d675b8974794c9d36a8b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684497976, "uuid": "7da48015-dfac-4d71-a6df-a45023937ec9", "comment": "Malware payload (Amadey)", "value": "f0c3c3c754ad37f22a612cbca55bbcca3ba56f2a315f68bfb9e0aadd5ee17bd15dc1f5e96a74906474a8c039efdbac7a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497976, "uuid": "7067d0a4-b21d-4d73-8df2-5411b33f3b48", "value": "T1CA252303F6E89033ECB047B05DFB15D316367C615E78936B6B86E91A1C33361AA35B62", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497976, "uuid": "614b9208-0ff4-4d72-a18c-be5c58dee48a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497976, "uuid": "79c3b972-4174-417a-bc4d-4b0eee31c05f", "value": "24576:kyxYaCi0rPc7Cv7R+uhTu27R97crSyuec3h:z6DiyE7C9+ApR5cWyj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684497976, "uuid": "af617a96-ec11-4e5d-8e50-48ae1bd690eb", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684497976, "uuid": "e2cd50dd-589e-48a1-beb1-400de5672895", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684497976, "uuid": "cbf8b693-8fb2-4d14-aedc-a9f9bfed2876", "value": "writer.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9967f97e-f61f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684485109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485109, "uuid": "66c34ec4-eda5-4dd0-8d65-5577b6b7a354", "comment": "Malware payload (RedLineStealer)", "value": "08215dde4129b7d76336f39fdd511a2e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485109, "uuid": "c39cab86-6daa-45fb-8a86-f724f9ec89d9", "comment": "Malware payload (RedLineStealer)", "value": "f9a0e18ccfc8d6e017c6d658544ba7c9c9138a9dc4d256aca2b824c9770eca8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485109, "uuid": "96495fe0-9b3f-4d72-a7fb-8c19a99ca32b", "comment": "Malware payload (RedLineStealer)", "value": "3a8640882544c8d1ad79a0d99362ab46241bf43c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684485109, "uuid": "848c6e93-f557-4eb7-8200-030ec133fcb2", "comment": "Malware payload (RedLineStealer)", "value": "bc0de5fe02998b1f5e26ef9e70be8412781d7b753cd1067597dc4469865d4a5d450cd7f7807eb994563c2b1fb881f922", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485109, "uuid": "68732aec-5a73-446f-8ff9-fd2c89539670", "value": "T1E0E48DF71CEB29B8CA997C70D589387501B0056F0584F62EE7612AFAE493BB9F1050B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485109, "uuid": "111e6f39-9444-4d8e-be8b-ee84ed8acaa6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485109, "uuid": "f45a24d0-ba5a-4f23-9c2e-3333d0868f02", "value": "6144:7iK/fTphszm59OXCWJIQyLNy1yGiGwpMhSz8yc0F6hRlYT8b6VwGWsZ9wa8bszpD:+ANhlDWd9YSrb6VTEa8bGfMwqA5v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684485109, "uuid": "dee84058-367d-472c-b780-2e4b6a0d561f", "value": 689152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684485109, "uuid": "d630bf04-4a6d-45bf-9d5e-987b6756788f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684485109, "uuid": "53a4e48a-4173-42d6-9197-511b994fcca2", "value": "SecuriteInfo.com.Trojan.MSIL.Crypt.24790.14975", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fd9d281-f614-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684480234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480234, "uuid": "8b6b9802-b848-4e78-a281-92676b97759f", "comment": "Malware payload (RedLineStealer)", "value": "7e944f5789a8a226490d2ae03b65148d", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480234, "uuid": "868eb54d-ac7d-4698-823a-1d6b6e1663fc", "comment": "Malware payload (RedLineStealer)", "value": "fa6f65c685c3ae56982dafb088bd00c64395456ea10b80e1d0b887be453df6ec", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480234, "uuid": "af8d7c33-c2ec-4ebc-a311-a5c8abf51ab0", "comment": "Malware payload (RedLineStealer)", "value": "2e233ca174ef5549b91974cd9b2a5d42c7ec98d9", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684480234, "uuid": "ca51b0eb-f03e-4ab4-90fa-191c187cde89", "comment": "Malware payload (RedLineStealer)", "value": "95746ec824b9f065b9144972df31b0ddfbc45e91891fcb626698bb6fff9fbe50bd85764695dd9073260e2cf43ca3b0bb", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480234, "uuid": "06741cf1-e610-436a-b243-0fb879b31795", "value": "T1AFE3E724279F8930D6BB4A3D6CB19CD076BCEC12A542D74A4ECDF1593A73B80DB116B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480234, "uuid": "910e1554-d767-4770-aea6-898417b4a665", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480234, "uuid": "4cfc9706-5db8-43df-a910-6bf6661821ee", "value": "3072:WV+m5c/QmRSNKDN2W9cVXKHhtZx8e8h2:Wj2+WzHhtb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684480234, "uuid": "8996179c-8a8a-4f06-817a-f5eaacc036b4", "value": 148480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684480234, "uuid": "e1b30484-c173-4221-858b-154d26a4de3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684480234, "uuid": "ccbe6e81-e2ed-479a-b0d1-8d5e1804f534", "value": "loader.dll.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b40a81b5-f60c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1684476993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476993, "uuid": "602de08b-39a9-4a78-b053-486fcb6b3acf", "comment": "Malware payload (SnakeKeylogger)", "value": "153def0384fc5c1e39fa8d34c2accddb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476993, "uuid": "0639cad9-1c12-478c-945e-cfc4e7fcce21", "comment": "Malware payload (SnakeKeylogger)", "value": "faad935cd6f0ade73482e2f21bb43120f6955908a6e6760051e1cb4fddcfbe2f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476993, "uuid": "5ba8d7a9-ded5-4beb-9ed7-81d5849b4043", "comment": "Malware payload (SnakeKeylogger)", "value": "492e9f26670ee949d96c4449a65f099aac1b3e44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684476993, "uuid": "a20ae80c-1c58-4fe4-aeed-26cc78b7f2a2", "comment": "Malware payload (SnakeKeylogger)", "value": "f3388d4cb74a67dc95194f6fc19d909a96828fc2c823dc23fd252723532640fa43f5368acc83d225008f0bd9363cd7b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476993, "uuid": "874bc7c9-7ade-466f-a4bf-618688f9d032", "value": "T15EE4D01423A58B4AD5BA83F45DE0D2F017BA9D9E7436C30B4ED6FCDB72A9B610710A13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476993, "uuid": "6f3dfa89-9411-4610-a9be-8d408289c822", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476993, "uuid": "6a4fea7e-771a-44d9-a6a1-74044d6b78bd", "value": "12288:NqB2tv6fN4CP2Q3uNFsKntXdlSCH1/K5+xsG2Q0AfbfmNi:NqQMV4U2QIFJnRI5Rw0XNi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684476993, "uuid": "c5d25982-a277-462d-a89c-05e1e90ea39b", "value": 665088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684476993, "uuid": "1fe9eb69-a765-4217-9e61-494afc020bde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684476993, "uuid": "db1382cf-c22c-455c-8f5d-12bf0f1a810f", "value": "Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6215016-f630-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1684492459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492459, "uuid": "fcdb54ba-34c5-4c3a-b14e-5d98534ab6e0", "comment": "Malware payload (NetSupport)", "value": "1cc9aef65a05a1cd27738990351768b0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492459, "uuid": "09921760-e0b9-4dd4-9bbc-5a75d91d963e", "comment": "Malware payload (NetSupport)", "value": "fb423dcf94dc2e7abbe7db8659d82a2b3d5fe90734f0e75bd01fa2dc5a38cc43", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492459, "uuid": "c9ebc915-40aa-4116-b247-565f42f030bc", "comment": "Malware payload (NetSupport)", "value": "4794d5dac618326cf8c0aa5bcb44e6c713952f07", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684492459, "uuid": "91a8613f-d952-495b-88b9-9ca3b0b6775c", "comment": "Malware payload (NetSupport)", "value": "11e3d11f4d1089de6e27d17fc49e62d91c6b0e21df34cab34952167c2dd5496e9edbcbd2a06cb3c6938b5bc2ee345016", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492459, "uuid": "2c92bef4-5207-4473-aa94-9ba6a563d3a8", "value": "T1F4D2DEDC25D3B011975FF07F725EDC81EA6948924BC46D0BBC0C6264FF9582CCAB66A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492459, "uuid": "e13fd7f5-ec90-41cf-b300-9f6890031847", "value": "384:ZyStvFZdfl2Sf3scVTexJ1dTw1cjxYS4mk4H6s/KsFxUWKi6g4yYvl:IStMhT0EkuKYiIK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684492459, "uuid": "32e3bc87-e6c4-485b-a1c6-41279ded1514", "value": 30456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684492459, "uuid": "366ba3fa-d730-47eb-b3c9-3dc0d12f42b2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684492459, "uuid": "57c033a2-cfa4-4f0f-8c5e-197abe33ce30", "value": "doc8138039.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec802583-f609-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684475800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475800, "uuid": "f620b299-9a36-460e-8929-1cd91b667db1", "comment": "Malware payload (RedLineStealer)", "value": "1f234ecd32a27dcd467ef3514422485f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475800, "uuid": "030ae35e-4157-4613-b2d3-8029ce8f40c2", "comment": "Malware payload (RedLineStealer)", "value": "fbf47a5d81f5bd6a68af9696a43cb4dbf4fffe8774dde6f34661f2b38fac8e1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475800, "uuid": "262b6219-425c-4dad-a0f5-2ce9555b56be", "comment": "Malware payload (RedLineStealer)", "value": "10a0eced9fe0fe6afd6bcf7105104e0a861c6fda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684475800, "uuid": "55004ec0-50cc-49ce-9d0b-95a3705c2ea1", "comment": "Malware payload (RedLineStealer)", "value": "3969369f3252727516bc781ee41f2cb126529eca81de82b19423e7e2199078cadb01c61807e10a6cb269062f639ff49b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475800, "uuid": "694a10ee-3de1-4a7f-966d-edfd83e7362d", "value": "T1CB847B0132448068E4AAA138DDE6CA7953BD6C356B6F81CB37C87E5B3F321E65675183", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475800, "uuid": "67f21ec3-2b21-4728-92e1-da70fc23927c", "value": "48bbb53d48cf64caf9731094b8a1c9d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475800, "uuid": "57f2ed0c-babf-4cfd-8495-efaddc371110", "value": "6144:u6wfUILFhLuEFcPeNewTxdQAQUyJohBCJ9PNrb01+5tSQnCTc:u1MghLuEFzNeCXQVUyJou7rgQ5tS0C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684475800, "uuid": "f915eab2-9420-4ad5-bd2c-19c18f87f8fd", "value": 397592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684475800, "uuid": "56f82cae-261c-4077-a39f-3ea1832297da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684475800, "uuid": "3229473f-9a2b-4969-bd0c-b28bd9817a4c", "value": "1f234ecd32a27dcd467ef3514422485f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64147620-f606-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1684474282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474282, "uuid": "09bace70-867a-4468-b4b6-a19136ff4de5", "comment": "Malware payload (Loki)", "value": "22aa003f6a035b0f65acfa6fe141e9eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474282, "uuid": "26175c3c-cb2f-4d13-9ceb-0ce0752bbfc1", "comment": "Malware payload (Loki)", "value": "fc25fc39a2466760367fa55e0885ac65ae43395d8918e3ee5f3e4c094cdea58c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474282, "uuid": "72ab9bfc-665f-4fe1-a41b-6d375b791768", "comment": "Malware payload (Loki)", "value": "b3a37f1865391604ee948b5ba35649dba5d9de36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684474282, "uuid": "5349949f-1874-4925-bf25-c26c11c543ef", "comment": "Malware payload (Loki)", "value": "70db5c20b6c2d2caf4526c34ce07c912caf225c59f431f533333c8695316d653fea0c2d18cf2307cd173c15a1b44900f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474282, "uuid": "0d9546b2-0e8e-4ff6-b870-760a98f06eb1", "value": "T15305E19125A44C11E6A6AFB949B2F23893756D51EB23930924F02D9B3D7BE837F413C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474282, "uuid": "6f1585ff-f4a0-465f-adcb-99e7810b1e8f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474282, "uuid": "64613afe-a462-4583-81db-b9aa18b1c144", "value": "12288:6ILpNaPn0YPX/N94+OC4WYyblrE7k0PEPmvpgnvtccWPwaHOFr8jHIKJWAuAcZIL:aP0tMYH7kZPLecWPwaHArYIKYXAc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684474282, "uuid": "903a450d-91f3-4712-85cc-7395002546bf", "value": 856064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684474282, "uuid": "e55424c3-77d8-4dce-bb0a-2aabbd12ae0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684474282, "uuid": "d3598f21-f4cf-45ae-bc23-5a3ff0fdb141", "value": "RWC PO NO4500318303.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98757356-f611-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684479095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479095, "uuid": "a661d18a-f73c-4cf5-9a70-c3ca0f0b8ef5", "comment": "Malware payload (AgentTesla)", "value": "c50a2ba0827cc65cc9df35c5d7bbcee0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479095, "uuid": "81d0f7f8-aa0a-4770-9638-9ee6fe8d996c", "comment": "Malware payload (AgentTesla)", "value": "fc39a3e6bd87bd2f7a2247a2270e17b5b6b061ba64723c0c582d53d80a3448e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479095, "uuid": "42330e37-9aa1-4d61-9c20-57391554a1ec", "comment": "Malware payload (AgentTesla)", "value": "5b6cbd07389fc590c2d3fcac222a06a13e44c522", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684479095, "uuid": "2a6f90e3-5d3e-4bb9-82a0-1566767c9736", "comment": "Malware payload (AgentTesla)", "value": "7b2008540fbaf35c8984f4a7a6721b5aa23e17a7bb91a33fdecc2eea509830a215a1eac8bb545d9f680ef3b78cf0f405", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479095, "uuid": "e071bb23-2604-4b3b-825d-575444e644e9", "value": "T1DCE4D01423E49B06D6BA87F45CE0E2F017FA9D9E7429C24B4FD6BCCB71A9B910710A07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479095, "uuid": "e4c5556f-c221-4917-8aef-fca0a280b898", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479095, "uuid": "93376da9-09fe-461c-ae91-cf1ae121b090", "value": "12288:CqB/nCZ52YQ8mcb/VibDa8RWespYKq5+B2u/Qj:CqwX21tcbtibDjRWLCeXQj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684479095, "uuid": "1a1abd9c-ad6e-48c7-a5a5-5a2562d93577", "value": 704512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684479095, "uuid": "e6e27dee-f4ab-46e7-afbb-c5a72eff5efe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684479095, "uuid": "98f0fdd8-a921-4d00-a2c2-5849cf59e509", "value": "PO_UxKQ7Trv3GMRFQ0077062001767.gz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac10a756-f674-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684521648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521648, "uuid": "aed85ede-e6ef-49cc-8c01-31699e91d715", "comment": "Malware payload (RedLineStealer)", "value": "e2c8734665f7a22f5a2e433a38767b61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521648, "uuid": "a50c55cc-0355-42af-9500-cbcb390d453a", "comment": "Malware payload (RedLineStealer)", "value": "fcc2b4ad3a2aa94d6abda0779ae6432962f5469ae7858ad5334a5aacf5474e39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521648, "uuid": "4bc6a82c-98d0-46a4-a2b9-6cc12453928d", "comment": "Malware payload (RedLineStealer)", "value": "7dff69d4396e58d8a241f01218195f861be10169", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684521648, "uuid": "4e0276f1-2cec-41c9-8436-345ab2f2cf3a", "comment": "Malware payload (RedLineStealer)", "value": "38112f37d3d2236ba316c562c8195dedfc322750a036df772bf29cd33d3790ec68faaac1824ce0d15fc5ad40dcd3e0e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521648, "uuid": "a350d5de-8ad9-4cfd-9c44-107a05b827f4", "value": "T1D8252343EEEC44B3E6B5177528F707931732BDA15D3492AB178A8A0A4D71BC1E83532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521648, "uuid": "4392e2c4-5a5d-4326-a571-0ea4a8043070", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521648, "uuid": "5a3973c5-805a-4ea9-a3c5-5fd2eac2083d", "value": "24576:5yD5AYyPe98V0d2HMkh7oCSwTImeo2yER1:slAdeMd6KTIzKK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684521648, "uuid": "c75925f6-8901-4195-92cd-cf36275eb548", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684521648, "uuid": "c7ff94fe-442d-47c5-80c9-c6164166eed1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684521648, "uuid": "6d7bd3c4-210b-44d4-924a-ab6bdad80279", "value": "e2c8734665f7a22f5a2e433a38767b61.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fe4aaec-f626-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684487939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487939, "uuid": "d3965843-1e96-4517-b210-731131601fb8", "comment": "Malware payload (RedLineStealer)", "value": "7fa08f907e85295c4e521baa583728b9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487939, "uuid": "affdb3f4-67f5-4506-8417-7883c8cae9ae", "comment": "Malware payload (RedLineStealer)", "value": "fd39fe62ca56c38a83762261a888313a99bec77fcaf87d8f0dcf1c4cccadbd38", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487939, "uuid": "33c3430f-cd39-430b-96d0-5e282abca498", "comment": "Malware payload (RedLineStealer)", "value": "50e1dde18c462e5b525940ea339e025ed70a1908", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684487939, "uuid": "45b80160-87a3-4fa8-9ede-a23ecd2892c4", "comment": "Malware payload (RedLineStealer)", "value": "3aef967425c5f03e10ee7f5a4f62e93fa2c6ca2eca5b2549ce26a6a8ad435ace1b1e1d1015027f9512855c684a0abffe", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487939, "uuid": "7a045245-ef6d-44f4-bee8-cf957bf273f6", "value": "T194252353BBE44833D8F123B168FA5B831B387C926D78D71A26829D8A1CB7941D531B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487939, "uuid": "c00646b6-1a8f-4e6d-8900-8e4386d7ed81", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487939, "uuid": "52f460d1-0e95-4183-96b5-32516aeccbdc", "value": "24576:Pyv+6qu4P56eOyxZOrdXMgIq+OfOtqj9lwSm5jQdY+:av+1P56ErOrxDAO2tS9OSM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684487939, "uuid": "b34a7015-f7a1-4268-8950-b56398563f2e", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684487939, "uuid": "a6c15c13-615a-43bf-ab2d-a01858986742", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684487939, "uuid": "a2cf423d-426c-42f3-8a4c-40a8f766a38e", "value": "7fa08f907e85295c4e521baa583728b9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7a6509b-f60f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1684478368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478368, "uuid": "02c12a14-ff42-405f-ade4-34c30b923ae1", "comment": "Malware payload (RemcosRAT)", "value": "b71624aadb02108cdcd82a52fcaddc5a", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478368, "uuid": "70cd421b-4c51-4b7c-af28-a80ddd932a96", "comment": "Malware payload (RemcosRAT)", "value": "fd5a7007699ad2361e69dfad9fc1351ea8405d3d71b7bd6332f455d11986fd2b", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478368, "uuid": "b03f70b1-fa9d-4305-8a99-3e62ff36b5db", "comment": "Malware payload (RemcosRAT)", "value": "da6275f2c13b5dec593e033e213d57309e09080a", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684478368, "uuid": "3f472986-e03f-4a2b-9189-e10590d49066", "comment": "Malware payload (RemcosRAT)", "value": "b52f9327c301e865eb775ae920ab2cbed28a1dff88b9bd0fb3d50d03888083a5eda2f07e90ba19906847c81b6036c404", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478368, "uuid": "5afc67d9-a6cf-49c1-b9a6-f4b91422c50d", "value": "T14CE423277C38F46DECDC30BE61E32139D03BDBE5C145A5471A9EA1E198B2B26094BC5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478368, "uuid": "4f5cbcb7-e6da-4d75-8068-5f7e3f85b256", "value": "12288:bj/GJI7rQ9a0qhMFqEL3TLVGUBiy2wARvX9D1a+hMFqEL3TLVGUBiy2wARvX9D1W:fG6KyhMFqEUny21RvNDc+hMFqEUny21w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684478368, "uuid": "1e81ac93-5d1d-4a9d-bcd2-addfb3fc9c74", "value": 708921, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684478368, "uuid": "6b3f3413-db27-48c3-a915-2b45f7379433", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684478368, "uuid": "1324b840-102c-41bd-9a8d-d1cf345aade5", "value": "REHM0987656700.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85d5b44a-f62b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1684490230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490230, "uuid": "46829cb0-1f1f-4fa7-9106-c77fc7988184", "comment": "Malware payload (RedLineStealer)", "value": "2a29d4ed0f19046589dbb61b9b93709e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490230, "uuid": "0f352080-872d-4d4b-9253-0274c7f9f3c8", "comment": "Malware payload (RedLineStealer)", "value": "fe531dc9fc72351d60ee3f1641595ffc76789f282e7078a4b7553cb8d031260e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490230, "uuid": "6ba64975-ea19-4435-928e-3bfbb11b156c", "comment": "Malware payload (RedLineStealer)", "value": "3af8e4ff73f9517d3a9353d2bdefab7ec3b4a742", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684490230, "uuid": "bebb1737-a4ae-402c-9a66-53861886d934", "comment": "Malware payload (RedLineStealer)", "value": "4bfc962f7ddb23769d82f64bf4fbb768e814ba611db698a6760bb11c15b6fd817dbb8b3223a518b44363e6cbf3bc9f1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490230, "uuid": "eb217aac-23e5-45f4-a150-c6cdbd155f15", "value": "T1EC947D0392D1BC63E72546728E2EC2E87A5DF9504F0937D722146E9B1A721B2C97F372", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490230, "uuid": "2c76788b-9778-44aa-a685-8bdb102500a8", "value": "a5b920833de11e763698004374a64e2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490230, "uuid": "f72c7b08-f508-4ee1-9508-e22555f9925a", "value": "6144:vxPAeSf0Mnngr4pwhUihv+7RCu5kAo2Yi6TuRuzReksW/8093Tue:PSTgrKgUeUD5hoLiuAuftzDue", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684490230, "uuid": "e0007d18-c718-482a-812a-0e977d5c0b7a", "value": 411648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684490230, "uuid": "a8601f5c-a74c-4326-b15c-362966be0b08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684490230, "uuid": "f79bb72f-7c5e-409d-ab2a-f2c0fcf9c2b3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80d464c0-f642-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1684500100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500100, "uuid": "76c5c8b3-6063-4136-b794-7b803f2d91f0", "comment": "Malware payload (AgentTesla)", "value": "62a46435c5e579b3f3a7d59f64317a09", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500100, "uuid": "2c0f18ba-b796-4de6-9a2f-c9eb58933f62", "comment": "Malware payload (AgentTesla)", "value": "ff0557222bc5667c61d9751976b24c98bf06500af03cc4294d3b2f39815582ad", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500100, "uuid": "f49eb1e0-7a6f-45c3-8d4e-397550ca1a9e", "comment": "Malware payload (AgentTesla)", "value": "79f2de013bdec6e7ca3d5e2262e36fb37e405c12", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684500100, "uuid": "16f8efff-7294-424b-a4a3-b83d29e3e1f5", "comment": "Malware payload (AgentTesla)", "value": "228abe78931cadcef4b9943e4d5c945c764ce9a079f0e9b2b471ce81e10c78e8d1fd67fcfa9c616cf776ec3a330233a4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500100, "uuid": "7e1d1d5f-f7cd-4369-b6cf-bbca3d88f03a", "value": "T120D4120500F54E2DC1ED83F56793A01C87385899616ACF2D2BEE3DDAEE5D3440BB29B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500100, "uuid": "07f363b5-a341-486a-b775-3aab03a751a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500100, "uuid": "572ed77d-0a24-4c5d-9fe0-6ae68e810648", "value": "12288:iSEBrEBC8SZcbXPLVnUbnjs5g15340DmBa0tNTFL3KKBZ84xZau2+lddb5YdnEB:w495fLPO340DmBa0tNB3K8NX2+lHbeC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684500100, "uuid": "e78c2d2a-5e6e-4b93-882e-dc4dd6d365a7", "value": 634880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684500100, "uuid": "70327ad5-0c60-4375-a319-928d89eceb1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684500100, "uuid": "2862ca72-c0ad-45f4-9794-aec22163e474", "value": "governorzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d6954ff-f60e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Phonk)", "timestamp": 1684477600, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477600, "uuid": "5f13b536-4934-4368-a32e-082742f1db75", "comment": "Malware payload (Phonk)", "value": "174bb7ffa4d21fe05c30d2c8d593f6b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477600, "uuid": "fa86c2be-b82a-4dab-b3f6-eae5b02aead8", "comment": "Malware payload (Phonk)", "value": "ff1c90b81be560ba89d5cdf7b6a419f72629ee1a1f9c3bbffe256c4b873c6fec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477600, "uuid": "e77fc5e9-658a-4c6d-b26b-b8c0d0caaa8f", "comment": "Malware payload (Phonk)", "value": "dd6ed1dd8558edb6ce0f7ef0ca960c4c592d51e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1684477600, "uuid": "8d2bc287-d83b-40bf-a89d-493a2c6b7b53", "comment": "Malware payload (Phonk)", "value": "a07f870fa9585a1c1203047a5fc37c030c9bcfd55fb1f568732c96c4d2a40848bf6ad3fe1015ba0470557bf772d3d778", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477600, "uuid": "ae1ea3d3-2e23-4172-934e-55897ee17d33", "value": "T1B255E0692B897825DC403DF8E32312FEEC2A9932D49452E8ED0CD06DB5605978B67D3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477600, "uuid": "add17e5e-4933-4608-8831-441f886b9a14", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477600, "uuid": "9edf1ebd-acbf-417e-9f74-9282b12156bd", "value": "24576:769n0IcfC55MOsFPJO/tUF0uGkqQphDzih73mR+V5cpF2jzzyRT:u9n2KPMOUPJOLuHqYhDziRYi5cS3zyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1684477600, "uuid": "b24c52a3-993b-4d86-a679-12f2c72135b5", "value": 1383424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1684477600, "uuid": "83e15c12-9d99-4d78-a751-9357be9faf9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1684477600, "uuid": "dbe0e6e6-246f-4775-8569-38ed912716c2", "value": "174bb7ffa4d21fe05c30d2c8d593f6b4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }