misp-circl-feed/feeds/circl/misp/68690840-5104-4c1a-9223-6d0a35c52704.json

3990 lines
2.7 MiB
JSON
Raw Normal View History

2023-06-24 09:36:52 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2023-03-28",
"extends_uuid": "",
"info": "APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations",
"publish_timestamp": "1687420646",
"published": true,
"threat_level_id": "1",
"timestamp": "1687420054",
"uuid": "68690840-5104-4c1a-9223-6d0a35c52704",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Code Signing Certificates - T1588.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1588.004\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Install Digital Certificate - T1608.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Link Target - T1608.005\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"",
"relationship_type": ""
},
{
"colour": "#064d00",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"",
"relationship_type": ""
},
{
"colour": "#075600",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"JavaScript/JScript - T1059.007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
"relationship_type": ""
},
{
"colour": "#075700",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"",
"relationship_type": ""
},
{
"colour": "#064500",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"",
"relationship_type": ""
},
{
"colour": "#064f00",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"",
"relationship_type": ""
},
{
"colour": "#064700",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Language Discovery - T1614.001\"",
"relationship_type": ""
},
{
"colour": "#075900",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"",
"relationship_type": ""
},
{
"colour": "#054100",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"",
"relationship_type": ""
},
{
"colour": "#065100",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1547.009\"",
"relationship_type": ""
},
{
"colour": "#064d00",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1027.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1027.005\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Embedded Payloads - T1027.009\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Invalid Code Signature - T1036.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Thread Execution Hijacking - T1055.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"",
"relationship_type": ""
},
{
"colour": "#075900",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Mshta - T1218.005\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"",
"relationship_type": ""
},
{
"colour": "#065000",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Access Control - T1548.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"VBA Stomping - T1564.007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:threat-actor=\"Kimsuky\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:threat-actor=\"APT43\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:clear",
"relationship_type": ""
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1683798160",
"uuid": "aba4257b-3b16-4a30-bcd7-add927143513",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1683798160",
"to_ids": false,
"type": "link",
"uuid": "d7f41bdc-0de8-40e7-966e-d15e91a16fd4",
"value": "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1683798160",
"to_ids": false,
"type": "text",
"uuid": "b46eb2af-e047-4ab4-93d6-23eab7c07171",
"value": "Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang\u2019s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations. Tracked since 2018, APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group\u2019s focus on foreign policy and nuclear security issues supports North Korea\u2019s strategic and nuclear ambitions. However, the group\u2019s focus on health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts, highlights its responsiveness to shifting priorities from Pyongyang."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1683798160",
"to_ids": false,
"type": "text",
"uuid": "f44c5ca3-40f2-4c1f-939b-bdf7533ee7f4",
"value": "Report"
},
{
"category": "External analysis",
"comment": "",
"data": "JVBERi0xLjQNJeLjz9MNCjI1NTkgMCBvYmoNPDwvTGluZWFyaXplZCAxL0wgMjA1ODMyNi9PIDI1NjEvRSAxNDAyNzYvTiAyMS9UIDIwMDcwMjkvSCBbIDg1MiA4NTZdPj4NZW5kb2JqDSAgICAgICAgIA14cmVmDQoyNTU5IDI3DQowMDAwMDAwMDE2IDAwMDAwIG4NCjAwMDAwMDE5MzIgMDAwMDAgbg0KMDAwMDAwMjExMiAwMDAwMCBuDQowMDAwMDAzODQxIDAwMDAwIG4NCjAwMDAwMDQ0OTIgMDAwMDAgbg0KMDAwMDAwNTE0MCAwMDAwMCBuDQowMDAwMDA1MjU1IDAwMDAwIG4NCjAwMDAwMDU1MTggMDAwMDAgbg0KMDAwMDAwNjE0OCAwMDAwMCBuDQowMDAwMDA2NDE4IDAwMDAwIG4NCjAwMDAwMDY5OTIgMDAwMDAgbg0KMDAwMDAwNzQ4NCAwMDAwMCBuDQowMDAwMDIwOTExIDAwMDAwIG4NCjAwMDAwMzI5NjYgMDAwMDAgbg0KMDAwMDA0MDU1MSAwMDAwMCBuDQowMDAwMDQwODE3IDAwMDAwIG4NCjAwMDAwODgyODQgMDAwMDAgbg0KMDAwMDA4ODMyNSAwMDAwMCBuDQowMDAwMTIwMTM2IDAwMDAwIG4NCjAwMDAxMjAxNzcgMDAwMDAgbg0KMDAwMDEzMjEyNiAwMDAwMCBuDQowMDAwMTM5MzA0IDAwMDAwIG4NCjAwMDAxMzkzNjggMDAwMDAgbg0KMDAwMDEzOTU1OCAwMDAwMCBuDQowMDAwMTQwMjEzIDAwMDAwIG4NCjAwMDAwMDE3MDggMDAwMDAgbg0KMDAwMDAwMDg1MiAwMDAwMCBuDQp0cmFpbGVyDTw8L1NpemUgMjU4Ni9Sb290IDI1NjAgMCBSL0luZm8gMTczIDAgUi9JRFs8OUI4QUQ3RUQ0RTcxNDRFNUJGODlGMzdDNEE3NzIwOTg+PEJENjdGM0NCM0I4QTRENEI5MDg1NTVDODI0OTY3RTYyPl0vUHJldiAyMDA3MDE2L1hSZWZTdG0gMTcwOD4+DXN0YXJ0eHJlZg0wDSUlRU9GDSAgICAgICAgICAgICANMjU4NSAwIG9iag08PC9DIDk4MC9GaWx0ZXIvRmxhdGVEZWNvZGUvSSAxMDAyL0xlbmd0aCA3NjAvTyA5NjQvUyA3OTc+PnN0cmVhbQ0KaN5iYGBgYmBgecHAysDAfYNBhAEBRIBi7AwsDBxrHJg4EhgcwYLsDAp/DzTsYnbmP3ZL30o4+KtczQFWb0bJBXoFTKUGES0MtxM4axg3H5C6BFSsspzJxIAlgXnGg/h0m8vGc15nBc95mumNZIeJYnOH20StFM4rKyxYBJxX9YsL5VyczH6Ri41FIOERk4zVio+F7mdnGSV4mLozswuUKCiod3eK5PyczNa4ykLConkhI6PN2sTitJ4ZIgerni7ybw45YlDI4MRkUfGy0O2spIHKD7i+mcYSLTu2uAMFNTw3JDiy8SkoHl4+VVyk5uZiNZZmJg6DQkY+2ZCKHYufgfRJLVvE3JZR8fLQs/4Wo4QbCxWumvHIOAcfZGiyKtgxGWRfjXTBwSMWRS8ePmh3aNLLObhQ/agk2xqDQm4mJqbYpqeLXKVNUg59yDrMLrBBQUH1hl6USuBmNx99mJKPrzc9AipJbbp6YcGBup+VDVnXGFkEXx9PYmbXU/38g0d8nSibIFCDLtvahIaHTYwsH29fehS/T5Sx6umGRKDRhxmyprbxKSY4OHivj9nisRjopATeiIRHYiwsLLtZT7t0mWWcbH1wFapkA1RJHA+HgzvfPD4Fg8WPQp2aGX8/Xy/bwMDg4tHRAImQtLS09A4gADKZlNSBDIh4BUQIKAgSg4oKisPl09IqoLoYBcOhooKCEF1sEMkGiOkwk4yNjWFM9o4ODBYjWDOMB3EAlCcoGooiVwF3EAaLNTQtA+JeslItkJPEIBtiB6TFgdgZbJ00gwDbMqYCplyGCIY3TNEMn5mUGS+aROj9kW1jeL8zgIGvRoOBT2+S9HsGVYbFTCUMKkzujN2MCxiFGPUZnzK+ZHimn8BwkeGJ9EJgBkOGoQyVDBOAZkYBYRwDJ2M6ozjDMsa7jNMYVzOqMOQxKDHkMbkBI8CU4Yf6AYZsBm2kbMTQxyD7thMUbECsA8T9QP5WIC3BwDApDq5qLYPcfEOoqu0AAQYAqHsw5w1lbmRzdHJlYW0NZW5kb2JqDTI1ODQgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDMvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0luZGV4WzE3NCAyMzg1XS9MZW5ndGggNzAvU2l6ZSAyNTU5L1R5cGUvWFJlZi9XWzEgMSAxXT4+c3RyZWFtDQpo3uzRQQ0AMAwDsTT8pSEY17GY+vDjCJzbkyajLc31gId48BAPHuLBQzx4iId48BAPHuLBQzx4iId48BCPfz0BBgAs3yqfDWVuZHN0cmVhbQ1lbmRvYmoNMjU2MCAwIG9iag08PC9MYW5nKGVuLVVTKS9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4vTWV0YWRhdGEgMTcyIDAgUi9PdXRsaW5lcyAxNDIgMCBSL1BhZ2VzIDE2NyAwIFIvU3RydWN0VHJlZVJvb3QgMTc0IDAgUi9UeXBlL0NhdGFsb2cvVmlld2VyUHJlZmVyZW5jZXM8PC9EaXJlY3Rpb24vTDJSPj4+Pg1lbmRvYmoNMjU2MSAwIG9iag08PC9BcnRCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vQmxlZWRCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vQ29udGVudHMgMjU2NiAwIFIvQ3JvcEJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9Hcm91cCAyNTgzIDAgUi9NZWRpYUJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9QYXJlbnQgMTY4IDAgUi9SZXNvdXJjZXM8PC9FeHRHU3RhdGU8PC9HUzAgMjU2NCAwIFI+Pi9Gb250PDwvVFQwIDI1NjIgMCBSL1RUMSAyNTY5IDAgUj4+L1Byb2NTZXRbL1BERi9UZXh0XS9YT2JqZWN0PDwvRm0wIDI1NzkgMCBSL0ZtMSAyNTgyIDAgUj4+Pj4vUm90YXRlIDAvU3RydWN0UGFyZW50cyAwL1RyaW1Cb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vVHlwZS9QYWdlL1BpZWNlSW5mbzw8L0luRGVzaWduPDwvRG9jdW1lbnRJRDxGRUZGMDA3ODAwNkQwMDcwMDAyRTAwNjQwMDY5MDA2NDAwM0EwMDM1MDAzODAwNjMwMDYxMDAzNTAwNjUwMDY1MDA2MzAwMkQwMDYzMDAzMzAwMzkwMDY1MDAyRDAwMzQwMDMwMDA2MzAwMzYwMDJEMDAzOTAwNjEwMDYxMDA2NTAwMkQwMDM5MDA2MTAwMzgwMDMyMDA2MjAwMzkwMDM2MDAzMzAwNjYwMDMxMDAzMjAwNjY+L0xhc3RNb2RpZmllZDxGRUZGMDA0NDAwM0EwMDMyMDAzMDAwMzIwMDMzMDAzMDAwMzMwMDMyMDAzOTAwMzEwMDM3MDAzNTAwMzcwMDMwMDAzNTAwNUE+L051bWJlck9mUGFnZUl0ZW1zSW5QYWdlIDgvTnVtYmVyb2ZQYWdlcyAxL09yaWdpbmFsRG9jdW1lbnRJRDxGRUZGMDA3ODAwNkQwMDcwMDAyRTAwNjQwMDY5MDA2NDAwM0EwMDYxMDAzNDAwNjEwMDYyMDA2NjAwMzYwMDYyMDA2NDAwMkQwMDMwMDA2MTAwMzUwMDM1MDAyRDAwMzQwMDYyMDA2MTAwNjUwMDJEMDA2MTAwMzIwMDY2MDAzNzAwMkQwMDY2MDAzMzAwMzYwMDY1MDAzMjAwNjIwMDYzMDA2MTAwMzYwMDM3MDA2NjAwMzk+L1BhZ2VJdGVtVUlEVG9Mb2NhdGlvbk
"deleted": false,
"disable_correlation": false,
"object_relation": "report-file",
"timestamp": "1683798160",
"to_ids": false,
"type": "attachment",
"uuid": "70c90efa-8ecb-454d-90ee-29c213fff843",
"value": "APT43 Report.pdf"
}
]
},
{
"comment": "AMADEY",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155613",
"uuid": "cf25b2dc-798c-4c8e-8354-5b1ccda8da86",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155584",
"to_ids": true,
"type": "sha1",
"uuid": "a6843009-50b9-4cff-afaf-c86827363490",
"value": "e205ed81ccb99641dcc6c2799d32ef0584fa2175",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Amadey\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-malware=\"Amadey - S1025\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"AMADEY\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155613",
"to_ids": true,
"type": "md5",
"uuid": "adcc1448-aeab-4ab4-abb7-0dd16a6461a0",
"value": "982fc9ded34c85469269eacb1cb4ef26",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Amadey\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-malware=\"Amadey - S1025\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"AMADEY\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155613",
"to_ids": true,
"type": "sha256",
"uuid": "c490c974-a361-4ffd-a9d1-d3813a185cc5",
"value": "557ff6c87c81a2d2348bd8d667ea8412a1a0a055f5e1ae91701c2954ca8a3fdb",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Amadey\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-malware=\"Amadey - S1025\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"AMADEY\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "BENCHMARK",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155640",
"uuid": "eee5fbac-5daf-49ee-9962-5f011775f0a2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155640",
"to_ids": true,
"type": "sha1",
"uuid": "dc048700-e593-44dc-86a1-708876e40a74",
"value": "47a32bc992e5d4613b3658b025ab913b0679232c",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BENCHMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155640",
"to_ids": true,
"type": "md5",
"uuid": "b183c6cf-7795-4990-8cb7-d27dd5378bc7",
"value": "de9a8c26049699dbbd5d334a8566d38d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BENCHMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155640",
"to_ids": true,
"type": "sha256",
"uuid": "aedac48e-d1ee-4e91-ad81-5e096deb3528",
"value": "43c2d5122af50363c29879501776d907eaa568fa142d935f6c80e823d18223f5",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BENCHMARK\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "BIGRAISIN",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155665",
"uuid": "6062ab98-a092-44b8-8c25-c237b2c2bb03",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155665",
"to_ids": true,
"type": "sha1",
"uuid": "9c9f6256-1d47-4ac1-8155-9176ce2d6b1d",
"value": "1087efbd004f65d226bf20a52f1dc0b3e756ff9e",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"BIGRAISIN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155665",
"to_ids": true,
"type": "md5",
"uuid": "3bf70bfd-01b6-4df8-9a05-e65e6ed892ca",
"value": "144bd7fd423edc3965cb0161a8b82ab2",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"BIGRAISIN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155665",
"to_ids": true,
"type": "sha256",
"uuid": "140450eb-f8c4-4dd3-bf9a-564c51cceef6",
"value": "2b78d5228737a38fa940e9ab19601747c68ed28e488696694648e3d70e53eb5a",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"BIGRAISIN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "BITTERSWEET",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155782",
"uuid": "b8010d27-ff96-4971-a652-4c16e1d96002",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155782",
"to_ids": true,
"type": "sha1",
"uuid": "b79739f6-9460-4c0d-828f-7e478fe01f98",
"value": "f3b047e6eb3964deb047767fad52851c5601483f",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BITTERSWEET\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155782",
"to_ids": true,
"type": "md5",
"uuid": "7263c473-e15e-4df5-ac35-a96e0938cbe4",
"value": "cd83a51bec0396f4a0fd563ca9c929d7",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BITTERSWEET\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155782",
"to_ids": true,
"type": "sha256",
"uuid": "c75fea2b-9b1f-48b7-a64b-35d935499f35",
"value": "fb7fb6dbaf568b568cd5e60ab537a42d5982949a5e577db53cc707012c7f20e3",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BITTERSWEET\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "BRAVEPRINCE",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155895",
"uuid": "c45bfa39-cf7d-46cf-9452-d0df78df2bf5",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155895",
"to_ids": true,
"type": "sha1",
"uuid": "cd816bc3-5801-4aa9-9b58-800c32d456d7",
"value": "539acd9145befd7e670fe826c248766f46f0d041",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BRAVEPRINCE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155895",
"to_ids": true,
"type": "md5",
"uuid": "90eeea48-5d7e-48b3-84c7-213058058a0e",
"value": "33df74cbb60920d63fe677c6f90b63f9",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BRAVEPRINCE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155895",
"to_ids": true,
"type": "sha256",
"uuid": "32292778-134a-4fa8-bc13-58f045fc2835",
"value": "94aa827a514d7aa70c404ec326edaaad4b2b738ffaea5a66c0c9f246738df579",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BRAVEPRINCE\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "BRAVEPRINCE",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155947",
"uuid": "84d55547-c836-4111-aa5a-cc3ff9219944",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155947",
"to_ids": true,
"type": "sha1",
"uuid": "fb186a58-d076-4059-a526-96c69d41d4ab",
"value": "bc6cb78e20cb20285149d55563f6fdcf4aaafa58",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BRAVEPRINCE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155947",
"to_ids": true,
"type": "md5",
"uuid": "aa086543-ace9-4a58-b398-e6b005985ac6",
"value": "ebaf83302dc78d96d5993830430bd169",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BRAVEPRINCE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155947",
"to_ids": true,
"type": "sha256",
"uuid": "224148a4-90bb-4423-8f28-ac4421f1b717",
"value": "5cbc07895d099ce39a3142025c557b7fac41d79914535ab7ffc2094809f12a4b",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"BRAVEPRINCE\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "COINTOS",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156003",
"uuid": "5bb63a7a-9e7f-43f2-8765-9d089b663dfc",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156003",
"to_ids": true,
"type": "sha1",
"uuid": "2e01b16c-ad2b-46d2-b00a-1be99cc0c290",
"value": "c0c6b99796d732fa53402ff49fd241612a340229",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"COINTOSS\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156003",
"to_ids": true,
"type": "md5",
"uuid": "fb40b30a-bcf8-4f8d-8af8-47a8d827ef49",
"value": "b846fa8bc3a55fa0490a807186a8ece9",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"COINTOSS\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156003",
"to_ids": true,
"type": "sha256",
"uuid": "ae16e3b3-14ae-46e3-a5be-8bde0200c113",
"value": "855656bfecc359a1816437223c4a133359e73ecf45acda667610fbe7875ab3c8",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"COINTOSS\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "COINTOSS.XLM",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156003",
"uuid": "bde359de-47f5-4db2-83f0-3e623af55269",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156003",
"to_ids": true,
"type": "sha1",
"uuid": "5adc98a5-5c94-421a-bfd8-17b580edaf6d",
"value": "e5b312155289cdc6a80a041821fc82d2cca80bcd",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"COINTOSS\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156003",
"to_ids": true,
"type": "md5",
"uuid": "2e15af14-7d4c-491a-b004-f1df8c03d13b",
"value": "f92a75b98249fa61cf62e8b63cb68fae",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"COINTOSS\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156003",
"to_ids": true,
"type": "sha256",
"uuid": "5ffe8df1-867f-480d-8a31-31d7c25a6467",
"value": "d0971d098b0f8cf2187feeed3ce049930f19ec3379b141ec6a2f2871b1e90ff7",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"COINTOSS\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "DRIVEDOWN",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156040",
"uuid": "c3ddff3a-02e2-43b0-b47e-f6d7a90eee03",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156040",
"to_ids": true,
"type": "sha1",
"uuid": "ca619495-eadf-4df5-bc67-f9fa8e68f7e1",
"value": "40826e2064b59b8b7b3e514b9ef2c1479ac3b038",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"DRIVEDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156040",
"to_ids": true,
"type": "md5",
"uuid": "17c85faa-ed96-4485-a56f-1d9fbfcc069a",
"value": "1dcd5afeccfe2040895686eefa0a9629",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"DRIVEDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156040",
"to_ids": true,
"type": "sha256",
"uuid": "0a3a62d8-5e3f-49ba-a8f0-b5e5e1929e6f",
"value": "07aed9fa864556753de0a664d22854167a3d898820bc92be46b1977c68b12b34",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"DRIVEDOWN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "DRIVEDOWN",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156040",
"uuid": "1f404ef9-7677-4102-baf8-24caf174a7cc",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156040",
"to_ids": true,
"type": "sha1",
"uuid": "fe2a8481-10d1-481a-88da-4a3ba747d799",
"value": "e79527f7307c1dda62c42487163616b3e58d5028",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"DRIVEDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156040",
"to_ids": true,
"type": "md5",
"uuid": "037aca88-a5a9-481a-94fc-a4a9d0077e5f",
"value": "5fe4da6a1d82561a19711e564adc7589",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"DRIVEDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156040",
"to_ids": true,
"type": "sha256",
"uuid": "07a6babd-9ab5-4138-bc07-0ad2903d88d1",
"value": "8d0bafca8a8e8f3e4544f1822bc4bb08ceaa3c7192c9a92006b1eb500771ab53",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"DRIVEDOWN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "EGGHATCH",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156065",
"uuid": "ff14f879-8af3-4abf-8344-17f13f5a751e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156065",
"to_ids": true,
"type": "sha1",
"uuid": "f2392872-0ba7-4b09-b81b-f5e08a0c42ac",
"value": "b0c2312852d750c4bceb552def6985b8b800d3f3",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"EGGHATCH\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156065",
"to_ids": true,
"type": "md5",
"uuid": "565e325a-78cc-47e7-9b74-488e1ca95ac7",
"value": "e8da7fcdf0ca67b76f9a7967e240d223",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"EGGHATCH\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156065",
"to_ids": true,
"type": "sha256",
"uuid": "90c86ac0-f0b7-4e17-8e2f-f7370e65cc6d",
"value": "9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"EGGHATCH\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "FASTFIRE",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156888",
"uuid": "f7c4ab60-f8ad-4dde-a129-47f1f72d79e0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156888",
"to_ids": true,
"type": "sha1",
"uuid": "850cf11d-8b61-4ec8-be62-43c6f320b790",
"value": "1b9a4c0a5615a4f96a041d771646c1a407b17577",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"FASTFIRE\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"FastFire\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156888",
"to_ids": true,
"type": "md5",
"uuid": "371241f0-6773-40a6-b712-31171d4d62dd",
"value": "2bf26702c6ecbd46f68138cdcd45c034",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"FASTFIRE\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"FastFire\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156888",
"to_ids": true,
"type": "sha256",
"uuid": "ebd5c435-1033-4d11-bcbe-91d7e65e0b15",
"value": "38d1d8c3c4ec5ea17c3719af285247cb1d8879c7cf967e1be1197e60d42c01c5",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"FASTFIRE\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"FastFire\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "Gh0st RAT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156933",
"uuid": "47c21f0e-cde1-43ae-bbd6-7c05f2699661",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156933",
"to_ids": true,
"type": "sha1",
"uuid": "8e57e121-6319-4c61-bf86-d0fd99908784",
"value": "a1f72c890d0b920f4f4cb2d59df6fa40734de90d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Ghost RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Gh0st RAT\"",
"relationship_type": ""
},
{
"colour": "#075800",
"local": "0",
"name": "misp-galaxy:tool=\"Gh0st Rat\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156933",
"to_ids": true,
"type": "md5",
"uuid": "28afd32c-c22a-4a92-806a-25cde58a47f9",
"value": "2d330c354c14b39368876392d56fb18c",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Ghost RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Gh0st RAT\"",
"relationship_type": ""
},
{
"colour": "#075800",
"local": "0",
"name": "misp-galaxy:tool=\"Gh0st Rat\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156933",
"to_ids": true,
"type": "sha256",
"uuid": "192eeaa4-b2b9-4503-981a-a00c73176c29",
"value": "f86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Ghost RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Gh0st RAT\"",
"relationship_type": ""
},
{
"colour": "#075800",
"local": "0",
"name": "misp-galaxy:tool=\"Gh0st Rat\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "GOLDDRAGON",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156968",
"uuid": "22e220fa-ca7f-4abe-94c4-9cb42137c7f8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156968",
"to_ids": true,
"type": "sha1",
"uuid": "49be9c29-1c40-4526-b8ae-872484bc4b5d",
"value": "fb09b89803da071b7b7eb23244771c54d979a873",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"GoldDragon\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDRAGON\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156968",
"to_ids": true,
"type": "md5",
"uuid": "7e2ec997-637c-4203-bfbf-32ce0c799c92",
"value": "15ec5c7125e6c74f740d6fc3376c130d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"GoldDragon\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDRAGON\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156968",
"to_ids": true,
"type": "sha256",
"uuid": "78cd1d51-287a-4bc8-bd64-6b548ba887ce",
"value": "4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"GoldDragon\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDRAGON\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "GOLDDRAGON.POWERSHELL",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156968",
"uuid": "34253556-8ba3-47fa-8013-d74d287cf421",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156968",
"to_ids": true,
"type": "sha1",
"uuid": "1ec9ca22-5f94-42e9-985f-17eb020ccd8d",
"value": "4b0d0ebb0c676efe855bed796221dd475a39ba40",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"GoldDragon\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDRAGON\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156968",
"to_ids": true,
"type": "md5",
"uuid": "9d2085a6-4148-4ae0-8704-473e5f66be37",
"value": "2a5562de1d3e734d9328a1c78b43c2e5",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"GoldDragon\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDRAGON\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156968",
"to_ids": true,
"type": "sha256",
"uuid": "f9754ef7-5c89-4276-9f92-19c52d815e57",
"value": "203ea478fa4d2d5ef513cad8b51617e0c9f7571bf3a3becf9c267a0d590c6d72",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"GoldDragon\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDRAGON\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "GOLDDROP",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156996",
"uuid": "aca63f0b-b7e4-4544-aed9-80aaade560a9",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156996",
"to_ids": true,
"type": "sha1",
"uuid": "a3cecf86-3237-44c8-991c-7082f9d37894",
"value": "1d49d462a11a00d8ac9608e49f055961bf79980d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDROP\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156996",
"to_ids": true,
"type": "md5",
"uuid": "70a95aec-c6ae-400a-9741-44272871d72e",
"value": "0cc0aa5877cec9109b7a5a0e3a250c72",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDROP\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156996",
"to_ids": true,
"type": "sha256",
"uuid": "27115a90-81fe-4b00-97d5-c2cc0b97a6a1",
"value": "1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDROP\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "GOLDDROP",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156995",
"uuid": "616a09f0-4cc8-4227-bbb4-cb6917ded2bd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156995",
"to_ids": true,
"type": "sha1",
"uuid": "69aceb8b-629a-4809-915f-86404caff59a",
"value": "5b69e3e5f4f49cf8b635a57a8c92e17a4f130d50",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDROP\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156995",
"to_ids": true,
"type": "md5",
"uuid": "a1fc7a99-ab48-4729-9147-47ff5894ec4e",
"value": "2c530adb841114366ce6177ce964a5e6",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDROP\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156995",
"to_ids": true,
"type": "sha256",
"uuid": "03bc48f6-9e3f-42f6-99f2-37d6154ce744",
"value": "873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDDROP\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "GOLDSMELT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157018",
"uuid": "30576e97-c3c7-46c0-bb30-19680e264b68",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157018",
"to_ids": true,
"type": "sha1",
"uuid": "984a52be-cae9-458e-8582-be7d1548e925",
"value": "2508f5ff0c28356c0c3f8e6cae7b750d53495bca",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDSMELT\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157018",
"to_ids": true,
"type": "md5",
"uuid": "82b03e4c-e27a-4557-9e4b-523729a0b33c",
"value": "c066b81c4b8b0703f81f8bc6fb432992",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDSMELT\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157018",
"to_ids": true,
"type": "sha256",
"uuid": "6dd3ece3-15b7-48d2-a5ee-ad409513ec32",
"value": "63b4bd01f80d43576c279adf69a5582129e81cc4adbd03675909581643765ea8",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"GOLDSMELT\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "GRAYZONE",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157047",
"uuid": "f6f6f14b-0a83-4e29-97c8-9f87fb1dc069",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157047",
"to_ids": true,
"type": "sha1",
"uuid": "40e1859f-933b-4441-9695-26fea22b1e81",
"value": "942fd7b4ef1ccf7032a40acad975c7b5905c3c77",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"GRAYZONE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157047",
"to_ids": true,
"type": "md5",
"uuid": "e318c1a4-d151-40bd-b337-8dc1b0183e78",
"value": "1d30dfa5d8f21d1465409b207115ded6",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"GRAYZONE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157047",
"to_ids": true,
"type": "sha256",
"uuid": "b87c156e-e146-4422-a955-4d1a0eb6ce11",
"value": "ed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"GRAYZONE\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "HANGMAN.V2",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157070",
"uuid": "928dbc59-8047-4bd4-998f-3d8c42e3394a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157070",
"to_ids": true,
"type": "sha1",
"uuid": "4edb6d6a-eaea-4e5b-969d-cf082b77ef15",
"value": "862abce03f7f5de0c466fdbd24ad796578eaa110",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"HANGMAN.V2\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157070",
"to_ids": true,
"type": "md5",
"uuid": "42410742-5783-4ec9-ac19-b76a772c26b3",
"value": "21cffaa7f9bf224ce75e264bfb16dd0d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"HANGMAN.V2\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157070",
"to_ids": true,
"type": "sha256",
"uuid": "ddb28426-38c4-4850-8c46-f8f0ddfc5af7",
"value": "a605570555620cea6d6be211520525fc95a30961661780da4cc4bafe9864f394",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"HANGMAN.V2\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "Invoke-Mimikatz",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157099",
"uuid": "7bc0d36a-4e73-4b6b-82ac-b4864d0b0e9c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157099",
"to_ids": true,
"type": "sha1",
"uuid": "6490a7e7-a641-4e06-94e2-7cda470805ad",
"value": "e74b816f1c6d6347cb40121e0b50dadd0d8f1f97",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Invoke-Mimikatz\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157099",
"to_ids": true,
"type": "md5",
"uuid": "495a1151-6d23-4b6b-a8dd-f414a71a0c59",
"value": "20bc53deb7b1214580e9d9efeaa5e9d7",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Invoke-Mimikatz\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157099",
"to_ids": true,
"type": "sha256",
"uuid": "e7fc3ff4-d1e2-46f1-bded-217fb18a0116",
"value": "908777e58161615657663656861c212ac25696741ef69411021474158fa2b4cf",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Invoke-Mimikatz\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "JURASSICSHELL",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156755",
"uuid": "24d17de4-31cf-4967-bc99-6c1dbba3be40",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156755",
"to_ids": true,
"type": "sha1",
"uuid": "a3182df5-bd2a-4695-935e-bc69e22c9767",
"value": "d80be054a569df5f201191dcc4fea0dde9622da5",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"JURASSICSHELL\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156755",
"to_ids": true,
"type": "md5",
"uuid": "b3d71a9d-cd69-4feb-be5d-873ce53aab51",
"value": "9cdda333432f403b408b9fe717163861",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"JURASSICSHELL\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156755",
"to_ids": true,
"type": "sha256",
"uuid": "c3eacbb7-167b-4df8-949c-ac6ab7049325",
"value": "d2f4bf0caed5a442198fcdc43c83c7b27ae04f341a72b270c9ed40778aa77afe",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"JURASSICSHELL\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "JURASSICSHELL",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156755",
"uuid": "dd10a976-80d6-4adb-b410-154fefab83ae",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156753",
"to_ids": true,
"type": "sha1",
"uuid": "26213588-cec2-4543-9fd5-7a2019d82171",
"value": "63e113f0a906af82903dbfac3e78bdd2d146e738",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"JURASSICSHELL\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156754",
"to_ids": true,
"type": "md5",
"uuid": "78180884-f8ed-4e03-92fb-ba16d48983e0",
"value": "ddae18c65d583b41a2157d496a4bde61",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"JURASSICSHELL\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156755",
"to_ids": true,
"type": "sha256",
"uuid": "04a9c237-7e86-4f52-9869-c984549d4241",
"value": "a4ba1e6ab678a1bdf8bc05bea8310d743928a4e2c05bad104e61afdd9cccf9a1",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"JURASSICSHELL\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "LANDMARK",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157166",
"uuid": "6fd830c7-4a8f-446b-b6e9-044bed661a3b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157166",
"to_ids": true,
"type": "sha1",
"uuid": "5720bb65-3151-4a96-a078-c568ea2ffa46",
"value": "a61f009e73ae81a18751e9aee39f8121a3902280",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LANDMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157166",
"to_ids": true,
"type": "md5",
"uuid": "a4f46e14-b641-486e-9dd4-937d661ffef9",
"value": "1ffccf6cb3b74d68df2b899fd33127a5",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LANDMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157166",
"to_ids": true,
"type": "sha256",
"uuid": "bd500cab-df93-4c90-9024-949eede68be8",
"value": "da22d327124a0ee6a93cd07e85f9804fbc98eda87824ddcf7c8a63d349e87034",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LANDMARK\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "LANDMARK.NET",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157166",
"uuid": "5dcbec94-42d4-4bbc-950c-8c5713dff1c1",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157166",
"to_ids": true,
"type": "sha1",
"uuid": "a989269d-47d3-424e-8854-e3902d2febea",
"value": "12c508ace6e8aa42be02750d759e720b800bf796",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LANDMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157166",
"to_ids": true,
"type": "md5",
"uuid": "06f4f222-ccd9-4ce5-8f5f-a9c43c92e60b",
"value": "60efecf4e1b5b2c580329e9afa05db15",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LANDMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157166",
"to_ids": true,
"type": "sha256",
"uuid": "b6d2a768-7a69-40d1-9540-128a0a4ced4a",
"value": "034d29fb89a8f68ba714f1868b2181c4cd59d4a2604630ef1554a6ccf3fe6d75",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LANDMARK\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "LATEOP\r\nLATEOP.V2",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157202",
"uuid": "09d48190-3b5d-4e3c-b1a8-38920340b253",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157202",
"to_ids": true,
"type": "sha1",
"uuid": "d4759827-3fef-49ab-9df3-59a23d5c8974",
"value": "7da4e8b743478370fa41fe39a45e3ff2ca2194b3",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"BabyShark\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LATEOP\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157202",
"to_ids": true,
"type": "md5",
"uuid": "be4a16e2-4983-45c4-bdf8-df8b18b46282",
"value": "0f77143ce98d0b9f69c802789e3b1713",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"BabyShark\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LATEOP\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157202",
"to_ids": true,
"type": "sha256",
"uuid": "30027b9b-fcaa-4bfa-ad72-6a566940b365",
"value": "54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"BabyShark\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LATEOP\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "LOGCABIN",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157264",
"uuid": "78168392-f363-4089-b3dc-3f208519fdbd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157264",
"to_ids": true,
"type": "sha1",
"uuid": "586534fb-fd85-46fe-a376-c1d9fdf99b28",
"value": "b7fdb5e5b31adfc5ada0de1e05b0c069968e5bce",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"LOGCABIN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157264",
"to_ids": true,
"type": "md5",
"uuid": "6781b327-54c5-4bfc-83f4-7e89ffbfa5a0",
"value": "0b558ee89a7bb32968ef78104f6b9a28",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"LOGCABIN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157264",
"to_ids": true,
"type": "sha256",
"uuid": "9896fb95-4c15-49c3-8c8e-12d7f36406de",
"value": "79c0fe1467dada33e0b097dd772c36229618b7091baa5f10da083f894192a237",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"LOGCABIN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "LONEJOGGER",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156727",
"uuid": "44f8931b-cf23-47ec-b023-2fdfa8114ff0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156727",
"to_ids": true,
"type": "sha1",
"uuid": "32234a11-57d7-4bda-b6b8-74efe3ab6d4d",
"value": "2dd269608dd7f4da171d1a220fe97347162008c7",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LONEJOGGER\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156727",
"to_ids": true,
"type": "md5",
"uuid": "496233b6-c573-4f67-b7a3-6a6ba33bd2b1",
"value": "139d2561f5c72fabb099a12c16b8960c",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LONEJOGGER\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156727",
"to_ids": true,
"type": "sha256",
"uuid": "e87f846e-7a21-4631-bd27-89225865232f",
"value": "2c338055e8245057169f1733846e0490bc4ae117d1dadefe0a3f07a63dc87520",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LONEJOGGER\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "LONEJOGGER",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156727",
"uuid": "6ae69ae1-d8cd-4dda-b507-82bde00357ca",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156727",
"to_ids": true,
"type": "sha1",
"uuid": "cb513415-e003-4174-ad26-566ec45159e1",
"value": "98040f42103ce3b840dd54bf3490587f141a0bc3",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LONEJOGGER\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156727",
"to_ids": true,
"type": "md5",
"uuid": "98f43aa5-8455-4044-b637-c8252094859a",
"value": "14a00f517012279af53118a491253e5c",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LONEJOGGER\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156727",
"to_ids": true,
"type": "sha256",
"uuid": "d117baf3-9ecc-4181-a405-f6112a8de48c",
"value": "26a98b752fd8e700776f11bad4169a0670824d5b5b9337f3c8f46fac33bc03e8",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"LONEJOGGER\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "METASPLOIT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157233",
"uuid": "68119593-c328-4af6-8508-2bc78be34b32",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157233",
"to_ids": true,
"type": "sha1",
"uuid": "6bc0e91b-8aaf-4e8f-8ef6-e2b63660f574",
"value": "7d66c1f36b4b48d990461ec44d626793ade6a8d1",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"metasploit\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157233",
"to_ids": true,
"type": "md5",
"uuid": "f4183fdf-912d-4532-b42f-2318da88981b",
"value": "37e7d679cd4aa788ec63f27cb02962ea",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"metasploit\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157233",
"to_ids": true,
"type": "sha256",
"uuid": "17c6d33f-4207-459c-9d58-1c9548b3a3ef",
"value": "b55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"metasploit\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "PASSMARK",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157286",
"uuid": "103fb4e3-f3c2-4ab5-b752-3d7e64aa8b0b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157286",
"to_ids": true,
"type": "sha1",
"uuid": "fe4692ef-3099-4365-b6e4-3df8630d35a8",
"value": "4e93797dd3b383050cf0ee585aa5b5525efb2380",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PASSMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157286",
"to_ids": true,
"type": "md5",
"uuid": "3d4816f4-d5da-4c9d-b90e-f0caf38d6b15",
"value": "b077ba5af1dfbd4ac523923eab56bcd4",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PASSMARK\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157286",
"to_ids": true,
"type": "sha256",
"uuid": "ad16854b-b479-4932-82b5-62a39378f6b6",
"value": "4a08b78d410bc3d9b78dd63b146767f293dc3f3f6f8092352d2aa2f589e9c772",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PASSMARK\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "PENCILDOWN",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157362",
"uuid": "ac5e133b-8054-4762-ada5-fe64b83e2e85",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157362",
"to_ids": true,
"type": "sha1",
"uuid": "f0c60ad2-e422-4c6c-b6cb-6da03422c24b",
"value": "f3b774e921eaad9335b9c057dd49b918c5dae4a6",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENCILDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157362",
"to_ids": true,
"type": "md5",
"uuid": "5883ba16-dad0-4a4c-ba6b-fae5d0fc4f02",
"value": "04d0856afb1aa9168377d6aa579c5403",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENCILDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157362",
"to_ids": true,
"type": "sha256",
"uuid": "69065b6e-b29f-478c-8d09-67c4cacba6f1",
"value": "e637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENCILDOWN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "PENCILDOWN.ANDROID",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157362",
"uuid": "1125ef0c-0e3f-4183-8ba8-a77b836cfb6a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157362",
"to_ids": true,
"type": "sha1",
"uuid": "a2fcad9e-d5cc-44c0-997a-5d648abda5c2",
"value": "a9ff1ebb548f5bba600d38e709ff331749fa9971",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENCILDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157362",
"to_ids": true,
"type": "md5",
"uuid": "6c7e7cf9-cbac-41d1-b70d-47e37f59d6d5",
"value": "4626ed60dfc8deaf75477bc06bd39be7",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENCILDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157362",
"to_ids": true,
"type": "sha256",
"uuid": "5e8cf136-6b80-4cf0-a194-f00d801cd77e",
"value": "2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENCILDOWN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "PENDOWN",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156803",
"uuid": "175ff6d0-358c-4cb2-9d28-3501843840f8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156802",
"to_ids": true,
"type": "sha1",
"uuid": "6ef74ebb-5de1-4be5-be55-060f01307df9",
"value": "6f4b6938ac8fd9591fc399219dbaf4347d8b444b",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156803",
"to_ids": true,
"type": "md5",
"uuid": "661f3267-e0b3-4367-9a03-0d8d522fca31",
"value": "768c84100d6e3181a26fa50261129287",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENDOWN\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156803",
"to_ids": true,
"type": "sha256",
"uuid": "d08f286a-f59f-481d-96a1-21e9681e7cf2",
"value": "780e7edbfad5f68051c2039036b00b304d3f828fdbee85d2d09edbcc6d07ea34",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PENDOWN\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "PUMPKINBAR",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156258",
"uuid": "8a6edbf1-a471-46aa-8235-42b46413b5f0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156258",
"to_ids": true,
"type": "sha1",
"uuid": "0c47d8c9-689f-40cb-989a-be7814f9e9ba",
"value": "d3b233d6d8b11235929e4a0cbdb12eefdd47d927",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PUMPKINBAR\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156258",
"to_ids": true,
"type": "md5",
"uuid": "140017a8-8207-4f66-a812-600ccefc2ced",
"value": "946f787c129bf469298aa881fb0843f4",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PUMPKINBAR\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156258",
"to_ids": true,
"type": "sha256",
"uuid": "9d58c7e5-86e0-4bff-8adf-0ab71be4f0c7",
"value": "32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PUMPKINBAR\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "PUMPKINBAR",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156258",
"uuid": "dedfbe89-65c0-4038-b3f7-fd8ad142f2a7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156258",
"to_ids": true,
"type": "sha1",
"uuid": "9b486b4b-0c52-4981-8ca5-0c14f2474b35",
"value": "851ba2182b37bc7380420a986840e16f73947413",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PUMPKINBAR\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156258",
"to_ids": true,
"type": "md5",
"uuid": "634765cd-adb1-47f7-9d0f-9003cd511567",
"value": "c9d70bf370172609da848fa785989939",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PUMPKINBAR\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156258",
"to_ids": true,
"type": "sha256",
"uuid": "8f1e923b-50a9-4034-a9cb-8003776db45b",
"value": "ba3c79dbeca0234fa838ae4c956409115556f437372aeeb0737206d71caf4a38",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"PUMPKINBAR\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "QUASARRAT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157446",
"uuid": "a57ffcff-8a78-4a9b-98b5-86b92b18f452",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157446",
"to_ids": true,
"type": "sha1",
"uuid": "74a70da3-bc90-4ea1-b795-cf4fcd952f6f",
"value": "25d94c9ab7635ff330dabe96780f330f7f2ba775",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Quasar RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Quasar RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"QUASARRAT\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157446",
"to_ids": true,
"type": "md5",
"uuid": "783e176f-e29d-4c1b-80be-f6778af8ff11",
"value": "0085bc8ce16ef17643909c4799ead02b",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Quasar RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Quasar RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"QUASARRAT\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157446",
"to_ids": true,
"type": "sha256",
"uuid": "0ea6ccee-b550-4a4e-bde9-c178d0ab328c",
"value": "a9c404e100bfd2716a8f6bfafc07b0bd6175bedb047d10b94390c79249258272",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Quasar RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Quasar RAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"QUASARRAT\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "SLIMCURL",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157389",
"uuid": "ebe523ea-7abc-46e4-ad9a-45c2ed6cc5b0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157389",
"to_ids": true,
"type": "sha1",
"uuid": "93f8d4cf-64cf-4013-8bdc-a5fcaf6a55ec",
"value": "700acc4e48eae84f80f4dbaf74bf60b79efd49bd",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SLIMCURL\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157389",
"to_ids": true,
"type": "md5",
"uuid": "db2ff192-2fed-4728-8ad9-f7b4cae427af",
"value": "68ce092f1a3d19852ea32db8388de5c7",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SLIMCURL\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157389",
"to_ids": true,
"type": "sha256",
"uuid": "e3b6788f-8c7c-4e6a-a29a-8698293fba8f",
"value": "25c2f4703cbaa1ff4dbcfcc16a10b29ef35ccc174b71b21de360d898540889f8",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SLIMCURL\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "SOURDOUGH",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157414",
"uuid": "80f6cb75-2c92-421d-aef9-ed23072da4a9",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157414",
"to_ids": true,
"type": "sha1",
"uuid": "fb30f53e-9f3b-45f2-987e-38e2d4f25d33",
"value": "6618e25dd49b68f7b2b266eb2d787e6f05c964bc",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"SOURDOUGH\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157414",
"to_ids": true,
"type": "md5",
"uuid": "a303fdab-a891-40fd-bc56-f76aa6425158",
"value": "7e609404cc258bbe283bea6ddd7af293",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"SOURDOUGH\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157414",
"to_ids": true,
"type": "sha256",
"uuid": "c1ed33fd-2f2e-4284-a413-3f05b7d59e93",
"value": "502136707a70b768800640224e48c634057dc651892113b62522f0dd2fcf1e87",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"SOURDOUGH\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "SPICYTUNA",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157328",
"uuid": "7bda7be8-2c04-46cb-97f1-483ead532476",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157328",
"to_ids": true,
"type": "sha1",
"uuid": "be3c4932-cda2-456d-bfb9-7274120b4306",
"value": "1f6c7c9219f6b6ea30cd481968ae1a038789be67",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SPICYTUNA\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157328",
"to_ids": true,
"type": "md5",
"uuid": "539781e8-c9d2-4a09-924d-833b82e38f2f",
"value": "0821884168a644f3c27176a52763acc9",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SPICYTUNA\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157328",
"to_ids": true,
"type": "sha256",
"uuid": "3f11010a-7774-41c7-9690-216df1878636",
"value": "e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SPICYTUNA\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "SPICYTUNA",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684157328",
"uuid": "f2d66bf0-be0d-4edd-8ab5-0104eefeaa39",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684157328",
"to_ids": true,
"type": "sha1",
"uuid": "cf3badcd-7539-4dc8-a78d-3378276a89aa",
"value": "636f2c20183b45691b742949d49b3d6c218c9cce",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SPICYTUNA\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684157328",
"to_ids": true,
"type": "md5",
"uuid": "b3a1034c-ca67-4796-90dc-fbd954806da3",
"value": "8ca84c206fe8436dcc92bf6c1f7cf168",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SPICYTUNA\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684157328",
"to_ids": true,
"type": "sha256",
"uuid": "1273f2fe-df8b-49a2-9c81-99659829110e",
"value": "7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"SPICYTUNA\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "TROIBOMB",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684156828",
"uuid": "f64f1aab-3dbd-4f53-af57-270c24c7934b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684156828",
"to_ids": true,
"type": "sha1",
"uuid": "7b8a84a3-6f32-48da-abbf-d3c64e63738d",
"value": "11f646095495d625e7d71038578cc838a6d5e111",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"TROIBOMB\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684156828",
"to_ids": true,
"type": "md5",
"uuid": "8504be8e-3c34-400c-b709-c97a95991280",
"value": "18df13900f118158c33df904c662e875",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"TROIBOMB\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684156828",
"to_ids": true,
"type": "sha256",
"uuid": "fc4ba564-caf8-4d3a-8775-5ccf3b2d2eef",
"value": "98d4471fe549bb3067ac2f2d9afd50ed1baaddab41ec4270834989e7f1ade14d",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:backdoor=\"TROIBOMB\"",
"relationship_type": ""
}
]
}
]
},
{
"comment": "VENOMBITE",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1684155558",
"uuid": "3620045f-c2a1-427d-b8cf-c413322cbf6e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1684155557",
"to_ids": true,
"type": "sha1",
"uuid": "3d8768d4-8c19-44ec-9404-fd29b9177d74",
"value": "75c516dde8415494c288e349d440ce778dede8e3",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"VENOMBITE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1684155558",
"to_ids": true,
"type": "md5",
"uuid": "be292c3a-c644-4751-ac97-1855cfe5e0a0",
"value": "107f917a5ddb4d3947233fbc9d47ddc8",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"VENOMBITE\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1684155558",
"to_ids": true,
"type": "sha256",
"uuid": "5e6f0fee-3b7c-467c-9684-18dc6f46ef75",
"value": "2d41b04f5d86047dc2353a10595418b0d5239c22112f36eb9d253b2e8b6eb0d0",
"Tag": [
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"VENOMBITE\"",
"relationship_type": ""
}
]
}
]
}
2023-06-24 09:36:52 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-06-24 09:36:52 +00:00
}